From c7bdc7ece5650be75314dc302f3cdcf02806857b Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 30 Dec 2014 14:13:20 -0500
Subject: gnu: cpio: Add fixes for CVE-2014-9112.

* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/cpio.scm (cpio): Add patches.  Add 'autoconf' to
  native-inputs.
---
 gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch | 105 ++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch

(limited to 'gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch')

diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch
new file mode 100644
index 0000000000..fa2e8530b2
--- /dev/null
+++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch
@@ -0,0 +1,105 @@
+Partially fix CVE-2014-9112, part 4/5.  Backported to 2.11.
+
+From fd262d116c4564c1796be9be2799619cf7785d07 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Thu, 11 Dec 2014 10:51:21 +0000
+Subject: Fix error recovery in copy-in mode
+
+* src/copyin.c (copyin_link): Fix null dereference.
+(read_in_header): Fix error recovery (bug introduced by
+27e0ae55).
+* tests/symlink-bad-length.at: Test error recovery.
+Catch various architecture-dependent error messages (suggested
+by Pavel Raiskup).
+---
+diff --git a/src/copyin.c b/src/copyin.c
+index 264bfcb..ca12356 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -655,7 +655,7 @@ copyin_device (struct cpio_file_stat* file_hdr)
+ }
+ 
+ static void
+-copyin_link(struct cpio_file_stat *file_hdr, int in_file_des)
++copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
+ {
+   char *link_name = NULL;	/* Name of hard and symbolic links.  */
+   int res;			/* Result of various function calls.  */
+@@ -666,6 +666,8 @@ copyin_link(struct cpio_file_stat *file_
+   if (archive_format != arf_tar && archive_format != arf_ustar)
+     {
+       link_name = get_link_name (file_hdr, in_file_des);
++      if (!link_name)
++	return;
+     }
+   else
+     {
+@@ -1017,7 +1019,7 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ 
+   file_hdr->c_tar_linkname = NULL;
+ 
+-  tape_buffered_read (magic.str, in_des, 6L);
++  tape_buffered_read (magic.str, in_des, sizeof (magic.str));
+   while (1)
+     {
+       if (append_flag)
+@@ -1062,8 +1064,8 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
+ 	  break;
+ 	}
+       bytes_skipped++;
+-      memmove (magic.str, magic.str + 1, 5);
+-      tape_buffered_read (magic.str, in_des, 1L);
++      memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1);
++      tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L);
+     }
+ }
+ 
+diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
+index cbf4aa7..4dbeaa3 100644
+--- a/tests/symlink-bad-length.at
++++ b/tests/symlink-bad-length.at
+@@ -24,9 +24,9 @@ AT_SETUP([symlink-bad-length])
+ AT_KEYWORDS([symlink-long copyout])
+ 
+ AT_DATA([ARCHIVE.base64],
+-[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
+-JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
+-UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
++[x3ECCJ1jtIHoA2QAAQAAAIlUwl0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxAgidHv+h6ANk
++AAEAAACJVHFtBQD/////TElOSwAARklMRcdxAgieHqSB6ANkAAEAAACJVDJuBgAAABIARklMRTIA
++c29tZSBtb3JlIGNvbnRlbnQKx3EAAAAAAAAAAAAAAQAAAAAAAAALAAAAAABUUkFJTEVSISEhAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+@@ -37,13 +37,23 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+ 
+ AT_CHECK([
+ base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
+-cpio -ntv < ARCHIVE
+-test $? -eq 2
++TZ=UTC cpio -ntv < ARCHIVE 2>stderr
++rc=$?
++cat stderr | grep -v \
++    -e 'stored filename length is out of range' \
++    -e 'premature end of file' \
++    -e 'archive header has reverse byte-order' \
++    -e 'memory exhausted' \
++    >&2
++echo >&2 STDERR
++test "$rc" -ne 0
+ ],
+-[0],
+-[-rw-rw-r--   1 10029    10031          13 Nov 25 13:52 FILE
+-],[cpio: LINK: stored filename length is out of range
+-cpio: premature end of file
++[1],
++[-rw-rw-r--   1 1000     100            13 Dec 11 09:02 FILE
++-rw-r--r--   1 1000     100            18 Dec 11 10:13 FILE2
++],[cpio: warning: skipped 4 bytes of junk
++1 block
++STDERR
+ ])
+ 
+ AT_CLEANUP
+--
+cgit v0.9.0.2
-- 
cgit v1.2.3