[cpio/f21] testsuite: fix the CVE-2014-9112 test case

Pavel Raiskup praiskup at fedoraproject.org
Wed Dec 3 09:22:04 UTC 2014 

commit 2f8bba3bb1404a931be7b0a9bbad2d5cb241a118
Author: Pavel Raiskup <praiskup at redhat.com>
Date:   Wed Dec 3 10:16:50 2014 +0100

    testsuite: fix the CVE-2014-9112 test case
    
    The fix for CVE was done so that different architectures or memory
    limits give different cpio output;  but all possible error ouputs
    are OK and expected.  Firstly, the testsuite fail was observed on
    ppc64 architecture, thanks dhorak for quick ping.
    
    Related: #1167573
    Version: 2.11-32

 cpio-2.11-testsuite-CVE-2014-9112.patch |   13 +++++++++----
 cpio.spec                               |   12 ++++++++++--
 2 files changed, 19 insertions(+), 6 deletions(-)
---
diff --git a/cpio-2.11-testsuite-CVE-2014-9112.patch b/cpio-2.11-testsuite-CVE-2014-9112.patch
index 81be391..269f5d0 100644
--- a/cpio-2.11-testsuite-CVE-2014-9112.patch
+++ b/cpio-2.11-testsuite-CVE-2014-9112.patch
@@ -1,8 +1,8 @@
 diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-index cbf4aa7..080163a 100644
+index cbf4aa7..f8f60e3 100644
 --- a/tests/symlink-bad-length.at
 +++ b/tests/symlink-bad-length.at
-@@ -37,13 +37,14 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+@@ -37,13 +37,19 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
  
  AT_CHECK([
  base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
@@ -10,7 +10,12 @@ index cbf4aa7..080163a 100644
 -test $? -eq 2
 +TZ=UTC cpio -ntv < ARCHIVE 2>stderr
 +rc=$?
-+cat stderr | grep -v 'stored filename length is out of range' >&2
++cat stderr | grep -v \
++    -e 'stored filename length is out of range' \
++    -e 'premature end of file' \
++    -e 'memory exhausted' \
++    >&2
++echo >&2 STDERR
 +test "$rc" -ne 0
  ],
  [0],
@@ -18,7 +23,7 @@ index cbf4aa7..080163a 100644
 -],[cpio: LINK: stored filename length is out of range
 -cpio: premature end of file
 +[-rw-rw-r--   1 10029    10031          13 Nov 25 11:52 FILE
-+],[cpio: premature end of file
++],[STDERR
  ])
  
  AT_CLEANUP
diff --git a/cpio.spec b/cpio.spec
index 378e530..34c4308 100644
--- a/cpio.spec
+++ b/cpio.spec
@@ -1,7 +1,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.11
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv3+
 Group: Applications/Archiving
 URL: http://www.gnu.org/software/cpio/
@@ -115,7 +115,11 @@ rm -rf ${RPM_BUILD_ROOT}
 
 %check
 rm -f ${RPM_BUILD_ROOT}/test/testsuite
-make check
+make check || {
+    echo "### TESTSUITE.LOG ###"
+    cat tests/testsuite.log
+    exit 1
+}
 
 
 %post
@@ -139,6 +143,10 @@ fi
 %{_infodir}/*.info*
 
 %changelog
+* Wed Dec 03 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-32
+- adjust the testsuite fix for CVE-2014-9112 (#1167573)
+- put the testsuite.log to standard output if make check fails
+
 * Tue Dec 02 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-31
 - fix for CVE-2014-9112 (#1167573)

More information about the scm-commits mailing list