~alpine/aports

2 2

[alpine-aports] [PATCH] testing/cpio: new aport

Details
Message ID
<1435328593-2026-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1435328593
DKIM signature
missing
Download raw message
Patch: +468 -0
---
 testing/cpio/001-cpio-2.11-stdio.in.patch          |  14 ++
 testing/cpio/002-cpio-2.11-CVE-2014-9112.patch     | 134 ++++++++++++++++++
 .../003-cpio-2.11-testsuite-CVE-2014-9112.patch    |  31 +++++
 ...pio-2.11-check_for_symlinks-CVE-2015-1197.patch | 153 +++++++++++++++++++++
 testing/cpio/005-cpio-2.11-stdio.in-part2.patch    |  68 +++++++++
 testing/cpio/APKBUILD                              |  68 +++++++++
 6 files changed, 468 insertions(+)
 create mode 100644 testing/cpio/001-cpio-2.11-stdio.in.patch
 create mode 100644 testing/cpio/002-cpio-2.11-CVE-2014-9112.patch
 create mode 100644 testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch
 create mode 100644 testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
 create mode 100644 testing/cpio/005-cpio-2.11-stdio.in-part2.patch
 create mode 100644 testing/cpio/APKBUILD

diff --git a/testing/cpio/001-cpio-2.11-stdio.in.patch b/testing/cpio/001-cpio-2.11-stdio.in.patch
new file mode 100644
index 0000000..bbdaeea
--- /dev/null
+++ b/testing/cpio/001-cpio-2.11-stdio.in.patch
@@ -0,0 +1,14 @@
diff -urNp cpio-2.11-orig/gnu/stdio.in.h cpio-2.11/gnu/stdio.in.h
--- cpio-2.11-orig/gnu/stdio.in.h	2010-03-10 10:27:03.000000000 +0100
+++ cpio-2.11/gnu/stdio.in.h	2012-06-04 10:23:23.804471185 +0200
@@ -139,7 +139,9 @@ _GL_WARN_ON_USE (fflush, "fflush is not 
    so any use of gets warrants an unconditional warning.  Assume it is
    always declared, since it is required by C89.  */
 #undef gets
+#if HAVE_RAW_DECL_GETS
 _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
 
 #if @GNULIB_FOPEN@
 # if @REPLACE_FOPEN@

diff --git a/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch b/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch
new file mode 100644
index 0000000..86ab61a
--- /dev/null
+++ b/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch
@@ -0,0 +1,134 @@
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b3e8e60..cf186da 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -52,6 +52,8 @@ TESTSUITE_AT = \
  setstat04.at\
  setstat05.at\
  symlink.at\
+ symlink-bad-length.at\
+ symlink-long.at\
  version.at
 
 TESTSUITE = $(srcdir)/testsuite
diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
new file mode 100644
index 0000000..cbf4aa7
--- /dev/null
+++ b/tests/symlink-bad-length.at
@@ -0,0 +1,49 @@
+# Process this file with autom4te to create testsuite.  -*- Autotest -*-
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA.
+
+# Cpio v2.11 did segfault with badly set symlink length.
+# References:
+# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
+
+AT_SETUP([symlink-bad-length])
+AT_KEYWORDS([symlink-long copyout])
+
+AT_DATA([ARCHIVE.base64],
+[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
+JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
+UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+])
+
+AT_CHECK([
+base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
+cpio -ntv < ARCHIVE
+test $? -eq 2
+],
+[0],
+[-rw-rw-r--   1 10029    10031          13 Nov 25 13:52 FILE
+],[cpio: LINK: stored filename length is out of range
+cpio: premature end of file
+])
+
+AT_CLEANUP
diff --git a/tests/symlink-long.at b/tests/symlink-long.at
new file mode 100644
index 0000000..d3def2d
--- /dev/null
+++ b/tests/symlink-long.at
@@ -0,0 +1,46 @@
+# Process this file with autom4te to create testsuite.  -*- Autotest -*-
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA.
+
+# Cpio v2.11.90 changed the way symlink name is read from archive.
+# References:
+# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
+
+AT_SETUP([symlink-long])
+AT_KEYWORDS([symlink-long copyout])
+
+AT_CHECK([
+
+# len(dirname) > READBUFSIZE
+dirname=
+for i in {1..52}; do
+    dirname="xxxxxxxxx/$dirname"
+    mkdir "$dirname"
+done
+ln -s "$dirname" x || AT_SKIP_TEST
+
+echo x | cpio -o > ar
+list=`cpio -tv < ar | sed 's|.*-> ||'`
+test "$list" = "$dirname" && echo success || echo fail
+],
+[0],
+[success
+],[2 blocks
+2 blocks
+])
+
+AT_CLEANUP
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 8f3330b..590bdcb 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -31,6 +31,8 @@ m4_include([version.at])
 
 m4_include([inout.at])
 m4_include([symlink.at])
+m4_include([symlink-bad-length.at])
+m4_include([symlink-long.at])
 m4_include([interdir.at])
 
 m4_include([setstat01.at])

diff --git a/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch b/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch
new file mode 100644
index 0000000..c7dcb03
--- /dev/null
+++ b/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch
@@ -0,0 +1,31 @@
diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
index cbf4aa7..d8d250b 100644
--- a/tests/symlink-bad-length.at
+++ b/tests/symlink-bad-length.at
@@ -37,13 +37,20 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
 
 AT_CHECK([
 base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
-cpio -ntv < ARCHIVE
-test $? -eq 2
+TZ=UTC cpio -ntv < ARCHIVE 2>stderr
+rc=$?
+cat stderr | grep -v \
+    -e 'stored filename length is out of range' \
+    -e 'premature end of file' \
+    -e 'archive header has reverse byte-order' \
+    -e 'memory exhausted' \
+    >&2
+echo >&2 STDERR
+test "$rc" -ne 0
 ],
 [0],
-[-rw-rw-r--   1 10029    10031          13 Nov 25 13:52 FILE
-],[cpio: LINK: stored filename length is out of range
-cpio: premature end of file
+[-rw-rw-r--   1 10029    10031          13 Nov 25 11:52 FILE
+],[STDERR
 ])
 
 AT_CLEANUP

diff --git a/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch b/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
new file mode 100644
index 0000000..75a107b
--- /dev/null
+++ b/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
@@ -0,0 +1,153 @@
Index: cpio-2.11/src/copyin.c
===================================================================
--- cpio-2.11.orig/src/copyin.c	2014-07-01 14:02:39.991007263 +0200
+++ cpio-2.11/src/copyin.c	2014-07-22 16:05:28.171344584 +0200
@@ -686,6 +686,51 @@ copyin_link(struct cpio_file_stat *file_
   free (link_name);
 }
 
+
+static int
+path_contains_symlink(char *path)
+{
+  struct stat st;
+  char *slash;
+  char *nextslash;
+
+  /* we got NULL pointer or empty string */
+  if (!path || !*path) {
+    return false;
+  }
+
+  slash = path;
+
+  while ((nextslash = strchr(slash + 1, '/')) != NULL) {
+    slash = nextslash;
+    *slash = '\0';
+
+    if (lstat(path, &st) != 0) {
+      if (errno == ELOOP) {
+        /* ELOOP - too many symlinks */
+        *slash = '/';
+        return true;
+      } else if (errno == ENOMEM) {
+        /* No memory for lstat - terminate */
+        xalloc_die();
+      } else {
+        /* cannot lstat path - give up */
+        *slash = '/';
+        return false;
+      }
+    }
+
+    if (S_ISLNK(st.st_mode)) {
+      *slash = '/';
+      return true;
+    }
+
+    *slash = '/';
+  }
+
+  return false;
+}
+
 static void
 copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
 {
@@ -1463,6 +1508,23 @@ process_copy_in ()
 	{
 	  /* Copy the input file into the directory structure.  */
 
+          /* Can we write files over symlinks? */
+          if (!extract_over_symlinks)
+            {
+              if (path_contains_symlink(file_hdr.c_name))
+                {
+                  /* skip the file */
+                  /*
+                  fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
+                  tape_toss_input (in_file_des, file_hdr.c_filesize);
+                  tape_skip_padding (in_file_des, file_hdr.c_filesize);
+                  continue;
+                  */
+                  /* terminate */
+	          error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
+                }
+            }
+
 	  /* Do we need to rename the file? */
 	  if (rename_flag || rename_batch_file)
 	    {
Index: cpio-2.11/src/global.c
===================================================================
--- cpio-2.11.orig/src/global.c	2014-07-17 16:33:09.768900927 +0200
+++ cpio-2.11/src/global.c	2014-07-21 17:45:58.563494706 +0200
@@ -187,6 +187,9 @@ bool to_stdout_option = false;
 /* The name this program was run with.  */
 char *program_name;
 
+/* Extract files over symbolic links */
+bool extract_over_symlinks;
+
 /* A pointer to either lstat or stat, depending on whether
    dereferencing of symlinks is done for input files.  */
 int (*xstat) ();
Index: cpio-2.11/src/main.c
===================================================================
--- cpio-2.11.orig/src/main.c	2014-07-01 14:02:39.840005051 +0200
+++ cpio-2.11/src/main.c	2014-07-17 20:33:47.839215571 +0200
@@ -57,7 +57,8 @@ enum cpio_options {
   FORCE_LOCAL_OPTION,            
   DEBUG_OPTION,                  
   BLOCK_SIZE_OPTION,             
-  TO_STDOUT_OPTION
+  TO_STDOUT_OPTION,
+  EXTRACT_OVER_SYMLINKS
 };
 
 const char *program_authors[] =
@@ -222,6 +223,8 @@ static struct argp_option options[] = {
    N_("Create leading directories where needed"), GRID+1 },
   {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
    N_("Do not change the ownership of the files"), GRID+1 },
+  {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
+   N_("Force writing over symbolic links"), GRID+1 },
   {"unconditional", 'u', NULL, 0,
    N_("Replace all files unconditionally"), GRID+1 },
   {"sparse", SPARSE_OPTION, NULL, 0,
@@ -413,6 +416,10 @@ crc newc odc bin ustar tar (all-caps als
       no_chown_flag = true;
       break;
 
+    case EXTRACT_OVER_SYMLINKS:		        /* --extract-over-symlinks */
+      extract_over_symlinks = true;
+      break;
+
     case 'o':		/* Copy-out mode.  */
       if (copy_function != 0)
 	error (PAXEXIT_FAILURE, 0, _("Mode already defined"));
Index: cpio-2.11/src/extern.h
===================================================================
--- cpio-2.11.orig/src/extern.h	2014-07-01 14:02:39.907006032 +0200
+++ cpio-2.11/src/extern.h	2014-07-17 17:11:20.948908806 +0200
@@ -95,6 +95,7 @@ extern char input_is_special;
 extern char output_is_special;
 extern char input_is_seekable;
 extern char output_is_seekable;
+extern bool extract_over_symlinks;
 extern int (*xstat) ();
 extern void (*copy_function) ();
 
Index: cpio-2.11/doc/cpio.1
===================================================================
--- cpio-2.11.orig/doc/cpio.1	2009-02-14 19:15:50.000000000 +0100
+++ cpio-2.11/doc/cpio.1	2014-07-21 23:00:33.878746855 +0200
@@ -22,6 +22,7 @@ cpio \- copy files to and from archives
 [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message]
 [\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse]
 [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet] [\-\-rsh-command=command]
+[\-\-extract\-over\-symlinks]
 [\-\-help] [\-\-version] [pattern...] [< archive]
 
 .B cpio

diff --git a/testing/cpio/005-cpio-2.11-stdio.in-part2.patch b/testing/cpio/005-cpio-2.11-stdio.in-part2.patch
new file mode 100644
index 0000000..cf7f6e9
--- /dev/null
+++ b/testing/cpio/005-cpio-2.11-stdio.in-part2.patch
@@ -0,0 +1,68 @@
--- cpio-2.11/src/copyin.c	2010-02-15 10:02:23.000000000 +0000
+++ cpio-2.11/src/copyin.c.new	2015-06-25 19:16:47.788864922 +0000
@@ -125,9 +125,29 @@ tape_skip_padding (int in_file_des, off_
     tape_toss_input (in_file_des, pad);
 }
 
-
+static char *
+get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
+{
+  char *link_name;
+
+  if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1)
+    {
+      error (0, 0, _("%s: stored filename length is out of range"),
+	     file_hdr->c_name);
+      link_name = NULL;
+    }
+  else
+    {
+      link_name = xmalloc (file_hdr->c_filesize + 1);
+      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+      link_name[file_hdr->c_filesize] = '\0';
+      tape_skip_padding (in_file_des, file_hdr->c_filesize);
+    }
+  return link_name;
+}
+
 static void
-list_file(struct cpio_file_stat* file_hdr, int in_file_des)
+list_file (struct cpio_file_stat* file_hdr, int in_file_des)
 {
   if (verbose_flag)
     {
@@ -136,15 +156,12 @@ list_file(struct cpio_file_stat* file_hd
 	{
 	  if (archive_format != arf_tar && archive_format != arf_ustar)
 	    {
-	      char *link_name = NULL;	/* Name of hard and symbolic links.  */
-
-	      link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
-	      link_name[file_hdr->c_filesize] = '\0';
-	      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
-	      long_format (file_hdr, link_name);
-	      free (link_name);
-	      tape_skip_padding (in_file_des, file_hdr->c_filesize);
-	      return;
+	     char *link_name = get_link_name (file_hdr, in_file_des);
+	      if (link_name)
+		{
+		  long_format (file_hdr, link_name);
+		  free (link_name);
+		}
 	    }
 	  else
 	    {
@@ -650,10 +667,7 @@ copyin_link(struct cpio_file_stat *file_
 
   if (archive_format != arf_tar && archive_format != arf_ustar)
     {
-      link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
-      link_name[file_hdr->c_filesize] = '\0';
-      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
-      tape_skip_padding (in_file_des, file_hdr->c_filesize);
+     link_name = get_link_name (file_hdr, in_file_des);
     }
   else
     {
diff --git a/testing/cpio/APKBUILD b/testing/cpio/APKBUILD
new file mode 100644
index 0000000..ee6a0ab
--- /dev/null
+++ b/testing/cpio/APKBUILD
@@ -0,0 +1,68 @@
# Contributor: Stuart Cardall <developer@it-offshore.co.uk>
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=cpio
pkgver=2.11
pkgrel=0
pkgdesc="A tool to copy files into or out of a cpio or tar archive"
url="http://www.gnu.org/software/cpio"
arch="all"
license="GPL"
depends="tar"
depends_dev=""
makedepends="$depends_dev"
#install=""
subpackages="$pkgname-doc"
source="$pkgname-$pkgver.tar.bz2::http://ftp.snt.utwente.nl/pub/software/gnu/cpio/$pkgname-$pkgver.tar.bz2
	001-cpio-2.11-stdio.in.patch
	002-cpio-2.11-CVE-2014-9112.patch
	003-cpio-2.11-testsuite-CVE-2014-9112.patch
	004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
	005-cpio-2.11-stdio.in-part2.patch
	"

_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
	local i
	cd "$_builddir"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
		esac
	done
}

build() {
	cd "$_builddir"
	./configure \
		--prefix=/usr \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	rm -f "$pkgdir"/usr/lib/charset.alias
	rm -f "$pkgdir"/usr/libexec/rmt # part of the tar pkg
}

md5sums="20fc912915c629e809f80b96b2e75d7d  cpio-2.11.tar.bz2
db5b098b6765478a4b62cf42b059248e  001-cpio-2.11-stdio.in.patch
007485ebf1bc2d8b4a7fd67dce4a9739  002-cpio-2.11-CVE-2014-9112.patch
af27df259d12ff0414b38e2ab0bef9a9  003-cpio-2.11-testsuite-CVE-2014-9112.patch
d85769d9b56a27008e0ad246d6e5805a  004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
d379203af39a48671aede692f1a14c47  005-cpio-2.11-stdio.in-part2.patch"
sha256sums="bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd  cpio-2.11.tar.bz2
7e953ee60878ae1b840cd5dcab36afa80db63bddc86aaab791746108bbd87256  001-cpio-2.11-stdio.in.patch
ab6d390892e1f61110ad8bfc6554ed2fe9f9b3252ae43a2fe9cd04e110ad9c69  002-cpio-2.11-CVE-2014-9112.patch
018a183c70d1708f58a0777b77344691d4b621107d669e469dfd180b2386f36a  003-cpio-2.11-testsuite-CVE-2014-9112.patch
2fc99ca2c86fbbf0b586a8159c459034b1016f0efcd9a02aceaf263840f432b9  004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
176fda78943be8cdef7fb62dea301020b51681827c91fcf32c42725be255d2eb  005-cpio-2.11-stdio.in-part2.patch"
sha512sums="b6ccb3e121ea29780219d21c9cd6267c2f7b7ae72fb899bb80e1c54cc33e9eac5363443d93dbfbe37e8e8d295dad2724ac607f0543cc62797919605f68c396aa  cpio-2.11.tar.bz2
9c03762aa7192c888bd2c83238183085d7f8b74c49f7dfc1f67a196a579b0394aa031f3c850bbdd9519515cff987b95c2c835afbffa366c9296e114423daca76  001-cpio-2.11-stdio.in.patch
2370d376b62cb61513fcf62ae360fa356c63d6272d6f8b412a448df20f86eb98e8121452d602ae5ac87d0e7be3142c38213fecbf9f05ddc2e82da2eaec2ca10f  002-cpio-2.11-CVE-2014-9112.patch
67d4cd4235674007022381838dd811c4149d8c0a6205ce940d109c26ef72334d0c715605e9ab37e51212061c1c89b053f82b63d4f8a397977ce349d224edaa70  003-cpio-2.11-testsuite-CVE-2014-9112.patch
5a7c4090bb80fc3591825747c02b3f446c3a4bf58e6be0d4cbcc6ade9c795636add67ea38d4e753c6252b9b7e76370e36b0d5355089cd26a18fcaed6cc9907de  004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
1b3fd9e695314d6d468215bd2fbaadd850ff864502f51d840e1ab8452fea0bc9779fba906559ed4c47a11f909519506cd6fc0a8990248f8c63bc8f1c683108e8  005-cpio-2.11-stdio.in-part2.patch"
-- 
2.4.4



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20150626165519.7be2c9b8@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1435328593-2026-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1435330519
DKIM signature
missing
Download raw message
On Fri, 26 Jun 2015 14:23:13 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote:

> ---
>  testing/cpio/001-cpio-2.11-stdio.in.patch          |  14 ++
>  testing/cpio/002-cpio-2.11-CVE-2014-9112.patch     | 134 ++++++++++++++++++
>  .../003-cpio-2.11-testsuite-CVE-2014-9112.patch    |  31 +++++
>  ...pio-2.11-check_for_symlinks-CVE-2015-1197.patch | 153 +++++++++++++++++++++
>  testing/cpio/005-cpio-2.11-stdio.in-part2.patch    |  68 +++++++++
>  testing/cpio/APKBUILD                              |  68 +++++++++
>  6 files changed, 468 insertions(+)
>  create mode 100644 testing/cpio/001-cpio-2.11-stdio.in.patch
>  create mode 100644 testing/cpio/002-cpio-2.11-CVE-2014-9112.patch
>  create mode 100644 testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch
>  create mode 100644 testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
>  create mode 100644 testing/cpio/005-cpio-2.11-stdio.in-part2.patch
>  create mode 100644 testing/cpio/APKBUILD

many patches here. Are they submitted upstream too?

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Details
Message ID
<558D8151.4080306@it-offshore.co.uk>
In-Reply-To
<20150626165519.7be2c9b8@ncopa-desktop.alpinelinux.org> (view parent)
Sender timestamp
1435337041
DKIM signature
missing
Download raw message
They were the same patches as in Arch Linux (who copied some of them
from Fedora)

I had to split "cpio-2.11-stdio" into 2 patches for it to apply correctly.

Stuart.

On 06/26/15 15:55, Natanael Copa wrote:
> On Fri, 26 Jun 2015 14:23:13 +0000
> Stuart Cardall <developer@it-offshore.co.uk> wrote:
>
>> ---
>>  testing/cpio/001-cpio-2.11-stdio.in.patch          |  14 ++
>>  testing/cpio/002-cpio-2.11-CVE-2014-9112.patch     | 134 ++++++++++++++++++
>>  .../003-cpio-2.11-testsuite-CVE-2014-9112.patch    |  31 +++++
>>  ...pio-2.11-check_for_symlinks-CVE-2015-1197.patch | 153 +++++++++++++++++++++
>>  testing/cpio/005-cpio-2.11-stdio.in-part2.patch    |  68 +++++++++
>>  testing/cpio/APKBUILD                              |  68 +++++++++
>>  6 files changed, 468 insertions(+)
>>  create mode 100644 testing/cpio/001-cpio-2.11-stdio.in.patch
>>  create mode 100644 testing/cpio/002-cpio-2.11-CVE-2014-9112.patch
>>  create mode 100644 testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch
>>  create mode 100644 testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch
>>  create mode 100644 testing/cpio/005-cpio-2.11-stdio.in-part2.patch
>>  create mode 100644 testing/cpio/APKBUILD
> many patches here. Are they submitted upstream too?
>
> -nc
Reply to thread Export thread (mbox)