diff options
| author |   Ahsan Hussain <ahsan_hussain@mentor.com> | 2022-01-31 13:55:48 +0500 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-02-12 17:05:30 +0000 |
| commit | a1ec3154a53fd9e3f87a53f25113b7f90bcfb489 (patch) | |
| tree | ddd77a72987e7a181cb6bc4e3ee7eb6ba7c80bc8 /meta/classes/staging.bbclass | |
| parent | 52e59a5b37f55905ee693a99f9ffc34ed41b4283 (diff) | |
| download | openembedded-core-a1ec3154a53fd9e3f87a53f25113b7f90bcfb489.tar.gz | |
staging: use relative path in sysroot_stage_dir()
A regression form cpio CVE-2021-38185 caused the tool to hang for paths
greater than 128 character long. It was reported here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992098
We were able to reliable reproduce this with dunfell, meta-freescale
recipe imx-boot
https://github.com/Freescale/meta-freescale/blob/dunfell/recipes-bsp/imx-mkimage/imx-boot_1.0.bb
Using relative path on the affected host fixes the issue as this is
always short, being in the same work dir. It would be harmless, and
useful to generally use the relative path for sysroot_stage_dir()
Signed-off-by: Ahsan Hussain <ahsan_hussain@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/staging.bbclass')
| -rw-r--r-- | meta/classes/staging.bbclass | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/classes/staging.bbclass b/meta/classes/staging.bbclass index b8a14ff02e..71302b6e12 100644 --- a/meta/classes/staging.bbclass +++ b/meta/classes/staging.bbclass @@ -49,9 +49,10 @@ sysroot_stage_dir() { fi mkdir -p "$dest" + rdest=$(realpath --relative-to="$src" "$dest") ( cd $src - find . -print0 | cpio --null -pdlu $dest + find . -print0 | cpio --null -pdlu $rdest ) } |