Hello community,
here is the log from the commit of package cpio
checked in at Fri Aug 17 18:45:43 CEST 2007.
--------
--- cpio/cpio.changes 2007-07-25 13:17:06.000000000 +0200
+++ /mounts/work_src_done/STABLE/cpio/cpio.changes 2007-08-17 10:40:35.000000000 +0200
@@ -1,0 +2,12 @@
+Fri Aug 17 10:31:21 CEST 2007 - lmichnovic@suse.cz
+
+- upstream fix: use of alloca can cause stack overflow
+ (paxlib-owl-alloca.patch)
+
+-------------------------------------------------------------------
+Tue Aug 14 10:39:41 CEST 2007 - lmichnovic@suse.cz
+
+- CAN-2005-1111 is not fixed completely in 2.9 (chmodRaceC.patch)
+ based on fedora patch
+
+-------------------------------------------------------------------
New:
----
cpio-2.9-chmodRaceC.patch
cpio-2.9-paxlib-owl-alloca.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cpio.spec ++++++
--- /var/tmp/diff_new_pack.D23334/_old 2007-08-17 18:45:24.000000000 +0200
+++ /var/tmp/diff_new_pack.D23334/_new 2007-08-17 18:45:24.000000000 +0200
@@ -12,11 +12,11 @@
Name: cpio
URL: http://www.gnu.org/software/cpio/cpio.html
-License: GPL v2 or later
+License: GPL v3 only
Group: Productivity/Archiving/Compression
Autoreqprov: on
Version: 2.9
-Release: 2
+Release: 8
Summary: A Backup and Archiving Utility
Source: cpio-2.9.tar.bz2
Patch1: cpio-2.9-no_rmt.patch
@@ -25,22 +25,22 @@
Patch4: cpio-2.9-use_sbin_rmt.patch
Patch5: cpio-2.9-open_nonblock.patch
Patch6: cpio-2.9-lfs_correction.patch
+Patch7: cpio-2.9-chmodRaceC.patch
+Patch8: cpio-2.9-paxlib-owl-alloca.patch
PreReq: %install_info_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
-This is GNU cpio, a program to manage archives of files. This package
-also includes 'mt', a tape drive control program. Cpio copies files
-into or out of a cpio or tar archive. An archive is a file that
-contains other files plus information about them, such as their
-pathname, owner, time stamps, and access permissions. The archive can
-be another file on the disk, a magnetic tape, or a pipe.
-
-This package normally includes the program 'rmt', which provides remote
-tape drive control. Because there is a compatible 'rmt' in the 'dump'
-package, 'rmt' is not included in this package. If you are planning to
-use the remote tape features provided by cpio, install the 'dump'
-package as well.
+GNU cpio is a program to manage archives of files. This package also
+includes 'mt', a tape drive control program. Cpio copies files into or
+out of a cpio or tar archive. An archive is a file that contains other
+files plus information about them, such as their pathname, owner, time
+stamps, and access permissions. The archive can be another file on the
+disk, a magnetic tape, or a pipe. This package normally includes the
+program 'rmt', which providesremote tape drive control. Because there
+is a compatible 'rmt' in the'dump' package, 'rmt' is not included in
+this package. If you are planningto use the remote tape features
+provided by cpio, install the'dump' package as well.
@@ -57,6 +57,8 @@
%patch4
%patch5
%patch6
+%patch7
+%patch8
chmod 755 .
chmod u+w *
chmod a+r *
@@ -97,6 +99,12 @@
#/usr/share/locale/*/LC_MESSAGES/cpio.mo
%changelog
+* Fri Aug 17 2007 - lmichnovic@suse.cz
+- upstream fix: use of alloca can cause stack overflow
+ (paxlib-owl-alloca.patch)
+* Tue Aug 14 2007 - lmichnovic@suse.cz
+- CAN-2005-1111 is not fixed completely in 2.9 (chmodRaceC.patch)
+ based on fedora patch
* Wed Jul 25 2007 - lmichnovic@suse.cz
- fixed types of variables for LFS support (*lfs_correction.patch)
* Tue Jul 24 2007 - lmichnovic@suse.cz
++++++ cpio-2.9-chmodRaceC.patch ++++++
--- src/copypass.c
+++ src/copypass.c
@@ -239,15 +239,23 @@ process_copy_pass ()
cdf_flag = 1;
}
#endif
- res = mkdir (output_name.ds_string, in_file_stat.st_mode);
+ res = mkdir (output_name.ds_string, in_file_stat.st_mode & ~077);
}
else
- res = 0;
+ {
+ if (!no_chown_flag && (out_file_stat.st_mode & 077) != 0
+ && chmod (output_name.ds_string, out_file_stat.st_mode & 07700) < 0)
+ {
+ error (0, errno, "%s: chmod", output_name.ds_string);
+ continue;
+ }
+ res = 0;
+ }
if (res < 0 && create_dir_flag)
{
create_all_directories (output_name.ds_string);
- res = mkdir (output_name.ds_string, in_file_stat.st_mode);
+ res = mkdir (output_name.ds_string, in_file_stat.st_mode & ~077);
}
if (res < 0)
{
@@ -290,12 +298,12 @@ process_copy_pass ()
if (link_res < 0)
{
- res = mknod (output_name.ds_string, in_file_stat.st_mode,
+ res = mknod (output_name.ds_string, in_file_stat.st_mode & ~077,
in_file_stat.st_rdev);
if (res < 0 && create_dir_flag)
{
create_all_directories (output_name.ds_string);
- res = mknod (output_name.ds_string, in_file_stat.st_mode,
+ res = mknod (output_name.ds_string, in_file_stat.st_mode & ~077,
in_file_stat.st_rdev);
}
if (res < 0)
--- src/copyin.c
+++ src/copyin.c
@@ -186,11 +186,12 @@ list_file(struct cpio_file_stat* file_hd
static int
try_existing_file (struct cpio_file_stat* file_hdr, int in_file_des,
- int *existing_dir)
+ int *existing_dir, mode_t *existing_mode)
{
struct stat file_stat;
*existing_dir = false;
+ *existing_mode = 0;
if (lstat (file_hdr->c_name, &file_stat) == 0)
{
if (S_ISDIR (file_stat.st_mode)
@@ -200,6 +201,7 @@ try_existing_file (struct cpio_file_stat
we are trying to create, don't complain about
it. */
*existing_dir = true;
+ *existing_mode = file_stat.st_mode;
return 0;
}
else if (!unconditional_flag
@@ -567,7 +569,7 @@ copyin_regular_file (struct cpio_file_st
}
static void
-copyin_directory (struct cpio_file_stat *file_hdr, int existing_dir)
+copyin_directory (struct cpio_file_stat *file_hdr, int existing_dir, mode_t existing_mode)
{
int res; /* Result of various function calls. */
#ifdef HPUX_CDF
@@ -610,14 +612,22 @@ copyin_directory (struct cpio_file_stat
cdf_flag = 1;
}
#endif
- res = mkdir (file_hdr->c_name, file_hdr->c_mode);
+ res = mkdir (file_hdr->c_name, file_hdr->c_mode & ~077);
}
else
- res = 0;
+ {
+ if (!no_chown_flag && (existing_mode & 077) != 0
+ && chmod (file_hdr->c_name, existing_mode & 07700) < 0)
+ {
+ error (0, errno, "%s: chmod", file_hdr->c_name);
+ return;
+ }
+ res = 0;
+ }
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
- res = mkdir (file_hdr->c_name, file_hdr->c_mode);
+ res = mkdir (file_hdr->c_name, file_hdr->c_mode & ~077);
}
if (res < 0)
{
@@ -692,12 +702,12 @@ copyin_device (struct cpio_file_stat* fi
return;
}
- res = mknod (file_hdr->c_name, file_hdr->c_mode,
+ res = mknod (file_hdr->c_name, file_hdr->c_mode & ~077,
makedev (file_hdr->c_rdev_maj, file_hdr->c_rdev_min));
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
- res = mknod (file_hdr->c_name, file_hdr->c_mode,
+ res = mknod (file_hdr->c_name, file_hdr->c_mode & ~077,
makedev (file_hdr->c_rdev_maj, file_hdr->c_rdev_min));
}
if (res < 0)
@@ -772,9 +782,10 @@ static void
copyin_file (struct cpio_file_stat* file_hdr, int in_file_des)
{
int existing_dir=0;
+ mode_t existing_mode;
if (!to_stdout_option
- && try_existing_file (file_hdr, in_file_des, &existing_dir) < 0)
+ && try_existing_file (file_hdr, in_file_des, &existing_dir, &existing_mode) < 0)
return;
/* Do the real copy or link. */
@@ -785,7 +796,7 @@ copyin_file (struct cpio_file_stat* file
break;
case CP_IFDIR:
- copyin_directory (file_hdr, existing_dir);
+ copyin_directory(file_hdr, existing_dir, existing_mode);
break;
case CP_IFCHR:
++++++ cpio-2.9-paxlib-owl-alloca.patch ++++++
Patch from Sergey Poznyakoff
participants (1)
-
root@Hilbert.suse.de