rpms/cpio
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import cpio-2.12-11.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-03-29 15:14:18 -04:00 committed by Stepan Oksanichenko
parent 0f85ca0347
commit 0534857a0b
3 changed files with 1284 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SOURCES/cpio-2.12-improper-input-validation.patch
View File

@ -65,7 +65,7 @@ index e2b5f45..53dc99a 100644
while (digits > 0 && value != 0);
+ if (value > 0)
+ {
+ error (0, 0, _("%s: field width not sufficient for storing %s"),
+ error (1, 0, _("%s: field width not sufficient for storing %s"),
+ filename, fieldname);
+ return 1;
+ }

1266
SOURCES/cpio-2.13-CVE-2021-38185.patch Normal file
View File

File diff suppressed because it is too large Load Diff

18
SPECS/cpio.spec
View File

@ -1,7 +1,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.12
Release: 10%{?dist}
Release: 11%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/cpio/
Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
@ -46,6 +46,18 @@ Patch9: cpio-2.11-retain-symlink-times.patch
# https://cement.retrofitta.se/tmp/cpio-tar.patch
Patch10: cpio-2.12-improper-input-validation.patch
# Fixed integer overflow in ds_fgetstr()
# upstream patch (#1992511)
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=4d169305dcb34137dc41acc761d8703eae2c63bf
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=86dacfe3e060ce95d5a2c0c5ec01f6437b0b6089
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7dd8ba91d8b6a2640e6c01c3e3a4234828646f23
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=684b7ac5767e676cda78c161aeb7fe7b45a07529
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=b1c85839bf1381f749dd45bf6a5a38924e3315a0
Patch11: cpio-2.13-CVE-2021-38185.patch
Provides: bundled(gnulib)
Provides: /bin/cpio
@ -72,6 +84,7 @@ Install cpio if you need a program to manage file archives.
%build
autoreconf -fi
export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -pedantic -fno-strict-aliasing -Wall $CFLAGS"
%configure --with-rmt="%{_sysconfdir}/rmt"
make %{?_smp_mflags}
@ -106,6 +119,9 @@ make check || {
%{_infodir}/*.info*
%changelog
* Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.12-11
- Fixed CVE-2021-38185 (#1992511)
* Thu Jan 21 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.12-10
- Fixed improper input validation when writing tar header fields (#1766223)