[OE-core] [PATCH 0/2] cpio: backport patch of CVE-2014-9112
Bian Naimeng
biannm at cn.fujitsu.com
Mon Dec 8 05:45:05 UTC 2014
cpio: Fix memory overrun on reading improperly created link records
Signed-off-by: Bian Naimeng <biannm at cn.fujitsu.com>
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
* src/copyin.c (get_link_name): New function.
(list_file, copyin_link): use get_link_name
* tests/symlink-bad-length.at: New file.
* tests/symlink-long.at: New file.
* tests/Makefile.am: Add new files.
* tests/testsuite.at: Likewise.
See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
Upstream-Status: Backport
Signed-off-by: Sergey Poznyakoff <gray at gnu.org.ua>
Bian Naimeng (2):
cpio: fix bug CVE-2014-9112 for cpio-2.8
cpio: fix bug CVE-2014-9112 for cpio-2.11
.../cpio/cpio-2.11/fix-memory-overrun.patch | 220 +++++++++++++++++++++
.../cpio/cpio-2.8/fix-memory-overrun.patch | 217 ++++++++++++++++++++
meta/recipes-extended/cpio/cpio_2.11.bb | 3 +-
meta/recipes-extended/cpio/cpio_2.8.bb | 7 +-
4 files changed, 443 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-extended/cpio/cpio-2.11/fix-memory-overrun.patch
create mode 100644 meta/recipes-extended/cpio/cpio-2.8/fix-memory-overrun.patch
--
1.9.1
More information about the Openembedded-core
mailing list