[arch-commits] Commit in cpio/trunk (2 files)

Tobias Powalowski tpowa at archlinux.org
Wed Mar 18 16:27:14 UTC 2015 

    Date: Wednesday, March 18, 2015 @ 17:27:13
  Author: tpowa
Revision: 234107

upgpkg: cpio 2.11-6

fix CVE

Added:
  cpio/trunk/cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
Modified:
  cpio/trunk/PKGBUILD

--------------------------------------------------+
 PKGBUILD                                         |   10 -
 cpio-2.11-check_for_symlinks-CVE-2015-1197.patch |  152 +++++++++++++++++++++
 2 files changed, 159 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-03-18 16:27:12 UTC (rev 234106)
+++ PKGBUILD	2015-03-18 16:27:13 UTC (rev 234107)
@@ -2,7 +2,7 @@
 # Maintainer: judd <jvinet at zeroflux.org>
 pkgname=cpio
 pkgver=2.11
-pkgrel=5
+pkgrel=6
 pkgdesc="A tool to copy files into or out of a cpio or tar archive"
 arch=(i686 x86_64)
 license=('GPL')
@@ -11,12 +11,14 @@
 source=(ftp://ftp.gnu.org/gnu/cpio/cpio-${pkgver}.tar.gz
         cpio-2.11-stdio.in.patch
         cpio-2.11-CVE-2014-9112.patch
-        cpio-2.11-testsuite-CVE-2014-9112.patch)
+        cpio-2.11-testsuite-CVE-2014-9112.patch
+        cpio-2.11-check_for_symlinks-CVE-2015-1197.patch)
 install=cpio.install
 md5sums=('1112bb6c45863468b5496ba128792f6c'
          'd7e58f2a1ec286febd09ea75042cf96e'
          '2541e37b85cb7baffc3a3f687453737c'
-         '348870bebae57146eafeb189adbd43a4')
+         '348870bebae57146eafeb189adbd43a4'
+         '31b5e1d853b85d58e55cee1d17fa42bf')
 
 prepare() {
   cd ${srcdir}/${pkgname}-${pkgver}
@@ -24,6 +26,8 @@
   # from fedora git
   patch -Np1 -i ${srcdir}/cpio-2.11-CVE-2014-9112.patch
   patch -Np1 -i ${srcdir}/cpio-2.11-testsuite-CVE-2014-9112.patch
+  # fix CVE-2015-1197 #44173
+  patch -Np1 -i ${srcdir}/cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
 }
 
 build() {

Added: cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
===================================================================
--- cpio-2.11-check_for_symlinks-CVE-2015-1197.patch	                        (rev 0)
+++ cpio-2.11-check_for_symlinks-CVE-2015-1197.patch	2015-03-18 16:27:13 UTC (rev 234107)
@@ -0,0 +1,152 @@
+Index: cpio-2.11/src/copyin.c
+===================================================================
+--- cpio-2.11.orig/src/copyin.c	2014-07-01 14:02:39.991007263 +0200
++++ cpio-2.11/src/copyin.c	2014-07-22 16:05:28.171344584 +0200
+@@ -686,6 +686,51 @@ copyin_link(struct cpio_file_stat *file_
+   free (link_name);
+ }
+ 

++
++static int
++path_contains_symlink(char *path)
++{
++  struct stat st;
++  char *slash;
++  char *nextslash;
++
++  /* we got NULL pointer or empty string */
++  if (!path || !*path) {
++    return false;
++  }
++
++  slash = path;
++
++  while ((nextslash = strchr(slash + 1, '/')) != NULL) {
++    slash = nextslash;
++    *slash = '\0';
++
++    if (lstat(path, &st) != 0) {
++      if (errno == ELOOP) {
++        /* ELOOP - too many symlinks */
++        *slash = '/';
++        return true;
++      } else if (errno == ENOMEM) {
++        /* No memory for lstat - terminate */
++        xalloc_die();
++      } else {
++        /* cannot lstat path - give up */
++        *slash = '/';
++        return false;
++      }
++    }
++
++    if (S_ISLNK(st.st_mode)) {
++      *slash = '/';
++      return true;
++    }
++
++    *slash = '/';
++  }
++
++  return false;
++}
++
+ static void
+ copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
+ {
+@@ -1463,6 +1508,23 @@ process_copy_in ()
+ 	{
+ 	  /* Copy the input file into the directory structure.  */
+ 
++          /* Can we write files over symlinks? */
++          if (!extract_over_symlinks)
++            {
++              if (path_contains_symlink(file_hdr.c_name))
++                {
++                  /* skip the file */
++                  /*
++                  fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
++                  tape_toss_input (in_file_des, file_hdr.c_filesize);
++                  tape_skip_padding (in_file_des, file_hdr.c_filesize);
++                  continue;
++                  */
++                  /* terminate */
++	          error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
++                }
++            }
++
+ 	  /* Do we need to rename the file? */
+ 	  if (rename_flag || rename_batch_file)
+ 	    {
+Index: cpio-2.11/src/global.c
+===================================================================
+--- cpio-2.11.orig/src/global.c	2014-07-17 16:33:09.768900927 +0200
++++ cpio-2.11/src/global.c	2014-07-21 17:45:58.563494706 +0200
+@@ -187,6 +187,9 @@ bool to_stdout_option = false;
+ /* The name this program was run with.  */
+ char *program_name;
+ 
++/* Extract files over symbolic links */
++bool extract_over_symlinks;
++
+ /* A pointer to either lstat or stat, depending on whether
+    dereferencing of symlinks is done for input files.  */
+ int (*xstat) ();
+Index: cpio-2.11/src/main.c
+===================================================================
+--- cpio-2.11.orig/src/main.c	2014-07-01 14:02:39.840005051 +0200
++++ cpio-2.11/src/main.c	2014-07-17 20:33:47.839215571 +0200
+@@ -57,7 +57,8 @@ enum cpio_options {
+   FORCE_LOCAL_OPTION,            
+   DEBUG_OPTION,                  
+   BLOCK_SIZE_OPTION,             
+-  TO_STDOUT_OPTION
++  TO_STDOUT_OPTION,
++  EXTRACT_OVER_SYMLINKS
+ };
+ 
+ const char *program_authors[] =
+@@ -222,6 +223,8 @@ static struct argp_option options[] = {
+    N_("Create leading directories where needed"), GRID+1 },
+   {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
+    N_("Do not change the ownership of the files"), GRID+1 },
++  {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
++   N_("Force writing over symbolic links"), GRID+1 },
+   {"unconditional", 'u', NULL, 0,
+    N_("Replace all files unconditionally"), GRID+1 },
+   {"sparse", SPARSE_OPTION, NULL, 0,
+@@ -413,6 +416,10 @@ crc newc odc bin ustar tar (all-caps als
+       no_chown_flag = true;
+       break;
+ 
++    case EXTRACT_OVER_SYMLINKS:		        /* --extract-over-symlinks */
++      extract_over_symlinks = true;
++      break;
++
+     case 'o':		/* Copy-out mode.  */
+       if (copy_function != 0)
+ 	error (PAXEXIT_FAILURE, 0, _("Mode already defined"));
+Index: cpio-2.11/src/extern.h
+===================================================================
+--- cpio-2.11.orig/src/extern.h	2014-07-01 14:02:39.907006032 +0200
++++ cpio-2.11/src/extern.h	2014-07-17 17:11:20.948908806 +0200
+@@ -95,6 +95,7 @@ extern char input_is_special;
+ extern char output_is_special;
+ extern char input_is_seekable;
+ extern char output_is_seekable;
++extern bool extract_over_symlinks;
+ extern int (*xstat) ();
+ extern void (*copy_function) ();
+ 

+Index: cpio-2.11/doc/cpio.1
+===================================================================
+--- cpio-2.11.orig/doc/cpio.1	2009-02-14 19:15:50.000000000 +0100
++++ cpio-2.11/doc/cpio.1	2014-07-21 23:00:33.878746855 +0200
+@@ -22,6 +22,7 @@ cpio \- copy files to and from archives
+ [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message]
+ [\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse]
+ [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet] [\-\-rsh-command=command]
++[\-\-extract\-over\-symlinks]
+ [\-\-help] [\-\-version] [pattern...] [< archive]
+ 
+ .B cpio

More information about the arch-commits mailing list