revert CVE-2015-1197 fix for --no-absolute-filenames
This commit is contained in:
zhangruifang2020
parent
51ece0d351
commit
843e09686f
12
cpio.spec
12
cpio.spec
@ -1,6 +1,6 @@
|
||||
Name: cpio
|
||||
Version: 2.14
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: A GNU archiving program
|
||||
|
||||
License: GPLv3+
|
||||
@ -14,8 +14,8 @@ Patch3: cpio-2.9.90-defaultremoteshell.patch
|
||||
Patch4: cpio-2.10-patternnamesigsegv.patch
|
||||
Patch5: cpio-2.10-longnames-split.patch
|
||||
Patch6: cpio-2.11-crc-fips-nit.patch
|
||||
Patch7: revert-CVE-2015-1197.patch
|
||||
Patch8: revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch
|
||||
Patch7: revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch
|
||||
Patch8: revert-CVE-2015-1197.patch
|
||||
|
||||
Patch9000: add-option-to-add-metadata-in-copy-out-mode.patch
|
||||
Patch9001: Fix-use-after-free-and-return-appropriate-error.patch
|
||||
@ -61,6 +61,12 @@ make check
|
||||
%{_datadir}/man/man1/%{name}.1.gz
|
||||
|
||||
%changelog
|
||||
* Wed Jul 26 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-2
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:revert CVE-2015-1197 fix for --no-absolute-filenames
|
||||
|
||||
* Mon Jul 17 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-1
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
@ -3,15 +3,39 @@ From: Liquor <lirui130@huawei.com>
|
||||
Date: Thu, 26 Nov 2020 19:13:13 +0800
|
||||
Subject: [PATCH] revert "CVE-2015-1197"
|
||||
|
||||
reason:https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
|
||||
reason:
|
||||
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
|
||||
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00013.html
|
||||
|
||||
---
|
||||
src/copyin.c | 5 ++---
|
||||
tests/CVE-2015-1197.at | 40 ----------------------------------------
|
||||
tests/Makefile.am | 1 -
|
||||
tests/testsuite.at | 1 -
|
||||
3 files changed, 42 deletions(-)
|
||||
4 files changed, 2 insertions(+), 45 deletions(-)
|
||||
delete mode 100644 tests/CVE-2015-1197.at
|
||||
|
||||
diff --git a/src/copyin.c b/src/copyin.c
|
||||
index 2316feb..3960769 100644
|
||||
--- a/src/copyin.c
|
||||
+++ b/src/copyin.c
|
||||
@@ -646,14 +646,13 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
|
||||
link_name = xstrdup (file_hdr->c_tar_linkname);
|
||||
}
|
||||
|
||||
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
|
||||
-
|
||||
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
|
||||
file_hdr->c_mode);
|
||||
if (res < 0 && create_dir_flag)
|
||||
{
|
||||
create_all_directories (file_hdr->c_name);
|
||||
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
|
||||
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
|
||||
+ file_hdr->c_mode);
|
||||
}
|
||||
if (res < 0)
|
||||
{
|
||||
diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at
|
||||
deleted file mode 100644
|
||||
index 74591b1..0000000
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user