|
 |
5c2053 |
revert fix for CVE-2015-1197 as it causes shutdown issues
|
|
|
5c2053 |
|
|
|
5c2053 |
revert suggested as a workaround by upstream:
|
|
|
5c2053 |
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
|
|
|
5c2053 |
|
|
|
5c2053 |
--- b/src/copyin.c
|
|
|
5c2053 |
+++ a/src/copyin.c
|
|
|
5c2053 |
@@ -645,14 +645,13 @@
|
|
|
5c2053 |
link_name = xstrdup (file_hdr->c_tar_linkname);
|
|
|
5c2053 |
}
|
|
|
5c2053 |
|
|
|
5c2053 |
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
|
|
|
5c2053 |
-
|
|
|
5c2053 |
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
|
|
|
5c2053 |
file_hdr->c_mode);
|
|
|
5c2053 |
if (res < 0 && create_dir_flag)
|
|
|
5c2053 |
{
|
|
|
5c2053 |
create_all_directories (file_hdr->c_name);
|
|
|
5c2053 |
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
|
|
|
5c2053 |
+ file_hdr->c_mode);
|
|
|
5c2053 |
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
|
|
|
5c2053 |
}
|
|
|
5c2053 |
if (res < 0)
|
|
|
5c2053 |
{
|
|
|
5c2053 |
--- b/tests/CVE-2015-1197.at
|
|
|
5c2053 |
+++ /dev/null
|
|
|
5c2053 |
@@ -1,43 +0,0 @@
|
|
|
5c2053 |
-# Process this file with autom4te to create testsuite. -*- Autotest -*-
|
|
|
5c2053 |
-# Copyright (C) 2009-2019 Free Software Foundation, Inc.
|
|
|
5c2053 |
-#
|
|
|
5c2053 |
-# This program is free software; you can redistribute it and/or modify
|
|
|
5c2053 |
-# it under the terms of the GNU General Public License as published by
|
|
|
5c2053 |
-# the Free Software Foundation; either version 3, or (at your option)
|
|
|
5c2053 |
-# any later version.
|
|
|
5c2053 |
-#
|
|
|
5c2053 |
-# This program is distributed in the hope that it will be useful,
|
|
|
5c2053 |
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
5c2053 |
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
5c2053 |
-# GNU General Public License for more details.
|
|
|
5c2053 |
-#
|
|
|
5c2053 |
-# You should have received a copy of the GNU General Public License
|
|
|
5c2053 |
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
5c2053 |
-
|
|
|
5c2053 |
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
|
|
|
5c2053 |
-AT_CHECK([
|
|
|
5c2053 |
-tempdir=$(pwd)/tmp
|
|
|
5c2053 |
-mkdir $tempdir
|
|
|
5c2053 |
-touch $tempdir/file
|
|
|
5c2053 |
-ln -s $tempdir dir
|
|
|
5c2053 |
-AT_DATA([filelist],
|
|
|
5c2053 |
-[dir
|
|
|
5c2053 |
-dir/file
|
|
|
5c2053 |
-])
|
|
|
5c2053 |
-ln -s /tmp dir
|
|
|
5c2053 |
-touch /tmp/file
|
|
|
5c2053 |
-cpio -o < filelist > test.cpio
|
|
|
5c2053 |
-rm dir /tmp/file
|
|
|
5c2053 |
-cpio --no-absolute-filenames -iv < test.cpio
|
|
|
5c2053 |
-],
|
|
|
5c2053 |
-[2],
|
|
|
5c2053 |
-[],
|
|
|
5c2053 |
-[1 block
|
|
|
5c2053 |
-cpio: Removing leading `/' from hard link targets
|
|
|
5c2053 |
-dir
|
|
|
5c2053 |
-cpio: dir/file: Cannot open: No such file or directory
|
|
|
5c2053 |
-dir/file
|
|
|
5c2053 |
-1 block
|
|
|
5c2053 |
-])
|
|
|
5c2053 |
-AT_CLEANUP
|
|
|
5c2053 |
-
|
|
|
5c2053 |
--- b/tests/Makefile.am
|
|
|
5c2053 |
+++ a/tests/Makefile.am
|
|
|
5c2053 |
@@ -56,9 +56,8 @@
|
|
|
5c2053 |
symlink-long.at\
|
|
|
5c2053 |
symlink-to-stdout.at\
|
|
|
5c2053 |
version.at\
|
|
|
5c2053 |
big-block-size.at\
|
|
|
5c2053 |
- CVE-2015-1197.at\
|
|
|
5c2053 |
CVE-2019-14866.at
|
|
|
5c2053 |
|
|
|
5c2053 |
TESTSUITE = $(srcdir)/testsuite
|
|
|
5c2053 |
|
|
|
5c2053 |
--- b/tests/testsuite.at
|
|
|
5c2053 |
+++ a/tests/testsuite.at
|
|
|
5c2053 |
@@ -43,6 +43,5 @@
|
|
|
5c2053 |
m4_include([setstat04.at])
|
|
|
5c2053 |
m4_include([setstat05.at])
|
|
|
5c2053 |
m4_include([big-block-size.at])
|
|
|
5c2053 |
|
|
|
5c2053 |
-m4_include([CVE-2015-1197.at])
|
|
|
5c2053 |
m4_include([CVE-2019-14866.at])
|