diff options
Diffstat (limited to 'testing')
-rw-r--r-- | testing/cpio/001-cpio-2.11-stdio.in.patch | 14 | ||||
-rw-r--r-- | testing/cpio/002-cpio-2.11-CVE-2014-9112.patch | 134 | ||||
-rw-r--r-- | testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch | 31 | ||||
-rw-r--r-- | testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch | 153 | ||||
-rw-r--r-- | testing/cpio/005-cpio-2.11-stdio.in-part2.patch | 68 | ||||
-rw-r--r-- | testing/cpio/APKBUILD | 68 |
6 files changed, 468 insertions, 0 deletions
diff --git a/testing/cpio/001-cpio-2.11-stdio.in.patch b/testing/cpio/001-cpio-2.11-stdio.in.patch new file mode 100644 index 0000000000..bbdaeead3a --- /dev/null +++ b/testing/cpio/001-cpio-2.11-stdio.in.patch @@ -0,0 +1,14 @@ +diff -urNp cpio-2.11-orig/gnu/stdio.in.h cpio-2.11/gnu/stdio.in.h +--- cpio-2.11-orig/gnu/stdio.in.h 2010-03-10 10:27:03.000000000 +0100 ++++ cpio-2.11/gnu/stdio.in.h 2012-06-04 10:23:23.804471185 +0200 +@@ -139,7 +139,9 @@ _GL_WARN_ON_USE (fflush, "fflush is not + so any use of gets warrants an unconditional warning. Assume it is + always declared, since it is required by C89. */ + #undef gets ++#if HAVE_RAW_DECL_GETS + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); ++#endif + + #if @GNULIB_FOPEN@ + # if @REPLACE_FOPEN@ + diff --git a/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch b/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch new file mode 100644 index 0000000000..86ab61af8e --- /dev/null +++ b/testing/cpio/002-cpio-2.11-CVE-2014-9112.patch @@ -0,0 +1,134 @@ +diff --git a/tests/Makefile.am b/tests/Makefile.am +index b3e8e60..cf186da 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -52,6 +52,8 @@ TESTSUITE_AT = \ + setstat04.at\ + setstat05.at\ + symlink.at\ ++ symlink-bad-length.at\ ++ symlink-long.at\ + version.at + + TESTSUITE = $(srcdir)/testsuite +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +new file mode 100644 +index 0000000..cbf4aa7 +--- /dev/null ++++ b/tests/symlink-bad-length.at +@@ -0,0 +1,49 @@ ++# Process this file with autom4te to create testsuite. -*- Autotest -*- ++# Copyright (C) 2014 Free Software Foundation, Inc. ++ ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3, or (at your option) ++# any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++# 02110-1301 USA. ++ ++# Cpio v2.11 did segfault with badly set symlink length. ++# References: ++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html ++ ++AT_SETUP([symlink-bad-length]) ++AT_KEYWORDS([symlink-long copyout]) ++ ++AT_DATA([ARCHIVE.base64], ++[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv ++JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF ++UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ++AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ++]) ++ ++AT_CHECK([ ++base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST ++cpio -ntv < ARCHIVE ++test $? -eq 2 ++], ++[0], ++[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE ++],[cpio: LINK: stored filename length is out of range ++cpio: premature end of file ++]) ++ ++AT_CLEANUP +diff --git a/tests/symlink-long.at b/tests/symlink-long.at +new file mode 100644 +index 0000000..d3def2d +--- /dev/null ++++ b/tests/symlink-long.at +@@ -0,0 +1,46 @@ ++# Process this file with autom4te to create testsuite. -*- Autotest -*- ++# Copyright (C) 2014 Free Software Foundation, Inc. ++ ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3, or (at your option) ++# any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++# 02110-1301 USA. ++ ++# Cpio v2.11.90 changed the way symlink name is read from archive. ++# References: ++# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html ++ ++AT_SETUP([symlink-long]) ++AT_KEYWORDS([symlink-long copyout]) ++ ++AT_CHECK([ ++ ++# len(dirname) > READBUFSIZE ++dirname= ++for i in {1..52}; do ++ dirname="xxxxxxxxx/$dirname" ++ mkdir "$dirname" ++done ++ln -s "$dirname" x || AT_SKIP_TEST ++ ++echo x | cpio -o > ar ++list=`cpio -tv < ar | sed 's|.*-> ||'` ++test "$list" = "$dirname" && echo success || echo fail ++], ++[0], ++[success ++],[2 blocks ++2 blocks ++]) ++ ++AT_CLEANUP +diff --git a/tests/testsuite.at b/tests/testsuite.at +index 8f3330b..590bdcb 100644 +--- a/tests/testsuite.at ++++ b/tests/testsuite.at +@@ -31,6 +31,8 @@ m4_include([version.at]) + + m4_include([inout.at]) + m4_include([symlink.at]) ++m4_include([symlink-bad-length.at]) ++m4_include([symlink-long.at]) + m4_include([interdir.at]) + + m4_include([setstat01.at]) + diff --git a/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch b/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch new file mode 100644 index 0000000000..c7dcb03354 --- /dev/null +++ b/testing/cpio/003-cpio-2.11-testsuite-CVE-2014-9112.patch @@ -0,0 +1,31 @@ +diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at +index cbf4aa7..d8d250b 100644 +--- a/tests/symlink-bad-length.at ++++ b/tests/symlink-bad-length.at +@@ -37,13 +37,20 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + AT_CHECK([ + base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST +-cpio -ntv < ARCHIVE +-test $? -eq 2 ++TZ=UTC cpio -ntv < ARCHIVE 2>stderr ++rc=$? ++cat stderr | grep -v \ ++ -e 'stored filename length is out of range' \ ++ -e 'premature end of file' \ ++ -e 'archive header has reverse byte-order' \ ++ -e 'memory exhausted' \ ++ >&2 ++echo >&2 STDERR ++test "$rc" -ne 0 + ], + [0], +-[-rw-rw-r-- 1 10029 10031 13 Nov 25 13:52 FILE +-],[cpio: LINK: stored filename length is out of range +-cpio: premature end of file ++[-rw-rw-r-- 1 10029 10031 13 Nov 25 11:52 FILE ++],[STDERR + ]) + + AT_CLEANUP + diff --git a/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch b/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch new file mode 100644 index 0000000000..75a107b23a --- /dev/null +++ b/testing/cpio/004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch @@ -0,0 +1,153 @@ +Index: cpio-2.11/src/copyin.c +=================================================================== +--- cpio-2.11.orig/src/copyin.c 2014-07-01 14:02:39.991007263 +0200 ++++ cpio-2.11/src/copyin.c 2014-07-22 16:05:28.171344584 +0200 +@@ -686,6 +686,51 @@ copyin_link(struct cpio_file_stat *file_ + free (link_name); + } + ++ ++static int ++path_contains_symlink(char *path) ++{ ++ struct stat st; ++ char *slash; ++ char *nextslash; ++ ++ /* we got NULL pointer or empty string */ ++ if (!path || !*path) { ++ return false; ++ } ++ ++ slash = path; ++ ++ while ((nextslash = strchr(slash + 1, '/')) != NULL) { ++ slash = nextslash; ++ *slash = '\0'; ++ ++ if (lstat(path, &st) != 0) { ++ if (errno == ELOOP) { ++ /* ELOOP - too many symlinks */ ++ *slash = '/'; ++ return true; ++ } else if (errno == ENOMEM) { ++ /* No memory for lstat - terminate */ ++ xalloc_die(); ++ } else { ++ /* cannot lstat path - give up */ ++ *slash = '/'; ++ return false; ++ } ++ } ++ ++ if (S_ISLNK(st.st_mode)) { ++ *slash = '/'; ++ return true; ++ } ++ ++ *slash = '/'; ++ } ++ ++ return false; ++} ++ + static void + copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) + { +@@ -1463,6 +1508,23 @@ process_copy_in () + { + /* Copy the input file into the directory structure. */ + ++ /* Can we write files over symlinks? */ ++ if (!extract_over_symlinks) ++ { ++ if (path_contains_symlink(file_hdr.c_name)) ++ { ++ /* skip the file */ ++ /* ++ fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name); ++ tape_toss_input (in_file_des, file_hdr.c_filesize); ++ tape_skip_padding (in_file_des, file_hdr.c_filesize); ++ continue; ++ */ ++ /* terminate */ ++ error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); ++ } ++ } ++ + /* Do we need to rename the file? */ + if (rename_flag || rename_batch_file) + { +Index: cpio-2.11/src/global.c +=================================================================== +--- cpio-2.11.orig/src/global.c 2014-07-17 16:33:09.768900927 +0200 ++++ cpio-2.11/src/global.c 2014-07-21 17:45:58.563494706 +0200 +@@ -187,6 +187,9 @@ bool to_stdout_option = false; + /* The name this program was run with. */ + char *program_name; + ++/* Extract files over symbolic links */ ++bool extract_over_symlinks; ++ + /* A pointer to either lstat or stat, depending on whether + dereferencing of symlinks is done for input files. */ + int (*xstat) (); +Index: cpio-2.11/src/main.c +=================================================================== +--- cpio-2.11.orig/src/main.c 2014-07-01 14:02:39.840005051 +0200 ++++ cpio-2.11/src/main.c 2014-07-17 20:33:47.839215571 +0200 +@@ -57,7 +57,8 @@ enum cpio_options { + FORCE_LOCAL_OPTION, + DEBUG_OPTION, + BLOCK_SIZE_OPTION, +- TO_STDOUT_OPTION ++ TO_STDOUT_OPTION, ++ EXTRACT_OVER_SYMLINKS + }; + + const char *program_authors[] = +@@ -222,6 +223,8 @@ static struct argp_option options[] = { + N_("Create leading directories where needed"), GRID+1 }, + {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0, + N_("Do not change the ownership of the files"), GRID+1 }, ++ {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0, ++ N_("Force writing over symbolic links"), GRID+1 }, + {"unconditional", 'u', NULL, 0, + N_("Replace all files unconditionally"), GRID+1 }, + {"sparse", SPARSE_OPTION, NULL, 0, +@@ -413,6 +416,10 @@ crc newc odc bin ustar tar (all-caps als + no_chown_flag = true; + break; + ++ case EXTRACT_OVER_SYMLINKS: /* --extract-over-symlinks */ ++ extract_over_symlinks = true; ++ break; ++ + case 'o': /* Copy-out mode. */ + if (copy_function != 0) + error (PAXEXIT_FAILURE, 0, _("Mode already defined")); +Index: cpio-2.11/src/extern.h +=================================================================== +--- cpio-2.11.orig/src/extern.h 2014-07-01 14:02:39.907006032 +0200 ++++ cpio-2.11/src/extern.h 2014-07-17 17:11:20.948908806 +0200 +@@ -95,6 +95,7 @@ extern char input_is_special; + extern char output_is_special; + extern char input_is_seekable; + extern char output_is_seekable; ++extern bool extract_over_symlinks; + extern int (*xstat) (); + extern void (*copy_function) (); + +Index: cpio-2.11/doc/cpio.1 +=================================================================== +--- cpio-2.11.orig/doc/cpio.1 2009-02-14 19:15:50.000000000 +0100 ++++ cpio-2.11/doc/cpio.1 2014-07-21 23:00:33.878746855 +0200 +@@ -22,6 +22,7 @@ cpio \- copy files to and from archives + [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message] + [\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse] + [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet] [\-\-rsh-command=command] ++[\-\-extract\-over\-symlinks] + [\-\-help] [\-\-version] [pattern...] [< archive] + + .B cpio + diff --git a/testing/cpio/005-cpio-2.11-stdio.in-part2.patch b/testing/cpio/005-cpio-2.11-stdio.in-part2.patch new file mode 100644 index 0000000000..cf7f6e9122 --- /dev/null +++ b/testing/cpio/005-cpio-2.11-stdio.in-part2.patch @@ -0,0 +1,68 @@ +--- cpio-2.11/src/copyin.c 2010-02-15 10:02:23.000000000 +0000 ++++ cpio-2.11/src/copyin.c.new 2015-06-25 19:16:47.788864922 +0000 +@@ -125,9 +125,29 @@ tape_skip_padding (int in_file_des, off_ + tape_toss_input (in_file_des, pad); + } + +- ++static char * ++get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) ++{ ++ char *link_name; ++ ++ if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1) ++ { ++ error (0, 0, _("%s: stored filename length is out of range"), ++ file_hdr->c_name); ++ link_name = NULL; ++ } ++ else ++ { ++ link_name = xmalloc (file_hdr->c_filesize + 1); ++ tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); ++ link_name[file_hdr->c_filesize] = '\0'; ++ tape_skip_padding (in_file_des, file_hdr->c_filesize); ++ } ++ return link_name; ++} ++ + static void +-list_file(struct cpio_file_stat* file_hdr, int in_file_des) ++list_file (struct cpio_file_stat* file_hdr, int in_file_des) + { + if (verbose_flag) + { +@@ -136,15 +156,12 @@ list_file(struct cpio_file_stat* file_hd + { + if (archive_format != arf_tar && archive_format != arf_ustar) + { +- char *link_name = NULL; /* Name of hard and symbolic links. */ +- +- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); +- link_name[file_hdr->c_filesize] = '\0'; +- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); +- long_format (file_hdr, link_name); +- free (link_name); +- tape_skip_padding (in_file_des, file_hdr->c_filesize); +- return; ++ char *link_name = get_link_name (file_hdr, in_file_des); ++ if (link_name) ++ { ++ long_format (file_hdr, link_name); ++ free (link_name); ++ } + } + else + { +@@ -650,10 +667,7 @@ copyin_link(struct cpio_file_stat *file_ + + if (archive_format != arf_tar && archive_format != arf_ustar) + { +- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); +- link_name[file_hdr->c_filesize] = '\0'; +- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); +- tape_skip_padding (in_file_des, file_hdr->c_filesize); ++ link_name = get_link_name (file_hdr, in_file_des); + } + else + { diff --git a/testing/cpio/APKBUILD b/testing/cpio/APKBUILD new file mode 100644 index 0000000000..ee6a0ab051 --- /dev/null +++ b/testing/cpio/APKBUILD @@ -0,0 +1,68 @@ +# Contributor: Stuart Cardall <developer@it-offshore.co.uk> +# Maintainer: Stuart Cardall <developer@it-offshore.co.uk> +pkgname=cpio +pkgver=2.11 +pkgrel=0 +pkgdesc="A tool to copy files into or out of a cpio or tar archive" +url="http://www.gnu.org/software/cpio" +arch="all" +license="GPL" +depends="tar" +depends_dev="" +makedepends="$depends_dev" +#install="" +subpackages="$pkgname-doc" +source="$pkgname-$pkgver.tar.bz2::http://ftp.snt.utwente.nl/pub/software/gnu/cpio/$pkgname-$pkgver.tar.bz2 + 001-cpio-2.11-stdio.in.patch + 002-cpio-2.11-CVE-2014-9112.patch + 003-cpio-2.11-testsuite-CVE-2014-9112.patch + 004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch + 005-cpio-2.11-stdio.in-part2.patch + " + +_builddir="$srcdir"/$pkgname-$pkgver +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + +build() { + cd "$_builddir" + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + || return 1 + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install || return 1 + rm -f "$pkgdir"/usr/lib/charset.alias + rm -f "$pkgdir"/usr/libexec/rmt # part of the tar pkg +} + +md5sums="20fc912915c629e809f80b96b2e75d7d cpio-2.11.tar.bz2 +db5b098b6765478a4b62cf42b059248e 001-cpio-2.11-stdio.in.patch +007485ebf1bc2d8b4a7fd67dce4a9739 002-cpio-2.11-CVE-2014-9112.patch +af27df259d12ff0414b38e2ab0bef9a9 003-cpio-2.11-testsuite-CVE-2014-9112.patch +d85769d9b56a27008e0ad246d6e5805a 004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch +d379203af39a48671aede692f1a14c47 005-cpio-2.11-stdio.in-part2.patch" +sha256sums="bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd cpio-2.11.tar.bz2 +7e953ee60878ae1b840cd5dcab36afa80db63bddc86aaab791746108bbd87256 001-cpio-2.11-stdio.in.patch +ab6d390892e1f61110ad8bfc6554ed2fe9f9b3252ae43a2fe9cd04e110ad9c69 002-cpio-2.11-CVE-2014-9112.patch +018a183c70d1708f58a0777b77344691d4b621107d669e469dfd180b2386f36a 003-cpio-2.11-testsuite-CVE-2014-9112.patch +2fc99ca2c86fbbf0b586a8159c459034b1016f0efcd9a02aceaf263840f432b9 004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch +176fda78943be8cdef7fb62dea301020b51681827c91fcf32c42725be255d2eb 005-cpio-2.11-stdio.in-part2.patch" +sha512sums="b6ccb3e121ea29780219d21c9cd6267c2f7b7ae72fb899bb80e1c54cc33e9eac5363443d93dbfbe37e8e8d295dad2724ac607f0543cc62797919605f68c396aa cpio-2.11.tar.bz2 +9c03762aa7192c888bd2c83238183085d7f8b74c49f7dfc1f67a196a579b0394aa031f3c850bbdd9519515cff987b95c2c835afbffa366c9296e114423daca76 001-cpio-2.11-stdio.in.patch +2370d376b62cb61513fcf62ae360fa356c63d6272d6f8b412a448df20f86eb98e8121452d602ae5ac87d0e7be3142c38213fecbf9f05ddc2e82da2eaec2ca10f 002-cpio-2.11-CVE-2014-9112.patch +67d4cd4235674007022381838dd811c4149d8c0a6205ce940d109c26ef72334d0c715605e9ab37e51212061c1c89b053f82b63d4f8a397977ce349d224edaa70 003-cpio-2.11-testsuite-CVE-2014-9112.patch +5a7c4090bb80fc3591825747c02b3f446c3a4bf58e6be0d4cbcc6ade9c795636add67ea38d4e753c6252b9b7e76370e36b0d5355089cd26a18fcaed6cc9907de 004-cpio-2.11-check_for_symlinks-CVE-2015-1197.patch +1b3fd9e695314d6d468215bd2fbaadd850ff864502f51d840e1ab8452fea0bc9779fba906559ed4c47a11f909519506cd6fc0a8990248f8c63bc8f1c683108e8 005-cpio-2.11-stdio.in-part2.patch" |