Fixes:
CVE-2016-2037 - The cpio_safer_name_suffix function in util.c in cpio
2.11 allows remote attackers to cause a denial of service (out-of-bounds
write) via a crafted cpio file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
As the usual rule consider full-blown packages superior to busybox,
hence build after it.
Also install cpio to /bin to override the busybox-provided one.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This comment is about host-cpio which hasn't
been added in Buildroot.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since argp-standalone is only available for uClibc-ng
and musl toolchains, add the dependendy only if it's
selected.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Spotted during package review/testing, but forgot to squash it in the
original patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Adding the cpio archive utility for the target and host. Patches have
been pulled from ArchLinux and Gentoo to fix CVE issues and compile
issues.
[Thomas: remove host variant of the package, as discussed during the
review of earlier version.]
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>