Compare commits

..

No commits in common. 'cs10' and 'c9' have entirely different histories.
cs10 ... c9

@ -1,2 +1 @@
db5e3845eb5475ddcb7e8915c3a1458a0c13d787 SOURCES/cpio-2.15.tar.bz2 4dcefc0e1bc36b11506a354768d82b15e3fe6bb8 SOURCES/cpio-2.13.tar.bz2
27b6951109fd90fbc12cdfca7cdbaa4a9c6adb32 SOURCES/cpio-2.15.tar.bz2.sig

3
.gitignore vendored

@ -1,2 +1 @@
SOURCES/cpio-2.15.tar.bz2 SOURCES/cpio-2.13.tar.bz2
SOURCES/cpio-2.15.tar.bz2.sig

@ -4,34 +4,43 @@ Subject: [PATCH 5/7] fix segfault with nonexisting file with patternnames
(#567022) (#567022)
diff --git a/src/copyin.c b/src/copyin.c diff --git a/src/copyin.c b/src/copyin.c
index 5d88a23..f2babb7 100644 index 12bd27c..183b5b5 100644
--- a/src/copyin.c --- a/src/copyin.c
+++ b/src/copyin.c +++ b/src/copyin.c
@@ -948,21 +948,24 @@ read_pattern_file (void) @@ -870,21 +870,24 @@ read_pattern_file ()
pattern_fp = fopen (pattern_file_name, "r"); pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL) if (pattern_fp == NULL)
- open_fatal (pattern_file_name); - open_fatal (pattern_file_name);
- while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
- {
- if (new_num_patterns >= max_new_patterns)
- {
- max_new_patterns += 1;
- new_save_patterns = (char **)
- xrealloc ((char *) new_save_patterns,
- max_new_patterns * sizeof (char *));
- }
- new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
- ++new_num_patterns;
- }
- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
- close_error (pattern_file_name);
+ open_error (pattern_file_name); + open_error (pattern_file_name);
+ else + else
+ { + {
+ while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
{ + {
if (new_num_patterns == max_new_patterns) + if (new_num_patterns >= max_new_patterns)
- new_save_patterns = x2nrealloc (new_save_patterns, + {
+ new_save_patterns = x2nrealloc (new_save_patterns, + max_new_patterns += 1;
&max_new_patterns, + new_save_patterns = (char **)
sizeof (new_save_patterns[0])); + xrealloc ((char *) new_save_patterns,
new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + max_new_patterns * sizeof (char *));
++new_num_patterns; + }
} + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
+ ++new_num_patterns;
- ds_free (&pattern_name); + }
+ ds_free (&pattern_name);
- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
- close_error (pattern_file_name);
+ if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
+ close_error (pattern_file_name); + close_error (pattern_file_name);
+ } + }

@ -0,0 +1,94 @@
From 8bce60df53f93c9cbfb18274c6700c143a0092c6 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 3 Jul 2020 13:00:18 +0200
Subject: [PATCH] Extract: retain times for symlinks
Original report by Pat Riehecky at
https://bugzilla.redhat.com/1486364
* src/copyin.c (copyin_device): Don't check for retain_time_flag
global, it's done by set_file_times.
(copyin_link): Call set_file_times to restore symlink times.
* src/util.c (set_perms): Don't check for retain_time_flag global,
done by set_file_times call.
(set_file_times): Do nothing if retain_time_flag global is false.
* src/copypass.c (process_copy_pass): Call set_file_times for
symlinks.
---
src/copyin.c | 5 ++---
src/copypass.c | 2 ++
src/util.c | 8 +++++---
3 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/copyin.c b/src/copyin.c
index bf3b0a8..93b006a 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -615,9 +615,7 @@ copyin_device (struct cpio_file_stat* file_hdr)
/* chown may have turned off some permissions we wanted. */
if (chmod (file_hdr->c_name, file_hdr->c_mode) < 0)
chmod_error_details (file_hdr->c_name, file_hdr->c_mode);
- if (retain_time_flag)
- set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime,
- file_hdr->c_mtime);
+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
}
static void
@@ -668,6 +666,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
&& errno != EPERM)
chown_error_details (file_hdr->c_name, uid, gid);
}
+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
free (link_name);
}
diff --git a/src/copypass.c b/src/copypass.c
index dc13b5b..a5f9b7b 100644
--- a/src/copypass.c
+++ b/src/copypass.c
@@ -306,6 +306,8 @@ process_copy_pass ()
&& errno != EPERM)
chown_error_details (output_name.ds_string, uid, gid);
}
+ set_file_times (-1, output_name.ds_string,
+ in_file_stat.st_atime, in_file_stat.st_mtime);
free (link_name);
}
#endif
diff --git a/src/util.c b/src/util.c
index 4421b20..0e8d88c 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1230,8 +1230,7 @@ set_perms (int fd, struct cpio_file_stat *header)
/* chown may have turned off some permissions we wanted. */
if (fchmod_or_chmod (fd, header->c_name, header->c_mode) < 0)
chmod_error_details (header->c_name, header->c_mode);
- if (retain_time_flag)
- set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime);
+ set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime);
}
void
@@ -1239,6 +1238,8 @@ set_file_times (int fd,
const char *name, unsigned long atime, unsigned long mtime)
{
struct timespec ts[2];
+ if (!retain_time_flag)
+ return;
memset (&ts, 0, sizeof ts);
@@ -1247,7 +1248,8 @@ set_file_times (int fd,
/* Silently ignore EROFS because reading the file won't have upset its
timestamp if it's on a read-only filesystem. */
- if (fdutimens (fd, name, ts) < 0 && errno != EROFS)
+ if ((fd >= 0 ? fdutimens (fd, NULL, ts) : lutimens (name, ts)) < 0
+ && errno != EROFS)
utime_error (name);
}
--
2.24.1

@ -0,0 +1,621 @@
From a458d64ad1e47c0912c2ba0702a148c396984105 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 13 Sep 2021 08:13:08 +0200
Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument.
(ds_free): New function. (ds_resize): Take a single argument. Use
x2nrealloc to expand the storage.
(ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr):
Rewrite. In particular, this fixes integer overflow. (ds_resize): Take
additional argument: number of bytes to leave available after ds_idx. All
uses changed. * src/dstring.h (dynamic_string): Keep both the allocated
length (ds_size) and index of the next free byte in the string (ds_idx).
(ds_init,ds_resize): Change signature. (ds_len): New macro.
(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. *
src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0.
(read_name_from_file): Print error message and skip file if its name is not
nul-terminated. (long_format): Cast rdev numbers to unsigned long *
src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise.
(tape_empty_output_buffer): Fix condition. * src/idcache.c
(getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c
(parse_user_spec): Likewise. * configure.ac: Raise version number to 2.13.90.
---
configure.ac | 6 ++--
src/copyin.c | 69 ++++++++++++++++++++++------------------
src/copyout.c | 16 ++++------
src/copypass.c | 32 +++++++++----------
src/dstring.c | 85 ++++++++++++++++++++++++++++++++++++--------------
src/dstring.h | 30 +++++++++---------
src/idcache.c | 11 +++----
src/userspec.c | 9 ++----
src/util.c | 9 ++----
9 files changed, 150 insertions(+), 117 deletions(-)
diff --git a/configure.ac b/configure.ac
index 2132256..875b44f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,13 +15,13 @@ dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program. If not, see <http://www.gnu.org/licenses/>.
-AC_INIT([GNU cpio], [2.13], [bug-cpio@gnu.org],,
+AC_INIT([GNU cpio], [2.13.90], [bug-cpio@gnu.org],,
[http://www.gnu.org/software/cpio])
AC_CONFIG_SRCDIR(src/cpio.h)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
-AC_PREREQ([2.63])
-AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules])
+AC_PREREQ([2.64])
+AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules])
# Enable silent rules by default:
AM_SILENT_RULES([yes])
diff --git a/src/copyin.c b/src/copyin.c
index 93b006a..df5da9c 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
static dynamic_string new_name; /* New file name for rename option. */
static int initialized_new_name = false;
if (!initialized_new_name)
- {
- ds_init (&new_name, 128);
- initialized_new_name = true;
- }
+ {
+ ds_init (&new_name);
+ initialized_new_name = true;
+ }
if (rename_flag)
{
@@ -756,8 +756,9 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name)
if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR
|| (file_hdr->c_mode & CP_IFMT) == CP_IFBLK)
- printf ("%3lu, %3lu ", file_hdr->c_rdev_maj,
- file_hdr->c_rdev_min);
+ printf ("%3lu, %3lu ",
+ (unsigned long) file_hdr->c_rdev_maj,
+ (unsigned long) file_hdr->c_rdev_min);
else
printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize);
@@ -777,21 +778,20 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name)
already in `save_patterns' (from the command line) are preserved. */
static void
-read_pattern_file ()
+read_pattern_file (void)
{
- int max_new_patterns;
- char **new_save_patterns;
- int new_num_patterns;
+ char **new_save_patterns = NULL;
+ size_t max_new_patterns;
+ size_t new_num_patterns;
int i;
- dynamic_string pattern_name;
+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER;
FILE *pattern_fp;
if (num_patterns < 0)
num_patterns = 0;
- max_new_patterns = 1 + num_patterns;
- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *));
new_num_patterns = num_patterns;
- ds_init (&pattern_name, 128);
+ max_new_patterns = num_patterns;
+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0]));
pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL)
@@ -800,16 +800,16 @@ read_pattern_file ()
{
while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
{
- if (new_num_patterns >= max_new_patterns)
- {
- max_new_patterns += 1;
- new_save_patterns = (char **)
- xrealloc ((char *) new_save_patterns,
- max_new_patterns * sizeof (char *));
- }
+ if (new_num_patterns == max_new_patterns)
+ new_save_patterns = x2nrealloc (new_save_patterns,
+ &max_new_patterns,
+ sizeof (new_save_patterns[0]));
new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
++new_num_patterns;
}
+
+ ds_free (&pattern_name);
+
if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
close_error (pattern_file_name);
}
@@ -999,8 +999,21 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
static void
read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
{
- cpio_realloc_c_name (file_hdr, len);
- tape_buffered_read (file_hdr->c_name, fd, len);
+ if (len == 0)
+ {
+ error (0, 0, _("malformed header: file name of zero length"));
+ }
+ else
+ {
+ cpio_realloc_c_name (file_hdr, len);
+ tape_buffered_read (file_hdr->c_name, fd, len);
+ if (file_hdr->c_name[len-1] != 0)
+ {
+ error (0, 0, _("malformed header: file name is not nul-terminated"));
+ /* Skip this file */
+ len = 0;
+ }
+ }
file_hdr->c_namesize = len;
}
@@ -1197,9 +1210,8 @@ swab_array (char *ptr, int count)
in the file system. */
void
-process_copy_in ()
+process_copy_in (void)
{
- char done = false; /* True if trailer reached. */
FILE *tty_in = NULL; /* Interactive file for rename option. */
FILE *tty_out = NULL; /* Interactive file for rename option. */
FILE *rename_in = NULL; /* Batch file for rename option. */
@@ -1271,7 +1283,7 @@ process_copy_in ()
change_dir ();
/* While there is more input in the collection, process the input. */
- while (!done)
+ while (1)
{
swapping_halfwords = swapping_bytes = false;
@@ -1305,10 +1317,7 @@ process_copy_in ()
{
/* Is this the header for the TRAILER file? */
if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
- {
- done = true;
- break;
- }
+ break;
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
diff --git a/src/copyout.c b/src/copyout.c
index 4b7336b..421d36d 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value)
The format of the header depends on the compatibility (-c) flag. */
void
-process_copy_out ()
+process_copy_out (void)
{
- dynamic_string input_name; /* Name of file read from stdin. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file read from stdin. */
struct stat file_stat; /* Stat record for file. */
struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;
/* Output header information. */
@@ -605,7 +606,6 @@ process_copy_out ()
char *orig_file_name = NULL;
/* Initialize the copy out. */
- ds_init (&input_name, 128);
file_hdr.c_magic = 070707;
/* Check whether the output file might be a tape. */
@@ -657,14 +657,9 @@ process_copy_out ()
{
if (file_hdr.c_mode & CP_IFDIR)
{
- int len = strlen (input_name.ds_string);
/* Make sure the name ends with a slash */
- if (input_name.ds_string[len-1] != '/')
- {
- ds_resize (&input_name, len + 2);
- input_name.ds_string[len] = '/';
- input_name.ds_string[len+1] = 0;
- }
+ if (!ds_endswith (&input_name, '/'))
+ ds_append (&input_name, '/');
}
}
@@ -875,6 +870,7 @@ process_copy_out ()
(unsigned long) blocks), (unsigned long) blocks);
}
cpio_file_stat_free (&file_hdr);
+ ds_free (&input_name);
}
diff --git a/src/copypass.c b/src/copypass.c
index a5f9b7b..43bde7e 100644
--- a/src/copypass.c
+++ b/src/copypass.c
@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st)
If `link_flag', link instead of copying. */
void
-process_copy_pass ()
+process_copy_pass (void)
{
- dynamic_string input_name; /* Name of file from stdin. */
- dynamic_string output_name; /* Name of new file. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file from stdin. */
+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of new file. */
size_t dirname_len; /* Length of `directory_name'. */
int res; /* Result of functions. */
char *slash; /* For moving past slashes in input name. */
@@ -65,25 +67,18 @@ process_copy_pass ()
created files */
/* Initialize the copy pass. */
- ds_init (&input_name, 128);
dirname_len = strlen (directory_name);
if (change_directory_option && !ISSLASH (directory_name[0]))
{
char *pwd = xgetcwd ();
- dirname_len += strlen (pwd) + 1;
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, pwd);
- strcat (output_name.ds_string, "/");
- strcat (output_name.ds_string, directory_name);
+ ds_concat (&output_name, pwd);
+ ds_append (&output_name, '/');
}
- else
- {
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, directory_name);
- }
- output_name.ds_string[dirname_len] = '/';
+ ds_concat (&output_name, directory_name);
+ ds_append (&output_name, '/');
+ dirname_len = ds_len (&output_name);
output_is_seekable = true;
change_dir ();
@@ -116,8 +111,8 @@ process_copy_pass ()
/* Make the name of the new file. */
for (slash = input_name.ds_string; *slash == '/'; ++slash)
;
- ds_resize (&output_name, dirname_len + strlen (slash) + 2);
- strcpy (output_name.ds_string + dirname_len + 1, slash);
+ ds_reset (&output_name, dirname_len);
+ ds_concat (&output_name, slash);
existing_dir = false;
if (lstat (output_name.ds_string, &out_file_stat) == 0)
@@ -335,6 +330,9 @@ process_copy_pass ()
(unsigned long) blocks),
(unsigned long) blocks);
}
+
+ ds_free (&input_name);
+ ds_free (&output_name);
}
/* Try and create a hard link from FILE_NAME to another file
diff --git a/src/dstring.c b/src/dstring.c
index e9c063f..c788057 100644
--- a/src/dstring.c
+++ b/src/dstring.c
@@ -22,6 +22,7 @@
#endif
#include <stdio.h>
+#include <stdlib.h>
#if defined(HAVE_STRING_H) || defined(STDC_HEADERS)
#include <string.h>
#else
@@ -33,24 +34,40 @@
/* Initialiaze dynamic string STRING with space for SIZE characters. */
void
-ds_init (dynamic_string *string, int size)
+ds_init (dynamic_string *string)
{
- string->ds_length = size;
- string->ds_string = (char *) xmalloc (size);
+ memset (string, 0, sizeof *string);
}
-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */
+/* Free the dynamic string storage. */
void
-ds_resize (dynamic_string *string, int size)
+ds_free (dynamic_string *string)
{
- if (size > string->ds_length)
+ free (string->ds_string);
+}
+
+/* Expand dynamic string STRING, if necessary. */
+
+void
+ds_resize (dynamic_string *string, size_t len)
+{
+ while (len + string->ds_idx >= string->ds_size)
{
- string->ds_length = size;
- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size);
+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
+ 1);
}
}
+/* Reset the index of the dynamic string S to LEN. */
+
+void
+ds_reset (dynamic_string *s, size_t len)
+{
+ ds_resize (s, len);
+ s->ds_idx = len;
+}
+
/* Dynamic string S gets a string terminated by the EOS character
(which is removed) from file F. S will increase
in size during the function if the string from F is longer than
@@ -61,34 +78,49 @@ ds_resize (dynamic_string *string, int size)
char *
ds_fgetstr (FILE *f, dynamic_string *s, char eos)
{
- int insize; /* Amount needed for line. */
- int strsize; /* Amount allocated for S. */
int next_ch;
/* Initialize. */
- insize = 0;
- strsize = s->ds_length;
+ s->ds_idx = 0;
/* Read the input string. */
- next_ch = getc (f);
- while (next_ch != eos && next_ch != EOF)
+ while ((next_ch = getc (f)) != eos && next_ch != EOF)
{
- if (insize >= strsize - 1)
- {
- ds_resize (s, strsize * 2 + 2);
- strsize = s->ds_length;
- }
- s->ds_string[insize++] = next_ch;
- next_ch = getc (f);
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx++] = next_ch;
}
- s->ds_string[insize++] = '\0';
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = '\0';
- if (insize == 1 && next_ch == EOF)
+ if (s->ds_idx == 0 && next_ch == EOF)
return NULL;
else
return s->ds_string;
}
+void
+ds_append (dynamic_string *s, int c)
+{
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = c;
+ if (c)
+ {
+ s->ds_idx++;
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = 0;
+ }
+}
+
+void
+ds_concat (dynamic_string *s, char const *str)
+{
+ size_t len = strlen (str);
+ ds_resize (s, len);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;
+}
+
char *
ds_fgets (FILE *f, dynamic_string *s)
{
@@ -100,3 +132,10 @@ ds_fgetname (FILE *f, dynamic_string *s)
{
return ds_fgetstr (f, s, '\0');
}
+
+/* Return true if the dynamic string S ends with character C. */
+int
+ds_endswith (dynamic_string *s, int c)
+{
+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c);
+}
diff --git a/src/dstring.h b/src/dstring.h
index b5135fe..756cc1f 100644
--- a/src/dstring.h
+++ b/src/dstring.h
@@ -17,10 +17,6 @@
Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA. */
-#ifndef NULL
-#define NULL 0
-#endif
-
/* A dynamic string consists of record that records the size of an
allocated string and the pointer to that string. The actual string
is a normal zero byte terminated string that can be used with the
@@ -30,22 +26,24 @@
typedef struct
{
- int ds_length; /* Actual amount of storage allocated. */
- char *ds_string; /* String. */
+ size_t ds_size; /* Actual amount of storage allocated. */
+ size_t ds_idx; /* Index of the next free byte in the string. */
+ char *ds_string; /* String storage. */
} dynamic_string;
+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL }
-/* Macros that look similar to the original string functions.
- WARNING: These macros work only on pointers to dynamic string records.
- If used with a real record, an "&" must be used to get the pointer. */
-#define ds_strlen(s) strlen ((s)->ds_string)
-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string)
-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n)
-#define ds_index(s, c) index ((s)->ds_string, c)
-#define ds_rindex(s, c) rindex ((s)->ds_string, c)
+void ds_init (dynamic_string *string);
+void ds_free (dynamic_string *string);
+void ds_reset (dynamic_string *s, size_t len);
-void ds_init (dynamic_string *string, int size);
-void ds_resize (dynamic_string *string, int size);
+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */
char *ds_fgetname (FILE *f, dynamic_string *s);
char *ds_fgets (FILE *f, dynamic_string *s);
char *ds_fgetstr (FILE *f, dynamic_string *s, char eos);
+void ds_append (dynamic_string *s, int c);
+void ds_concat (dynamic_string *s, char const *str);
+
+#define ds_len(s) ((s)->ds_idx)
+
+int ds_endswith (dynamic_string *s, int c);
diff --git a/src/idcache.c b/src/idcache.c
index 33b0d3f..6bd1f3e 100644
--- a/src/idcache.c
+++ b/src/idcache.c
@@ -34,6 +34,7 @@
#endif
#include <unistd.h>
+#include <inttostr.h>
struct userid
{
@@ -59,7 +60,6 @@ getuser (uid_t uid)
{
register struct userid *tail;
struct passwd *pwent;
- char usernum_string[20];
for (tail = user_alist; tail; tail = tail->next)
if (tail->id.u == uid)
@@ -70,8 +70,8 @@ getuser (uid_t uid)
tail->id.u = uid;
if (pwent == 0)
{
- sprintf (usernum_string, "%u", (unsigned) uid);
- tail->name = xstrdup (usernum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (uid, nbuf));
}
else
tail->name = xstrdup (pwent->pw_name);
@@ -134,7 +134,6 @@ getgroup (gid_t gid)
{
register struct userid *tail;
struct group *grent;
- char groupnum_string[20];
for (tail = group_alist; tail; tail = tail->next)
if (tail->id.g == gid)
@@ -145,8 +144,8 @@ getgroup (gid_t gid)
tail->id.g = gid;
if (grent == 0)
{
- sprintf (groupnum_string, "%u", (unsigned int) gid);
- tail->name = xstrdup (groupnum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (gid, nbuf));
}
else
tail->name = xstrdup (grent->gr_name);
diff --git a/src/userspec.c b/src/userspec.c
index eb3640e..b03234e 100644
--- a/src/userspec.c
+++ b/src/userspec.c
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <ctype.h>
#include <sys/types.h>
+#include <inttostr.h>
#ifndef HAVE_ENDPWENT
# define endpwent()
@@ -141,12 +142,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid,
grp = getgrgid (pwd->pw_gid);
if (grp == NULL)
{
- /* This is enough room to hold the unsigned decimal
- representation of any 32-bit quantity and the trailing
- zero byte. */
- char uint_buf[21];
- sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid));
- V_STRDUP (groupname, uint_buf);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ V_STRDUP (groupname, umaxtostr (pwd->pw_gid, nbuf));
}
else
{
diff --git a/src/util.c b/src/util.c
index 0e8d88c..b721f37 100644
--- a/src/util.c
+++ b/src/util.c
@@ -79,8 +79,7 @@ tape_empty_output_buffer (int out_des)
if (output_is_special
&& (bytes_written >= 0
- || (bytes_written < 0
- && (errno == ENOSPC || errno == EIO || errno == ENXIO))))
+ || (errno == ENOSPC || errno == EIO || errno == ENXIO)))
{
get_next_reel (out_des);
if (bytes_written > 0)
@@ -846,11 +845,9 @@ get_next_reel (int tape_des)
FILE *tty_out; /* File for interacting with user. */
int old_tape_des;
char *next_archive_name;
- dynamic_string new_name;
+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER;
char *str_res;
- ds_init (&new_name, 128);
-
/* Open files for interactive communication. */
tty_in = fopen (TTY_NAME, "r");
if (tty_in == NULL)
@@ -925,7 +922,7 @@ get_next_reel (int tape_des)
error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"),
old_tape_des, tape_des);
- free (new_name.ds_string);
+ ds_free (&new_name);
fclose (tty_in);
fclose (tty_out);
}
--
2.31.1

@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:37:15 +0200
Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109) Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109)
diff --git a/src/copyin.c b/src/copyin.c diff --git a/src/copyin.c b/src/copyin.c
index 2e72356..5d88a23 100644 index b29f348..1142d6a 100644
--- a/src/copyin.c --- a/src/copyin.c
+++ b/src/copyin.c +++ b/src/copyin.c
@@ -1287,15 +1287,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, @@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *file_hdr,
swab_array ((char *) short_hdr, 13); swab_array ((char *) short_hdr, 13);
} }

@ -2,10 +2,10 @@ Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
(#183224) (#183224)
diff --git a/src/copyout.c b/src/copyout.c diff --git a/src/copyout.c b/src/copyout.c
index fa999bd..6e82f4c 100644 index 8b0beb6..4b7336b 100644
--- a/src/copyout.c --- a/src/copyout.c
+++ b/src/copyout.c +++ b/src/copyout.c
@@ -287,7 +287,7 @@ field_width_error (const char *filename, const char *fieldname, @@ -290,7 +290,7 @@ field_width_error (const char *filename, const char *fieldname,
{ {
char valbuf[UINTMAX_STRSIZE_BOUND + 1]; char valbuf[UINTMAX_STRSIZE_BOUND + 1];
char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
@ -15,7 +15,7 @@ index fa999bd..6e82f4c 100644
STRINGIFY_BIGINT (value, valbuf), STRINGIFY_BIGINT (value, valbuf),
STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at
index 530365a..5a4e15c 100644 index e877b39..50ad60b 100644
--- a/tests/CVE-2019-14866.at --- a/tests/CVE-2019-14866.at
+++ b/tests/CVE-2019-14866.at +++ b/tests/CVE-2019-14866.at
@@ -30,6 +30,5 @@ fi @@ -30,6 +30,5 @@ fi
@ -26,13 +26,13 @@ index 530365a..5a4e15c 100644
]) ])
AT_CLEANUP AT_CLEANUP
diff --git a/tests/testsuite b/tests/testsuite diff --git a/tests/testsuite b/tests/testsuite
index 10531d1..d69dad9 100755 index b45c731..fd8454d 100755
--- a/tests/testsuite --- a/tests/testsuite
+++ b/tests/testsuite +++ b/tests/testsuite
@@ -2927,7 +2927,6 @@ fi @@ -2885,7 +2885,6 @@ fi
at_status=$? at_failed=false at_status=$? at_failed=false
$at_check_filter $at_check_filter
echo >>"$at_stderr"; printf "%s\n" "cpio: file: value size 17179869184 out of allowed range 0..8589934591 echo >>"$at_stderr"; $as_echo "cpio: file: value size 17179869184 out of allowed range 0..8589934591
-2 blocks -2 blocks
" | \ " | \
$at_diff - "$at_stderr" || at_failed=: $at_diff - "$at_stderr" || at_failed=:

@ -0,0 +1,13 @@
diff -up cpio-2.13/src/global.c.me cpio-2.13/src/global.c
--- cpio-2.13/src/global.c.me 2020-01-30 17:17:42.015259283 +0100
+++ cpio-2.13/src/global.c 2020-01-30 17:24:12.680794025 +0100
@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
/* Extract to standard output? */
bool to_stdout_option = false;
-/* The name this program was run with. */
-char *program_name;
-
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();

@ -0,0 +1,63 @@
From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 18 Feb 2021 09:59:31 +0100
Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove. Not used anymore.
(sys_reset_uid_gid): Re-initialize supplementary groups when switching
privileges. Fix ordering of setgid and setuid calls.
---
lib/system.h | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/lib/system.h b/lib/system.h
index 1c1a5d0..4fd3ce9 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -470,19 +470,37 @@ char *getenv ();
#if MSDOS
# include <process.h>
# define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
-# define ERRNO_IS_EACCES errno == EACCES
# define mkdir(file, mode) (mkdir) (file)
# define TTY_NAME "con"
# define sys_reset_uid_gid()
#else
# define SET_BINARY_MODE(arc)
-# define ERRNO_IS_EACCES 0
# define TTY_NAME "/dev/tty"
-# define sys_reset_uid_gid() \
- do { \
- if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
- abort (); \
- } while (0)
+# include <paxlib.h>
+static inline void
+sys_reset_uid_gid (void)
+{
+ struct passwd *pw;
+ uid_t uid = getuid ();
+ gid_t gid = getgid ();
+
+ if ((pw = getpwuid (uid)) == NULL)
+ {
+ FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
+ }
+ if (initgroups (pw->pw_name, getgid ()))
+ {
+ FATAL_ERROR ((0, errno, "%s", "initgroups"));
+ }
+ if (gid != getegid () && setgid (gid) && errno != EPERM)
+ {
+ FATAL_ERROR ((0, errno, "%s", "setgid"));
+ }
+ if (uid != geteuid () && setuid (uid) && errno != EPERM)
+ {
+ FATAL_ERROR ((0, errno, "%s", "setuid"));
+ }
+}
#endif
#if XENIX
--
2.26.0

@ -0,0 +1,91 @@
revert fix for CVE-2015-1197 as it causes shutdown issues
revert suggested as a workaround by upstream:
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
--- b/src/copyin.c
+++ a/src/copyin.c
@@ -645,14 +645,13 @@
link_name = xstrdup (file_hdr->c_tar_linkname);
}
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ file_hdr->c_mode);
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
}
if (res < 0)
{
--- b/tests/CVE-2015-1197.at
+++ /dev/null
@@ -1,43 +0,0 @@
-# Process this file with autom4te to create testsuite. -*- Autotest -*-
-# Copyright (C) 2009-2019 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
-AT_CHECK([
-tempdir=$(pwd)/tmp
-mkdir $tempdir
-touch $tempdir/file
-ln -s $tempdir dir
-AT_DATA([filelist],
-[dir
-dir/file
-])
-ln -s /tmp dir
-touch /tmp/file
-cpio -o < filelist > test.cpio
-rm dir /tmp/file
-cpio --no-absolute-filenames -iv < test.cpio
-],
-[2],
-[],
-[1 block
-cpio: Removing leading `/' from hard link targets
-dir
-cpio: dir/file: Cannot open: No such file or directory
-dir/file
-1 block
-])
-AT_CLEANUP
-
--- b/tests/Makefile.am
+++ a/tests/Makefile.am
@@ -56,9 +56,8 @@
symlink-long.at\
symlink-to-stdout.at\
version.at\
big-block-size.at\
- CVE-2015-1197.at\
CVE-2019-14866.at
TESTSUITE = $(srcdir)/testsuite
--- b/tests/testsuite.at
+++ a/tests/testsuite.at
@@ -43,6 +43,5 @@
m4_include([setstat04.at])
m4_include([setstat05.at])
m4_include([big-block-size.at])
-m4_include([CVE-2015-1197.at])
m4_include([CVE-2019-14866.at])

@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:27:21 +0200
Subject: [PATCH 1/7] make '-c' equivalent to '-H newc' Subject: [PATCH 1/7] make '-c' equivalent to '-H newc'
diff --git a/doc/cpio.texi b/doc/cpio.texi diff --git a/doc/cpio.texi b/doc/cpio.texi
index edf0c12..bef7ba5 100644 index e631934..a788b5d 100644
--- a/doc/cpio.texi --- a/doc/cpio.texi
+++ b/doc/cpio.texi +++ b/doc/cpio.texi
@@ -271,7 +271,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. @@ -261,7 +261,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
@item -B @item -B
Set the I/O block size to 5120 bytes. Set the I/O block size to 5120 bytes.
@item -c @item -c
@ -16,7 +16,7 @@ index edf0c12..bef7ba5 100644
@item -C @var{number} @item -C @var{number}
@itemx --io-size=@var{number} @itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes. Set the I/O block size to the given @var{number} of bytes.
@@ -354,7 +355,8 @@ Equivalent to @option{-sS}. @@ -343,7 +344,8 @@ Equivalent to @option{-sS}.
@item -B @item -B
Set the I/O block size to 5120 bytes. Set the I/O block size to 5120 bytes.
@item -c @item -c
@ -26,7 +26,7 @@ index edf0c12..bef7ba5 100644
@item -C @var{number} @item -C @var{number}
@itemx --io-size=@var{number} @itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes. Set the I/O block size to the given @var{number} of bytes.
@@ -465,7 +467,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. @@ -454,7 +456,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
@item -B @item -B
Set the I/O block size to 5120 bytes. Set the I/O block size to 5120 bytes.
@item -c @item -c
@ -36,7 +36,7 @@ index edf0c12..bef7ba5 100644
@item -C @var{number} @item -C @var{number}
@itemx --io-size=@var{number} @itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes. Set the I/O block size to the given @var{number} of bytes.
@@ -614,7 +617,8 @@ block size is 512 bytes. @@ -600,7 +603,8 @@ block size is 512 bytes.
@item -c @item -c
[@ref{copy-in},@ref{copy-out},@ref{copy-pass}] [@ref{copy-in},@ref{copy-out},@ref{copy-pass}]
@ -47,7 +47,7 @@ index edf0c12..bef7ba5 100644
@item -C @var{io-size} @item -C @var{io-size}
@itemx --io-size=@var{io-size} @itemx --io-size=@var{io-size}
diff --git a/src/main.c b/src/main.c diff --git a/src/main.c b/src/main.c
index b27bd17..542a71f 100644 index a13861f..a875a13 100644
--- a/src/main.c --- a/src/main.c
+++ b/src/main.c +++ b/src/main.c
@@ -124,7 +124,7 @@ static struct argp_option options[] = { @@ -124,7 +124,7 @@ static struct argp_option options[] = {
@ -59,7 +59,7 @@ index b27bd17..542a71f 100644
{"dot", 'V', NULL, 0, {"dot", 'V', NULL, 0,
N_("Print a \".\" for each file processed"), GRID+1 }, N_("Print a \".\" for each file processed"), GRID+1 },
{"io-size", 'C', N_("NUMBER"), 0, {"io-size", 'C', N_("NUMBER"), 0,
@@ -331,6 +331,7 @@ parse_opt (int key, char *arg, struct argp_state *state) @@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'c': /* Use the old portable ASCII format. */ case 'c': /* Use the old portable ASCII format. */
if (archive_format != arf_unknown) if (archive_format != arf_unknown)
USAGE_ERROR ((0, 0, _("Archive format multiply defined"))); USAGE_ERROR ((0, 0, _("Archive format multiply defined")));

@ -1,31 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (GNU/Linux)
mQGiBDxhQHkRBACyhJxCLQvLs70IUZSlYVKAm+u1Oa4RyUo5/ctCcMm2KOcjui3z
xs+yUwlglo1n/de9NNJY98PJNLHniMVi5sPba8OKwYx9bilwuAWLgTsgfpX8UuuY
TANQmTybmrxjzxrGqN7eyjBT3utgbK3ACKDo/JUCgZMkdFu2c2i7186sDwCgo9pQ
ygxOOWEWBm70Rymdfvkon6EEAKY5h9nL1qYw46vM1+QY+vhyX2lHTD/E9QyFQv4L
driY3CerLAZ07yk5p8I6T31d7HEUt9DZcl0ZD99Y9IH84wWvms1xtnCuoLlP4ntw
FQ5ZUZtMY0AIVRtFbgkTDDLZsdanscqMu/LqnO2/QWjCQhaO/tcaIdPVgBIbCr28
fuBJA/9KA5vbQBd4WnNFLVJsr47irnJBYdR+OqPQAUFUcQPO1metR76UZ7+7LwtO
ldAjPN3RDJtRB8/JooHDNq+VCEzjs02JaBpQ+BCOzzqELnkoBPl26yHR56r4WbC5
+FH/QxEaicjVGxIF/Z9crzG/XUMXwieTNcM6HoGCnMboGqCM4bQjU2VyZ2V5IFBv
em55YWtvZmYgPGdyYXlAZ251Lm9yZy51YT6IXgQTEQIAHgUCQ/CVdwIbAwYLCQgH
AwIDFQIDAxYCAQIeAQIXgAAKCRA2ArB/VdDHMubqAJ9tq+C7VtEMexpRAq9jzcKo
5fZFywCeKtqljjB7nsCIKvZNOV1D4fn7HDm0MlNlcmdleSBQb3pueWFrb2ZmIChH
cmF5KSA8Z3JheUBtaXJkZGluLmZhcmxlcC5uZXQ+iFcEExECABcFAjxhQHkFCwcK
AwQDFQMCAxYCAQIXgAAKCRA2ArB/VdDHMg3iAKCVtLVewNzCDfjui1wTWmz73IcU
aQCcDjK4771A6G/z6qX5bDuK1yL/YeSIRgQSEQIABgUCP1tgaAAKCRCjCdZ5GaIl
R3GsAJ9IHf/Rl/2+eR03mdAe+AeSTaBfagCfUsLc7/wp+fb7Xo6lKQezvJzGBqu0
IFNlcmdleSBQb3pueWFrb2ZmIDxncmF5QGdudS5vcmc+iF4EExECAB4FAkPwlbUC
GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQNgKwf1XQxzJFSgCeNYJSs7nalOVI
MTJB3Ui6NvKL/nAAni1KxoLZr/+jG5iAnhuuL+ijq54GuQENBDxhQHwQBAD3qEph
UOWRg9C8hSJpZ9Zo8F+hXnF6mvMWuy76R+yHqg4H5CPWSH116lOKl5xpGeXdOOzM
5OxGgdEChb+jLoszM9rc3HQfcKAQmFMd03Iay4/5jMAS+vNgCfDV98nj6gU0Y3ku
UdTkyMPDObQWv1ginAnkoOVXb7nAVW/X5n8izwADBQP8CPuRROj2FC+w2tTXDgaJ
am9PEm1coHRJAoHef1nBZfOAOZLjRD10wBg2m8q2EUJ4/mr/1D0whTINThJkvmZk
RGVkuNILeC3X5dMQ1AX4fIOOnVObWVrlg5etH8ichIOYOUOqCx/cuV9F6Apg9PE6
vcFqmh4BoOlb0qOaIdzN1sWIRgQYEQIABgUCPGFAfAAKCRA2ArB/VdDHMlPgAKCM
9FxutfWWvZqNKW5up6GnB4y6WwCeN5k4mxck975PULOk8jq/ZqLGvnQ=
=5lxD
-----END PGP PUBLIC KEY BLOCK-----

@ -1,30 +1,25 @@
Summary: A GNU archiving program Summary: A GNU archiving program
Name: cpio Name: cpio
Version: 2.15 Version: 2.13
Release: 3%{?dist} Release: 16%{?dist}
License: GPL-3.0-or-later License: GPLv3+
URL: https://www.gnu.org/software/cpio/ URL: https://www.gnu.org/software/cpio/
Source0: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
# help2man generated manual page distributed only in RHEL/Fedora # help2man generated manual page distributed only in RHEL/Fedora
Source1: cpio.1 Source1: cpio.1
Source2: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2.sig
# https://savannah.gnu.org/projects/cpio/ lists one maintainer, gray
# and their GPG key is https://savannah.gnu.org/people/viewgpg.php?user_id=311
Source3: gray-key.gpg
# We use SVR4 portable format as default. # We use SVR4 portable format as default.
Patch1: cpio-2.14-rh.patch Patch1: cpio-2.9-rh.patch
# fix warn_if_file_changed() and set exit code to 1 when cpio fails to store # fix warn_if_file_changed() and set exit code to 1 when cpio fails to store
# file > 4GB (#183224) # file > 4GB (#183224)
# http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html # http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html
Patch2: cpio-2.14-exitCode.patch Patch2: cpio-2.13-exitCode.patch
# Support major/minor device numbers over 127 (bz#450109) # Support major/minor device numbers over 127 (bz#450109)
# http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html # http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html
Patch3: cpio-2.14-dev_number.patch Patch3: cpio-2.13-dev_number.patch
# Define default remote shell as /usr/bin/ssh (#452904) # Define default remote shell as /usr/bin/ssh (#452904)
Patch4: cpio-2.9.90-defaultremoteshell.patch Patch4: cpio-2.9.90-defaultremoteshell.patch
@ -32,7 +27,7 @@ Patch4: cpio-2.9.90-defaultremoteshell.patch
# Fix segfault with nonexisting file with patternnames (#567022) # Fix segfault with nonexisting file with patternnames (#567022)
# http://savannah.gnu.org/bugs/index.php?28954 # http://savannah.gnu.org/bugs/index.php?28954
# We have slightly different solution than upstream. # We have slightly different solution than upstream.
Patch5: cpio-2.14-patternnamesigsegv.patch Patch5: cpio-2.10-patternnamesigsegv.patch
# Fix bad file name splitting while creating ustar archive (#866467) # Fix bad file name splitting while creating ustar archive (#866467)
# (fix backported from tar's source) # (fix backported from tar's source)
@ -41,13 +36,40 @@ Patch7: cpio-2.10-longnames-split.patch
# Cpio does Sum32 checksum, not CRC (downstream) # Cpio does Sum32 checksum, not CRC (downstream)
Patch8: cpio-2.11-crc-fips-nit.patch Patch8: cpio-2.11-crc-fips-nit.patch
# Fix multiple definition of `program_name'
Patch9: cpio-2.13-mutiple-definition.patch
# Revert fix for CVE-2015-1197 (#1797163)
# reverts upstream commit 45b0ee2b4
Patch10: cpio-2.13-revert-CVE-2015-1197-fix.patch
# Extract: retain times for symlinks
# downstream patch (#1486364)
# https://www.mail-archive.com/bug-cpio@gnu.org/msg00605.html
Patch11: cpio-2.11-retain-symlink-times.patch
# Properly drop priviledges for remote command
# http://git.savannah.gnu.org/cgit/paxutils.git/commit/?id=d247e3c2809a37b6d0c3067251d96bb7f12555e7
Patch12: cpio-2.13-reset-gid-uid.patch
# Fixed integer overflow in ds_fgetstr()
# upstream patch (#1992512)
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=4d169305dcb34137dc41acc761d8703eae2c63bf
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=86dacfe3e060ce95d5a2c0c5ec01f6437b0b6089
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7dd8ba91d8b6a2640e6c01c3e3a4234828646f23
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=684b7ac5767e676cda78c161aeb7fe7b45a07529
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=b1c85839bf1381f749dd45bf6a5a38924e3315a0
Patch13: cpio-2.13-CVE-2021-38185.patch
Provides: bundled(gnulib) Provides: bundled(gnulib)
Provides: bundled(paxutils) Provides: bundled(paxutils)
Provides: /bin/cpio Provides: /bin/cpio
BuildRequires: gcc BuildRequires: gcc
BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt
BuildRequires: make BuildRequires: make
BuildRequires: gnupg2
%description %description
GNU cpio copies files into or out of a cpio or tar archive. Archives GNU cpio copies files into or out of a cpio or tar archive. Archives
@ -65,7 +87,6 @@ Install cpio if you need a program to manage file archives.
%prep %prep
%{gpgverify} --keyring='%{SOURCE3}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
%autosetup -p1 %autosetup -p1
@ -104,49 +125,24 @@ make check || {
%{_infodir}/*.info* %{_infodir}/*.info*
%changelog %changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.15-3 * Thu Aug 26 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-16
- Bump release for October 2024 mass rebuild: - Fixed CVE-2021-38185 (#1992512)
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.15-2
- Bump release for June 2024 mass rebuild
* Tue Jan 24 2024 Lukas Javorsky <ljavorsk@redhat.com> - 2.15-1
- Rebase to version 2.15
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Nov 15 2023 Florian Weimer <fweimer@redhat.com> - 2.14-5
- Backport upstream patch for C99 compatibility issue
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sun Jul 16 2023 Stewart Smith <trawets@amazon.com> - 2.14-3
- gpg verify source tarball
* Mon May 29 2023 Lukas Javorsky <ljavorsk@redhat.com> - 2.14-2
- Release bump
* Tue May 16 2023 Lukas Javorsky <ljavorsk@redhat.com> - 2.14-1 * Thu Aug 19 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-15
- Rebase to version 2.14 - Revert patch for CVE-2021-38185 (#1992512)
- Resolves #1188590 CVE-2015-1197
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-14 * Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - Minor fix for CVE-2021-38185 (#1992512)
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-13 * Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - Fixed CVE-2021-38185 (#1992512)
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-12 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-11 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Feb 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-10 * Thu Feb 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-10
- Properly drop priviledges for remote command - Properly drop priviledges for remote command

Loading…
Cancel
Save