rpms/cpio
6
0
Fork 0
Code Issues Pull Requests Releases Activity

new upstream release

Browse Source 
Resolves: rhbz#1769233, CVE-2015-1197, CVE-2019-14866, CVE-2016-2037
Version: 2.13-1
This commit is contained in:
Pavel Raiskup 2019-11-06 10:40:50 +01:00
parent 25b930a3f4
commit 63079c3465
6 changed files with 52 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
/cpio-2.12.tar.bz2 /cpio-*.tar.bz2

6
cpio-2.9-dev_number.patch → cpio-2.13-dev_number.patch
View File

@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:37:15 +0200
Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109) Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109)
diff --git a/src/copyin.c b/src/copyin.c diff --git a/src/copyin.c b/src/copyin.c
index cde911e..12bd27c 100644 index b29f348..1142d6a 100644
--- a/src/copyin.c --- a/src/copyin.c
+++ b/src/copyin.c +++ b/src/copyin.c
@@ -1196,15 +1196,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, @@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *file_hdr,
swab_array ((char *) short_hdr, 13); swab_array ((char *) short_hdr, 13);
} }
@ -25,4 +25,4 @@ index cde911e..12bd27c 100644
+ file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); + file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);
file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
| short_hdr->c_mtimes[1]; | short_hdr->c_mtimes[1];
file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16

39
cpio-2.13-exitCode.patch Normal file
View File

@ -0,0 +1,39 @@
Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
(#183224)
diff --git a/src/copyout.c b/src/copyout.c
index 8b0beb6..4b7336b 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -290,7 +290,7 @@ field_width_error (const char *filename, const char *fieldname,
{
char valbuf[UINTMAX_STRSIZE_BOUND + 1];
char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
- error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
+ error (1, 0, _("%s: value %s %s out of allowed range 0..%s"),
filename, fieldname,
STRINGIFY_BIGINT (value, valbuf),
STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at
index e877b39..50ad60b 100644
--- a/tests/CVE-2019-14866.at
+++ b/tests/CVE-2019-14866.at
@@ -30,6 +30,5 @@ fi
[0],
[],
[cpio: file: value size 17179869184 out of allowed range 0..8589934591
-2 blocks
])
AT_CLEANUP
diff --git a/tests/testsuite b/tests/testsuite
index b45c731..fd8454d 100755
--- a/tests/testsuite
+++ b/tests/testsuite
@@ -2885,7 +2885,6 @@ fi
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; $as_echo "cpio: file: value size 17179869184 out of allowed range 0..8589934591
-2 blocks
" | \
$at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:

18
cpio-2.9-exitCode.patch
View File

@ -1,18 +0,0 @@
From: Peter Vrabec <pvrabec@redhat.com>
Date: Mon, 14 Sep 2015 09:31:08 +0200
Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
(#183224)
diff --git a/src/copyout.c b/src/copyout.c
index 1f0987a..dcae449 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -287,7 +287,7 @@ to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
static void
field_width_error (const char *filename, const char *fieldname)
{
- error (0, 0, _("%s: field width not sufficient for storing %s"),
+ error (1, 0, _("%s: field width not sufficient for storing %s"),
filename, fieldname);
}

12
cpio.spec
View File

@ -1,7 +1,7 @@
Summary: A GNU archiving program Summary: A GNU archiving program
Name: cpio Name: cpio
Version: 2.12 Version: 2.13
Release: 12%{?dist} Release: 1%{?dist}
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/cpio/ URL: http://www.gnu.org/software/cpio/
Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
@ -15,11 +15,11 @@ Patch1: cpio-2.9-rh.patch
# fix warn_if_file_changed() and set exit code to 1 when cpio fails to store # fix warn_if_file_changed() and set exit code to 1 when cpio fails to store
# file > 4GB (#183224) # file > 4GB (#183224)
# http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html # http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html
Patch2: cpio-2.9-exitCode.patch Patch2: cpio-2.13-exitCode.patch
# Support major/minor device numbers over 127 (bz#450109) # Support major/minor device numbers over 127 (bz#450109)
# http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html # http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html
Patch3: cpio-2.9-dev_number.patch Patch3: cpio-2.13-dev_number.patch
# Define default remote shell as /usr/bin/ssh (#452904) # Define default remote shell as /usr/bin/ssh (#452904)
Patch4: cpio-2.9.90-defaultremoteshell.patch Patch4: cpio-2.9.90-defaultremoteshell.patch
@ -97,6 +97,10 @@ make check || {
%{_infodir}/*.info* %{_infodir}/*.info*
%changelog %changelog
* Wed Nov 06 2019 Pavel Raiskup <praiskup@redhat.com> - 2.13-1
- new upstream release, per release notes
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-12 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
93eea9f07c0058c097891c73e4955456 cpio-2.12.tar.bz2 SHA512 (cpio-2.13.tar.bz2) = 459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3