!46 revert CVE-2015-1197 fix for --no-absolute-filenames

From: @zhangruifang2020 Reviewed-by: @ziyangc Signed-off-by: @ziyangc
2023-07-26 02:49:52 +00:00 · 2023-07-26 02:49:52 +00:00 · 8c04206b57
commit 8c04206b57
parent 51ece0d351 843e09686f
2 changed files with 35 additions and 5 deletions
--- a/cpio.spec
+++ b/cpio.spec
@ -1,6 +1,6 @@
 Name:           cpio
 Version:        2.14
-Release:        1
+Release:        2
 Summary:        A GNU archiving program

 License:        GPLv3+
@ -14,8 +14,8 @@ Patch3:         cpio-2.9.90-defaultremoteshell.patch
 Patch4:         cpio-2.10-patternnamesigsegv.patch
 Patch5:         cpio-2.10-longnames-split.patch
 Patch6:         cpio-2.11-crc-fips-nit.patch
-Patch7:         revert-CVE-2015-1197.patch
-Patch8:         revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch
+Patch7:         revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch
+Patch8:         revert-CVE-2015-1197.patch

 Patch9000:      add-option-to-add-metadata-in-copy-out-mode.patch
 Patch9001:      Fix-use-after-free-and-return-appropriate-error.patch
@ -61,6 +61,12 @@ make check
 %{_datadir}/man/man1/%{name}.1.gz

 %changelog
+* Wed Jul 26 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:revert CVE-2015-1197 fix for --no-absolute-filenames
+
 * Mon Jul 17 2023 zhangruifang <zhangruifang1@h-partners.com> - 2.14-1
 - Type:enhancement
 - ID:NA
--- a/revert-CVE-2015-1197.patch
+++ b/revert-CVE-2015-1197.patch
@ -3,15 +3,39 @@ From: Liquor <lirui130@huawei.com>
 Date: Thu, 26 Nov 2020 19:13:13 +0800
 Subject: [PATCH] revert "CVE-2015-1197"

-reason:https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
+reason:
+https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
+https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00013.html

 ---
+ src/copyin.c           |  5 ++---
 tests/CVE-2015-1197.at | 40 ----------------------------------------
 tests/Makefile.am      |  1 -
 tests/testsuite.at     |  1 -
- 3 files changed, 42 deletions(-)
+ 4 files changed, 2 insertions(+), 45 deletions(-)
 delete mode 100644 tests/CVE-2015-1197.at

+diff --git a/src/copyin.c b/src/copyin.c
+index 2316feb..3960769 100644
+--- a/src/copyin.c
+++ b/src/copyin.c
+@@ -646,14 +646,13 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
+       link_name = xstrdup (file_hdr->c_tar_linkname);
+     }
+ 
+-  cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
+-  
+   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ 			 file_hdr->c_mode);
+   if (res < 0 && create_dir_flag)
+     {
+       create_all_directories (file_hdr->c_name);
+-      res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
+      res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+			     file_hdr->c_mode);
+     }
+   if (res < 0)
+     {
 diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at
 deleted file mode 100644
 index 74591b1..0000000