1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From: Chris Lamb <lamby@debian.org>
Date: Sat, 1 Feb 2020 13:36:37 +0100
Subject: Fix a regression in handling of CVE-2015-1197 &
--no-absolute-filenames.
See:
* https://bugs.debian.org/946267
* https://bugs.debian.org/946469
This reverts (most of): https://git.savannah.gnu.org/cgit/cpio.git/diff/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca&id2=3177d660a4c62a6acb538b0f7c54ba423698889a
---
src/copyin.c | 2 --
tests/testsuite | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/copyin.c b/src/copyin.c
index e1350af..e0a092a 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -646,8 +646,6 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
link_name = xstrdup (file_hdr->c_tar_linkname);
}
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
diff --git a/tests/testsuite b/tests/testsuite
index b45c731..4438c33 100755
--- a/tests/testsuite
+++ b/tests/testsuite
@@ -2787,7 +2787,7 @@ read at_status <"$at_status_file"
#AT_START_14
at_fn_group_banner 14 'CVE-2015-1197.at:17' \
"CVE-2015-1197 (--no-absolute-filenames for symlinks)" ""
-at_xfail=no
+at_xfail=yes
(
$as_echo "14. $at_setup_line: testing $at_desc ..."
$at_traceon
|
