[gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/

Sun, 14 Feb 2016 11:48:18 -0800 

commit:     5a7c109933aac0f9de580513346ebe94f3acd4f2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 14 19:46:49 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Feb 14 19:47:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a7c1099

app-arch/cpio: fix small buffer overflow #572428

 app-arch/cpio/cpio-2.12-r1.ebuild                 | 28 +++++++++++++++++++++++
 app-arch/cpio/files/cpio-2.12-name-overflow.patch | 15 ++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/app-arch/cpio/cpio-2.12-r1.ebuild 
b/app-arch/cpio/cpio-2.12-r1.ebuild
new file mode 100644
index 0000000..b946520
--- /dev/null
+++ b/app-arch/cpio/cpio-2.12-r1.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils
+
+DESCRIPTION="A file archival tool which can also read and write tar files"
+HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html";
+SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd 
~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux 
~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="nls"
+
+src_prepare() {
+       epatch "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
+       epatch "${FILESDIR}"/${PN}-2.12-name-overflow.patch #572428
+}
+
+src_configure() {
+       econf \
+               $(use_enable nls) \
+               --bindir="${EPREFIX}"/bin \
+               --with-rmt="${EPREFIX}"/usr/sbin/rmt
+}

diff --git a/app-arch/cpio/files/cpio-2.12-name-overflow.patch 
b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
new file mode 100644
index 0000000..f852468
--- /dev/null
+++ b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
@@ -0,0 +1,15 @@
+https://bugs.gentoo.org/572428
+https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00002.html
+http://seclists.org/oss-sec/2016/q1/136
+
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -1385,6 +1385,8 @@
+         break;
+       }
+ 
++      if (file_hdr.c_namesize <= 1)
++      file_hdr.c_name = xrealloc (file_hdr.c_name, 2);
+       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+                             false);
+

Reply via email to