diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-extended/cpio | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-extended/cpio')
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch | 346 | ||||
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch | 178 | ||||
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch | 87 | ||||
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch (renamed from external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Unset-need_charset_alias-when-building-for-musl.patch) | 0 | ||||
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch | 28 | ||||
-rw-r--r-- | external/poky/meta/recipes-extended/cpio/cpio_2.13.bb (renamed from external/poky/meta/recipes-extended/cpio/cpio_2.12.bb) | 17 |
6 files changed, 37 insertions, 619 deletions
diff --git a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch b/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch deleted file mode 100644 index 0a305448..00000000 --- a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch +++ /dev/null @@ -1,346 +0,0 @@ -From ebf9a2d776474181936a720ce811d72bbd1da3b6 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup <praiskup@redhat.com> -Date: Tue, 26 Jan 2016 23:17:54 +0100 -Subject: [PATCH] CVE-2016-2037 - 1 byte out-of-bounds write - -Ensure that cpio_safer_name_suffix always works with dynamically -allocated buffer, and that it has size of at least 32 bytes. -Then, any call to cpio_safer_name_suffix is safe (it requires at -least 2 bytes in the buffer). - -Also ensure that c_namesize is always correctly initialized (by -cpio_set_c_name) to avoid undefined behavior when reading -file_hdr.c_namesize (previously happened for tar archives). - -References: -http://www.mail-archive.com/bug-cpio@gnu.org/msg00545.html - -* src/copyin.c (query_rename): Drop the hack, as we now work with -dynamically allocated buffer. Use cpio_set_c_name. -(create_defered_links_to_skipped): Use cpio_set_c_name rather than -manual assignment. -(read_name_from_file): New function to avoid C&P. -(read_in_old_ascii, read_in_new_ascii, read_in_binary): Use -read_name_from_file. -(process_copy_in): Initialize file_hdr.c_namesize. -* src/copyout.c (process_copy_out): Use cpio_set_c_name. -* src/cpiohdr.h (cpio_set_c_name): New prototype. -* src/tar.c (read_in_tar_header): Use cpio_set_c_name. -* src/util.c (cpio_set_c_name): New function to set -file_hdr->c_name and c_namesize from arbitrary string. -(cpio_safer_name_suffix): Some docs fixes. -* tests/inout.at: Also test copy-in, and try various formats. - -CVE: CVE-2016-2037 - -Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b] - -Signed-off-by: Andre McCurdy <armccurdy@gmail.com> ---- - src/copyin.c | 68 +++++++++++++++++++--------------------------------------- - src/copyout.c | 13 +++++------ - src/cpiohdr.h | 1 + - src/tar.c | 10 +++++---- - src/util.c | 32 ++++++++++++++++++++++++++- - tests/inout.at | 19 ++++++++++++++-- - 6 files changed, 82 insertions(+), 61 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index cde911e..972f8a6 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - return -1; - } - else -- /* Debian hack: file_hrd.c_name is sometimes set to -- point to static memory by code in tar.c. This -- causes a segfault. This has been fixed and an -- additional check to ensure that the file name -- is not too long has been added. (Reported by -- Horst Knobloch.) This bug has been reported to -- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */ -- { -- if (archive_format != arf_tar && archive_format != arf_ustar) -- { -- free (file_hdr->c_name); -- file_hdr->c_name = xstrdup (new_name.ds_string); -- } -- else -- { -- if (is_tar_filename_too_long (new_name.ds_string)) -- error (0, 0, _("%s: file name too long"), -- new_name.ds_string); -- else -- strcpy (file_hdr->c_name, new_name.ds_string); -- } -- } -+ cpio_set_c_name (file_hdr, new_name.ds_string); - return 0; - } - -@@ -344,8 +323,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr, - d_prev->next = d->next; - else - deferments = d->next; -- free (file_hdr->c_name); -- file_hdr->c_name = xstrdup(d->header.c_name); -+ cpio_set_c_name (file_hdr, d->header.c_name); - free_deferment (d); - copyin_regular_file(file_hdr, in_file_des); - return 0; -@@ -1064,6 +1042,22 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - } - } - -+static void -+read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len) -+{ -+ static char *tmp_filename; -+ static size_t buflen; -+ -+ if (buflen < len) -+ { -+ buflen = len; -+ tmp_filename = xrealloc (tmp_filename, buflen); -+ } -+ -+ tape_buffered_read (tmp_filename, fd, len); -+ cpio_set_c_name (file_hdr, tmp_filename); -+} -+ - /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from - file descriptor IN_DES, except for the magic number, which is - already filled in. */ -@@ -1090,14 +1084,8 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des) - file_hdr->c_rdev_min = minor (dev); - - file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime); -- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize); - file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize); -- -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize)); - - /* HP/UX cpio creates archives that look just like ordinary archives, - but for devices it sets major = 0, minor = 1, and puts the -@@ -1152,14 +1140,8 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des) - file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min); - file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj); - file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min); -- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize); - file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum); -- -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize)); - - /* In SVR4 ASCII format, the amount of space allocated for the header - is rounded up to the next long-word, so we might need to drop -@@ -1207,16 +1189,9 @@ read_in_binary (struct cpio_file_stat *file_hdr, - file_hdr->c_rdev_min = minor (short_hdr->c_rdev); - file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 - | short_hdr->c_mtimes[1]; -- -- file_hdr->c_namesize = short_hdr->c_namesize; - file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 - | short_hdr->c_filesizes[1]; -- -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize); - - /* In binary mode, the amount of space allocated in the header for - the filename is `c_namesize' rounded up to the next short-word, -@@ -1297,6 +1272,7 @@ process_copy_in () - read_pattern_file (); - } - file_hdr.c_name = NULL; -+ file_hdr.c_namesize = 0; - - if (rename_batch_file) - { -diff --git a/src/copyout.c b/src/copyout.c -index 1f0987a..bb39559 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -660,8 +660,7 @@ process_copy_out () - cpio_safer_name_suffix (input_name.ds_string, false, - !no_abs_paths_flag, true); - #ifndef HPUX_CDF -- file_hdr.c_name = input_name.ds_string; -- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; -+ cpio_set_c_name (&file_hdr, input_name.ds_string); - #else - if ( (archive_format != arf_tar) && (archive_format != arf_ustar) ) - { -@@ -670,16 +669,15 @@ process_copy_out () - properly recreate the directory as hidden (in case the - files of a directory go into the archive before the - directory itself (e.g from "find ... -depth ... | cpio")). */ -- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string); -- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1; -+ cpio_set_c_name (&file_hdr, -+ add_cdf_double_slashes (input_name.ds_string)); - } - else - { - /* We don't mark CDF's in tar files. We assume the "hidden" - directory will always go into the archive before any of - its files. */ -- file_hdr.c_name = input_name.ds_string; -- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; -+ cpio_set_c_name (&file_hdr, input_name.ds_string); - } - #endif - -@@ -866,8 +864,7 @@ process_copy_out () - file_hdr.c_chksum = 0; - - file_hdr.c_filesize = 0; -- file_hdr.c_namesize = 11; -- file_hdr.c_name = CPIO_TRAILER_NAME; -+ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME); - if (archive_format != arf_tar && archive_format != arf_ustar) - write_out_header (&file_hdr, out_file_des); - else -diff --git a/src/cpiohdr.h b/src/cpiohdr.h -index b29e6fb..f4c63be 100644 ---- a/src/cpiohdr.h -+++ b/src/cpiohdr.h -@@ -129,5 +129,6 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ - char *c_tar_linkname; - }; - -+void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); - - #endif /* cpiohdr.h */ -diff --git a/src/tar.c b/src/tar.c -index a2ce171..e41f89d 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - if (null_block ((long *) &tar_rec, TARRECORDSIZE)) - #endif - { -- file_hdr->c_name = CPIO_TRAILER_NAME; -+ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME); - return; - } - #if 0 -@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - } - - if (archive_format != arf_ustar) -- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name); -+ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name)); - else -- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name); -+ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix, -+ tar_hdr->name)); -+ - file_hdr->c_nlink = 1; - file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode); - file_hdr->c_mode = file_hdr->c_mode & 07777; -@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - case AREGTYPE: - /* Old tar format; if the last char in filename is '/' then it is - a directory, otherwise it's a regular file. */ -- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/') -+ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/') - file_hdr->c_mode |= CP_IFDIR; - else - file_hdr->c_mode |= CP_IFREG; -diff --git a/src/util.c b/src/util.c -index 6ff6032..4f3c073 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -1410,8 +1410,34 @@ set_file_times (int fd, - utime_error (name); - } - -+ -+void -+cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) -+{ -+ static size_t buflen = 0; -+ size_t len = strlen (name) + 1; -+ -+ if (buflen == 0) -+ { -+ buflen = len; -+ if (buflen < 32) -+ buflen = 32; -+ file_hdr->c_name = xmalloc (buflen); -+ } -+ else if (buflen < len) -+ { -+ buflen = len; -+ file_hdr->c_name = xrealloc (file_hdr->c_name, buflen); -+ } -+ -+ file_hdr->c_namesize = len; -+ memmove (file_hdr->c_name, name, len); -+} -+ - /* Do we have to ignore absolute paths, and if so, does the filename -- have an absolute path? */ -+ have an absolute path? Before calling this function make sure that the -+ allocated NAME buffer has capacity at least 2 bytes. */ -+ - void - cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, - bool strip_leading_dots) -@@ -1426,6 +1452,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, - ++p; - } - if (p != name) -+ /* The 'p' string is shortened version of 'name' with one exception; when -+ the 'name' points to an empty string (buffer where name[0] == '\0') the -+ 'p' then points to static string ".". So caller needs to ensure there -+ are at least two bytes available in 'name' buffer so memmove succeeds. */ - memmove (name, p, (size_t)(strlen (p) + 1)); - } - -diff --git a/tests/inout.at b/tests/inout.at -index 60c3716..730cbd2 100644 ---- a/tests/inout.at -+++ b/tests/inout.at -@@ -35,7 +35,22 @@ while read NAME LENGTH - do - genfile --length $LENGTH > $NAME - echo $NAME --done < filelist | -- cpio --quiet -o > archive]) -+done < filelist > filelist_raw -+ -+for format in bin odc newc crc tar ustar hpbin hpodc -+do -+ cpio --format=$format --quiet -o < filelist_raw > archive.$format -+ rm -rf output -+ mkdir output && cd output -+ cpio -i --quiet < ../archive.$format -+ -+ while read file -+ do -+ test -f $file || echo "$file not found" -+ done < ../filelist_raw -+ -+ cd .. -+done -+]) - - AT_CLEANUP --- -1.9.1 - diff --git a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch deleted file mode 100644 index 5c999197..00000000 --- a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch +++ /dev/null @@ -1,178 +0,0 @@ -From dcee489f821c1260a0136fcdfdb6ff4dd11086ac Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 9 Dec 2015 17:58:03 +0200 -Subject: [PATCH] Fix CVE-2015-1197 - -Apply patch by Vitezslav Cizek of SuSE to fix CVE-2015-1197. -Upstream is dormant or no longer existing. To restore the old -behaviour use --extract-over-symlinks (Closes: #774669) -This issue has been discovered by Alexander Cherepanov. -Author: Vitezslav Cizek <vcizek@suse.cz> -Bug-Debian: https://bugs.debian.org/774669 - -Upstream-Status: Pending -CVE: CVE-2015-1197 -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - doc/cpio.1 | 1 + - src/copyin.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - src/extern.h | 1 + - src/global.c | 3 +++ - src/main.c | 7 +++++++ - 5 files changed, 74 insertions(+) - -diff --git a/doc/cpio.1 b/doc/cpio.1 -index 2a68241..dc4676c 100644 ---- a/doc/cpio.1 -+++ b/doc/cpio.1 -@@ -49,6 +49,7 @@ cpio \- copy files to and from archives - [\fB\-\-no\-preserve\-owner\fR] [\fB\-\-message=\fIMESSAGE\fR] - [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR] - [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR] -+[\fB\-\-extract\-over\-symlinks\fR] - [\fB\-\-rsh\-command=\fICOMMAND\fR] - [\fIpattern\fR...] [\fB<\fR \fIarchive\fR] - -diff --git a/src/copyin.c b/src/copyin.c -index cde911e..053afe7 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - free (link_name); - } - -+ -+static int -+path_contains_symlink(char *path) -+{ -+ struct stat st; -+ char *slash; -+ char *nextslash; -+ -+ /* we got NULL pointer or empty string */ -+ if (!path || !*path) { -+ return false; -+ } -+ -+ slash = path; -+ -+ while ((nextslash = strchr(slash + 1, '/')) != NULL) { -+ slash = nextslash; -+ *slash = '\0'; -+ -+ if (lstat(path, &st) != 0) { -+ if (errno == ELOOP) { -+ /* ELOOP - too many symlinks */ -+ *slash = '/'; -+ return true; -+ } else if (errno == ENOMEM) { -+ /* No memory for lstat - terminate */ -+ xalloc_die(); -+ } else { -+ /* cannot lstat path - give up */ -+ *slash = '/'; -+ return false; -+ } -+ } -+ -+ if (S_ISLNK(st.st_mode)) { -+ *slash = '/'; -+ return true; -+ } -+ -+ *slash = '/'; -+ } -+ -+ return false; -+} -+ - static void - copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) - { -@@ -1468,6 +1513,23 @@ process_copy_in () - { - /* Copy the input file into the directory structure. */ - -+ /* Can we write files over symlinks? */ -+ if (!extract_over_symlinks) -+ { -+ if (path_contains_symlink(file_hdr.c_name)) -+ { -+ /* skip the file */ -+ /* -+ fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name); -+ tape_toss_input (in_file_des, file_hdr.c_filesize); -+ tape_skip_padding (in_file_des, file_hdr.c_filesize); -+ continue; -+ */ -+ /* terminate */ -+ error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); -+ } -+ } -+ - /* Do we need to rename the file? */ - if (rename_flag || rename_batch_file) - { -diff --git a/src/extern.h b/src/extern.h -index e27d662..d864bde 100644 ---- a/src/extern.h -+++ b/src/extern.h -@@ -96,6 +96,7 @@ extern char input_is_special; - extern char output_is_special; - extern char input_is_seekable; - extern char output_is_seekable; -+extern bool extract_over_symlinks; - extern int (*xstat) (); - extern void (*copy_function) (); - extern char *change_directory_option; -diff --git a/src/global.c b/src/global.c -index 57e505a..336fce4 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -187,6 +187,9 @@ bool to_stdout_option = false; - /* The name this program was run with. */ - char *program_name; - -+/* Extract files over symbolic links */ -+bool extract_over_symlinks; -+ - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); -diff --git a/src/main.c b/src/main.c -index a13861f..87cb309 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -59,6 +59,7 @@ enum cpio_options { - DEBUG_OPTION, - BLOCK_SIZE_OPTION, - TO_STDOUT_OPTION, -+ EXTRACT_OVER_SYMLINKS, - RENUMBER_INODES_OPTION, - IGNORE_DEVNO_OPTION, - DEVICE_INDEPENDENT_OPTION -@@ -243,6 +244,8 @@ static struct argp_option options[] = { - N_("Create leading directories where needed"), GRID+1 }, - {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0, - N_("Do not change the ownership of the files"), GRID+1 }, -+ {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0, -+ N_("Force writing over symbolic links"), GRID+1 }, - {"unconditional", 'u', NULL, 0, - N_("Replace all files unconditionally"), GRID+1 }, - {"sparse", SPARSE_OPTION, NULL, 0, -@@ -432,6 +435,10 @@ crc newc odc bin ustar tar (all-caps also recognized)"), arg)); - no_chown_flag = true; - break; - -+ case EXTRACT_OVER_SYMLINKS: /* --extract-over-symlinks */ -+ extract_over_symlinks = true; -+ break; -+ - case 'o': /* Copy-out mode. */ - if (copy_function != 0) - USAGE_ERROR ((0, 0, _("Mode already defined"))); --- -2.6.2 - diff --git a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch b/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch deleted file mode 100644 index 2043c890..00000000 --- a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-segfault-with-append.patch +++ /dev/null @@ -1,87 +0,0 @@ -Upstream-Status: Submitted [bugs-cpio] -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 3f0bd5a40ad0ceaee78c74a52a7166ed7f08db81 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup <praiskup@redhat.com> -Date: Thu, 29 Nov 2018 07:03:48 +0100 -Subject: [PATCH] Fix segfault with --append - -The --append mode combines both process_copy_in() and -process_copy_out() methods, each of them working with different -(local) file_hdr->c_name buffers. So ensure that -cpio_set_c_name() isn't using the same static variable for -maintaining length of different buffers. - -Complements d36ec5f4e93130efb24fb9. Thanks to Ross Burton. - -* src/copyin.c (process_copy_in): Always initialize file_hdr. -* src/copyout.c (process_copy_out): Likewise. -* src/cpiohdr.h (cpio_file_stat): Add c_name_buflen variable. -* src/util.c (cpio_set_c_name): Use file_hdr->c_name_buflen. ---- - src/copyin.c | 1 + - src/copyout.c | 1 + - src/cpiohdr.h | 1 + - src/util.c | 3 ++- - 4 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/copyin.c b/src/copyin.c -index ba887ae..767c2f8 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -1213,6 +1213,7 @@ process_copy_in () - - newdir_umask = umask (0); /* Reset umask to preserve modes of - created files */ -+ memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); - - /* Initialize the copy in. */ - if (pattern_file_name) -diff --git a/src/copyout.c b/src/copyout.c -index 7532dac..fb890cb 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -594,6 +594,7 @@ process_copy_out () - - /* Initialize the copy out. */ - ds_init (&input_name, 128); -+ memset (&file_hdr, 0, sizeof (struct cpio_file_stat)); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -diff --git a/src/cpiohdr.h b/src/cpiohdr.h -index 588135b..cf64f3e 100644 ---- a/src/cpiohdr.h -+++ b/src/cpiohdr.h -@@ -127,6 +127,7 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ - uint32_t c_chksum; - char *c_name; - char *c_tar_linkname; -+ size_t c_name_buflen; - }; - - void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); -diff --git a/src/util.c b/src/util.c -index 10486dc..1256469 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -1413,7 +1413,7 @@ set_file_times (int fd, - void - cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) - { -- static size_t buflen = 0; -+ size_t buflen = file_hdr->c_name_buflen; - size_t len = strlen (name) + 1; - - if (buflen == 0) -@@ -1430,6 +1430,7 @@ cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) - } - - file_hdr->c_namesize = len; -+ file_hdr->c_name_buflen = buflen; - memmove (file_hdr->c_name, name, len); - } - --- -2.11.0 - diff --git a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Unset-need_charset_alias-when-building-for-musl.patch b/external/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch index 6ae21394..6ae21394 100644 --- a/external/poky/meta/recipes-extended/cpio/cpio-2.12/0001-Unset-need_charset_alias-when-building-for-musl.patch +++ b/external/poky/meta/recipes-extended/cpio/cpio-2.13/0001-Unset-need_charset_alias-when-building-for-musl.patch diff --git a/external/poky/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch b/external/poky/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch new file mode 100644 index 00000000..d48a3b0d --- /dev/null +++ b/external/poky/meta/recipes-extended/cpio/cpio-2.13/0002-src-global.c-Remove-superfluous-declaration-of-progr.patch @@ -0,0 +1,28 @@ +From 33e6cb5a28fab3d99bd6818f8c01e6f33805390f Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Mon, 20 Jan 2020 07:45:39 +0200 +Subject: [PATCH] src/global.c: Remove superfluous declaration of program_name + +Upstream-Status: Accepted (commit 641d3f4) +Signed-off-by: Richard Leitner <richard.leitner@skidata.com> +--- + src/global.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/global.c b/src/global.c +index fb3abe9..acf92bc 100644 +--- a/src/global.c ++++ b/src/global.c +@@ -184,9 +184,6 @@ unsigned int warn_option = 0; + /* Extract to standard output? */ + bool to_stdout_option = false; + +-/* The name this program was run with. */ +-char *program_name; +- + /* A pointer to either lstat or stat, depending on whether + dereferencing of symlinks is done for input files. */ + int (*xstat) (); +-- +2.26.2 + diff --git a/external/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/external/poky/meta/recipes-extended/cpio/cpio_2.13.bb index 6ba8337e..9e35a80f 100644 --- a/external/poky/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/external/poky/meta/recipes-extended/cpio/cpio_2.13.bb @@ -8,17 +8,15 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ - file://0001-Fix-CVE-2015-1197.patch \ - file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \ - file://0001-Fix-segfault-with-append.patch \ + file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ " -SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86" -SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713a92e73" +SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" +SRC_URI[sha256sum] = "e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8f3db88" inherit autotools gettext texinfo -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" +EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" do_install () { autotools_do_install @@ -27,11 +25,14 @@ do_install () { mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio" rmdir ${D}${bindir}/ fi + + # Avoid conflicts with the version from tar + mv "${D}${mandir}/man8/rmt.8" "${D}${mandir}/man8/rmt-cpio.8" } PACKAGES =+ "${PN}-rmt" -FILES_${PN}-rmt = "${base_sbindir}/rmt*" +FILES_${PN}-rmt = "${sbindir}/rmt*" inherit update-alternatives @@ -43,6 +44,6 @@ ALTERNATIVE_${PN}-rmt = "rmt" ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" ALTERNATIVE_PRIORITY[rmt] = "50" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" +ALTERNATIVE_LINK_NAME[rmt] = "${sbindir}/rmt" BBCLASSEXTEND = "native" |