CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2015/03/31 11:19:37
Modified files:
archivers/gcpio: Tag: OPENBSD_5_7 Makefile
archivers/gcpio/patches: Tag: OPENBSD_5_7 patch-doc_cpio_1
Added files:
archivers/gcpio/patches: Tag: OPENBSD_5_7 patch-src_copyin_c
patch-src_extern_h patch-src_global_c
patch-src_main_c patch-src_util_c
patch-tests_setstat01_at
patch-tests_setstat02_at
Removed files:
archivers/gcpio/patches: Tag: OPENBSD_5_7 patch-src_makepath_c
Log message:
CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff, via Debian.
CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker, via Debian.
Also apply an upstream fix for some regression tests while here.
