[cpio/f21] testsuite: big-endian fix for CVE-2014-9112 case

Pavel Raiskup praiskup at fedoraproject.org
Wed Dec 3 12:26:51 UTC 2014 

commit 1f874bb0bab2d7ff2c0743149eeee8ca568f7c87
Author: Pavel Raiskup <praiskup at redhat.com>
Date:   Wed Dec 3 13:21:44 2014 +0100

    testsuite: big-endian fix for CVE-2014-9112 case
    
    The testsed archive was crated on x86_64 machine and it produces
    expected warning on big-endian arches.
    
    Related: #1167573
    Version: 2.11-33

 cpio-2.11-testsuite-CVE-2014-9112.patch |    5 +++--
 cpio.spec                               |    6 +++++-
 2 files changed, 8 insertions(+), 3 deletions(-)
---
diff --git a/cpio-2.11-testsuite-CVE-2014-9112.patch b/cpio-2.11-testsuite-CVE-2014-9112.patch
index 269f5d0..b1b268a 100644
--- a/cpio-2.11-testsuite-CVE-2014-9112.patch
+++ b/cpio-2.11-testsuite-CVE-2014-9112.patch
@@ -1,8 +1,8 @@
 diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-index cbf4aa7..f8f60e3 100644
+index cbf4aa7..d8d250b 100644
 --- a/tests/symlink-bad-length.at
 +++ b/tests/symlink-bad-length.at
-@@ -37,13 +37,19 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+@@ -37,13 +37,20 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
  
  AT_CHECK([
  base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
@@ -13,6 +13,7 @@ index cbf4aa7..f8f60e3 100644
 +cat stderr | grep -v \
 +    -e 'stored filename length is out of range' \
 +    -e 'premature end of file' \
++    -e 'archive header has reverse byte-order' \
 +    -e 'memory exhausted' \
 +    >&2
 +echo >&2 STDERR
diff --git a/cpio.spec b/cpio.spec
index 34c4308..b489053 100644
--- a/cpio.spec
+++ b/cpio.spec
@@ -1,7 +1,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.11
-Release: 32%{?dist}
+Release: 33%{?dist}
 License: GPLv3+
 Group: Applications/Archiving
 URL: http://www.gnu.org/software/cpio/
@@ -143,6 +143,10 @@ fi
 %{_infodir}/*.info*
 
 %changelog
+* Wed Dec 03 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-33
+- the stored archive in testsuite has little endian headers, expect also
+  'reversed byte-order' warning on big-endian
+
 * Wed Dec 03 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-32
 - adjust the testsuite fix for CVE-2014-9112 (#1167573)
 - put the testsuite.log to standard output if make check fails

More information about the scm-commits mailing list