Commit ce96722d authored by Jeff Huang's avatar Jeff Huang 🤔

[skip-ci] cpio: update to 2.13 to fix security issues

parent 397579db
Pipeline #4719 skipped
diff --git a/src/copyin.c b/src/copyin.c
index cde911e..032d35f 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1385,6 +1385,8 @@ process_copy_in ()
break;
}
+ if (file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
diff --git a/src/util.c b/src/util.c
index 6ff6032..2763ac1 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1411,7 +1411,10 @@ set_file_times (int fd,
}
/* Do we have to ignore absolute paths, and if so, does the filename
- have an absolute path? */
+ have an absolute path?
+ Before calling this function make sure that the allocated NAME buffer has
+ capacity at least 2 bytes to allow us to store the "." string inside. */
+
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)
pkgname=cpio
pkgver=2.12
pkgver=2.13
pkgrel=1
pkgdesc="A tool to copy files into or out of a cpio or tar archive"
arch=(x86_64)
license=('GPL')
url="http://www.gnu.org/software/cpio"
url="https://www.gnu.org/software/cpio"
depends=('glibc')
source=("ftp://ftp.gnu.org/gnu/cpio/cpio-${pkgver}.tar.gz"
'CVE-2016-2037.patch')
install=cpio.install
md5sums=('fc207561a86b63862eea4b8300313e86'
'8a9dde38d04acc08993beb2d7ead9d23')
source=("https://ftp.gnu.org/gnu/cpio/cpio-${pkgver}.tar.gz")
sha256sums=('e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8f3db88')
build() {
cd ${srcdir}/${pkgname}-${pkgver}
patch -Np1 -i ${srcdir}/CVE-2016-2037.patch
./configure --prefix=/usr --mandir=/usr/share/man
make
}
check() {
cd ${srcdir}/${pkgname}-${pkgver}
make check
}
package() {
cd ${srcdir}/${pkgname}-${pkgver}
make DESTDIR=${pkgdir} install
......
infodir=/usr/share/info
filelist=(cpio.info)
post_install() {
[ -x usr/bin/install-info ] || return 0
for file in ${filelist[@]}; do
usr/bin/install-info $infodir/$file $infodir/dir 2> /dev/null
done
}
post_upgrade() {
post_install $1
}
pre_remove() {
[ -x usr/bin/install-info ] || return 0
for file in ${filelist[@]}; do
usr/bin/install-info --delete $infodir/$file $infodir/dir 2> /dev/null
done
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment