testsuite: fix the CVE-2014-9112 test case

The fix for CVE was done so that different architectures or memory limits give different cpio output; but all possible error ouputs are OK and expected. Firstly, the testsuite fail was observed on ppc64 architecture, thanks dhorak for quick ping. Related: #1167573 Version: 2.11-32
2014-12-03 10:16:50 +01:00 · 2014-12-03 10:16:50 +01:00 · 5f6efa04bf
commit 5f6efa04bf
parent c31ab0b56e
2 changed files with 19 additions and 6 deletions
--- a/cpio-2.11-testsuite-CVE-2014-9112.patch
+++ b/cpio-2.11-testsuite-CVE-2014-9112.patch
@ -1,8 +1,8 @@
 diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-index cbf4aa7..080163a 100644
+index cbf4aa7..f8f60e3 100644
 --- a/tests/symlink-bad-length.at
 +++ b/tests/symlink-bad-length.at
-@@ -37,13 +37,14 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+@@ -37,13 +37,19 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
 
 AT_CHECK([
 base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
@ -10,7 +10,12 @@ index cbf4aa7..080163a 100644
 -test $? -eq 2
 +TZ=UTC cpio -ntv < ARCHIVE 2>stderr
 +rc=$?
-+cat stderr | grep -v 'stored filename length is out of range' >&2
+cat stderr | grep -v \
+    -e 'stored filename length is out of range' \
+    -e 'premature end of file' \
+    -e 'memory exhausted' \
+    >&2
+echo >&2 STDERR
 +test "$rc" -ne 0
 ],
 [0],
@ -18,7 +23,7 @@ index cbf4aa7..080163a 100644
 -],[cpio: LINK: stored filename length is out of range
 -cpio: premature end of file
 +[-rw-rw-r--   1 10029    10031          13 Nov 25 11:52 FILE
-+],[cpio: premature end of file
+],[STDERR
 ])
 
 AT_CLEANUP
--- a/cpio.spec
+++ b/cpio.spec
@ -1,7 +1,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.11
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv3+
 Group: Applications/Archiving
 URL: http://www.gnu.org/software/cpio/
@ -115,7 +115,11 @@ rm -rf ${RPM_BUILD_ROOT}

 %check
 rm -f ${RPM_BUILD_ROOT}/test/testsuite
-make check
+make check || {
+    echo "### TESTSUITE.LOG ###"
+    cat tests/testsuite.log
+    exit 1
+}


 %post
@ -139,6 +143,10 @@ fi
 %{_infodir}/*.info*

 %changelog
+* Wed Dec 03 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-32
+- adjust the testsuite fix for CVE-2014-9112 (#1167573)
+- put the testsuite.log to standard output if make check fails
+
 * Tue Dec 02 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-31
 - fix for CVE-2014-9112 (#1167573)