gnu: cpio: Add fixes for CVE-2014-9112.

* gnu/packages/patches/cpio-CVE-2014-9112-pt1.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt2.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt4.patch,
  gnu/packages/patches/cpio-CVE-2014-9112-pt5.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/cpio.scm (cpio): Add patches.  Add 'autoconf' to
  native-inputs.

1 files changed, 23 insertions, 0 deletions

diff --git a/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch b/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch
new file mode 100644
index 0000000000..644dc6f9ef
--- /dev/null
+++ b/gnu/packages/patches/cpio-CVE-2014-9112-pt3.patch
@@ -0,0 +1,23 @@
+Partially fix CVE-2014-9112, part 3/5.
+
+From 58df4f1b44a1142bba500f980fd26806413b1728 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Tue, 02 Dec 2014 09:33:29 +0000
+Subject: Fix typo
+
+---
+diff --git a/src/copyin.c b/src/copyin.c
+index 042cc41..264bfcb 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -138,7 +138,7 @@ get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
+     }
+   else
+     {
+-      link_name = xmalloc (file_hdr->c_filesize);
++      link_name = xmalloc (file_hdr->c_filesize + 1);
+       tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
+       link_name[file_hdr->c_filesize] = '\0';
+       tape_skip_padding (in_file_des, file_hdr->c_filesize);
+--
+cgit v0.9.0.2