You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.4 KiB
91 lines
2.4 KiB
revert fix for CVE-2015-1197 as it causes shutdown issues |
|
|
|
revert suggested as a workaround by upstream: |
|
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html |
|
|
|
--- b/src/copyin.c |
|
+++ a/src/copyin.c |
|
@@ -645,14 +645,13 @@ |
|
link_name = xstrdup (file_hdr->c_tar_linkname); |
|
} |
|
|
|
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); |
|
- |
|
res = UMASKED_SYMLINK (link_name, file_hdr->c_name, |
|
file_hdr->c_mode); |
|
if (res < 0 && create_dir_flag) |
|
{ |
|
create_all_directories (file_hdr->c_name); |
|
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, |
|
+ file_hdr->c_mode); |
|
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); |
|
} |
|
if (res < 0) |
|
{ |
|
--- b/tests/CVE-2015-1197.at |
|
+++ /dev/null |
|
@@ -1,43 +0,0 @@ |
|
-# Process this file with autom4te to create testsuite. -*- Autotest -*- |
|
-# Copyright (C) 2009-2019 Free Software Foundation, Inc. |
|
-# |
|
-# This program is free software; you can redistribute it and/or modify |
|
-# it under the terms of the GNU General Public License as published by |
|
-# the Free Software Foundation; either version 3, or (at your option) |
|
-# any later version. |
|
-# |
|
-# This program is distributed in the hope that it will be useful, |
|
-# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
-# GNU General Public License for more details. |
|
-# |
|
-# You should have received a copy of the GNU General Public License |
|
-# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
- |
|
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)]) |
|
-AT_CHECK([ |
|
-tempdir=$(pwd)/tmp |
|
-mkdir $tempdir |
|
-touch $tempdir/file |
|
-ln -s $tempdir dir |
|
-AT_DATA([filelist], |
|
-[dir |
|
-dir/file |
|
-]) |
|
-ln -s /tmp dir |
|
-touch /tmp/file |
|
-cpio -o < filelist > test.cpio |
|
-rm dir /tmp/file |
|
-cpio --no-absolute-filenames -iv < test.cpio |
|
-], |
|
-[2], |
|
-[], |
|
-[1 block |
|
-cpio: Removing leading `/' from hard link targets |
|
-dir |
|
-cpio: dir/file: Cannot open: No such file or directory |
|
-dir/file |
|
-1 block |
|
-]) |
|
-AT_CLEANUP |
|
- |
|
--- b/tests/Makefile.am |
|
+++ a/tests/Makefile.am |
|
@@ -56,9 +56,8 @@ |
|
symlink-long.at\ |
|
symlink-to-stdout.at\ |
|
version.at\ |
|
big-block-size.at\ |
|
- CVE-2015-1197.at\ |
|
CVE-2019-14866.at |
|
|
|
TESTSUITE = $(srcdir)/testsuite |
|
|
|
--- b/tests/testsuite.at |
|
+++ a/tests/testsuite.at |
|
@@ -43,6 +43,5 @@ |
|
m4_include([setstat04.at]) |
|
m4_include([setstat05.at]) |
|
m4_include([big-block-size.at]) |
|
|
|
-m4_include([CVE-2015-1197.at]) |
|
m4_include([CVE-2019-14866.at])
|
|
|