packages/cpio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!46 revert CVE-2015-1197 fix for --no-absolute-filenames

Browse Source 
From: @zhangruifang2020 
Reviewed-by: @ziyangc 
Signed-off-by: @ziyangc
This commit is contained in:
openeuler-ci-bot 2023-07-26 02:49:52 +00:00 committed by Gitee
commit 8c04206b57
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cpio.spec
View File

@ -1,6 +1,6 @@
Name: cpio Name: cpio
Version: 2.14 Version: 2.14
Release: 1 Release: 2
Summary: A GNU archiving program Summary: A GNU archiving program
License: GPLv3+ License: GPLv3+
@ -14,8 +14,8 @@ Patch3: cpio-2.9.90-defaultremoteshell.patch
Patch4: cpio-2.10-patternnamesigsegv.patch Patch4: cpio-2.10-patternnamesigsegv.patch
Patch5: cpio-2.10-longnames-split.patch Patch5: cpio-2.10-longnames-split.patch
Patch6: cpio-2.11-crc-fips-nit.patch Patch6: cpio-2.11-crc-fips-nit.patch
Patch7: revert-CVE-2015-1197.patch Patch7: revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch
Patch8: revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch Patch8: revert-CVE-2015-1197.patch
Patch9000: add-option-to-add-metadata-in-copy-out-mode.patch Patch9000: add-option-to-add-metadata-in-copy-out-mode.patch
Patch9001: Fix-use-after-free-and-return-appropriate-error.patch Patch9001: Fix-use-after-free-and-return-appropriate-error.patch
@ -61,6 +61,12 @@ make check
%{_datadir}/man/man1/%{name}.1.gz %{_datadir}/man/man1/%{name}.1.gz
%changelog %changelog
* Wed Jul 26 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:revert CVE-2015-1197 fix for --no-absolute-filenames
* Mon Jul 17 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-1 * Mon Jul 17 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-1
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA

28
revert-CVE-2015-1197.patch
View File

@ -3,15 +3,39 @@ From: Liquor <lirui130@huawei.com>
Date: Thu, 26 Nov 2020 19:13:13 +0800 Date: Thu, 26 Nov 2020 19:13:13 +0800
Subject: [PATCH] revert "CVE-2015-1197" Subject: [PATCH] revert "CVE-2015-1197"
reason:https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html reason:
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00013.html
--- ---
src/copyin.c | 5 ++---
tests/CVE-2015-1197.at | 40 ---------------------------------------- tests/CVE-2015-1197.at | 40 ----------------------------------------
tests/Makefile.am | 1 - tests/Makefile.am | 1 -
tests/testsuite.at | 1 - tests/testsuite.at | 1 -
3 files changed, 42 deletions(-) 4 files changed, 2 insertions(+), 45 deletions(-)
delete mode 100644 tests/CVE-2015-1197.at delete mode 100644 tests/CVE-2015-1197.at
diff --git a/src/copyin.c b/src/copyin.c
index 2316feb..3960769 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -646,14 +646,13 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
link_name = xstrdup (file_hdr->c_tar_linkname);
}
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ file_hdr->c_mode);
}
if (res < 0)
{
diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at
deleted file mode 100644 deleted file mode 100644
index 74591b1..0000000 index 74591b1..0000000