rpm/cpio
SHA256
1
0
Fork 0
forked from pool/cpio
Code Pull Requests Activity

Accepting request 912911 from home:dspinella:cpio-emu

Browse Source 
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
  * fix-CVE-2021-38185_3.patch

OBS-URL: https://build.opensuse.org/request/show/912911
OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=87
This commit is contained in:
Danilo Spinella 2021-08-18 14:09:14 +00:00 committed by Git OBS Bridge
parent 96da60c42f
commit e4d46accbe
4 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cpio.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Aug 18 13:23:34 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
- Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
* fix-CVE-2021-38185_3.patch
-------------------------------------------------------------------
Mon Aug 9 14:01:51 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

4
cpio.spec
View File

@ -46,6 +46,8 @@ Patch25: cpio-fix_truncation_check.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1189206
# Remote code execution caused by an integer overflow in ds_fgetstr
Patch26: fix-CVE-2021-38185.patch
Patch27: fix-CVE-2021-38185_2.patch
Patch28: fix-CVE-2021-38185_3.patch
BuildRequires: autoconf
BuildRequires: automake
#Requires(post): %{xinstall_info_prereq}
@ -88,6 +90,8 @@ This package includes the 'mt', a local tape drive control program.
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%build
gettextize -f --no-changelog

36
fix-CVE-2021-38185_2.patch Normal file
View File

@ -0,0 +1,36 @@
From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Wed, 11 Aug 2021 18:10:38 +0300
Subject: Fix previous commit
* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a
loop.
---
src/dstring.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/dstring.c b/src/dstring.c
index 692d3e7..b7e0bb5 100644
--- a/src/dstring.c
+++ b/src/dstring.c
@@ -64,7 +64,7 @@ void
ds_reset (dynamic_string *s, size_t len)
{
while (len > s->ds_size)
- ds_resize (s);
+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
s->ds_idx = len;
}
@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str)
{
size_t len = strlen (str);
while (len + 1 > s->ds_size)
- ds_resize (s);
+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
memcpy (s->ds_string + s->ds_idx, str, len);
s->ds_idx += len;
s->ds_string[s->ds_idx] = 0;
--
cgit v1.2.1

13
fix-CVE-2021-38185_3.patch Normal file
View File

@ -0,0 +1,13 @@
Index: cpio-2.13/src/dstring.c
===================================================================
--- cpio-2.13.orig/src/dstring.c
+++ cpio-2.13/src/dstring.c
@@ -115,7 +115,7 @@ void
ds_concat (dynamic_string *s, char const *str)
{
size_t len = strlen (str);
- while (len + 1 > s->ds_size)
+ while (len + s->ds_idx + 1 > s->ds_size)
s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
memcpy (s->ds_string + s->ds_idx, str, len);
s->ds_idx += len;