diff options
author | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:13:20 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:48:13 -0500 |
commit | c7bdc7ece5650be75314dc302f3cdcf02806857b (patch) | |
tree | a9e7d038daf6e113e79d50255c0143c3719a4cbb | |
parent | 1c69e4ce3f33242ee8d209b8078fc78a73355446 (diff) | |
download | guix-c7bdc7ece5650be75314dc302f3cdcf02806857b.tar.gz |
gnu: cpio: Add fixes for CVE-2014-9112.
* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/cpio.scm (cpio): Add patches. Add 'autoconf' to native-inputs.
-rw-r--r-- | gnu-system.am | 5 | ||||
-rw-r--r-- | gnu/packages/cpio.scm | 15 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch | 231 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch | 51 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch | 23 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch | 105 | ||||
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch | 88 |
7 files changed, 517 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am index fea7447964..a91915051a 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -339,6 +339,11 @@ dist_patch_DATA = \ gnu/packages/patches/clucene-pkgconfig.patch \ gnu/packages/patches/cmake-fix-tests.patch \ gnu/packages/patches/coreutils-dummy-man.patch \ + gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch \ + gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch \ + gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch \ + gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch \ + gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch \ gnu/packages/patches/cpio-gets-undeclared.patch \ gnu/packages/patches/cssc-gets-undeclared.patch \ gnu/packages/patches/cssc-missing-include.patch \ diff --git a/gnu/packages/cpio.scm b/gnu/packages/cpio.scm index eff146ded5..87f85d00e8 100644 --- a/gnu/packages/cpio.scm +++ b/gnu/packages/cpio.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org> +;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,6 +20,7 @@ (define-module (gnu packages cpio) #:use-module (guix licenses) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu)) @@ -34,8 +36,19 @@ (sha256 (base32 "1gavgpzqwgkpagjxw72xgxz52y1ifgz0ckqh8g7cckz7jvyhp0mv")) - (patches (list (search-patch "cpio-gets-undeclared.patch"))))) + (patches (list (search-patch "cpio-CVE-2014-9112-pt1.patch") + (search-patch "cpio-CVE-2014-9112-pt2.patch") + (search-patch "cpio-CVE-2014-9112-pt3.patch") + (search-patch "cpio-CVE-2014-9112-pt4.patch") + (search-patch "cpio-CVE-2014-9112-pt5.patch") + (search-patch "cpio-gets-undeclared.patch"))))) (build-system gnu-build-system) + + ;; FIXME: autoconf is needed to run autom4te, to update to test suite + ;; after the CVE-2014-9112 patches. Remove this when cpio is + ;; updated to post-2.11. + (native-inputs `(("autoconf" ,autoconf))) + (home-page "https://www.gnu.org/software/cpio/") (synopsis "Manage cpio and tar file archives") (description diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch new file mode 100644 index 0000000000..1224c6c22d --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch @@ -0,0 +1,231 @@ +Partially fix CVE-2014-9112, part 1/5. Backported to 2.11. + +From 746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Mon, 01 Dec 2014 13:15:28 +0000 +Subject: Fix memory overrun on reading improperly created link records. + +See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html + +* src/copyin.c (get_link_name): New function. +(list_file, copyin_link): use get_link_name + +* tests/symlink-bad-length.at: New file. +* tests/symlink-long.at: New file. +* tests/Makefile.am: Add new files. +* tests/testsuite.at: Likewise. +--- +diff --git a/src/copyin.c b/src/copyin.c +index 38d809f..c502c7d 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -124,10 +124,30 @@ tape_skip_padding (int in_file_des, off_t offset) + if (pad != 0) + tape_toss_input (in_file_des, pad); + } +- ++ ++static char * ++get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) ++{ ++ off_t n = file_hdr->c_filesize + 1; ++ char *link_name; ++ ++ if (n == 0 || n > SIZE_MAX) ++ { ++ error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name); ++ link_name = NULL; ++ } ++ else ++ { ++ link_name = xmalloc (n); ++ tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); ++ link_name[file_hdr->c_filesize] = '\0'; ++ tape_skip_padding (in_file_des, file_hdr->c_filesize); ++ } ++ return link_name; ++} + + static void +-list_file(struct cpio_file_stat* file_hdr, int in_file_des) ++list_file (struct cpio_file_stat* file_hdr, int in_file_des) + { + if (verbose_flag) + { +@@ -136,21 +156,16 @@ list_file(struct cpio_file_stat* file_hdr, int in_file_des) + { + if (archive_format != arf_tar && archive_format != arf_ustar) + { +- char *link_name = NULL; /* Name of hard and symbolic links. */ +- +- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); +- link_name[file_hdr->c_filesize] = '\0'; +- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); +- long_format (file_hdr, link_name); +- free (link_name); +- tape_skip_padding (in_file_des, file_hdr->c_filesize); +- return; ++ char *link_name = get_link_name (file_hdr, in_file_des); ++ if (link_name) ++ { ++ long_format (file_hdr, link_name); ++ free (link_name); ++ } + } + else +- { +- long_format (file_hdr, file_hdr->c_tar_linkname); +- return; +- } ++ long_format (file_hdr, file_hdr->c_tar_linkname); ++ return; + } + else + #endif +@@ -650,10 +665,7 @@ copyin_link(struct cpio_file_stat *file_ + + if (archive_format != arf_tar && archive_format != arf_ustar) + { +- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); +- link_name[file_hdr->c_filesize] = '\0'; +- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); +- tape_skip_padding (in_file_des, file_hdr->c_filesize); ++ link_name = get_link_name (file_hdr, in_file_des); + } + else + { +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 3f714d1..b4ca92d 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -52,6 +52,8 @@ TESTSUITE_AT = \ + setstat04.at\ + setstat05.at\ + symlink.at\ ++ symlink-bad-length.at\ ++ symlink-long.at\ + version.at + + TESTSUITE = $(srcdir)/testsuite +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +new file mode 100644 +index 0000000..6f804b1 +--- a/dev/null ++++ b/tests/symlink-bad-length.at +@@ -0,0 +1,49 @@ ++# Process this file with autom4te to create testsuite. -*- Autotest -*- ++# Copyright (C) 2014 Free Software Foundation, Inc. ++ ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3, or (at your option) ++# any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++# 02110-1301 USA. ++ ++# Cpio v2.11 did segfault with badly set symlink length. ++# References: ++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html ++ ++AT_SETUP([symlink-bad-length]) ++AT_KEYWORDS([symlink-long copyout]) ++ ++AT_DATA([ARCHIVE.base64], ++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv ++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF ++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ++]) ++ ++AT_CHECK([ ++base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST ++cpio -ntv < ARCHIVE ++test $? -eq 2 ++], ++[0], ++[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE ++],[cpio: LINK: stored filename length too big ++cpio: premature end of file ++]) ++ ++AT_CLEANUP +diff --git a/tests/symlink-long.at b/tests/symlink-long.at +new file mode 100644 +index 0000000..d3def2d +--- a/dev/null ++++ b/tests/symlink-long.at +@@ -0,0 +1,46 @@ ++# Process this file with autom4te to create testsuite. -*- Autotest -*- ++# Copyright (C) 2014 Free Software Foundation, Inc. ++ ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3, or (at your option) ++# any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++# 02110-1301 USA. ++ ++# Cpio v2.11.90 changed the way symlink name is read from archive. ++# References: ++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html ++ ++AT_SETUP([symlink-long]) ++AT_KEYWORDS([symlink-long copyout]) ++ ++AT_CHECK([ ++ ++# len(dirname) > READBUFSIZE ++dirname= ++for i in {1..52}; do ++ dirname="xxxxxxxxx/$dirname" ++ mkdir "$dirname" ++done ++ln -s "$dirname" x || AT_SKIP_TEST ++ ++echo x | cpio -o > ar ++list=`cpio -tv < ar | sed 's|.*-> ||'` ++test "$list" = "$dirname" && echo success || echo fail ++], ++[0], ++[success ++],[2 blocks ++2 blocks ++]) ++ ++AT_CLEANUP +diff --git a/tests/testsuite.at b/tests/testsuite.at +index e67689f..3b5377e 100644 +--- a/tests/testsuite.at ++++ b/tests/testsuite.at +@@ -31,6 +31,8 @@ m4_include([version.at]) + + m4_include([inout.at]) + m4_include([symlink.at]) ++m4_include([symlink-bad-length.at]) ++m4_include([symlink-long.at]) + m4_include([interdir.at]) + + m4_include([setstat01.at]) +-- +cgit v0.9.0.2 diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch new file mode 100644 index 0000000000..77c531cb54 --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch @@ -0,0 +1,51 @@ +Partially fix CVE-2014-9112, part 2/5. + +From 54d1c42ac2cb91389fca04a5018ad573e4ae265a Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Mon, 01 Dec 2014 19:10:39 +0000 +Subject: Bugfix + +* src/copyin.c (get_link_name): Fix range checking. +* tests/symlink-bad-length.at: Change expected error message. +--- +diff --git a/src/copyin.c b/src/copyin.c +index c502c7d..042cc41 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -128,17 +128,17 @@ tape_skip_padding (int in_file_des, off_t offset) + static char * + get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) + { +- off_t n = file_hdr->c_filesize + 1; + char *link_name; + +- if (n == 0 || n > SIZE_MAX) ++ if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1) + { +- error (0, 0, _("%s: stored filename length too big"), file_hdr->c_name); ++ error (0, 0, _("%s: stored filename length is out of range"), ++ file_hdr->c_name); + link_name = NULL; + } + else + { +- link_name = xmalloc (n); ++ link_name = xmalloc (file_hdr->c_filesize); + tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); + link_name[file_hdr->c_filesize] = '\0'; + tape_skip_padding (in_file_des, file_hdr->c_filesize); +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index 6f804b1..cbf4aa7 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -42,7 +42,7 @@ test $? -eq 2 + ], + [0], + [-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE +-],[cpio: LINK: stored filename length too big ++],[cpio: LINK: stored filename length is out of range + cpio: premature end of file + ]) + +-- +cgit v0.9.0.2 diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch new file mode 100644 index 0000000000..644dc6f9ef --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch @@ -0,0 +1,23 @@ +Partially fix CVE-2014-9112, part 3/5. + +From 58df4f1b44a1142bba500f980fd26806413b1728 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Tue, 02 Dec 2014 09:33:29 +0000 +Subject: Fix typo + +--- +diff --git a/src/copyin.c b/src/copyin.c +index 042cc41..264bfcb 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -138,7 +138,7 @@ get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) + } + else + { +- link_name = xmalloc (file_hdr->c_filesize); ++ link_name = xmalloc (file_hdr->c_filesize + 1); + tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); + link_name[file_hdr->c_filesize] = '\0'; + tape_skip_padding (in_file_des, file_hdr->c_filesize); +-- +cgit v0.9.0.2 diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch new file mode 100644 index 0000000000..fa2e8530b2 --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch @@ -0,0 +1,105 @@ +Partially fix CVE-2014-9112, part 4/5. Backported to 2.11. + +From fd262d116c4564c1796be9be2799619cf7785d07 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Thu, 11 Dec 2014 10:51:21 +0000 +Subject: Fix error recovery in copy-in mode + +* src/copyin.c (copyin_link): Fix null dereference. +(read_in_header): Fix error recovery (bug introduced by +27e0ae55). +* tests/symlink-bad-length.at: Test error recovery. +Catch various architecture-dependent error messages (suggested +by Pavel Raiskup). +--- +diff --git a/src/copyin.c b/src/copyin.c +index 264bfcb..ca12356 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -655,7 +655,7 @@ copyin_device (struct cpio_file_stat* file_hdr) + } + + static void +-copyin_link(struct cpio_file_stat *file_hdr, int in_file_des) ++copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) + { + char *link_name = NULL; /* Name of hard and symbolic links. */ + int res; /* Result of various function calls. */ +@@ -666,6 +666,8 @@ copyin_link(struct cpio_file_stat *file_ + if (archive_format != arf_tar && archive_format != arf_ustar) + { + link_name = get_link_name (file_hdr, in_file_des); ++ if (!link_name) ++ return; + } + else + { +@@ -1017,7 +1019,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) + + file_hdr->c_tar_linkname = NULL; + +- tape_buffered_read (magic.str, in_des, 6L); ++ tape_buffered_read (magic.str, in_des, sizeof (magic.str)); + while (1) + { + if (append_flag) +@@ -1062,8 +1064,8 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) + break; + } + bytes_skipped++; +- memmove (magic.str, magic.str + 1, 5); +- tape_buffered_read (magic.str, in_des, 1L); ++ memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1); ++ tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L); + } + } + +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index cbf4aa7..4dbeaa3 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length]) + AT_KEYWORDS([symlink-long copyout]) + + AT_DATA([ARCHIVE.base64], +-[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv +-JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF +-UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk ++AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA ++c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +@@ -37,13 +37,23 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + AT_CHECK([ + base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST +-cpio -ntv < ARCHIVE +-test $? -eq 2 ++TZ=UTC cpio -ntv < ARCHIVE 2>stderr ++rc=$? ++cat stderr | grep -v \ ++ -e 'stored filename length is out of range' \ ++ -e 'premature end of file' \ ++ -e 'archive header has reverse byte-order' \ ++ -e 'memory exhausted' \ ++ >&2 ++echo >&2 STDERR ++test "$rc" -ne 0 + ], +-[0], +-[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE +-],[cpio: LINK: stored filename length is out of range +-cpio: premature end of file ++[1], ++[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE ++-rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2 ++],[cpio: warning: skipped 4 bytes of junk ++1 block ++STDERR + ]) + + AT_CLEANUP +-- +cgit v0.9.0.2 diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch new file mode 100644 index 0000000000..75313cbefa --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch @@ -0,0 +1,88 @@ +Partially fix CVE-2014-9112, part 5/5. Backported to 2.11. + +From f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Thu, 11 Dec 2014 13:21:40 +0000 +Subject: Fix symlink-bad-length test for 64-bit architectures. + +* src/util.c: Return non-zero exit code if EOF is hit prematurely. +* tests/symlink-bad-length.at: Revert to original archive: there's +no use testing for recovery, because that depends on the host +architecture. Don't test for exit code as well (same reason). +Account for eventual warning messages. +--- +diff --git a/src/util.c b/src/util.c +index 6c483f8..39c9813 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int + if (input_size < 0) + error (1, errno, _("read error")); + if (input_size == 0) +- { +- error (0, 0, _("premature end of file")); +- exit (1); +- } ++ error (PAXEXIT_FAILURE, 0, _("premature end of file")); + input_bytes += input_size; + } + +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index 4dbeaa3..e1a7093 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length]) + AT_KEYWORDS([symlink-long copyout]) + + AT_DATA([ARCHIVE.base64], +-[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk +-AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA +-c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA ++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv ++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF ++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +@@ -35,25 +35,30 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + ]) + ++# The exact error message and exit status depend on the host architecture, ++# therefore strderr is filtered out and error code is not checked. ++ ++# So far the only case when cpio would exit with code 0 is when it skips ++# several bytes and encounters a valid record header. Perhaps it should ++# exit with code 2 (non-critical error), if at least one byte was skipped, ++# but that could hurt backward compatibility. ++ + AT_CHECK([ + base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST +-TZ=UTC cpio -ntv < ARCHIVE 2>stderr +-rc=$? ++TZ=UTC cpio -ntv < ARCHIVE 2>stderr + cat stderr | grep -v \ + -e 'stored filename length is out of range' \ + -e 'premature end of file' \ + -e 'archive header has reverse byte-order' \ + -e 'memory exhausted' \ ++ -e 'skipped [[0-9][0-9]*] bytes of junk' \ ++ -e '[[0-9][0-9]*] block' \ + >&2 + echo >&2 STDERR +-test "$rc" -ne 0 + ], +-[1], +-[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE +--rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2 +-],[cpio: warning: skipped 4 bytes of junk +-1 block +-STDERR ++[0], ++[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE ++],[STDERR + ]) + + AT_CLEANUP +-- +cgit v0.9.0.2 |