SHA256
3
0
forked from pool/cpio

Accepting request 833785 from Archiving

OBS-URL: https://build.opensuse.org/request/show/833785
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cpio?expand=0&rev=60
This commit is contained in:
Dominique Leuenberger 2020-09-18 12:26:24 +00:00 committed by Git OBS Bridge
commit 758e099b00
21 changed files with 156 additions and 578 deletions

View File

@ -1,317 +0,0 @@
From 7554e3e42cd72f6f8304410c47fe6f8918e9bfd7 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Sun, 3 Nov 2019 23:59:39 +0200
Subject: Fix CVE-2019-14866
* src/copyout.c (to_ascii): Additional argument nul controls whether
to add the terminating nul character.
(field_width_error): Improve diagnostics: print the actual and the
maximum allowed field value.
* src/extern.h (to_ascii, field_width_error): New prototypes.
* src/tar.c (to_oct): Remove.
(to_oct_or_error): New function.
(TO_OCT): New macro.
(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on
success, 1 on error.
---
src/copyout.c | 49 ++++++++++++++++++++++++----------------
src/extern.h | 15 +++++++++++--
src/tar.c | 72 +++++++++++++++++++++++++++--------------------------------
3 files changed, 76 insertions(+), 60 deletions(-)
Index: cpio-2.12/src/copyout.c
===================================================================
--- cpio-2.12.orig/src/copyout.c
+++ cpio-2.12/src/copyout.c
@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)
so it should be moved to paxutils too.
Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
int
-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)
{
static char codetab[] = "0123456789ABCDEF";
- int i = digits;
-
- do
+
+ if (nul)
+ where[--digits] = 0;
+ while (digits > 0)
{
- where[--i] = codetab[(v & ((1 << logbase) - 1))];
+ where[--digits] = codetab[(v & ((1 << logbase) - 1))];
v >>= logbase;
}
- while (i);
return v != 0;
}
-static void
-field_width_error (const char *filename, const char *fieldname)
+void
+field_width_error (const char *filename, const char *fieldname,
+ uintmax_t value, size_t width, bool nul)
{
- error (0, 0, _("%s: field width not sufficient for storing %s"),
- filename, fieldname);
+ char valbuf[UINTMAX_STRSIZE_BOUND + 1];
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
+ filename, fieldname,
+ STRINGIFY_BIGINT (value, valbuf),
+ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
+ maxbuf));
}
static void
@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t
unsigned logbase,
const char *filename, const char *fieldname)
{
- if (to_ascii (where, n, digits, logbase))
+ if (to_ascii (where, n, digits, logbase, false))
field_width_warning (filename, fieldname);
}
@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_
unsigned logbase,
const char *filename, const char *fieldname)
{
- if (to_ascii (where, n, digits, logbase))
+ if (to_ascii (where, n, digits, logbase, false))
{
- field_width_error (filename, fieldname);
+ field_width_error (filename, fieldname, n, digits, false);
return 1;
}
return 0;
@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *
_("name size")))
return 1;
p += 8;
- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
+ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);
tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, d
char ascii_header[76];
char *p = ascii_header;
- to_ascii (p, file_hdr->c_magic, 6, LG_8);
+ to_ascii (p, file_hdr->c_magic, 6, LG_8, false);
p += 6;
to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
p += 6;
@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,
short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;
if (short_hdr.c_namesize != file_hdr->c_namesize)
{
- field_width_error (file_hdr->c_name, _("name size"));
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"),
+ file_hdr->c_name, _("name size"),
+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);
return 1;
}
@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,
if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]
!= file_hdr->c_filesize)
{
- field_width_error (file_hdr->c_name, _("file size"));
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"),
+ file_hdr->c_name, _("file size"),
+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);
return 1;
}
@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat
error (0, 0, _("%s: file name too long"), file_hdr->c_name);
return 1;
}
- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */
- return 0;
+ return write_out_tar_header (file_hdr, out_des);
case arf_binary:
return write_out_binary_header (makedev (file_hdr->c_rdev_maj,
Index: cpio-2.12/src/extern.h
===================================================================
--- cpio-2.12.orig/src/extern.h
+++ cpio-2.12/src/extern.h
@@ -118,6 +118,10 @@ void print_name_with_quoting (char *p);
/* copyout.c */
int write_out_header (struct cpio_file_stat *file_hdr, int out_des);
void process_copy_out (void);
+int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,
+ bool nul);
+void field_width_error (const char *filename, const char *fieldname,
+ uintmax_t value, size_t width, bool nul);
/* copypass.c */
void process_copy_pass (void);
@@ -146,7 +150,7 @@ int make_path (char *argpath, uid_t owne
const char *verbose_fmt_string);
/* tar.c */
-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
+int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
int null_block (long *block, int size);
void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);
int otoa (char *s, unsigned long *n);
@@ -205,9 +209,16 @@ void cpio_safer_name_suffix (char *name,
int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);
void change_dir (void);
-/* FIXME: These two defines should be defined in paxutils */
+/* FIXME: The following three should be defined in paxutils */
#define LG_8 3
#define LG_16 4
+/* The maximum uintmax_t value that can be represented with DIGITS digits,
+ assuming that each digit is BITS_PER_DIGIT wide. */
+#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \
+ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \
+ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \
+ : (uintmax_t) -1)
+
uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);
Index: cpio-2.12/src/tar.c
===================================================================
--- cpio-2.12.orig/src/tar.c
+++ cpio-2.12/src/tar.c
@@ -1,6 +1,5 @@
/* tar.c - read in write tar headers for cpio
- Copyright (C) 1992, 2001, 2004, 2006-2007, 2010, 2014-2015 Free
- Software Foundation, Inc.
+ Copyright (C) 1992-2019 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -79,36 +78,17 @@ stash_tar_filename (char *prefix, char *
return hold_tar_filename;
}
-/* Convert a number into a string of octal digits.
- Convert long VALUE into a DIGITS-digit field at WHERE,
- including a trailing space and room for a NUL. DIGITS==3 means
- 1 digit, a space, and room for a NUL.
-
- We assume the trailing NUL is already there and don't fill it in.
- This fact is used by start_header and finish_header, so don't change it!
-
- This is be equivalent to:
- sprintf (where, "%*lo ", digits - 2, value);
- except that sprintf fills in the trailing NUL and we don't. */
-
-static void
-to_oct (register long value, register int digits, register char *where)
+static int
+to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field,
+ char const *file)
{
- --digits; /* Leave the trailing NUL slot alone. */
-
- /* Produce the digits -- at least one. */
- do
+ if (to_ascii (where, value, digits, LG_8, true))
{
- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */
- value >>= 3;
+ field_width_error (file, field, value, digits, true);
+ return 1;
}
- while (digits > 0 && value != 0);
-
- /* Add leading zeroes, if necessary. */
- while (digits > 0)
- where[--digits] = '0';
+ return 0;
}
-
/* Compute and return a checksum for TAR_HDR,
@@ -134,10 +114,22 @@ tar_checksum (struct tar_header *tar_hdr
return sum;
}
+#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \
+ do \
+ { \
+ if (to_oct_or_error (file_hdr -> c_fld, \
+ digits, \
+ tar_hdr -> tar_field, \
+ #tar_field, \
+ file_hdr->c_name)) \
+ return 1; \
+ } \
+ while (0)
+
/* Write out header FILE_HDR, including the file name, to file
descriptor OUT_DES. */
-void
+int
write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
{
int name_len;
@@ -166,11 +158,11 @@ write_out_tar_header (struct cpio_file_s
/* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal
digits */
- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);
- to_oct (file_hdr->c_uid, 8, tar_hdr->uid);
- to_oct (file_hdr->c_gid, 8, tar_hdr->gid);
- to_oct (file_hdr->c_filesize, 12, tar_hdr->size);
- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);
+ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode);
+ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid);
+ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid);
+ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size);
+ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime);
switch (file_hdr->c_mode & CP_IFMT)
{
@@ -182,7 +174,7 @@ write_out_tar_header (struct cpio_file_s
strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
TARLINKNAMESIZE);
tar_hdr->typeflag = LNKTYPE;
- to_oct (0, 12, tar_hdr->size);
+ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
}
else
tar_hdr->typeflag = REGTYPE;
@@ -208,7 +200,7 @@ write_out_tar_header (struct cpio_file_s
than TARLINKNAMESIZE. */
strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
TARLINKNAMESIZE);
- to_oct (0, 12, tar_hdr->size);
+ to_ascii (tar_hdr->size, 0, 12, LG_8, true);
break;
#endif /* CP_IFLNK */
}
@@ -227,13 +219,15 @@ write_out_tar_header (struct cpio_file_s
if (name)
strcpy (tar_hdr->gname, name);
- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);
- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);
+ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor);
+ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor);
}
- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);
+ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true);
tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);
+
+ return 0;
}
/* Return nonzero iff all the bytes in BLOCK are NUL.

View File

@ -1,49 +0,0 @@
* src/copyin.c (process_copy_in): Make sure that file_hdr.c_name
has at least two bytes allocated.
* src/util.c (cpio_safer_name_suffix): Document that use of this
function requires to be careful.
---
src/copyin.c | 2 ++
src/util.c | 5 ++++-
2 files changed, 6 insertions(+), 1 deletion(-)
Index: cpio-2.12/src/copyin.c
===================================================================
--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
@@ -1433,6 +1433,18 @@ process_copy_in ()
break;
}
+ /* Fix for CVE-2016-2037 (bsc#963448) and resultant regression (bsc#1028410).
+ For tar and ustar archive formats, file_hdr.c_namesize is not defined and
+ file_hdr.c_name uses static memory. Therefore we can't rely on
+ file_hdr.c_namesize and we can't realloc memory for these archive types.
+ However the patch is still correct for CVE-2016-2037 (we have to be sure
+ that the allocated NAME buffer has a capacity at least 2 bytes to allow
+ us to store the "." string inside) as static char array for tar and ustar
+ has size 2 at least (see tar.c:stash_tar_filename()).
+ */
+ if (archive_format != arf_tar && archive_format != arf_ustar
+ && file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
Index: cpio-2.12/src/util.c
===================================================================
--- cpio-2.12.orig/src/util.c
+++ cpio-2.12/src/util.c
@@ -1460,7 +1460,10 @@ set_file_times (int fd,
}
/* Do we have to ignore absolute paths, and if so, does the filename
- have an absolute path? */
+ have an absolute path?
+ Before calling this function make sure that the allocated NAME buffer has
+ capacity at least 2 bytes to allow us to store the "." string inside. */
+
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)

View File

@ -1,12 +0,0 @@
Index: cpio-2.12/src/util.c
===================================================================
--- cpio-2.12.orig/src/util.c
+++ cpio-2.12/src/util.c
@@ -812,6 +812,7 @@ get_inode_and_dev (struct cpio_file_stat
hdr->c_dev_maj = major (st->st_dev);
hdr->c_dev_min = minor (st->st_dev);
}
+ return 0;
}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e
size 1258605

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlX0Dh4ACgkQNgKwf1XQxzLTigCeO+MKFk1BRjca0CU1jaYwC5y7
qOcAnAy9Th86/Do4aIy12NoJxlMDDF2X
=jXgF
-----END PGP SIGNATURE-----

3
cpio-2.13.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d
size 1354559

7
cpio-2.13.tar.bz2.sig Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iEYEABECAAYFAl3CgW4ACgkQNgKwf1XQxzInuACdFx2CwRnphQ5Zka2zFicnNNCX
3z4AoIQeYZNDDyJoOzIYvKuNrFePJ4hG
=InYG
-----END PGP SIGNATURE-----

View File

@ -1,150 +0,0 @@
Index: cpio-2.12/src/copyin.c
===================================================================
--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file
free (link_name);
}
+
+static int
+path_contains_symlink(char *path)
+{
+ struct stat st;
+ char *slash;
+ char *nextslash;
+
+ /* we got NULL pointer or empty string */
+ if (!path || !*path) {
+ return false;
+ }
+
+ slash = path;
+
+ while ((nextslash = strchr(slash + 1, '/')) != NULL) {
+ slash = nextslash;
+ *slash = '\0';
+
+ if (lstat(path, &st) != 0) {
+ if (errno == ELOOP) {
+ /* ELOOP - too many symlinks */
+ *slash = '/';
+ return true;
+ } else if (errno == ENOMEM) {
+ /* No memory for lstat - terminate */
+ xalloc_die();
+ } else {
+ /* cannot lstat path - give up */
+ *slash = '/';
+ return false;
+ }
+ }
+
+ if (S_ISLNK(st.st_mode)) {
+ *slash = '/';
+ return true;
+ }
+
+ *slash = '/';
+ }
+
+ return false;
+}
+
static void
copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
{
@@ -1474,6 +1519,23 @@ process_copy_in ()
{
/* Copy the input file into the directory structure. */
+ /* Can we write files over symlinks? */
+ if (!extract_over_symlinks)
+ {
+ if (path_contains_symlink(file_hdr.c_name))
+ {
+ /* skip the file */
+ /*
+ fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
+ tape_toss_input (in_file_des, file_hdr.c_filesize);
+ tape_skip_padding (in_file_des, file_hdr.c_filesize);
+ continue;
+ */
+ /* terminate */
+ error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
+ }
+ }
+
/* Do we need to rename the file? */
if (rename_flag || rename_batch_file)
{
Index: cpio-2.12/src/global.c
===================================================================
--- cpio-2.12.orig/src/global.c
+++ cpio-2.12/src/global.c
@@ -187,6 +187,9 @@ bool to_stdout_option = false;
/* The name this program was run with. */
char *program_name;
+/* Extract files over symbolic links */
+bool extract_over_symlinks;
+
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();
Index: cpio-2.12/src/main.c
===================================================================
--- cpio-2.12.orig/src/main.c
+++ cpio-2.12/src/main.c
@@ -59,6 +59,7 @@ enum cpio_options {
DEBUG_OPTION,
BLOCK_SIZE_OPTION,
TO_STDOUT_OPTION,
+ EXTRACT_OVER_SYMLINKS,
RENUMBER_INODES_OPTION,
IGNORE_DEVNO_OPTION,
DEVICE_INDEPENDENT_OPTION
@@ -243,6 +244,8 @@ static struct argp_option options[] = {
N_("Create leading directories where needed"), GRID+1 },
{"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
N_("Do not change the ownership of the files"), GRID+1 },
+ {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
+ N_("Force writing over symbolic links"), GRID+1 },
{"unconditional", 'u', NULL, 0,
N_("Replace all files unconditionally"), GRID+1 },
{"sparse", SPARSE_OPTION, NULL, 0,
@@ -433,6 +436,10 @@ crc newc odc bin ustar tar (all-caps als
no_chown_flag = true;
break;
+ case EXTRACT_OVER_SYMLINKS: /* --extract-over-symlinks */
+ extract_over_symlinks = true;
+ break;
+
case 'o': /* Copy-out mode. */
if (copy_function != 0)
USAGE_ERROR ((0, 0, _("Mode already defined")));
Index: cpio-2.12/src/extern.h
===================================================================
--- cpio-2.12.orig/src/extern.h
+++ cpio-2.12/src/extern.h
@@ -96,6 +96,7 @@ extern char input_is_special;
extern char output_is_special;
extern char input_is_seekable;
extern char output_is_seekable;
+extern bool extract_over_symlinks;
extern int (*xstat) ();
extern void (*copy_function) ();
extern char *change_directory_option;
Index: cpio-2.12/doc/cpio.1
===================================================================
--- cpio-2.12.orig/doc/cpio.1
+++ cpio-2.12/doc/cpio.1
@@ -50,6 +50,7 @@ cpio \- copy files to and from archives
[\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR]
[\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR]
[\fB\-\-rsh\-command=\fICOMMAND\fR]
+[\fB\-\-extract\-over\-symlinks\fR]
[\fIpattern\fR...] [\fB<\fR \fIarchive\fR]
.B cpio

View File

@ -1,10 +1,10 @@
Index: src/copyin.c
===================================================================
--- src/copyin.c.orig 2010-08-10 16:45:19.000000000 +0200
+++ src/copyin.c 2010-08-10 16:45:19.000000000 +0200
@@ -1485,6 +1485,19 @@ process_copy_in ()
--- src/copyin.c.orig
+++ src/copyin.c
@@ -1420,6 +1420,19 @@ process_copy_in ()
apply_delayed_set_stat ();
cpio_file_stat_free (&file_hdr);
+ if (tty_in)
+ {

View File

@ -2,7 +2,7 @@ Index: src/mt.c
===================================================================
--- src/mt.c.orig
+++ src/mt.c
@@ -413,11 +413,18 @@ parse_opt (int key, char *arg, struct ar
@@ -225,11 +225,18 @@ parse_opt (int key, char *arg, struct ar
{
tapedev = getenv ("TAPE");
if (tapedev == NULL)

View File

@ -1,6 +1,8 @@
--- src/copyin.c 2008-07-11 13:20:27.000000000 +0200
+++ src/copyin.c 2008-07-18 10:55:58.000000000 +0200
@@ -1269,15 +1269,15 @@
Index: src/copyin.c
===================================================================
--- src/copyin.c.orig
+++ src/copyin.c
@@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *f
swab_array ((char *) short_hdr, 13);
}
@ -19,4 +21,4 @@
+ file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);
file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
| short_hdr->c_mtimes[1];
file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16

View File

@ -36,7 +36,7 @@ Index: src/util.c
}
else
break;
@@ -842,6 +856,40 @@ tape_offline (int tape_des)
@@ -829,6 +843,40 @@ tape_offline (int tape_des)
#endif
}

View File

@ -1,8 +1,8 @@
Index: cpio-2.11/src/mt.c
Index: cpio-2.13/src/mt.c
===================================================================
--- cpio-2.11.orig/src/mt.c 2014-07-29 11:02:31.631881572 +0200
+++ cpio-2.11/src/mt.c 2014-07-29 11:02:31.665881951 +0200
@@ -428,7 +428,7 @@ parse_opt (int key, char *arg, struct ar
--- cpio-2.13.orig/src/mt.c
+++ cpio-2.13/src/mt.c
@@ -208,7 +208,7 @@ parse_opt (int key, char *arg, struct ar
{
char *p;
long val = strtol (arg, &p, 0);

View File

@ -30,7 +30,7 @@ Index: src/mt.c
===================================================================
--- src/mt.c.orig
+++ src/mt.c
@@ -333,11 +333,11 @@
@@ -333,11 +333,11 @@ main (int argc, char **argv)
#ifdef MTERASE
case MTERASE:
#endif
@ -48,7 +48,7 @@ Index: src/util.c
===================================================================
--- src/util.c.orig
+++ src/util.c
@@ -814,14 +814,14 @@
@@ -801,14 +801,14 @@ open_archive (char *file)
copy_in = process_copy_in;
if (copy_function == copy_in)

View File

@ -1,8 +1,8 @@
Index: cpio-2.12/src/copyin.c
Index: cpio-2.13/src/copyin.c
===================================================================
--- cpio-2.12.orig/src/copyin.c
+++ cpio-2.12/src/copyin.c
@@ -871,6 +871,8 @@ read_pattern_file ()
--- cpio-2.13.orig/src/copyin.c
+++ cpio-2.13/src/copyin.c
@@ -798,6 +798,8 @@ read_pattern_file ()
pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL)
open_fatal (pattern_file_name);
@ -11,7 +11,7 @@ Index: cpio-2.12/src/copyin.c
while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
{
if (new_num_patterns >= max_new_patterns)
@@ -885,6 +887,7 @@ read_pattern_file ()
@@ -812,6 +814,7 @@ read_pattern_file ()
}
if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
close_error (pattern_file_name);

View File

@ -0,0 +1,91 @@
revert fix for CVE-2015-1197 as it causes shutdown issues
revert suggested as a workaround by upstream:
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
--- b/src/copyin.c
+++ a/src/copyin.c
@@ -645,14 +645,13 @@
link_name = xstrdup (file_hdr->c_tar_linkname);
}
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ file_hdr->c_mode);
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
}
if (res < 0)
{
--- b/tests/CVE-2015-1197.at
+++ /dev/null
@@ -1,43 +0,0 @@
-# Process this file with autom4te to create testsuite. -*- Autotest -*-
-# Copyright (C) 2009-2019 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
-AT_CHECK([
-tempdir=$(pwd)/tmp
-mkdir $tempdir
-touch $tempdir/file
-ln -s $tempdir dir
-AT_DATA([filelist],
-[dir
-dir/file
-])
-ln -s /tmp dir
-touch /tmp/file
-cpio -o < filelist > test.cpio
-rm dir /tmp/file
-cpio --no-absolute-filenames -iv < test.cpio
-],
-[2],
-[],
-[1 block
-cpio: Removing leading `/' from hard link targets
-dir
-cpio: dir/file: Cannot open: No such file or directory
-dir/file
-1 block
-])
-AT_CLEANUP
-
--- b/tests/Makefile.am
+++ a/tests/Makefile.am
@@ -56,9 +56,8 @@
symlink-long.at\
symlink-to-stdout.at\
version.at\
big-block-size.at\
- CVE-2015-1197.at\
CVE-2019-14866.at
TESTSUITE = $(srcdir)/testsuite
--- b/tests/testsuite.at
+++ a/tests/testsuite.at
@@ -43,6 +43,5 @@
m4_include([setstat04.at])
m4_include([setstat05.at])
m4_include([big-block-size.at])
-m4_include([CVE-2015-1197.at])
m4_include([CVE-2019-14866.at])

View File

@ -2,7 +2,7 @@ Index: doc/cpio.info
===================================================================
--- doc/cpio.info.orig
+++ doc/cpio.info
@@ -216,7 +216,8 @@ option, e.g.:
@@ -226,7 +226,8 @@ option, e.g.:
'-B'
Set the I/O block size to 5120 bytes.
'-c'
@ -12,7 +12,7 @@ Index: doc/cpio.info
'-C NUMBER'
'--io-size=NUMBER'
Set the I/O block size to the given NUMBER of bytes.
@@ -296,7 +297,8 @@ option.
@@ -307,7 +308,8 @@ option.
'-B'
Set the I/O block size to 5120 bytes.
'-c'
@ -22,7 +22,7 @@ Index: doc/cpio.info
'-C NUMBER'
'--io-size=NUMBER'
Set the I/O block size to the given NUMBER of bytes.
@@ -406,7 +408,8 @@ option.
@@ -417,7 +419,8 @@ option.
'-B'
Set the I/O block size to 5120 bytes.
'-c'
@ -32,7 +32,7 @@ Index: doc/cpio.info
'-C NUMBER'
'--io-size=NUMBER'
Set the I/O block size to the given NUMBER of bytes.
@@ -554,7 +557,8 @@ option is valid.
@@ -565,7 +568,8 @@ option is valid.
'-c'
[*note copy-in::,*note copy-out::,*note copy-pass::]
@ -46,7 +46,7 @@ Index: src/main.c
===================================================================
--- src/main.c.orig
+++ src/main.c
@@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct ar
@@ -328,6 +328,7 @@ parse_opt (int key, char *arg, struct ar
case 'c': /* Use the old portable ASCII format. */
if (archive_format != arf_unknown)
USAGE_ERROR ((0, 0, _("Archive format multiply defined")));

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Fri Sep 11 11:45:35 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- add cpio-revert-CVE-2015-1197-fix.patch as recommended by upstream
to fix https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
-------------------------------------------------------------------
Sat Aug 15 16:18:46 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2.13:
* CVE-2015-1197, CVE-2016-2037, CVE-2019-14866
- remove patches (upstream):
cpio-2.12-out_of_bounds_write.patch, cpio-2.12-CVE-2019-14866.patch,
cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch,
cpio-check_for_symlinks.patch
-------------------------------------------------------------------
Sun Mar 29 20:54:38 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>

View File

@ -1,3 +1,4 @@
GPG keys of Sergey Poznyakoff <gray>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (GNU/Linux)

View File

@ -17,7 +17,7 @@
Name: cpio
Version: 2.12
Version: 2.13
Release: 0
Summary: A Backup and Archiving Utility
License: GPL-3.0-only
@ -40,15 +40,13 @@ Patch18: cpio-default_tape_dev.patch
Patch20: cpio-close_files_after_copy.patch
Patch21: cpio-pattern-file-sigsegv.patch
Patch23: paxutils-rtapelib_mtget.patch
Patch24: cpio-check_for_symlinks.patch
# see https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
Patch24: cpio-revert-CVE-2015-1197-fix.patch
Patch25: cpio-fix_truncation_check.patch
Patch26: cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch
Patch27: cpio-2.12-out_of_bounds_write.patch
Patch28: cpio-2.12-CVE-2019-14866.patch
BuildRequires: autoconf
BuildRequires: automake
Requires(post): %{install_info_prereq}
Requires(preun): %{install_info_prereq}
#Requires(post): %{xinstall_info_prereq}
#Requires(preun): %{xinstall_info_prereq}
Recommends: %{name}-mt = %{version}
Recommends: rmt
@ -81,13 +79,11 @@ This package includes the 'mt', a local tape drive control program.
%patch17
%patch18
%patch20
###
%patch21 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%build
gettextize -f --no-changelog

View File

@ -1,8 +1,8 @@
Index: cpio-2.11/lib/rtapelib.c
Index: cpio-2.13/lib/rtapelib.c
===================================================================
--- cpio-2.11.orig/lib/rtapelib.c 2013-07-23 13:18:27.119431054 +0200
+++ cpio-2.11/lib/rtapelib.c 2013-07-23 13:19:35.728188104 +0200
@@ -710,7 +710,7 @@ rmt_ioctl__ (int handle, int operation,
--- cpio-2.13.orig/lib/rtapelib.c
+++ cpio-2.13/lib/rtapelib.c
@@ -711,7 +711,7 @@ rmt_ioctl__ (int handle, int operation,
|| (status = get_status (handle), status == -1))
return -1;