diff --git a/cpio-2.12-CVE-2019-14866.patch b/cpio-2.12-CVE-2019-14866.patch deleted file mode 100644 index 2012484..0000000 --- a/cpio-2.12-CVE-2019-14866.patch +++ /dev/null @@ -1,317 +0,0 @@ -From 7554e3e42cd72f6f8304410c47fe6f8918e9bfd7 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Sun, 3 Nov 2019 23:59:39 +0200 -Subject: Fix CVE-2019-14866 - -* src/copyout.c (to_ascii): Additional argument nul controls whether -to add the terminating nul character. -(field_width_error): Improve diagnostics: print the actual and the -maximum allowed field value. -* src/extern.h (to_ascii, field_width_error): New prototypes. -* src/tar.c (to_oct): Remove. -(to_oct_or_error): New function. -(TO_OCT): New macro. -(write_out_tar_header): Use TO_OCT and to_ascii. Return 0 on -success, 1 on error. ---- - src/copyout.c | 49 ++++++++++++++++++++++++---------------- - src/extern.h | 15 +++++++++++-- - src/tar.c | 72 +++++++++++++++++++++++++++-------------------------------- - 3 files changed, 76 insertions(+), 60 deletions(-) - -Index: cpio-2.12/src/copyout.c -=================================================================== ---- cpio-2.12.orig/src/copyout.c -+++ cpio-2.12/src/copyout.c -@@ -269,26 +269,32 @@ writeout_final_defers (int out_des) - so it should be moved to paxutils too. - Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */ - int --to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) -+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul) - { - static char codetab[] = "0123456789ABCDEF"; -- int i = digits; -- -- do -+ -+ if (nul) -+ where[--digits] = 0; -+ while (digits > 0) - { -- where[--i] = codetab[(v & ((1 << logbase) - 1))]; -+ where[--digits] = codetab[(v & ((1 << logbase) - 1))]; - v >>= logbase; - } -- while (i); - - return v != 0; - } - --static void --field_width_error (const char *filename, const char *fieldname) -+void -+field_width_error (const char *filename, const char *fieldname, -+ uintmax_t value, size_t width, bool nul) - { -- error (0, 0, _("%s: field width not sufficient for storing %s"), -- filename, fieldname); -+ char valbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (0, 0, _("%s: value %s %s out of allowed range 0..%s"), -+ filename, fieldname, -+ STRINGIFY_BIGINT (value, valbuf), -+ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), -+ maxbuf)); - } - - static void -@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t - unsigned logbase, - const char *filename, const char *fieldname) - { -- if (to_ascii (where, n, digits, logbase)) -+ if (to_ascii (where, n, digits, logbase, false)) - field_width_warning (filename, fieldname); - } - -@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_ - unsigned logbase, - const char *filename, const char *fieldname) - { -- if (to_ascii (where, n, digits, logbase)) -+ if (to_ascii (where, n, digits, logbase, false)) - { -- field_width_error (filename, fieldname); -+ field_width_error (filename, fieldname, n, digits, false); - return 1; - } - return 0; -@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char * - _("name size"))) - return 1; - p += 8; -- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16); -+ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); - - tape_buffered_write (ascii_header, out_des, sizeof ascii_header); - -@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, d - char ascii_header[76]; - char *p = ascii_header; - -- to_ascii (p, file_hdr->c_magic, 6, LG_8); -+ to_ascii (p, file_hdr->c_magic, 6, LG_8, false); - p += 6; - to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number")); - p += 6; -@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev, - short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF; - if (short_hdr.c_namesize != file_hdr->c_namesize) - { -- field_width_error (file_hdr->c_name, _("name size")); -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (0, 0, _("%s: value %s %s out of allowed range 0..%u"), -+ file_hdr->c_name, _("name size"), -+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu); - return 1; - } - -@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev, - if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1] - != file_hdr->c_filesize) - { -- field_width_error (file_hdr->c_name, _("file size")); -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"), -+ file_hdr->c_name, _("file size"), -+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu); - return 1; - } - -@@ -552,8 +564,7 @@ write_out_header (struct cpio_file_stat - error (0, 0, _("%s: file name too long"), file_hdr->c_name); - return 1; - } -- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */ -- return 0; -+ return write_out_tar_header (file_hdr, out_des); - - case arf_binary: - return write_out_binary_header (makedev (file_hdr->c_rdev_maj, -Index: cpio-2.12/src/extern.h -=================================================================== ---- cpio-2.12.orig/src/extern.h -+++ cpio-2.12/src/extern.h -@@ -118,6 +118,10 @@ void print_name_with_quoting (char *p); - /* copyout.c */ - int write_out_header (struct cpio_file_stat *file_hdr, int out_des); - void process_copy_out (void); -+int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, -+ bool nul); -+void field_width_error (const char *filename, const char *fieldname, -+ uintmax_t value, size_t width, bool nul); - - /* copypass.c */ - void process_copy_pass (void); -@@ -146,7 +150,7 @@ int make_path (char *argpath, uid_t owne - const char *verbose_fmt_string); - - /* tar.c */ --void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); -+int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); - int null_block (long *block, int size); - void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des); - int otoa (char *s, unsigned long *n); -@@ -205,9 +209,16 @@ void cpio_safer_name_suffix (char *name, - int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir); - void change_dir (void); - --/* FIXME: These two defines should be defined in paxutils */ -+/* FIXME: The following three should be defined in paxutils */ - #define LG_8 3 - #define LG_16 4 -+/* The maximum uintmax_t value that can be represented with DIGITS digits, -+ assuming that each digit is BITS_PER_DIGIT wide. */ -+#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \ -+ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \ -+ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \ -+ : (uintmax_t) -1) -+ - - uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); - -Index: cpio-2.12/src/tar.c -=================================================================== ---- cpio-2.12.orig/src/tar.c -+++ cpio-2.12/src/tar.c -@@ -1,6 +1,5 @@ - /* tar.c - read in write tar headers for cpio -- Copyright (C) 1992, 2001, 2004, 2006-2007, 2010, 2014-2015 Free -- Software Foundation, Inc. -+ Copyright (C) 1992-2019 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -79,36 +78,17 @@ stash_tar_filename (char *prefix, char * - return hold_tar_filename; - } - --/* Convert a number into a string of octal digits. -- Convert long VALUE into a DIGITS-digit field at WHERE, -- including a trailing space and room for a NUL. DIGITS==3 means -- 1 digit, a space, and room for a NUL. -- -- We assume the trailing NUL is already there and don't fill it in. -- This fact is used by start_header and finish_header, so don't change it! -- -- This is be equivalent to: -- sprintf (where, "%*lo ", digits - 2, value); -- except that sprintf fills in the trailing NUL and we don't. */ -- --static void --to_oct (register long value, register int digits, register char *where) -+static int -+to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field, -+ char const *file) - { -- --digits; /* Leave the trailing NUL slot alone. */ -- -- /* Produce the digits -- at least one. */ -- do -+ if (to_ascii (where, value, digits, LG_8, true)) - { -- where[--digits] = '0' + (char) (value & 7); /* One octal digit. */ -- value >>= 3; -+ field_width_error (file, field, value, digits, true); -+ return 1; - } -- while (digits > 0 && value != 0); -- -- /* Add leading zeroes, if necessary. */ -- while (digits > 0) -- where[--digits] = '0'; -+ return 0; - } -- - - - /* Compute and return a checksum for TAR_HDR, -@@ -134,10 +114,22 @@ tar_checksum (struct tar_header *tar_hdr - return sum; - } - -+#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \ -+ do \ -+ { \ -+ if (to_oct_or_error (file_hdr -> c_fld, \ -+ digits, \ -+ tar_hdr -> tar_field, \ -+ #tar_field, \ -+ file_hdr->c_name)) \ -+ return 1; \ -+ } \ -+ while (0) -+ - /* Write out header FILE_HDR, including the file name, to file - descriptor OUT_DES. */ - --void -+int - write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - { - int name_len; -@@ -166,11 +158,11 @@ write_out_tar_header (struct cpio_file_s - - /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal - digits */ -- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode); -- to_oct (file_hdr->c_uid, 8, tar_hdr->uid); -- to_oct (file_hdr->c_gid, 8, tar_hdr->gid); -- to_oct (file_hdr->c_filesize, 12, tar_hdr->size); -- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime); -+ TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode); -+ TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid); -+ TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid); -+ TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size); -+ TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime); - - switch (file_hdr->c_mode & CP_IFMT) - { -@@ -182,7 +174,7 @@ write_out_tar_header (struct cpio_file_s - strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); - tar_hdr->typeflag = LNKTYPE; -- to_oct (0, 12, tar_hdr->size); -+ to_ascii (tar_hdr->size, 0, 12, LG_8, true); - } - else - tar_hdr->typeflag = REGTYPE; -@@ -208,7 +200,7 @@ write_out_tar_header (struct cpio_file_s - than TARLINKNAMESIZE. */ - strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); -- to_oct (0, 12, tar_hdr->size); -+ to_ascii (tar_hdr->size, 0, 12, LG_8, true); - break; - #endif /* CP_IFLNK */ - } -@@ -227,13 +219,15 @@ write_out_tar_header (struct cpio_file_s - if (name) - strcpy (tar_hdr->gname, name); - -- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor); -- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor); -+ TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor); -+ TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor); - } - -- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum); -+ to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true); - - tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE); -+ -+ return 0; - } - - /* Return nonzero iff all the bytes in BLOCK are NUL. diff --git a/cpio-2.12-out_of_bounds_write.patch b/cpio-2.12-out_of_bounds_write.patch deleted file mode 100644 index 5f43763..0000000 --- a/cpio-2.12-out_of_bounds_write.patch +++ /dev/null @@ -1,49 +0,0 @@ -* src/copyin.c (process_copy_in): Make sure that file_hdr.c_name -has at least two bytes allocated. -* src/util.c (cpio_safer_name_suffix): Document that use of this -function requires to be careful. ---- - src/copyin.c | 2 ++ - src/util.c | 5 ++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -Index: cpio-2.12/src/copyin.c -=================================================================== ---- cpio-2.12.orig/src/copyin.c -+++ cpio-2.12/src/copyin.c -@@ -1433,6 +1433,18 @@ process_copy_in () - break; - } - -+ /* Fix for CVE-2016-2037 (bsc#963448) and resultant regression (bsc#1028410). -+ For tar and ustar archive formats, file_hdr.c_namesize is not defined and -+ file_hdr.c_name uses static memory. Therefore we can't rely on -+ file_hdr.c_namesize and we can't realloc memory for these archive types. -+ However the patch is still correct for CVE-2016-2037 (we have to be sure -+ that the allocated NAME buffer has a capacity at least 2 bytes to allow -+ us to store the "." string inside) as static char array for tar and ustar -+ has size 2 at least (see tar.c:stash_tar_filename()). -+ */ -+ if (archive_format != arf_tar && archive_format != arf_ustar -+ && file_hdr.c_namesize <= 1) -+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2); - cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, - false); - -Index: cpio-2.12/src/util.c -=================================================================== ---- cpio-2.12.orig/src/util.c -+++ cpio-2.12/src/util.c -@@ -1460,7 +1460,10 @@ set_file_times (int fd, - } - - /* Do we have to ignore absolute paths, and if so, does the filename -- have an absolute path? */ -+ have an absolute path? -+ Before calling this function make sure that the allocated NAME buffer has -+ capacity at least 2 bytes to allow us to store the "." string inside. */ -+ - void - cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, - bool strip_leading_dots) - diff --git a/cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch b/cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch deleted file mode 100644 index a945b45..0000000 --- a/cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: cpio-2.12/src/util.c -=================================================================== ---- cpio-2.12.orig/src/util.c -+++ cpio-2.12/src/util.c -@@ -812,6 +812,7 @@ get_inode_and_dev (struct cpio_file_stat - hdr->c_dev_maj = major (st->st_dev); - hdr->c_dev_min = minor (st->st_dev); - } -+ return 0; - } - - diff --git a/cpio-2.12.tar.bz2 b/cpio-2.12.tar.bz2 deleted file mode 100644 index a59b62f..0000000 --- a/cpio-2.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e -size 1258605 diff --git a/cpio-2.12.tar.bz2.sig b/cpio-2.12.tar.bz2.sig deleted file mode 100644 index 78d0ac1..0000000 --- a/cpio-2.12.tar.bz2.sig +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iEYEABECAAYFAlX0Dh4ACgkQNgKwf1XQxzLTigCeO+MKFk1BRjca0CU1jaYwC5y7 -qOcAnAy9Th86/Do4aIy12NoJxlMDDF2X -=jXgF ------END PGP SIGNATURE----- diff --git a/cpio-2.13.tar.bz2 b/cpio-2.13.tar.bz2 new file mode 100644 index 0000000..a5e248a --- /dev/null +++ b/cpio-2.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d +size 1354559 diff --git a/cpio-2.13.tar.bz2.sig b/cpio-2.13.tar.bz2.sig new file mode 100644 index 0000000..3a83ac4 --- /dev/null +++ b/cpio-2.13.tar.bz2.sig @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.15 (GNU/Linux) + +iEYEABECAAYFAl3CgW4ACgkQNgKwf1XQxzInuACdFx2CwRnphQ5Zka2zFicnNNCX +3z4AoIQeYZNDDyJoOzIYvKuNrFePJ4hG +=InYG +-----END PGP SIGNATURE----- diff --git a/cpio-check_for_symlinks.patch b/cpio-check_for_symlinks.patch deleted file mode 100644 index abcc7c2..0000000 --- a/cpio-check_for_symlinks.patch +++ /dev/null @@ -1,150 +0,0 @@ -Index: cpio-2.12/src/copyin.c -=================================================================== ---- cpio-2.12.orig/src/copyin.c -+++ cpio-2.12/src/copyin.c -@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file - free (link_name); - } - -+ -+static int -+path_contains_symlink(char *path) -+{ -+ struct stat st; -+ char *slash; -+ char *nextslash; -+ -+ /* we got NULL pointer or empty string */ -+ if (!path || !*path) { -+ return false; -+ } -+ -+ slash = path; -+ -+ while ((nextslash = strchr(slash + 1, '/')) != NULL) { -+ slash = nextslash; -+ *slash = '\0'; -+ -+ if (lstat(path, &st) != 0) { -+ if (errno == ELOOP) { -+ /* ELOOP - too many symlinks */ -+ *slash = '/'; -+ return true; -+ } else if (errno == ENOMEM) { -+ /* No memory for lstat - terminate */ -+ xalloc_die(); -+ } else { -+ /* cannot lstat path - give up */ -+ *slash = '/'; -+ return false; -+ } -+ } -+ -+ if (S_ISLNK(st.st_mode)) { -+ *slash = '/'; -+ return true; -+ } -+ -+ *slash = '/'; -+ } -+ -+ return false; -+} -+ - static void - copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) - { -@@ -1474,6 +1519,23 @@ process_copy_in () - { - /* Copy the input file into the directory structure. */ - -+ /* Can we write files over symlinks? */ -+ if (!extract_over_symlinks) -+ { -+ if (path_contains_symlink(file_hdr.c_name)) -+ { -+ /* skip the file */ -+ /* -+ fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name); -+ tape_toss_input (in_file_des, file_hdr.c_filesize); -+ tape_skip_padding (in_file_des, file_hdr.c_filesize); -+ continue; -+ */ -+ /* terminate */ -+ error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); -+ } -+ } -+ - /* Do we need to rename the file? */ - if (rename_flag || rename_batch_file) - { -Index: cpio-2.12/src/global.c -=================================================================== ---- cpio-2.12.orig/src/global.c -+++ cpio-2.12/src/global.c -@@ -187,6 +187,9 @@ bool to_stdout_option = false; - /* The name this program was run with. */ - char *program_name; - -+/* Extract files over symbolic links */ -+bool extract_over_symlinks; -+ - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); -Index: cpio-2.12/src/main.c -=================================================================== ---- cpio-2.12.orig/src/main.c -+++ cpio-2.12/src/main.c -@@ -59,6 +59,7 @@ enum cpio_options { - DEBUG_OPTION, - BLOCK_SIZE_OPTION, - TO_STDOUT_OPTION, -+ EXTRACT_OVER_SYMLINKS, - RENUMBER_INODES_OPTION, - IGNORE_DEVNO_OPTION, - DEVICE_INDEPENDENT_OPTION -@@ -243,6 +244,8 @@ static struct argp_option options[] = { - N_("Create leading directories where needed"), GRID+1 }, - {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0, - N_("Do not change the ownership of the files"), GRID+1 }, -+ {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0, -+ N_("Force writing over symbolic links"), GRID+1 }, - {"unconditional", 'u', NULL, 0, - N_("Replace all files unconditionally"), GRID+1 }, - {"sparse", SPARSE_OPTION, NULL, 0, -@@ -433,6 +436,10 @@ crc newc odc bin ustar tar (all-caps als - no_chown_flag = true; - break; - -+ case EXTRACT_OVER_SYMLINKS: /* --extract-over-symlinks */ -+ extract_over_symlinks = true; -+ break; -+ - case 'o': /* Copy-out mode. */ - if (copy_function != 0) - USAGE_ERROR ((0, 0, _("Mode already defined"))); -Index: cpio-2.12/src/extern.h -=================================================================== ---- cpio-2.12.orig/src/extern.h -+++ cpio-2.12/src/extern.h -@@ -96,6 +96,7 @@ extern char input_is_special; - extern char output_is_special; - extern char input_is_seekable; - extern char output_is_seekable; -+extern bool extract_over_symlinks; - extern int (*xstat) (); - extern void (*copy_function) (); - extern char *change_directory_option; -Index: cpio-2.12/doc/cpio.1 -=================================================================== ---- cpio-2.12.orig/doc/cpio.1 -+++ cpio-2.12/doc/cpio.1 -@@ -50,6 +50,7 @@ cpio \- copy files to and from archives - [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR] - [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR] - [\fB\-\-rsh\-command=\fICOMMAND\fR] -+[\fB\-\-extract\-over\-symlinks\fR] - [\fIpattern\fR...] [\fB<\fR \fIarchive\fR] - - .B cpio diff --git a/cpio-close_files_after_copy.patch b/cpio-close_files_after_copy.patch index e4ac54f..d213538 100644 --- a/cpio-close_files_after_copy.patch +++ b/cpio-close_files_after_copy.patch @@ -1,10 +1,10 @@ Index: src/copyin.c =================================================================== ---- src/copyin.c.orig 2010-08-10 16:45:19.000000000 +0200 -+++ src/copyin.c 2010-08-10 16:45:19.000000000 +0200 -@@ -1485,6 +1485,19 @@ process_copy_in () +--- src/copyin.c.orig ++++ src/copyin.c +@@ -1420,6 +1420,19 @@ process_copy_in () - apply_delayed_set_stat (); + cpio_file_stat_free (&file_hdr); + if (tty_in) + { diff --git a/cpio-default_tape_dev.patch b/cpio-default_tape_dev.patch index f977ccc..c866289 100644 --- a/cpio-default_tape_dev.patch +++ b/cpio-default_tape_dev.patch @@ -2,7 +2,7 @@ Index: src/mt.c =================================================================== --- src/mt.c.orig +++ src/mt.c -@@ -413,11 +413,18 @@ parse_opt (int key, char *arg, struct ar +@@ -225,11 +225,18 @@ parse_opt (int key, char *arg, struct ar { tapedev = getenv ("TAPE"); if (tapedev == NULL) diff --git a/cpio-dev_number.patch b/cpio-dev_number.patch index 620181e..77e4d2a 100644 --- a/cpio-dev_number.patch +++ b/cpio-dev_number.patch @@ -1,6 +1,8 @@ ---- src/copyin.c 2008-07-11 13:20:27.000000000 +0200 -+++ src/copyin.c 2008-07-18 10:55:58.000000000 +0200 -@@ -1269,15 +1269,15 @@ +Index: src/copyin.c +=================================================================== +--- src/copyin.c.orig ++++ src/copyin.c +@@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *f swab_array ((char *) short_hdr, 13); } @@ -19,4 +21,4 @@ + file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 | short_hdr->c_mtimes[1]; - + file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 diff --git a/cpio-eof_tape_handling.patch b/cpio-eof_tape_handling.patch index 340f1d6..579c53c 100644 --- a/cpio-eof_tape_handling.patch +++ b/cpio-eof_tape_handling.patch @@ -36,7 +36,7 @@ Index: src/util.c } else break; -@@ -842,6 +856,40 @@ tape_offline (int tape_des) +@@ -829,6 +843,40 @@ tape_offline (int tape_des) #endif } diff --git a/cpio-fix_truncation_check.patch b/cpio-fix_truncation_check.patch index fedeae7..9ba1f91 100644 --- a/cpio-fix_truncation_check.patch +++ b/cpio-fix_truncation_check.patch @@ -1,8 +1,8 @@ -Index: cpio-2.11/src/mt.c +Index: cpio-2.13/src/mt.c =================================================================== ---- cpio-2.11.orig/src/mt.c 2014-07-29 11:02:31.631881572 +0200 -+++ cpio-2.11/src/mt.c 2014-07-29 11:02:31.665881951 +0200 -@@ -428,7 +428,7 @@ parse_opt (int key, char *arg, struct ar +--- cpio-2.13.orig/src/mt.c ++++ cpio-2.13/src/mt.c +@@ -208,7 +208,7 @@ parse_opt (int key, char *arg, struct ar { char *p; long val = strtol (arg, &p, 0); diff --git a/cpio-open_nonblock.patch b/cpio-open_nonblock.patch index ce166ef..12d29cf 100644 --- a/cpio-open_nonblock.patch +++ b/cpio-open_nonblock.patch @@ -30,7 +30,7 @@ Index: src/mt.c =================================================================== --- src/mt.c.orig +++ src/mt.c -@@ -333,11 +333,11 @@ +@@ -333,11 +333,11 @@ main (int argc, char **argv) #ifdef MTERASE case MTERASE: #endif @@ -48,7 +48,7 @@ Index: src/util.c =================================================================== --- src/util.c.orig +++ src/util.c -@@ -814,14 +814,14 @@ +@@ -801,14 +801,14 @@ open_archive (char *file) copy_in = process_copy_in; if (copy_function == copy_in) diff --git a/cpio-pattern-file-sigsegv.patch b/cpio-pattern-file-sigsegv.patch index cdf2990..100d51d 100644 --- a/cpio-pattern-file-sigsegv.patch +++ b/cpio-pattern-file-sigsegv.patch @@ -1,8 +1,8 @@ -Index: cpio-2.12/src/copyin.c +Index: cpio-2.13/src/copyin.c =================================================================== ---- cpio-2.12.orig/src/copyin.c -+++ cpio-2.12/src/copyin.c -@@ -871,6 +871,8 @@ read_pattern_file () +--- cpio-2.13.orig/src/copyin.c ++++ cpio-2.13/src/copyin.c +@@ -798,6 +798,8 @@ read_pattern_file () pattern_fp = fopen (pattern_file_name, "r"); if (pattern_fp == NULL) open_fatal (pattern_file_name); @@ -11,7 +11,7 @@ Index: cpio-2.12/src/copyin.c while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) { if (new_num_patterns >= max_new_patterns) -@@ -885,6 +887,7 @@ read_pattern_file () +@@ -812,6 +814,7 @@ read_pattern_file () } if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) close_error (pattern_file_name); diff --git a/cpio-use_new_ascii_format.patch b/cpio-use_new_ascii_format.patch index 5119b5c..9b7b50d 100644 --- a/cpio-use_new_ascii_format.patch +++ b/cpio-use_new_ascii_format.patch @@ -2,7 +2,7 @@ Index: doc/cpio.info =================================================================== --- doc/cpio.info.orig +++ doc/cpio.info -@@ -216,7 +216,8 @@ option, e.g.: +@@ -226,7 +226,8 @@ option, e.g.: '-B' Set the I/O block size to 5120 bytes. '-c' @@ -12,7 +12,7 @@ Index: doc/cpio.info '-C NUMBER' '--io-size=NUMBER' Set the I/O block size to the given NUMBER of bytes. -@@ -296,7 +297,8 @@ option. +@@ -307,7 +308,8 @@ option. '-B' Set the I/O block size to 5120 bytes. '-c' @@ -22,7 +22,7 @@ Index: doc/cpio.info '-C NUMBER' '--io-size=NUMBER' Set the I/O block size to the given NUMBER of bytes. -@@ -406,7 +408,8 @@ option. +@@ -417,7 +419,8 @@ option. '-B' Set the I/O block size to 5120 bytes. '-c' @@ -32,7 +32,7 @@ Index: doc/cpio.info '-C NUMBER' '--io-size=NUMBER' Set the I/O block size to the given NUMBER of bytes. -@@ -554,7 +557,8 @@ option is valid. +@@ -565,7 +568,8 @@ option is valid. '-c' [*note copy-in::,*note copy-out::,*note copy-pass::] @@ -46,7 +46,7 @@ Index: src/main.c =================================================================== --- src/main.c.orig +++ src/main.c -@@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct ar +@@ -328,6 +328,7 @@ parse_opt (int key, char *arg, struct ar case 'c': /* Use the old portable ASCII format. */ if (archive_format != arf_unknown) USAGE_ERROR ((0, 0, _("Archive format multiply defined"))); diff --git a/cpio.changes b/cpio.changes index c3e3868..d6c6140 100644 --- a/cpio.changes +++ b/cpio.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Aug 15 16:18:46 UTC 2020 - Dirk Mueller + +- update to 2.13: + * CVE-2015-1197, CVE-2016-2037, CVE-2019-14866 +- remove patches (upstream): + cpio-2.12-out_of_bounds_write.patch, cpio-2.12-CVE-2019-14866.patch, + cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch, + cpio-check_for_symlinks.patch + ------------------------------------------------------------------- Sun Mar 29 20:54:38 UTC 2020 - Kristyna Streitova diff --git a/cpio.keyring b/cpio.keyring index 018fbfb..1238cdd 100644 --- a/cpio.keyring +++ b/cpio.keyring @@ -1,3 +1,4 @@ +GPG keys of Sergey Poznyakoff -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.7 (GNU/Linux) diff --git a/cpio.spec b/cpio.spec index f67b993..4ee9708 100644 --- a/cpio.spec +++ b/cpio.spec @@ -17,7 +17,7 @@ Name: cpio -Version: 2.12 +Version: 2.13 Release: 0 Summary: A Backup and Archiving Utility License: GPL-3.0-only @@ -40,15 +40,11 @@ Patch18: cpio-default_tape_dev.patch Patch20: cpio-close_files_after_copy.patch Patch21: cpio-pattern-file-sigsegv.patch Patch23: paxutils-rtapelib_mtget.patch -Patch24: cpio-check_for_symlinks.patch Patch25: cpio-fix_truncation_check.patch -Patch26: cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch -Patch27: cpio-2.12-out_of_bounds_write.patch -Patch28: cpio-2.12-CVE-2019-14866.patch BuildRequires: autoconf BuildRequires: automake -Requires(post): %{install_info_prereq} -Requires(preun): %{install_info_prereq} +#Requires(post): %{xinstall_info_prereq} +#Requires(preun): %{xinstall_info_prereq} Recommends: %{name}-mt = %{version} Recommends: rmt @@ -81,13 +77,10 @@ This package includes the 'mt', a local tape drive control program. %patch17 %patch18 %patch20 +### %patch21 -p1 %patch23 -p1 -%patch24 -p1 %patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 %build gettextize -f --no-changelog diff --git a/paxutils-rtapelib_mtget.patch b/paxutils-rtapelib_mtget.patch index 7d98196..cdc2175 100644 --- a/paxutils-rtapelib_mtget.patch +++ b/paxutils-rtapelib_mtget.patch @@ -1,8 +1,8 @@ -Index: cpio-2.11/lib/rtapelib.c +Index: cpio-2.13/lib/rtapelib.c =================================================================== ---- cpio-2.11.orig/lib/rtapelib.c 2013-07-23 13:18:27.119431054 +0200 -+++ cpio-2.11/lib/rtapelib.c 2013-07-23 13:19:35.728188104 +0200 -@@ -710,7 +710,7 @@ rmt_ioctl__ (int handle, int operation, +--- cpio-2.13.orig/lib/rtapelib.c ++++ cpio-2.13/lib/rtapelib.c +@@ -711,7 +711,7 @@ rmt_ioctl__ (int handle, int operation, || (status = get_status (handle), status == -1)) return -1;