cpio: unbundle patch (fetch from my GitHub acct.)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Tobias Geerinckx-Rice 10 years ago 27678026 3278007d

+9 -150

2 changed files

expand all

pkgs

tools

archivers

cpio

CVE-2015-1197-cpio-2.12.patch

default.nix

-149

pkgs/tools/archivers/cpio/CVE-2015-1197-cpio-2.12.patch

··· 1 - Original: https://marc.info/?l=oss-security&m=142289947619786&w=2 2 - 3 - Re-applied to 2.12 by Tobias Geerinckx-Rice 4 - <tobias.geerinckx.rice@gmail.com> - any bugs are (probably) mine. 5 - 6 - diff -Naur cpio-2.12a/doc/cpio.1 cpio-2.12b/doc/cpio.1 7 - --- cpio-2.12a/doc/cpio.1 2015-09-12 12:57:30.000000000 +0200 8 - +++ cpio-2.12b/doc/cpio.1 2015-09-18 05:35:48.158146735 +0200 9 - @@ -29,6 +29,7 @@ 10 - [\fB\-\-block\-size=\fIblocks\fR] [\fB\-\-dereference\fR] 11 - [\fB\-\-io\-size=\fIBYTES\fR] [\fB\-\-quiet\fR] 12 - [\fB\-\-force\-local\fR] [\fB\-\-rsh\-command=\fICOMMAND\fR] 13 - +[\fB\-\-extract\-over\-symlinks] 14 - \fB<\fR \fIname-list\fR [\fB>\fR \fIarchive\fR] 15 - 16 - .B cpio 17 - diff -Naur cpio-2.12a/src/copyin.c cpio-2.12b/src/copyin.c 18 - --- cpio-2.12a/src/copyin.c 2015-09-12 12:57:30.000000000 +0200 19 - +++ cpio-2.12b/src/copyin.c 2015-09-18 05:31:22.088544481 +0200 20 - @@ -695,6 +695,50 @@ 21 - free (link_name); 22 - } 23 - 24 - +static int 25 - +path_contains_symlink(char *path) 26 - +{ 27 - + struct stat st; 28 - + char *slash; 29 - + char *nextslash; 30 - + 31 - + /* we got NULL pointer or empty string */ 32 - + if (!path || !*path) { 33 - + return false; 34 - + } 35 - + 36 - + slash = path; 37 - + 38 - + while ((nextslash = strchr(slash + 1, '/')) != NULL) { 39 - + slash = nextslash; 40 - + *slash = '\0'; 41 - + 42 - + if (lstat(path, &st) != 0) { 43 - + if (errno == ELOOP) { 44 - + /* ELOOP - too many symlinks */ 45 - + *slash = '/'; 46 - + return true; 47 - + } else if (errno == ENOMEM) { 48 - + /* No memory for lstat - terminate */ 49 - + xalloc_die(); 50 - + } else { 51 - + /* cannot lstat path - give up */ 52 - + *slash = '/'; 53 - + return false; 54 - + } 55 - + } 56 - + 57 - + if (S_ISLNK(st.st_mode)) { 58 - + *slash = '/'; 59 - + return true; 60 - + } 61 - + 62 - + *slash = '/'; 63 - + } 64 - + 65 - + return false; 66 - +} 67 - + 68 - static void 69 - copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) 70 - { 71 - @@ -1468,6 +1512,23 @@ 72 - { 73 - /* Copy the input file into the directory structure. */ 74 - 75 - + /* Can we write files over symlinks? */ 76 - + if (!extract_over_symlinks) 77 - + { 78 - + if (path_contains_symlink(file_hdr.c_name)) 79 - + { 80 - + /* skip the file */ 81 - + /* 82 - + fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name); 83 - + tape_toss_input (in_file_des, file_hdr.c_filesize); 84 - + tape_skip_padding (in_file_des, file_hdr.c_filesize); 85 - + continue; 86 - + */ 87 - + /* terminate */ 88 - + error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); 89 - + } 90 - + } 91 - + 92 - /* Do we need to rename the file? */ 93 - if (rename_flag || rename_batch_file) 94 - { 95 - diff -Naur cpio-2.12a/src/extern.h cpio-2.12b/src/extern.h 96 - --- cpio-2.12a/src/extern.h 2015-09-12 12:57:30.000000000 +0200 97 - +++ cpio-2.12b/src/extern.h 2015-09-18 05:34:45.208241420 +0200 98 - @@ -96,6 +96,7 @@ 99 - extern char output_is_special; 100 - extern char input_is_seekable; 101 - extern char output_is_seekable; 102 - +extern bool extract_over_symlinks; 103 - extern int (*xstat) (); 104 - extern void (*copy_function) (); 105 - extern char *change_directory_option; 106 - diff -Naur cpio-2.12a/src/global.c cpio-2.12b/src/global.c 107 - --- cpio-2.12a/src/global.c 2015-09-12 12:57:30.000000000 +0200 108 - +++ cpio-2.12b/src/global.c 2015-09-18 05:32:00.598487355 +0200 109 - @@ -187,6 +187,9 @@ 110 - /* The name this program was run with. */ 111 - char *program_name; 112 - 113 - +/* Extract files over symbolic links */ 114 - +bool extract_over_symlinks; 115 - + 116 - /* A pointer to either lstat or stat, depending on whether 117 - dereferencing of symlinks is done for input files. */ 118 - int (*xstat) (); 119 - diff -Naur cpio-2.12a/src/main.c cpio-2.12b/src/main.c 120 - --- cpio-2.12a/src/main.c 2015-09-12 12:57:30.000000000 +0200 121 - +++ cpio-2.12b/src/main.c 2015-09-18 05:34:20.018279218 +0200 122 - @@ -59,6 +59,7 @@ 123 - DEBUG_OPTION, 124 - BLOCK_SIZE_OPTION, 125 - TO_STDOUT_OPTION, 126 - + EXTRACT_OVER_SYMLINKS, 127 - RENUMBER_INODES_OPTION, 128 - IGNORE_DEVNO_OPTION, 129 - DEVICE_INDEPENDENT_OPTION 130 - @@ -243,6 +244,8 @@ 131 - N_("Create leading directories where needed"), GRID+1 }, 132 - {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0, 133 - N_("Do not change the ownership of the files"), GRID+1 }, 134 - + {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0, 135 - + N_("Force writing over symbolic links"), GRID+1 }, 136 - {"unconditional", 'u', NULL, 0, 137 - N_("Replace all files unconditionally"), GRID+1 }, 138 - {"sparse", SPARSE_OPTION, NULL, 0, 139 - @@ -432,6 +435,10 @@ 140 - no_chown_flag = true; 141 - break; 142 - 143 - + case EXTRACT_OVER_SYMLINKS: /* --extract-over-symlinks */ 144 - + extract_over_symlinks = true; 145 - + break; 146 - + 147 - case 'o': /* Copy-out mode. */ 148 - if (copy_function != 0) 149 - USAGE_ERROR ((0, 0, _("Mode already defined")));

+9 -1

pkgs/tools/archivers/cpio/default.nix

··· 11 11 sha256 = "0vi9q475h1rki53100zml75vxsykzyhrn70hidy41s5c2rc8r6bh"; 12 12 }; 13 13 14 - patches = [ ./CVE-2015-1197-cpio-2.12.patch ]; 14 + patches = [ 15 + (fetchpatch { 16 + name = "CVE-2015-1197-cpio-2.12.patch"; 17 + url = "https://gist.github.com/nckx/70b0bfa80ddfb86c2967/" 18 + + "raw/e9b40d4d4b701f584f826775b75beb10751dc884/" 19 + + "CVE-2015-1197-cpio-2.12.patch"; 20 + sha256 = "0ph43m4lavwkc4gnl5h9p3da4kb1pnhwk5l2qsky70dqri8pcr8v"; 21 + }) 22 + ]; 15 23 16 24 preConfigure = if stdenv.isCygwin then '' 17 25 sed -i gnu/fpending.h -e 's,include <stdio_ext.h>,,'