* [PATCH 1/3] cpio: fix bug CVE-2014-9112 for cpio-2.8
2014-12-15 17:10 [PATCH 0/3] Dizzy next Dec 15th V2 Armin Kuster
@ 2014-12-15 17:10 ` Armin Kuster
2014-12-15 17:10 ` [PATCH 2/3] cpio: fix bug CVE-2014-9112 for cpio-2.11 Armin Kuster
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2014-12-15 17:10 UTC (permalink / raw)
To: openembedded-core
From: Bian Naimeng <biannm@cn.fujitsu.com>
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
(From OE-Core rev: 732fc8de55a9c7987608162879959c03423de907)
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../cpio/cpio-2.8/fix-memory-overrun.patch | 217 +++++++++++++++++++++
meta/recipes-extended/cpio/cpio_2.8.bb | 7 +-
2 files changed, 221 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch
diff --git a/meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch b/meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch
new file mode 100644
index 0000000..0148e70
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch
@@ -0,0 +1,217 @@
+cpio: Fix memory overrun on reading improperly created link records
+
+Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
+
+http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
+
+ * src/copyin.c (get_link_name): New function.
+ (list_file, copyin_link): use get_link_name
+
+ * tests/symlink-bad-length.at: New file.
+ * tests/symlink-long.at: New file.
+ * tests/Makefile.am: Add new files.
+ * tests/testsuite.at: Likewise.
+
+ See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
+
+Upstream-Status: Backport
+
+Signed-off-by: Sergey Poznyakoff <gray@gnu.org.ua>
+
+diff -Nurp cpio-2.8.orig/src/copyin.c cpio-2.8/src/copyin.c
+--- cpio-2.8.orig/src/copyin.c 2007-06-07 19:58:03.000000000 +0800
++++ cpio-2.8/src/copyin.c 2014-12-08 11:30:01.159791484 +0800
+@@ -126,6 +126,28 @@ tape_skip_padding (int in_file_des, int
+ }
+
+ \f
++static char *
++get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
++{
++ off_t n = file_hdr->c_filesize + 1;
++ char *link_name;
++
++ if (n == 0 || n > SIZE_MAX)
++ {
++ error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name);
++ link_name = NULL;
++ }
++ else
++ {
++ link_name = xmalloc (n);
++ tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
++ link_name[file_hdr->c_filesize] = '\0';
++ tape_skip_padding (in_file_des, file_hdr->c_filesize);
++ }
++ return link_name;
++}
++
++\f
+ static void
+ list_file(struct cpio_file_stat* file_hdr, int in_file_des)
+ {
+@@ -136,21 +158,16 @@ list_file(struct cpio_file_stat* file_hd
+ {
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ {
+- char *link_name = NULL; /* Name of hard and symbolic links. */
+-
+- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
+- link_name[file_hdr->c_filesize] = '\0';
+- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+- long_format (file_hdr, link_name);
+- free (link_name);
+- tape_skip_padding (in_file_des, file_hdr->c_filesize);
+- return;
++ char *link_name = get_link_name (file_hdr, in_file_des);
++ if (link_name)
++ {
++ long_format (file_hdr, link_name);
++ free (link_name);
++ }
+ }
+ else
+- {
+ long_format (file_hdr, file_hdr->c_tar_linkname);
+- return;
+- }
++ return;
+ }
+ else
+ #endif
+@@ -732,10 +749,7 @@ copyin_link(struct cpio_file_stat *file_
+
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ {
+- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
+- link_name[file_hdr->c_filesize] = '\0';
+- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+- tape_skip_padding (in_file_des, file_hdr->c_filesize);
++ link_name = get_link_name (file_hdr, in_file_des);
+ }
+ else
+ {
+diff -Nurp cpio-2.8.orig/tests/Makefile.am cpio-2.8/tests/Makefile.am
+--- cpio-2.8.orig/tests/Makefile.am 2006-10-24 18:32:13.000000000 +0800
++++ cpio-2.8/tests/Makefile.am 2014-12-08 11:30:52.387789482 +0800
+@@ -45,6 +45,8 @@ TESTSUITE_AT = \
+ testsuite.at\
+ inout.at\
+ symlink.at\
++ symlink-bad-length.at\
++ symlink-long.at\
+ version.at
+
+ TESTSUITE = $(srcdir)/testsuite
+diff -Nurp cpio-2.8.orig/tests/symlink-bad-length.at cpio-2.8/tests/symlink-bad-length.at
+--- cpio-2.8.orig/tests/symlink-bad-length.at 1970-01-01 08:00:00.000000000 +0800
++++ cpio-2.8/tests/symlink-bad-length.at 2014-12-08 11:33:25.283783507 +0800
+@@ -0,0 +1,49 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++# Copyright (C) 2014 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
++# 02110-1301 USA.
++
++# Cpio v2.11 did segfault with badly set symlink length.
++# References:
++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
++
++AT_SETUP([symlink-bad-length])
++AT_KEYWORDS([symlink-long copyout])
++
++AT_DATA([ARCHIVE.base64],
++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
++])
++
++AT_CHECK([
++base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
++cpio -ntv < ARCHIVE
++test $? -eq 2
++],
++[0],
++[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE
++],[cpio: LINK: stored filename length too big
++cpio: premature end of file
++])
++
++AT_CLEANUP
+diff -Nurp cpio-2.8.orig/tests/symlink-long.at cpio-2.8/tests/symlink-long.at
+--- cpio-2.8.orig/tests/symlink-long.at 1970-01-01 08:00:00.000000000 +0800
++++ cpio-2.8/tests/symlink-long.at 2014-12-08 11:34:28.807781024 +0800
+@@ -0,0 +1,46 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++# Copyright (C) 2014 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
++# 02110-1301 USA.
++
++# Cpio v2.11.90 changed the way symlink name is read from archive.
++# References:
++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
++
++AT_SETUP([symlink-long])
++AT_KEYWORDS([symlink-long copyout])
++
++AT_CHECK([
++
++# len(dirname) > READBUFSIZE
++dirname=
++for i in {1..52}; do
++ dirname="xxxxxxxxx/$dirname"
++ mkdir "$dirname"
++done
++ln -s "$dirname" x || AT_SKIP_TEST
++
++echo x | cpio -o > ar
++list=`cpio -tv < ar | sed 's|.*-> ||'`
++test "$list" = "$dirname" && echo success || echo fail
++],
++[0],
++[success
++],[2 blocks
++2 blocks
++])
++
++AT_CLEANUP
+diff -Nurp cpio-2.8.orig/tests/testsuite.at cpio-2.8/tests/testsuite.at
+--- cpio-2.8.orig/tests/testsuite.at 2006-10-24 18:32:13.000000000 +0800
++++ cpio-2.8/tests/testsuite.at 2014-12-08 11:34:56.515779942 +0800
+@@ -31,3 +31,5 @@ m4_include([version.at])
+
+ m4_include([inout.at])
+ m4_include([symlink.at])
++m4_include([symlink-bad-length.at])
++m4_include([symlink-long.at])
diff --git a/meta/recipes-extended/cpio/cpio_2.8.bb b/meta/recipes-extended/cpio/cpio_2.8.bb
index b6da207..3f97dbe 100644
--- a/meta/recipes-extended/cpio/cpio_2.8.bb
+++ b/meta/recipes-extended/cpio/cpio_2.8.bb
@@ -3,11 +3,12 @@ require cpio_v2.inc
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=b7f772ea3a2489231cb4872656cac34b"
-PR = "r3"
+PR = "r4"
SRC_URI += "file://m4extensions.patch \
- file://avoid_heap_overflow.patch \
- "
+ file://avoid_heap_overflow.patch \
+ file://fix-memory-overrun.patch \
+ "
SRC_URI[md5sum] = "0caa356e69e149fb49b76bacc64615a1"
SRC_URI[sha256sum] = "1b203248874c3b5a728b351f06513e5282f73e0170b7f207fbf8c39f28f6b4ad"
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/3] cpio: fix bug CVE-2014-9112 for cpio-2.11
2014-12-15 17:10 [PATCH 0/3] Dizzy next Dec 15th V2 Armin Kuster
2014-12-15 17:10 ` [PATCH 1/3] cpio: fix bug CVE-2014-9112 for cpio-2.8 Armin Kuster
@ 2014-12-15 17:10 ` Armin Kuster
2014-12-15 17:10 ` [PATCH 3/3] python: fix ssl import error Armin Kuster
2014-12-31 10:26 ` Dizzy Merging Richard Purdie
3 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2014-12-15 17:10 UTC (permalink / raw)
To: openembedded-core
From: Bian Naimeng <biannm@cn.fujitsu.com>
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
(From OE-Core rev: 9a32da05f5a9bc62c592fd2d6057dc052e363261)
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../cpio/cpio-2.11/fix-memory-overrun.patch | 220 +++++++++++++++++++++
meta/recipes-extended/cpio/cpio_2.11.bb | 3 +-
2 files changed, 222 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch
diff --git a/meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch b/meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch
new file mode 100644
index 0000000..89cd3cf
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch
@@ -0,0 +1,220 @@
+cpio: Fix memory overrun on reading improperly created link records
+
+Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
+
+http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
+
+ * src/copyin.c (get_link_name): New function.
+ (list_file, copyin_link): use get_link_name
+
+ * tests/symlink-bad-length.at: New file.
+ * tests/symlink-long.at: New file.
+ * tests/Makefile.am: Add new files.
+ * tests/testsuite.at: Likewise.
+
+ See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
+
+Upstream-Status: Backport
+
+Signed-off-by: Sergey Poznyakoff <gray@gnu.org.ua>
+
+diff -Nurp cpio-2.11.orig/src/copyin.c cpio-2.11/src/copyin.c
+--- cpio-2.11.orig/src/copyin.c 2010-02-15 18:02:23.000000000 +0800
++++ cpio-2.11/src/copyin.c 2014-12-08 13:14:04.355547508 +0800
+@@ -126,6 +126,28 @@ tape_skip_padding (int in_file_des, off_
+ }
+
+ \f
++static char *
++get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
++{
++ off_t n = file_hdr->c_filesize + 1;
++ char *link_name;
++
++ if (n == 0 || n > SIZE_MAX)
++ {
++ error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name);
++ link_name = NULL;
++ }
++ else
++ {
++ link_name = xmalloc (n);
++ tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
++ link_name[file_hdr->c_filesize] = '\0';
++ tape_skip_padding (in_file_des, file_hdr->c_filesize);
++ }
++ return link_name;
++}
++
++\f
+ static void
+ list_file(struct cpio_file_stat* file_hdr, int in_file_des)
+ {
+@@ -136,21 +158,16 @@ list_file(struct cpio_file_stat* file_hd
+ {
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ {
+- char *link_name = NULL; /* Name of hard and symbolic links. */
+-
+- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
+- link_name[file_hdr->c_filesize] = '\0';
+- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+- long_format (file_hdr, link_name);
+- free (link_name);
+- tape_skip_padding (in_file_des, file_hdr->c_filesize);
+- return;
++ char *link_name = get_link_name (file_hdr, in_file_des);
++ if (link_name)
++ {
++ long_format (file_hdr, link_name);
++ free (link_name);
++ }
+ }
+ else
+- {
+ long_format (file_hdr, file_hdr->c_tar_linkname);
+- return;
+- }
++ return;
+ }
+ else
+ #endif
+@@ -650,10 +667,7 @@ copyin_link(struct cpio_file_stat *file_
+
+ if (archive_format != arf_tar && archive_format != arf_ustar)
+ {
+- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
+- link_name[file_hdr->c_filesize] = '\0';
+- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+- tape_skip_padding (in_file_des, file_hdr->c_filesize);
++ link_name = get_link_name (file_hdr, in_file_des);
+ }
+ else
+ {
+diff -Nurp cpio-2.11.orig/tests/Makefile.am cpio-2.11/tests/Makefile.am
+--- cpio-2.11.orig/tests/Makefile.am 2010-02-15 18:02:23.000000000 +0800
++++ cpio-2.11/tests/Makefile.am 2014-12-08 13:14:49.931545727 +0800
+@@ -52,6 +52,8 @@ TESTSUITE_AT = \
+ setstat04.at\
+ setstat05.at\
+ symlink.at\
++ symlink-bad-length.at\
++ symlink-long.at\
+ version.at
+
+ TESTSUITE = $(srcdir)/testsuite
+diff -Nurp cpio-2.11.orig/tests/symlink-bad-length.at cpio-2.11/tests/symlink-bad-length.at
+--- cpio-2.11.orig/tests/symlink-bad-length.at 1970-01-01 08:00:00.000000000 +0800
++++ cpio-2.11/tests/symlink-bad-length.at 2014-12-08 13:17:45.979538847 +0800
+@@ -0,0 +1,49 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++# Copyright (C) 2014 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
++# 02110-1301 USA.
++
++# Cpio v2.11 did segfault with badly set symlink length.
++# References:
++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
++
++AT_SETUP([symlink-bad-length])
++AT_KEYWORDS([symlink-long copyout])
++
++AT_DATA([ARCHIVE.base64],
++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
++])
++
++AT_CHECK([
++base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
++cpio -ntv < ARCHIVE
++test $? -eq 2
++],
++[0],
++[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE
++],[cpio: LINK: stored filename length too big
++cpio: premature end of file
++])
++
++AT_CLEANUP
+diff -Nurp cpio-2.11.orig/tests/symlink-long.at cpio-2.11/tests/symlink-long.at
+--- cpio-2.11.orig/tests/symlink-long.at 1970-01-01 08:00:00.000000000 +0800
++++ cpio-2.11/tests/symlink-long.at 2014-12-08 13:17:57.219538408 +0800
+@@ -0,0 +1,46 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++# Copyright (C) 2014 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3, or (at your option)
++# any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
++# 02110-1301 USA.
++
++# Cpio v2.11.90 changed the way symlink name is read from archive.
++# References:
++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
++
++AT_SETUP([symlink-long])
++AT_KEYWORDS([symlink-long copyout])
++
++AT_CHECK([
++
++# len(dirname) > READBUFSIZE
++dirname=
++for i in {1..52}; do
++ dirname="xxxxxxxxx/$dirname"
++ mkdir "$dirname"
++done
++ln -s "$dirname" x || AT_SKIP_TEST
++
++echo x | cpio -o > ar
++list=`cpio -tv < ar | sed 's|.*-> ||'`
++test "$list" = "$dirname" && echo success || echo fail
++],
++[0],
++[success
++],[2 blocks
++2 blocks
++])
++
++AT_CLEANUP
+diff -Nurp cpio-2.11.orig/tests/testsuite.at cpio-2.11/tests/testsuite.at
+--- cpio-2.11.orig/tests/testsuite.at 2010-02-15 18:02:23.000000000 +0800
++++ cpio-2.11/tests/testsuite.at 2014-12-08 13:15:13.515544805 +0800
+@@ -31,6 +31,8 @@ m4_include([version.at])
+
+ m4_include([inout.at])
+ m4_include([symlink.at])
++m4_include([symlink-bad-length.at])
++m4_include([symlink-long.at])
+ m4_include([interdir.at])
+
+ m4_include([setstat01.at])
diff --git a/meta/recipes-extended/cpio/cpio_2.11.bb b/meta/recipes-extended/cpio/cpio_2.11.bb
index 5f88b30..c42db6f 100644
--- a/meta/recipes-extended/cpio/cpio_2.11.bb
+++ b/meta/recipes-extended/cpio/cpio_2.11.bb
@@ -3,9 +3,10 @@ include cpio_v2.inc
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
-PR = "r4"
+PR = "r5"
SRC_URI += "file://remove-gets.patch \
+ file://fix-memory-overrun.patch \
"
SRC_URI[md5sum] = "1112bb6c45863468b5496ba128792f6c"
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 3/3] python: fix ssl import error
2014-12-15 17:10 [PATCH 0/3] Dizzy next Dec 15th V2 Armin Kuster
2014-12-15 17:10 ` [PATCH 1/3] cpio: fix bug CVE-2014-9112 for cpio-2.8 Armin Kuster
2014-12-15 17:10 ` [PATCH 2/3] cpio: fix bug CVE-2014-9112 for cpio-2.11 Armin Kuster
@ 2014-12-15 17:10 ` Armin Kuster
2014-12-31 10:26 ` Dizzy Merging Richard Purdie
3 siblings, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2014-12-15 17:10 UTC (permalink / raw)
To: openembedded-core
From: "Maxin B. John" <maxin.john@enea.com>
Fix this ssl import error:
Python 2.7.3 (default, Dec 5 2014, 16:24:17)
[GCC 4.9.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/ssl.py", line 92, in <module>
import base64 # for DER-to-PEM translation
ImportError: No module named base64
(From OE-Core rev: dfa34e70a4c7543dc67835c2e9a270ccd011ac72)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-devtools/python/python-2.7-manifest.inc | 2 +-
scripts/contrib/python/generate-manifest-2.7.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/python/python-2.7-manifest.inc b/meta/recipes-devtools/python/python-2.7-manifest.inc
index a8afe13..9a514b1 100644
--- a/meta/recipes-devtools/python/python-2.7-manifest.inc
+++ b/meta/recipes-devtools/python/python-2.7-manifest.inc
@@ -122,7 +122,7 @@ RDEPENDS_${PN}-importlib="${PN}-core"
FILES_${PN}-importlib="${libdir}/python2.7/importlib "
SUMMARY_${PN}-io="Python low-level I/O"
-RDEPENDS_${PN}-io="${PN}-core ${PN}-math ${PN}-textutils"
+RDEPENDS_${PN}-io="${PN}-core ${PN}-math ${PN}-textutils ${PN}-netclient"
FILES_${PN}-io="${libdir}/python2.7/lib-dynload/_socket.so ${libdir}/python2.7/lib-dynload/_io.so ${libdir}/python2.7/lib-dynload/_ssl.so ${libdir}/python2.7/lib-dynload/select.so ${libdir}/python2.7/lib-dynload/termios.so ${libdir}/python2.7/lib-dynload/cStringIO.so ${libdir}/python2.7/pipes.* ${libdir}/python2.7/socket.* ${libdir}/python2.7/ssl.* ${libdir}/python2.7/tempfile.* ${libdir}/python2.7/StringIO.* ${libdir}/python2.7/io.* ${libdir}/python2.7/_pyio.* "
SUMMARY_${PN}-json="Python JSON support"
diff --git a/scripts/contrib/python/generate-manifest-2.7.py b/scripts/contrib/python/generate-manifest-2.7.py
index 65486d8..21b874f 100755
--- a/scripts/contrib/python/generate-manifest-2.7.py
+++ b/scripts/contrib/python/generate-manifest-2.7.py
@@ -275,7 +275,7 @@ if __name__ == "__main__":
m.addPackage( "${PN}-image", "Python graphical image handling", "${PN}-core",
"colorsys.* imghdr.* lib-dynload/imageop.so lib-dynload/rgbimg.so" )
- m.addPackage( "${PN}-io", "Python low-level I/O", "${PN}-core ${PN}-math ${PN}-textutils",
+ m.addPackage( "${PN}-io", "Python low-level I/O", "${PN}-core ${PN}-math ${PN}-textutils ${PN}-netclient",
"lib-dynload/_socket.so lib-dynload/_io.so lib-dynload/_ssl.so lib-dynload/select.so lib-dynload/termios.so lib-dynload/cStringIO.so " +
"pipes.* socket.* ssl.* tempfile.* StringIO.* io.* _pyio.*" )
--
1.9.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* Dizzy Merging
2014-12-15 17:10 [PATCH 0/3] Dizzy next Dec 15th V2 Armin Kuster
` (2 preceding siblings ...)
2014-12-15 17:10 ` [PATCH 3/3] python: fix ssl import error Armin Kuster
@ 2014-12-31 10:26 ` Richard Purdie
2015-01-03 0:41 ` akuster808
3 siblings, 1 reply; 7+ messages in thread
From: Richard Purdie @ 2014-12-31 10:26 UTC (permalink / raw)
To: Armin Kuster; +Cc: openembedded-core
Hi Armin,
I've taken a look at the dizzy_1_7_1 branch and have merged a lot of
things. For bitbake, I took the patches into the 1.24 branch. There was
a patch missing for the PR server sync changes so I added that too,
otherwise the others didn't make sense.
For the OE-Core patches, the gcc sysroot poison one should not go in.
I'd also question the udev changes and the gcc shared work changes since
those were fairly significant changes with a lot more risk.
I've put the things I didn't take into
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=rpurdie/dizzy-next just so we can discuss them. We also need the other changes fror the buildtools change, those should go in together, I believe you already talked with Paul about that. We did manage a fairly green build on the autobuilder recently.
As you mentioned, we do need to sort out which changes make sense for
linux-yocto, I'm hoping Bruce can help advise on that. We may be cutting
things tight to have a build this weekend if we don't have those (so QA
could look at this next week).
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: Dizzy Merging
2014-12-31 10:26 ` Dizzy Merging Richard Purdie
@ 2015-01-03 0:41 ` akuster808
2015-01-06 14:01 ` Paul Eggleton
0 siblings, 1 reply; 7+ messages in thread
From: akuster808 @ 2015-01-03 0:41 UTC (permalink / raw)
To: Richard Purdie; +Cc: openembedded-core
On 12/31/2014 02:26 AM, Richard Purdie wrote:
> Hi Armin,
>
> I've taken a look at the dizzy_1_7_1 branch and have merged a lot of
> things. For bitbake, I took the patches into the 1.24 branch. There was
> a patch missing for the PR server sync changes so I added that too,
> otherwise the others didn't make sense.
>
ok.
> For the OE-Core patches, the gcc sysroot poison one should not go in.
> I'd also question the udev changes and the gcc shared work changes since
> those were fairly significant changes with a lot more risk.
no worries.
>
> I've put the things I didn't take into
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=rpurdie/dizzy-next just so we can discuss them. We also need the other changes fror the buildtools change, those should go in together, I believe you already talked with Paul about that. We did manage a fairly green build on the autobuilder recently.
>
I thought I included one of the two commits in my contrib branch.
http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?h=akuster/dizzy_1_7_1&id=e8a6adf0612fc6d9ca703237a3a5c630177c2f34
Am I pulling over the missing commit or are you going to pull them over
from Paul's request.
"The following changes since commit
1cf1edcd28a002291622d04dd2d0ee2c67e329e4:
buildtools-tarball: package all of Python (2014-12-11 16:34:01 +0000)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib
paule/dizzy-git-tools
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=paule/dizzy-git-tools
Jackie Huang (1):
packagegroup-self-hosted: add git-perltools
Paul Eggleton (1):
buildtools-tarball: restore missing git tools
"
> As you mentioned, we do need to sort out which changes make sense for
> linux-yocto, I'm hoping Bruce can help advise on that. We may be cutting
> things tight to have a build this weekend if we don't have those (so QA
> could look at this next week).
K.
Thanks,
Armin
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Dizzy Merging
2015-01-03 0:41 ` akuster808
@ 2015-01-06 14:01 ` Paul Eggleton
0 siblings, 0 replies; 7+ messages in thread
From: Paul Eggleton @ 2015-01-06 14:01 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Friday 02 January 2015 16:41:01 akuster808 wrote:
> On 12/31/2014 02:26 AM, Richard Purdie wrote:
> > For the OE-Core patches, the gcc sysroot poison one should not go in.
> > I'd also question the udev changes and the gcc shared work changes since
> > those were fairly significant changes with a lot more risk.
>
> no worries.
So, these patches are all still in your akuster/dizzy_1_7_1 branch. FWIW I
agree, these aren't really stable branch material as far as I can tell.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
^ permalink raw reply [flat|nested] 7+ messages in thread