From e4d46accbefb53042655cc9b476a20d56982ff91fce21bfe24e0e892eb4dcb7f Mon Sep 17 00:00:00 2001 From: Danilo Spinella Date: Wed, 18 Aug 2021 14:09:14 +0000 Subject: [PATCH] Accepting request 912911 from home:dspinella:cpio-emu - Fix regression in last update (bsc#1189465) * fix-CVE-2021-38185_2.patch * fix-CVE-2021-38185_3.patch OBS-URL: https://build.opensuse.org/request/show/912911 OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=87 --- cpio.changes | 7 +++++++ cpio.spec | 4 ++++ fix-CVE-2021-38185_2.patch | 36 ++++++++++++++++++++++++++++++++++++ fix-CVE-2021-38185_3.patch | 13 +++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 fix-CVE-2021-38185_2.patch create mode 100644 fix-CVE-2021-38185_3.patch diff --git a/cpio.changes b/cpio.changes index b8146b4..497bfc5 100644 --- a/cpio.changes +++ b/cpio.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Aug 18 13:23:34 UTC 2021 - Danilo Spinella + +- Fix regression in last update (bsc#1189465) + * fix-CVE-2021-38185_2.patch + * fix-CVE-2021-38185_3.patch + ------------------------------------------------------------------- Mon Aug 9 14:01:51 UTC 2021 - Danilo Spinella diff --git a/cpio.spec b/cpio.spec index 18d03f2..7bf3496 100644 --- a/cpio.spec +++ b/cpio.spec @@ -46,6 +46,8 @@ Patch25: cpio-fix_truncation_check.patch # PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1189206 # Remote code execution caused by an integer overflow in ds_fgetstr Patch26: fix-CVE-2021-38185.patch +Patch27: fix-CVE-2021-38185_2.patch +Patch28: fix-CVE-2021-38185_3.patch BuildRequires: autoconf BuildRequires: automake #Requires(post): %{xinstall_info_prereq} @@ -88,6 +90,8 @@ This package includes the 'mt', a local tape drive control program. %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 +%patch28 -p1 %build gettextize -f --no-changelog diff --git a/fix-CVE-2021-38185_2.patch b/fix-CVE-2021-38185_2.patch new file mode 100644 index 0000000..e14b91b --- /dev/null +++ b/fix-CVE-2021-38185_2.patch @@ -0,0 +1,36 @@ +From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Wed, 11 Aug 2021 18:10:38 +0300 +Subject: Fix previous commit + +* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a +loop. +--- + src/dstring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 692d3e7..b7e0bb5 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -64,7 +64,7 @@ void + ds_reset (dynamic_string *s, size_t len) + { + while (len > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + s->ds_idx = len; + } + +@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); + while (len + 1 > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +cgit v1.2.1 + diff --git a/fix-CVE-2021-38185_3.patch b/fix-CVE-2021-38185_3.patch new file mode 100644 index 0000000..098859e --- /dev/null +++ b/fix-CVE-2021-38185_3.patch @@ -0,0 +1,13 @@ +Index: cpio-2.13/src/dstring.c +=================================================================== +--- cpio-2.13.orig/src/dstring.c ++++ cpio-2.13/src/dstring.c +@@ -115,7 +115,7 @@ void + ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); +- while (len + 1 > s->ds_size) ++ while (len + s->ds_idx + 1 > s->ds_size) + s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len;