On Wed, Jul 13, 2022 at 9:55 AM Andrei Gherzan <[email protected]> wrote: > > On Wed, 13 Jul 2022, at 13:56, Bruce Ashfield wrote: > > On Wed, Jul 13, 2022 at 6:24 AM Andrei Gherzan <[email protected]> wrote: > >> > >> On Tue, 12 Jul 2022, at 15:17, Andrei Gherzan wrote: > >> > From: Andrei Gherzan <[email protected]> > >> > > >> > Signed-off-by: Andrei Gherzan <[email protected]> > >> > --- > >> > ...-Fix-buffer-overflow-on-workdir-path.patch | 32 ------------------- > >> > ...erlayfs_0.6.4.bb => fuse-overlayfs_1.9.bb} | 7 ++-- > >> > 2 files changed, 2 insertions(+), 37 deletions(-) > >> > delete mode 100644 > >> > recipes-extended/fuse-overlayfs/fuse-overlayfs/0001-Fix-buffer-overflow-on-workdir-path.patch > >> > rename recipes-extended/fuse-overlayfs/{fuse-overlayfs_0.6.4.bb => > >> > fuse-overlayfs_1.9.bb} (60%) > >> > > >> > diff --git > >> > a/recipes-extended/fuse-overlayfs/fuse-overlayfs/0001-Fix-buffer-overflow-on-workdir-path.patch > >> > b/recipes-extended/fuse-overlayfs/fuse-overlayfs/0001-Fix-buffer-overflow-on-workdir-path.patch > >> > deleted file mode 100644 > >> > index 129423d..0000000 > >> > --- > >> > a/recipes-extended/fuse-overlayfs/fuse-overlayfs/0001-Fix-buffer-overflow-on-workdir-path.patch > >> > +++ /dev/null > >> > @@ -1,32 +0,0 @@ > >> > -From 7e5992d6121aed0cfcbfaf70472f28d87cff1426 Mon Sep 17 00:00:00 2001 > >> > -From: Andrei Gherzan <[email protected]> > >> > -Date: Mon, 11 Jul 2022 20:36:06 +0200 > >> > -Subject: [PATCH] Fix buffer overflow on workdir path > >> > - > >> > -We make sure that the path used for workdir is reallocated before > >> > -appending. This was initially included in upstream as part of > >> > -https://github.com/containers/fuse-overlayfs/commit/d5b725b6f18a437db66bfc1456d04c3bf658f66a. > >> > - > >> > -Signed-off-by: Andrei Gherzan <[email protected]> > >> > -Upstream-Status: Backport > >> > ---- > >> > - main.c | 3 +++ > >> > - 1 file changed, 3 insertions(+) > >> > - > >> > -diff --git a/main.c b/main.c > >> > -index e5bdda1..118a6cb 100644 > >> > ---- a/main.c > >> > -+++ b/main.c > >> > -@@ -5039,6 +5039,9 @@ main (int argc, char *argv[]) > >> > - if (path == NULL) > >> > - goto err_out1; > >> > - mkdir (path, 0700); > >> > -+ path = realloc(path, strlen(path)+strlen("/work")+1); > >> > -+ if (!path) > >> > -+ error (EXIT_FAILURE, errno, "allocating workdir path"); > >> > - strcat (path, "/work"); > >> > - mkdir (path, 0700); > >> > - free (lo.workdir); > >> > --- > >> > -2.25.1 > >> > - > >> > diff --git a/recipes-extended/fuse-overlayfs/fuse-overlayfs_0.6.4.bb > >> > b/recipes-extended/fuse-overlayfs/fuse-overlayfs_1.9.bb > >> > similarity index 60% > >> > rename from recipes-extended/fuse-overlayfs/fuse-overlayfs_0.6.4.bb > >> > rename to recipes-extended/fuse-overlayfs/fuse-overlayfs_1.9.bb > >> > index 4f793bd..18e9dfa 100644 > >> > --- a/recipes-extended/fuse-overlayfs/fuse-overlayfs_0.6.4.bb > >> > +++ b/recipes-extended/fuse-overlayfs/fuse-overlayfs_1.9.bb > >> > @@ -5,11 +5,8 @@ containers." > >> > LICENSE = "GPL-3.0-or-later" > >> > LIC_FILES_CHKSUM = > >> > "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" > >> > > >> > -SRCREV = "098d9ad79fdbb8538adde08628408aa32a8b4b17" > >> > -SRC_URI = " \ > >> > - > >> > git://github.com/containers/fuse-overlayfs.git;nobranch=1;protocol=https > >> > \ > >> > - file://0001-Fix-buffer-overflow-on-workdir-path.patch \ > >> > -" > >> > +SRCREV = "51592ea406f48faeccab288f65dcba6c4a67cd90" > >> > +SRC_URI = > >> > "git://github.com/containers/fuse-overlayfs.git;nobranch=1;protocol=https" > >> > > >> > DEPENDS = "fuse3" > >> > > >> > -- > >> > 2.25.1 > >> > >> Stand by for a v2 on this one. It needs a musl fix. Also, do you see any > >> issues in using 1.9 vs 1.9.0 as a version? They both are semver compliant. > > > > Ack'd. Holding on the queueing of the change. > > > > I don't see a problem, I typically just follow whatever the project is > > either putting in the README or their git tags. > > > > I just did a check, and indeed, they go with v1.9 and then start > > adding the .x after that .. so v1.9 is fine with me. > > Sounds good. I've sent the v2 here > https://lists.yoctoproject.org/g/meta-virtualization/message/7455 but I > forgot the v2 subject mention. I can resend it if needed. >
I see it, we are good! Bruce > Andrei -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7457): https://lists.yoctoproject.org/g/meta-virtualization/message/7457 Mute This Topic: https://lists.yoctoproject.org/mt/92333794/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
