cpio: fix crash when appending to archives

The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory bug when appending to an existing archive, which is an operation we perform when building an image. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2018-11-29 11:42:14 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-12-01 11:37:49 +0000
commit: 046e3e1fca925febf47b3fdd5d4e9ee2e1fad868 (patch)
tree: 21edea7304fe0570b18ba0b2fcd1a42fc37fd886 /meta/recipes-extended/cpio/cpio_2.12.bb
parent: 750ece11bed0e62a11e0003d1d16a81f7c219761 (diff)
download: openembedded-core-contrib-046e3e1fca925febf47b3fdd5d4e9ee2e1fad868.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/cpio/cpio_2.12.bb b/meta/recipes-extended/cpio/cpio_2.12.bb
index 69d36983e3..6ba8337e5d 100644
--- a/meta/recipes-extended/cpio/cpio_2.12.bb
+++ b/meta/recipes-extended/cpio/cpio_2.12.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
            file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
            file://0001-Fix-CVE-2015-1197.patch \
            file://0001-CVE-2016-2037-1-byte-out-of-bounds-write.patch \
+           file://0001-Fix-segfault-with-append.patch \
            "
 
 SRC_URI[md5sum] = "fc207561a86b63862eea4b8300313e86"
author	Ross Burton <ross.burton@intel.com>	2018-11-29 11:42:14 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-12-01 11:37:49 +0000
commit	046e3e1fca925febf47b3fdd5d4e9ee2e1fad868 (patch)
tree	21edea7304fe0570b18ba0b2fcd1a42fc37fd886 /meta/recipes-extended/cpio/cpio_2.12.bb
parent	750ece11bed0e62a11e0003d1d16a81f7c219761 (diff)
download	openembedded-core-contrib-046e3e1fca925febf47b3fdd5d4e9ee2e1fad868.tar.gz