[cpio/f21] testsuite: big-endian fix for CVE-2014-9112 case
Pavel Raiskup
praiskup at fedoraproject.org
Wed Dec 3 12:26:51 UTC 2014
commit 1f874bb0bab2d7ff2c0743149eeee8ca568f7c87
Author: Pavel Raiskup <praiskup at redhat.com>
Date: Wed Dec 3 13:21:44 2014 +0100
testsuite: big-endian fix for CVE-2014-9112 case
The testsed archive was crated on x86_64 machine and it produces
expected warning on big-endian arches.
Related: #1167573
Version: 2.11-33
cpio-2.11-testsuite-CVE-2014-9112.patch | 5 +++--
cpio.spec | 6 +++++-
2 files changed, 8 insertions(+), 3 deletions(-)
---
diff --git a/cpio-2.11-testsuite-CVE-2014-9112.patch b/cpio-2.11-testsuite-CVE-2014-9112.patch
index 269f5d0..b1b268a 100644
--- a/cpio-2.11-testsuite-CVE-2014-9112.patch
+++ b/cpio-2.11-testsuite-CVE-2014-9112.patch
@@ -1,8 +1,8 @@
diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-index cbf4aa7..f8f60e3 100644
+index cbf4aa7..d8d250b 100644
--- a/tests/symlink-bad-length.at
+++ b/tests/symlink-bad-length.at
-@@ -37,13 +37,19 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+@@ -37,13 +37,20 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AT_CHECK([
base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
@@ -13,6 +13,7 @@ index cbf4aa7..f8f60e3 100644
+cat stderr | grep -v \
+ -e 'stored filename length is out of range' \
+ -e 'premature end of file' \
++ -e 'archive header has reverse byte-order' \
+ -e 'memory exhausted' \
+ >&2
+echo >&2 STDERR
diff --git a/cpio.spec b/cpio.spec
index 34c4308..b489053 100644
--- a/cpio.spec
+++ b/cpio.spec
@@ -1,7 +1,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.11
-Release: 32%{?dist}
+Release: 33%{?dist}
License: GPLv3+
Group: Applications/Archiving
URL: http://www.gnu.org/software/cpio/
@@ -143,6 +143,10 @@ fi
%{_infodir}/*.info*
%changelog
+* Wed Dec 03 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-33
+- the stored archive in testsuite has little endian headers, expect also
+ 'reversed byte-order' warning on big-endian
+
* Wed Dec 03 2014 Pavel Raiskup <praiskup at redhat.com> - 2.11-32
- adjust the testsuite fix for CVE-2014-9112 (#1167573)
- put the testsuite.log to standard output if make check fails
More information about the scm-commits
mailing list