subject:"\[arch\-commits\] Commit in cpio\/trunk \(4 files\)"

[arch-commits] Commit in cpio/trunk (4 files)

2019-11-09 Thread Antonio Rojas via arch-commits

Date: Saturday, November 9, 2019 @ 15:48:08
  Author: arojas
Revision: 367284

Drop old patches

Deleted:
  cpio/trunk/cpio-2.11-CVE-2014-9112.patch
  cpio/trunk/cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
  cpio/trunk/cpio-2.11-stdio.in.patch
  cpio/trunk/cpio-2.11-testsuite-CVE-2014-9112.patch

--+
 cpio-2.11-CVE-2014-9112.patch|  212 -
 cpio-2.11-check_for_symlinks-CVE-2015-1197.patch |  152 ---
 cpio-2.11-stdio.in.patch |   13 -
 cpio-2.11-testsuite-CVE-2014-9112.patch  |   30 --
 4 files changed, 407 deletions(-)

Deleted: cpio-2.11-CVE-2014-9112.patch
===
--- cpio-2.11-CVE-2014-9112.patch   2019-11-09 15:47:53 UTC (rev 367283)
+++ cpio-2.11-CVE-2014-9112.patch   2019-11-09 15:48:08 UTC (rev 367284)
@@ -1,212 +0,0 @@
-diff --git a/src/copyin.c b/src/copyin.c
-index d505407..db8ee66 100644
 a/src/copyin.c
-+++ b/src/copyin.c
-@@ -124,10 +124,30 @@ tape_skip_padding (int in_file_des, off_t offset)
-   if (pad != 0)
- tape_toss_input (in_file_des, pad);
- }
--
-+
-+static char *
-+get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
-+{
-+  char *link_name;
-+  
-+  if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1)
-+{
-+  error (0, 0, _("%s: stored filename length is out of range"),
-+   file_hdr->c_name);
-+  link_name = NULL;
-+}
-+  else
-+{
-+  link_name = xmalloc (file_hdr->c_filesize + 1);
-+  tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
-+  link_name[file_hdr->c_filesize] = '\0';
-+  tape_skip_padding (in_file_des, file_hdr->c_filesize);
-+}
-+  return link_name;
-+}
- 
- static void
--list_file(struct cpio_file_stat* file_hdr, int in_file_des)
-+list_file (struct cpio_file_stat* file_hdr, int in_file_des)
- {
-   if (verbose_flag)
- {
-@@ -136,21 +156,16 @@ list_file(struct cpio_file_stat* file_hdr, int 
in_file_des)
-   {
- if (archive_format != arf_tar && archive_format != arf_ustar)
-   {
--char *link_name = NULL;   /* Name of hard and symbolic links.  */
--
--link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize 
+ 1);
--link_name[file_hdr->c_filesize] = '\0';
--tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
--long_format (file_hdr, link_name);
--free (link_name);
--tape_skip_padding (in_file_des, file_hdr->c_filesize);
--return;
-+char *link_name = get_link_name (file_hdr, in_file_des);
-+if (link_name)
-+  {
-+long_format (file_hdr, link_name);
-+free (link_name);
-+  }
-   }
- else
--  {
--long_format (file_hdr, file_hdr->c_tar_linkname);
--return;
--  }
-+  long_format (file_hdr, file_hdr->c_tar_linkname);
-+return;
-   }
-   else
- #endif
-@@ -650,10 +665,7 @@ copyin_link(struct cpio_file_stat *file_hdr, int 
in_file_des)
- 
-   if (archive_format != arf_tar && archive_format != arf_ustar)
- {
--  link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
--  link_name[file_hdr->c_filesize] = '\0';
--  tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
--  tape_skip_padding (in_file_des, file_hdr->c_filesize);
-+  link_name = get_link_name (file_hdr, in_file_des);
- }
-   else
- {
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index b3e8e60..cf186da 100644
 a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -52,6 +52,8 @@ TESTSUITE_AT = \
-  setstat04.at\
-  setstat05.at\
-  symlink.at\
-+ symlink-bad-length.at\
-+ symlink-long.at\
-  version.at
- 
- TESTSUITE = $(srcdir)/testsuite
-diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-new file mode 100644
-index 000..cbf4aa7
 /dev/null
-+++ b/tests/symlink-bad-length.at
-@@ -0,0 +1,49 @@
-+# Process this file with autom4te to create testsuite.  -*- Autotest -*-
-+# Copyright (C) 2014 Free Software Foundation, Inc.
-+
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 3, or (at your option)
-+# any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-+# 02110-1301 USA.

[arch-commits] Commit in cpio/trunk (4 files)

2014-12-16 Thread Tobias Powalowski

Date: Tuesday, December 16, 2014 @ 16:53:24
  Author: tpowa
Revision: 227654

upgpkg: cpio 2.11-5

fix CVE-2014-9112

Added:
  cpio/trunk/cpio-2.11-CVE-2014-9112.patch
  cpio/trunk/cpio-2.11-testsuite-CVE-2014-9112.patch
Modified:
  cpio/trunk/PKGBUILD
Deleted:
  cpio/trunk/cpio-gcc43.patch

-+
 PKGBUILD|   20 ++
 cpio-2.11-CVE-2014-9112.patch   |  212 ++
 cpio-2.11-testsuite-CVE-2014-9112.patch |   30 
 cpio-gcc43.patch|  139 ---
 4 files changed, 258 insertions(+), 143 deletions(-)

Modified: PKGBUILD
===
--- PKGBUILD2014-12-16 15:46:06 UTC (rev 227653)
+++ PKGBUILD2014-12-16 15:53:24 UTC (rev 227654)
@@ -2,7 +2,7 @@
 # Maintainer: judd jvi...@zeroflux.org
 pkgname=cpio
 pkgver=2.11
-pkgrel=4
+pkgrel=5
 pkgdesc=A tool to copy files into or out of a cpio or tar archive
 arch=(i686 x86_64)
 license=('GPL')
@@ -9,12 +9,21 @@
 url=http://www.gnu.org/software/cpio;
 depends=('glibc')
 source=(ftp://ftp.gnu.org/gnu/cpio/cpio-${pkgver}.tar.gz
-cpio-2.11-stdio.in.patch)
+cpio-2.11-stdio.in.patch
+cpio-2.11-CVE-2014-9112.patch
+cpio-2.11-testsuite-CVE-2014-9112.patch)
 install=cpio.install
+md5sums=('1112bb6c45863468b5496ba128792f6c'
+ 'd7e58f2a1ec286febd09ea75042cf96e'
+ '2541e37b85cb7baffc3a3f687453737c'
+ '348870bebae57146eafeb189adbd43a4')
 
 prepare() {
   cd ${srcdir}/${pkgname}-${pkgver}
   patch -Np1 -i ${srcdir}/cpio-2.11-stdio.in.patch
+  # from fedora git
+  patch -Np1 -i ${srcdir}/cpio-2.11-CVE-2014-9112.patch
+  patch -Np1 -i ${srcdir}/cpio-2.11-testsuite-CVE-2014-9112.patch
 }
 
 build() {
@@ -23,6 +32,11 @@
   make
 }
 
+check() {
+  cd ${srcdir}/${pkgname}-${pkgver}
+  make check
+}
+
 package() {
   cd ${srcdir}/${pkgname}-${pkgver}
   make DESTDIR=${pkgdir} install
@@ -33,5 +47,3 @@
   # remove infodir
   rm $pkgdir/usr/share/info/dir
 }
-md5sums=('1112bb6c45863468b5496ba128792f6c'
- 'd7e58f2a1ec286febd09ea75042cf96e')

Added: cpio-2.11-CVE-2014-9112.patch
===
--- cpio-2.11-CVE-2014-9112.patch   (rev 0)
+++ cpio-2.11-CVE-2014-9112.patch   2014-12-16 15:53:24 UTC (rev 227654)
@@ -0,0 +1,212 @@
+diff --git a/src/copyin.c b/src/copyin.c
+index d505407..db8ee66 100644
+--- a/src/copyin.c
 b/src/copyin.c
+@@ -124,10 +124,30 @@ tape_skip_padding (int in_file_des, off_t offset)
+   if (pad != 0)
+ tape_toss_input (in_file_des, pad);
+ }
+-
++
++static char *
++get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
++{
++  char *link_name;
++  
++  if (file_hdr-c_filesize  0 || file_hdr-c_filesize  SIZE_MAX-1)
++{
++  error (0, 0, _(%s: stored filename length is out of range),
++   file_hdr-c_name);
++  link_name = NULL;
++}
++  else
++{
++  link_name = xmalloc (file_hdr-c_filesize + 1);
++  tape_buffered_read (link_name, in_file_des, file_hdr-c_filesize);
++  link_name[file_hdr-c_filesize] = '\0';
++  tape_skip_padding (in_file_des, file_hdr-c_filesize);
++}
++  return link_name;
++}
+ 
+ static void
+-list_file(struct cpio_file_stat* file_hdr, int in_file_des)
++list_file (struct cpio_file_stat* file_hdr, int in_file_des)
+ {
+   if (verbose_flag)
+ {
+@@ -136,21 +156,16 @@ list_file(struct cpio_file_stat* file_hdr, int 
in_file_des)
+   {
+ if (archive_format != arf_tar  archive_format != arf_ustar)
+   {
+-char *link_name = NULL;   /* Name of hard and symbolic links.  */
+-
+-link_name = (char *) xmalloc ((unsigned int) file_hdr-c_filesize 
+ 1);
+-link_name[file_hdr-c_filesize] = '\0';
+-tape_buffered_read (link_name, in_file_des, file_hdr-c_filesize);
+-long_format (file_hdr, link_name);
+-free (link_name);
+-tape_skip_padding (in_file_des, file_hdr-c_filesize);
+-return;
++char *link_name = get_link_name (file_hdr, in_file_des);
++if (link_name)
++  {
++long_format (file_hdr, link_name);
++free (link_name);
++  }
+   }
+ else
+-  {
+-long_format (file_hdr, file_hdr-c_tar_linkname);
+-return;
+-  }
++  long_format (file_hdr, file_hdr-c_tar_linkname);
++return;
+   }
+   else
+ #endif
+@@ -650,10 +665,7 @@ copyin_link(struct cpio_file_stat *file_hdr, int 
in_file_des)
+ 
+   if (archive_format != arf_tar  archive_format != arf_ustar)
+ {
+-  link_name = (char *) xmalloc ((unsigned int) file_hdr-c_filesize + 1);
+-  link_name[file_hdr-c_filesize] = '\0';
+-  tape_buffered_read (link_name, in_file_des, file_hdr-c_filesize);
+-  tape_skip_padding

[arch-commits] Commit in cpio/trunk (4 files)

[arch-commits] Commit in cpio/trunk (4 files)

2 matches

Site Navigation

Mail list logo

Footer information