The bosybox version of tar in sumo considers symlink targets that start
with / or with ../ to be unsafe and refuses to unpack them unless the
EXTRACT_UNSAFE_SYMLINKS environment variable is set to 1.
As even many core packages legitimately contain such links (e.g.
coreutils-locale-*, dropbear, eudev, initscripts, kmod, ...), add the
environment variable to the remote script.
---
scripts/lib/devtool/deploy.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/scripts/lib/devtool/deploy.py b/scripts/lib/devtool/deploy.py
index f345f31b7b..dc9b34e0ee 100644
--- a/scripts/lib/devtool/deploy.py
+++ b/scripts/lib/devtool/deploy.py
@@ -114,6 +114,11 @@ def _prepare_remote_script(deploy, verbose=False,
dryrun=False, undeployall=Fals
lines.append('rm $3')
lines.append('mkdir -p `dirname $manifest`')
lines.append('mkdir -p $2')
+ # Busybox tar v1.28.x (plus v1.27.2 with the CVE-2011-5325 patch)
+ # requires this env variable. The first release without this issue
+ # is thud.
+ # FIXME Remove once sumo goes out of support
+ lines.append('export EXTRACT_UNSAFE_SYMLINKS=1')
if verbose:
lines.append(' tar xv -C $2 -f - | tee $manifest')
else:
--
2.11.0
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
