Hi again The new patch can be found here: http://apt.inguza.net/wheezy-security/cpio/CVE-2019-14866.patch
It is not perfectly properly documented since it refers to a commit that do not contain it all. But I think you get the point anyway. // Ola On Mon, 4 Nov 2019 at 08:10, Ola Lundqvist <o...@inguza.com> wrote: > Hi Sergey, Thomas and cpio Debian maintainers > > I have been preparing fixes for CVE-2019-14866 for Debian oldstable and > oldoldstable. While doing that I realized that the patch mentioned here (1) > do work for amd64 but do not work for i386. > I was able to build on both amd64 and i386 but the fix obviously did not > work on i386 since I could reproduce the problem. > > I think the reason for this is that a long is 32 bit on i386 while it is > 64 bits on amd64. > > (1) https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html > > The fix is very simple. Change the "long" to a "long long" in > to_out_or_error. > > With that correction it works when I build and test on i386. > Please let me know what you think. I'm going to upload a fixed package to > debian old and oldold stable tomorrow. > > Best regards > > // Ola > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | o...@inguza.com o...@debian.org | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > --------------------------------------------------------------- > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
