Accepting request 360528 from home:kstreitova:branches:Archiving

- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds write in a way cpio parses certain cpio files [bsc#963448], [CVE-2016-2037] OBS-URL: https://build.opensuse.org/request/show/360528 OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=58
2016-02-19 16:42:39 +00:00 · 2016-02-19 16:42:39 +00:00 · 390a0b27a2
commit 390a0b27a2
parent d47d4b1312
3 changed files with 48 additions and 1 deletions
--- a/cpio-2.12-out_of_bounds_write.patch
+++ b/cpio-2.12-out_of_bounds_write.patch
@ -0,0 +1,38 @@
+* src/copyin.c (process_copy_in):  Make sure that file_hdr.c_name
+has at least two bytes allocated.
+* src/util.c (cpio_safer_name_suffix): Document that use of this
+function requires to be careful.
+---
+ src/copyin.c | 2 ++
+ src/util.c   | 5 ++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: cpio-2.12/src/copyin.c
+===================================================================
+--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
+@@ -1434,6 +1434,8 @@ process_copy_in ()
+ 	  break;
+ 	}
+ 
+      if (file_hdr.c_namesize <= 1)
+        file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
+       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+ 			      false);
+       
+Index: cpio-2.12/src/util.c
+===================================================================
+--- cpio-2.12.orig/src/util.c
+++ cpio-2.12/src/util.c
+@@ -1460,7 +1460,10 @@ set_file_times (int fd,
+ }
+ 
+ /* Do we have to ignore absolute paths, and if so, does the filename
+-   have an absolute path?  */
+   have an absolute path?
+   Before calling this function make sure that the allocated NAME buffer has
+   capacity at least 2 bytes to allow us to store the "." string inside.  */
+
+ void
+ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
+ 			bool strip_leading_dots)
--- a/cpio.changes
+++ b/cpio.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Feb 19 15:47:00 UTC 2016 - kstreitova@suse.com
+
+- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
+  write in a way cpio parses certain cpio files [bsc#963448],
+  [CVE-2016-2037]
+
 -------------------------------------------------------------------
 Thu Oct  8 11:57:19 UTC 2015 - kstreitova@suse.com

--- a/cpio.spec
+++ b/cpio.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cpio
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -43,6 +43,7 @@ Patch23:        paxutils-rtapelib_mtget.patch
 Patch24:        cpio-check_for_symlinks.patch
 Patch25:        cpio-fix_truncation_check.patch
 Patch26:        cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch
+Patch27:        cpio-2.12-out_of_bounds_write.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 Requires(post): %{install_info_prereq}
@ -79,6 +80,7 @@ provided by cpio, install the 'dump' package as well.
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
+%patch27 -p1
 #chmod 755 .
 #chmod u+w *
 #chmod a+r *