From 880aa1b5c01e1e14f9295a953dbf37cbd08d24a9 Mon Sep 17 00:00:00 2001 From: alpine-mips-patches Date: Thu, 20 Dec 2018 14:06:58 +0000 Subject: community/cpio: add minor security fixes, fix tests - add fixes for CVE-2016-2037, integer overflow and inconsistent argument passing to printf-like functions, all from upstream. - add autoconf to checkdepends as autom4te is required to create built-in tests from templates; - remove bash from checkdepends (as it is useless without passing CONFIG_SHELL=/bin/bash to ./configure anyway) and replace the bash-style sequence expression at tests/symlink-long.at:30 to resolve test failure; - disable NLS and make explicit other default ./configure options. --- .../fix-signed-integer-overflow-big-block-sizes.patch | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 community/cpio/fix-signed-integer-overflow-big-block-sizes.patch (limited to 'community/cpio/fix-signed-integer-overflow-big-block-sizes.patch') diff --git a/community/cpio/fix-signed-integer-overflow-big-block-sizes.patch b/community/cpio/fix-signed-integer-overflow-big-block-sizes.patch new file mode 100644 index 0000000000..da2691ed87 --- /dev/null +++ b/community/cpio/fix-signed-integer-overflow-big-block-sizes.patch @@ -0,0 +1,19 @@ +commit 404600ebb4d417238bfabf7ec1561a62dc83c168 +Author: grajagandev +Date: Mon Feb 8 07:58:45 2016 -0800 + + Fix signed integer overflow - big block sizes + +diff --git a/src/main.c b/src/main.c +index a13861f..5a30a7b 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -321,7 +321,7 @@ parse_opt (int key, char *arg, struct argp_state *state) + + case BLOCK_SIZE_OPTION: /* --block-size */ + io_block_size = atoi (arg); +- if (io_block_size < 1) ++ if (io_block_size < 1 || io_block_size > INT_MAX/512) + USAGE_ERROR ((0, 0, _("invalid block size"))); + io_block_size *= 512; + break; -- cgit v1.2.3