Commit Graph

15 Commits

Author SHA1 Message Date
Fabrice Fontaine
282654ba47 package/cpio: add CPIO_CPE_ID_VENDOR
cpe:2.3🅰️gnu:cpio is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Agnu%3Acpio

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-18 21:49:00 +01:00
Fabrice Fontaine
0428b87a6a package/cpio: fix build with gcc 10
Fixes:
 - http://autobuild.buildroot.org/results/22fefd9774cbd6648d67f29826f47f1978e9c069

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-08-13 21:59:36 +02:00
Bernd Kuhls
6c1e4d98f3 package/cpio: security bump to version 2.13
Removed patch fixing CVE-2016-2037 which was applied upstream.

This release fixes CVE-2015-1197, CVE-2016-2037, CVE-2019-14866.

Switched to .bz2 tarball.
Added hashes provided by upstream and license hash.

Release notes:
https://lists.gnu.org/archive/html/info-gnu/2019-11/msg00002.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-01-05 21:30:05 +01:00
Yann E. MORIN
48f2f4dd8e package/cpio: add host version
The latest cpio has a --reproducible option, which may come handy when
we try to, well, be reproducible...

Reported-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Atharva: don't force --bindir, as noticed by Arnout]
Signed-off-by: Atharva Lele <itsatharva@gmail.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Atharva Lele <itsatharva@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-17 08:47:34 +02:00
Yann E. MORIN
aec0e84de7 package/busybox: invert dependency with cpio
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-07-08 13:08:05 +02:00
Adam Duskett
e22b287ca7 package/c*/Config.in: fix ordering of statements
The check-package script when ran gives warnings on ordering issues
on all of these Config files.  This patch cleans up all warnings
related to the ordering in the Config files for packages starting with
the letter c in the package directory.

The appropriate ordering is: type, default, depends on, select, help
See http://nightly.buildroot.org/#_config_files for more information.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-29 21:12:10 +02:00
Rahul Bedarkar
337aa51f3f boot, package: use SPDX short identifier for GPLv3/GPLv3+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:17:59 +02:00
Brian Redbeard
0f3627a91f package/cpio: Fix GNU Mirror Path
Replacing ftpmirror.gnu.org with BR2_GNU_MIRROR variable

Signed-off-by: Brian 'redbeard' Harrington <redbeard@coreos.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 19:13:47 +01:00
Gustavo Zacarias
527b7b1153 cpio: add security patch to fix CVE-2016-2037
Fixes:
CVE-2016-2037 - The cpio_safer_name_suffix function in util.c in cpio
2.11 allows remote attackers to cause a denial of service (out-of-bounds
write) via a crafted cpio file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 15:05:59 +01:00
Gustavo Zacarias
63eaed6498 cpio: install to /bin and after busybox
As the usual rule consider full-blown packages superior to busybox,
hence build after it.
Also install cpio to /bin to override the busybox-provided one.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-02 16:33:07 +02:00
Gustavo Zacarias
845d71c65f cpio: bump to version 2.12
All patches upstream so drop them.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-02 16:32:56 +02:00
Romain Naour
f70c58c2c7 package/cpio: remove useless comment
This comment is about host-cpio which hasn't
been added in Buildroot.

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-08-08 11:16:30 +02:00
Romain Naour
7d53040f33 package/cpio: add argp-standalone dependency with musl
Since argp-standalone is only available for uClibc-ng
and musl toolchains, add the dependendy only if it's
selected.

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-08-08 11:16:04 +02:00
Thomas Petazzoni
6c7d490558 cpio: needs wchar support
Spotted during package review/testing, but forgot to squash it in the
original patch.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-18 19:20:49 +02:00
Clayton Shotwell
03d3df31f8 cpio: new package
Adding the cpio archive utility for the target and host. Patches have
been pulled from ArchLinux and Gentoo to fix CVE issues and compile
issues.

[Thomas: remove host variant of the package, as discussed during the
review of earlier version.]

Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-18 17:43:19 +02:00