You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.5 KiB
48 lines
1.5 KiB
https://sources.debian.org/patches/cpio/2.13%2Bdfsg-7.1/revert-CVE-2015-1197-handling.patch/
|
|
https://bugs.gentoo.org/700020
|
|
|
|
From: Chris Lamb <lamby@debian.org>
|
|
Date: Sat, 1 Feb 2020 13:36:37 +0100
|
|
Subject: Fix a regression in handling of CVE-2015-1197 &
|
|
--no-absolute-filenames.
|
|
|
|
See:
|
|
|
|
* https://bugs.debian.org/946267
|
|
* https://bugs.debian.org/946469
|
|
|
|
This reverts (most of): https://git.savannah.gnu.org/cgit/cpio.git/diff/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca&id2=3177d660a4c62a6acb538b0f7c54ba423698889a
|
|
--- a/src/copyin.c
|
|
+++ b/src/copyin.c
|
|
@@ -646,8 +646,6 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
|
|
link_name = xstrdup (file_hdr->c_tar_linkname);
|
|
}
|
|
|
|
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
|
|
-
|
|
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
|
|
file_hdr->c_mode);
|
|
if (res < 0 && create_dir_flag)
|
|
--- a/tests/testsuite
|
|
+++ b/tests/testsuite
|
|
@@ -2787,7 +2787,7 @@ read at_status <"$at_status_file"
|
|
#AT_START_14
|
|
at_fn_group_banner 14 'CVE-2015-1197.at:17' \
|
|
"CVE-2015-1197 (--no-absolute-filenames for symlinks)" ""
|
|
-at_xfail=no
|
|
+at_xfail=yes
|
|
(
|
|
$as_echo "14. $at_setup_line: testing $at_desc ..."
|
|
$at_traceon
|
|
|
|
--- a/tests/CVE-2015-1197.at
|
|
+++ b/tests/CVE-2015-1197.at
|
|
@@ -15,6 +15,7 @@
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
|
|
+AT_XFAIL_IF([true])
|
|
AT_CHECK([
|
|
tempdir=$(pwd)/tmp
|
|
mkdir $tempdir
|