ports/core
4
3
Fork 0
Code Issues Pull Requests Activity
a3e12fc52f
core/cpio/cpio-2.6.patch

78 lines
2.8 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Description: Fix for not allowing a malicious cpio file to extract to an arbitrary directory. Added missing checks for setlocale() and lstat(). The latter fixes a symlink handling problem.
Origin: http://lwn.net/Articles/143418/
http://www.xs4all.nl/~hanb/software/crux/han/cpio/cpio.patch
http://www.linuxfromscratch.org/blfs/view/6.1/general/cpio.html
Upstream status: Unknown (2005-07-21)
diff -aur cpio-2.6.orig/configure.ac cpio-2.6/configure.ac
--- cpio-2.6.orig/configure.ac 2004-12-20 11:46:30.000000000 +0100
+++ cpio-2.6/configure.ac 2006-05-20 20:13:46.832935750 +0200
@@ -92,10 +92,10 @@
AC_CONFIG_LINKS(src/fnmatch.h:headers/fnmatch.h)
fi
-AC_CHECK_FUNCS(lchown endpwent endgrent)
+AC_CHECK_FUNCS(setlocale lstat lchown endpwent endgrent)
AC_FUNC_VPRINTF
AC_FUNC_ALLOCA
-AC_CHECK_LIB(nsl, gethostname, [LIBS="$LIBS -lnsl"])
+dnl AC_CHECK_LIB(nsl, gethostname, [LIBS="$LIBS -lnsl"])
AC_CHECK_LIB(socket, setsockopt, [LIBS="$LIBS -lsocket"])
# Gettext.
diff -Nru cpio-2.6/src/copyout.c cpio-2.6-new/src/copyout.c
--- cpio-2.6/src/copyout.c 2004-10-14 11:14:03.000000000 +0200
+++ cpio-2.6-new/src/copyout.c 2005-07-21 16:07:42.000000000 +0200
@@ -305,7 +305,7 @@
else
magic_string = "070701";
sprintf (ascii_header,
- "%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
+ "%6s%08lx%08lx%08lx%08lx%08lx%08x%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
magic_string,
file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,
diff -Nru cpio-2.6/src/extern.h cpio-2.6-new/src/extern.h
--- cpio-2.6/src/extern.h 2004-09-08 12:49:57.000000000 +0200
+++ cpio-2.6-new/src/extern.h 2005-07-21 16:07:42.000000000 +0200
@@ -91,6 +91,7 @@
extern char input_is_seekable;
extern char output_is_seekable;
extern char *program_name;
+extern mode_t sys_umask;
extern int (*xstat) ();
extern void (*copy_function) ();
diff -Nru cpio-2.6/src/global.c cpio-2.6-new/src/global.c
--- cpio-2.6/src/global.c 2004-09-08 12:23:44.000000000 +0200
+++ cpio-2.6-new/src/global.c 2005-07-21 16:07:42.000000000 +0200
@@ -195,6 +195,9 @@
/* The name this program was run with. */
char *program_name;
+/* Debian hack to make the -d option honor the umask. */
+mode_t sys_umask;
+
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();
diff -Nru cpio-2.6/src/main.c cpio-2.6-new/src/main.c
--- cpio-2.6/src/main.c 2004-11-23 01:42:18.000000000 +0100
+++ cpio-2.6-new/src/main.c 2005-07-21 16:07:42.000000000 +0200
@@ -740,7 +740,6 @@
textdomain (PACKAGE);
program_name = argv[0];
- umask (0);
#ifdef __TURBOC__
_fmode = O_BINARY; /* Put stdin and stdout in binary mode. */
@@ -751,6 +750,7 @@
#endif
process_args (argc, argv);
+ sys_umask = umask (0);
initialize_buffers ();
Reference in New Issue View Git Blame Copy Permalink