diff options
author | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:13:20 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2014-12-30 14:48:13 -0500 |
commit | c7bdc7ece5650be75314dc302f3cdcf02806857b (patch) | |
tree | a9e7d038daf6e113e79d50255c0143c3719a4cbb /gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch | |
parent | 1c69e4ce3f33242ee8d209b8078fc78a73355446 (diff) | |
download | guix-c7bdc7ece5650be75314dc302f3cdcf02806857b.tar.gz |
gnu: cpio: Add fixes for CVE-2014-9112.
* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch, gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/cpio.scm (cpio): Add patches. Add 'autoconf' to native-inputs.
Diffstat (limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch')
-rw-r--r-- | gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch new file mode 100644 index 0000000000..75313cbefa --- /dev/null +++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch @@ -0,0 +1,88 @@ +Partially fix CVE-2014-9112, part 5/5. Backported to 2.11. + +From f6a8a2cbd2d5ca40ea94900b55b845dd5ca87328 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org.ua> +Date: Thu, 11 Dec 2014 13:21:40 +0000 +Subject: Fix symlink-bad-length test for 64-bit architectures. + +* src/util.c: Return non-zero exit code if EOF is hit prematurely. +* tests/symlink-bad-length.at: Revert to original archive: there's +no use testing for recovery, because that depends on the host +architecture. Don't test for exit code as well (same reason). +Account for eventual warning messages. +--- +diff --git a/src/util.c b/src/util.c +index 6c483f8..39c9813 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int + if (input_size < 0) + error (1, errno, _("read error")); + if (input_size == 0) +- { +- error (0, 0, _("premature end of file")); +- exit (1); +- } ++ error (PAXEXIT_FAILURE, 0, _("premature end of file")); + input_bytes += input_size; + } + +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index 4dbeaa3..e1a7093 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length]) + AT_KEYWORDS([symlink-long copyout]) + + AT_DATA([ARCHIVE.base64], +-[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk +-AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA +-c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA ++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv ++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF ++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +@@ -35,25 +35,30 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + ]) + ++# The exact error message and exit status depend on the host architecture, ++# therefore strderr is filtered out and error code is not checked. ++ ++# So far the only case when cpio would exit with code 0 is when it skips ++# several bytes and encounters a valid record header. Perhaps it should ++# exit with code 2 (non-critical error), if at least one byte was skipped, ++# but that could hurt backward compatibility. ++ + AT_CHECK([ + base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST +-TZ=UTC cpio -ntv < ARCHIVE 2>stderr +-rc=$? ++TZ=UTC cpio -ntv < ARCHIVE 2>stderr + cat stderr | grep -v \ + -e 'stored filename length is out of range' \ + -e 'premature end of file' \ + -e 'archive header has reverse byte-order' \ + -e 'memory exhausted' \ ++ -e 'skipped [[0-9][0-9]*] bytes of junk' \ ++ -e '[[0-9][0-9]*] block' \ + >&2 + echo >&2 STDERR +-test "$rc" -ne 0 + ], +-[1], +-[-rw-rw-r-- 1 1000 100 13 Dec 11 09:02 FILE +--rw-r--r-- 1 1000 100 18 Dec 11 10:13 FILE2 +-],[cpio: warning: skipped 4 bytes of junk +-1 block +-STDERR ++[0], ++[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE ++],[STDERR + ]) + + AT_CLEANUP +-- +cgit v0.9.0.2 |