mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-06 23:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ff0775d278ff9f2cdb4a2155342a320287b9a43
poky/meta
History
Andre McCurdy 7ff0775d27 cpio: fix CVE-2016-2037 
"The cpio_safer_name_suffix function in util.c in cpio 2.11 allows
remote attackers to cause a denial of service (out-of-bounds write)
via a crafted cpio file."

  https://nvd.nist.gov/vuln/detail/CVE-2016-2037

Note that there appear to be two versions of this fix. The original
patch posted to the bug-cpio mailing list [1] is used by Debian [2],
but apparently causes regression [3]. The patch accepted to the
upstream git repo [4] seems to be the most complete fix.

  [1] https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
  [2] https://security-tracker.debian.org/tracker/CVE-2016-2037
  [3] https://www.mail-archive.com/bug-cpio@gnu.org/msg00584.html
  [4] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b

(From OE-Core rev: f170288ac706126e69a504a14d564b2e5c3513e4)

(From OE-Core rev: 5f9d19c53c7704bb8d14f3f7dc36fe54fa501e67)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31a87d4d1d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:26 +01:00
..
classes
dropbear: drop run time detection of read-only rootfs
2018-07-02 11:41:25 +01:00
conf
Add license file EPL-2.0
2018-07-02 11:41:26 +01:00
files
Add license file EPL-2.0
2018-07-02 11:41:26 +01:00
lib
oeqa/core/target/ssh.py: increase maximum read bytes from 1024 to 4096
2018-07-02 11:41:25 +01:00
recipes-bsp
grub2: fix build with gcc8
2018-06-15 17:56:57 +01:00
recipes-connectivity
wpa-supplicant: fix the bug for PATCHTOOL = "patch"
2018-07-02 11:41:26 +01:00
recipes-core
coreutils: fix nativesdk install failure
2018-07-02 11:41:26 +01:00
recipes-devtools
qemu: refresh patches with devtool and make them applicable with git
2018-07-02 11:41:25 +01:00
recipes-extended
cpio: fix CVE-2016-2037
2018-07-02 11:41:26 +01:00
recipes-gnome
gconf: fix saving of settings when config folder doesnt exist
2018-04-13 16:58:07 +01:00
recipes-graphics
xserver-nodm-init: Respawn service in case of failure
2018-04-13 16:58:07 +01:00
recipes-kernel
linux-yocto/4.14/4.15: fix gcc8 mips compilation issues
2018-07-02 11:41:26 +01:00
recipes-multimedia
alsa-utils: Fix error when removing unwanted udev rules
2018-06-15 17:56:57 +01:00
recipes-rt
classes/recipes: Convert SkipPackage -> SkipRecipe
2018-01-26 13:09:09 +00:00
recipes-sato
settings-daemon: Drop pointless apply=yes in SRC_URI
2018-06-15 17:56:57 +01:00
recipes-support
nettle: do the multilib_header magic for nettle-stdint.h and version.h
2018-07-02 11:41:26 +01:00
site
site/powerpc64-linux: add cvs_cv_func_printf_ptr
2018-07-02 11:41:25 +01:00
COPYING.GPLv2
Fix license notices for OE-Core
2014-01-02 12:58:54 +00:00
COPYING.MIT
recipes.txt
qt4: remove recipes and classes
2016-01-07 13:40:14 +00:00