From c5e3d07b626b3e8f7364245c1d39bfe1bb1ae061c704327ad13bfd9f4d4ba49d Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Fri, 23 Jun 2023 13:45:55 +0000 Subject: [PATCH] Accepting request 1094882 from home:dspinella:branches:Archiving - Update to 2.14: * New option --ignore-dirnlink Valid in copy-out mode, it instructs cpio to ignore the actual number of links reported for each directory member and always store 2 instead. * Changes in --reproducible option The --reproducible option implies --ignore-dirlink. In other words, it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes. * Use GNU ls algorithm for deciding timestamp format in -tv mode * Fix cpio header verification. * Fix handling of device numbers on copy out. * Fix calculation of CRC in copy-out mode. * Rewrite the fix for CVE-2015-1197. * Fix combination of --create --append --directory. * Fix appending to archives bigger than 2G. - Refresh patches: * cpio-open_nonblock.patch * cpio-dev_number.patch * cpio-default_tape_dev.patch * cpio-pattern-file-sigsegv.patch - Remove patches: * cpio-revert-CVE-2015-1197-fix.patch * fix-CVE-2021-38185.patch * fix-CVE-2021-38185_2.patch * fix-CVE-2021-38185_3.patch OBS-URL: https://build.opensuse.org/request/show/1094882 OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=91 --- cpio-2.13.tar.bz2 | 3 - cpio-2.13.tar.bz2.sig | 7 - cpio-2.14.tar.bz2 | 3 + cpio-2.14.tar.bz2.sig | Bin 0 -> 95 bytes cpio-close_files_after_copy.patch | 2 +- cpio-default_tape_dev.patch | 4 +- cpio-dev_number.patch | 4 +- cpio-open_nonblock.patch | 6 +- cpio-pattern-file-sigsegv.patch | 14 +- cpio-revert-CVE-2015-1197-fix.patch | 91 ------ cpio.changes | 28 ++ cpio.spec | 13 +- fix-CVE-2021-38185.patch | 446 ---------------------------- fix-CVE-2021-38185_2.patch | 36 --- fix-CVE-2021-38185_3.patch | 13 - 15 files changed, 47 insertions(+), 623 deletions(-) delete mode 100644 cpio-2.13.tar.bz2 delete mode 100644 cpio-2.13.tar.bz2.sig create mode 100644 cpio-2.14.tar.bz2 create mode 100644 cpio-2.14.tar.bz2.sig delete mode 100644 cpio-revert-CVE-2015-1197-fix.patch delete mode 100644 fix-CVE-2021-38185.patch delete mode 100644 fix-CVE-2021-38185_2.patch delete mode 100644 fix-CVE-2021-38185_3.patch diff --git a/cpio-2.13.tar.bz2 b/cpio-2.13.tar.bz2 deleted file mode 100644 index a5e248a..0000000 --- a/cpio-2.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d -size 1354559 diff --git a/cpio-2.13.tar.bz2.sig b/cpio-2.13.tar.bz2.sig deleted file mode 100644 index 3a83ac4..0000000 --- a/cpio-2.13.tar.bz2.sig +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.15 (GNU/Linux) - -iEYEABECAAYFAl3CgW4ACgkQNgKwf1XQxzInuACdFx2CwRnphQ5Zka2zFicnNNCX -3z4AoIQeYZNDDyJoOzIYvKuNrFePJ4hG -=InYG ------END PGP SIGNATURE----- diff --git a/cpio-2.14.tar.bz2 b/cpio-2.14.tar.bz2 new file mode 100644 index 0000000..b5e418e --- /dev/null +++ b/cpio-2.14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fcdc15d60f7267a6fc7efcd6b9db7b6c8966c4f2fbbb964c24d41336fd3f2c12 +size 1521004 diff --git a/cpio-2.14.tar.bz2.sig b/cpio-2.14.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..8fff0195e1716d4ef842a285386c156024592a93e8911e0c181a296cba204b41 GIT binary patch literal 95 zcmeB(WnmCxVvrS6WHE|Qc_rdev_maj = major ((unsigned short)short_hdr->c_rdev); + file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 - | short_hdr->c_mtimes[1]; + | short_hdr->c_mtimes[1]; file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 diff --git a/cpio-open_nonblock.patch b/cpio-open_nonblock.patch index 12d29cf..77a4631 100644 --- a/cpio-open_nonblock.patch +++ b/cpio-open_nonblock.patch @@ -30,7 +30,7 @@ Index: src/mt.c =================================================================== --- src/mt.c.orig +++ src/mt.c -@@ -333,11 +333,11 @@ main (int argc, char **argv) +@@ -332,11 +332,11 @@ main (int argc, char **argv) #ifdef MTERASE case MTERASE: #endif @@ -42,13 +42,13 @@ Index: src/mt.c - tapedesc = rmtopen (tapedev, O_RDONLY, 0, rsh_command_option); + tapedesc = rmtopen (tapedev, O_RDONLY | O_NONBLOCK, 0, rsh_command_option); } - + if (tapedesc == -1) Index: src/util.c =================================================================== --- src/util.c.orig +++ src/util.c -@@ -801,14 +801,14 @@ open_archive (char *file) +@@ -799,14 +799,14 @@ open_archive (char *file) copy_in = process_copy_in; if (copy_function == copy_in) diff --git a/cpio-pattern-file-sigsegv.patch b/cpio-pattern-file-sigsegv.patch index 100d51d..9d50b5b 100644 --- a/cpio-pattern-file-sigsegv.patch +++ b/cpio-pattern-file-sigsegv.patch @@ -1,8 +1,8 @@ -Index: cpio-2.13/src/copyin.c +Index: cpio-2.14/src/copyin.c =================================================================== ---- cpio-2.13.orig/src/copyin.c -+++ cpio-2.13/src/copyin.c -@@ -798,6 +798,8 @@ read_pattern_file () +--- cpio-2.14.orig/src/copyin.c ++++ cpio-2.14/src/copyin.c +@@ -949,6 +949,8 @@ read_pattern_file (void) pattern_fp = fopen (pattern_file_name, "r"); if (pattern_fp == NULL) open_fatal (pattern_file_name); @@ -10,9 +10,9 @@ Index: cpio-2.13/src/copyin.c + { while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) { - if (new_num_patterns >= max_new_patterns) -@@ -812,6 +814,7 @@ read_pattern_file () - } + if (new_num_patterns == max_new_patterns) +@@ -963,6 +965,7 @@ read_pattern_file (void) + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) close_error (pattern_file_name); + } diff --git a/cpio-revert-CVE-2015-1197-fix.patch b/cpio-revert-CVE-2015-1197-fix.patch deleted file mode 100644 index 0d75b4f..0000000 --- a/cpio-revert-CVE-2015-1197-fix.patch +++ /dev/null @@ -1,91 +0,0 @@ -revert fix for CVE-2015-1197 as it causes shutdown issues - -revert suggested as a workaround by upstream: -https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html - ---- b/src/copyin.c -+++ a/src/copyin.c -@@ -645,14 +645,13 @@ - link_name = xstrdup (file_hdr->c_tar_linkname); - } - -- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); -- - res = UMASKED_SYMLINK (link_name, file_hdr->c_name, - file_hdr->c_mode); - if (res < 0 && create_dir_flag) - { - create_all_directories (file_hdr->c_name); -+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, -+ file_hdr->c_mode); -- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); - } - if (res < 0) - { ---- b/tests/CVE-2015-1197.at -+++ /dev/null -@@ -1,43 +0,0 @@ --# Process this file with autom4te to create testsuite. -*- Autotest -*- --# Copyright (C) 2009-2019 Free Software Foundation, Inc. --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 3, or (at your option) --# any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program. If not, see . -- --AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)]) --AT_CHECK([ --tempdir=$(pwd)/tmp --mkdir $tempdir --touch $tempdir/file --ln -s $tempdir dir --AT_DATA([filelist], --[dir --dir/file --]) --ln -s /tmp dir --touch /tmp/file --cpio -o < filelist > test.cpio --rm dir /tmp/file --cpio --no-absolute-filenames -iv < test.cpio --], --[2], --[], --[1 block --cpio: Removing leading `/' from hard link targets --dir --cpio: dir/file: Cannot open: No such file or directory --dir/file --1 block --]) --AT_CLEANUP -- ---- b/tests/Makefile.am -+++ a/tests/Makefile.am -@@ -56,9 +56,8 @@ - symlink-long.at\ - symlink-to-stdout.at\ - version.at\ - big-block-size.at\ -- CVE-2015-1197.at\ - CVE-2019-14866.at - - TESTSUITE = $(srcdir)/testsuite - ---- b/tests/testsuite.at -+++ a/tests/testsuite.at -@@ -43,6 +43,5 @@ - m4_include([setstat04.at]) - m4_include([setstat05.at]) - m4_include([big-block-size.at]) - --m4_include([CVE-2015-1197.at]) - m4_include([CVE-2019-14866.at]) diff --git a/cpio.changes b/cpio.changes index b122a53..e4a2745 100644 --- a/cpio.changes +++ b/cpio.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Fri Jun 23 13:02:55 UTC 2023 - Danilo Spinella + +- Update to 2.14: + * New option --ignore-dirnlink + Valid in copy-out mode, it instructs cpio to ignore the actual number of + links reported for each directory member and always store 2 instead. + * Changes in --reproducible option + The --reproducible option implies --ignore-dirlink. In other words, it is + equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes. + * Use GNU ls algorithm for deciding timestamp format in -tv mode + * Fix cpio header verification. + * Fix handling of device numbers on copy out. + * Fix calculation of CRC in copy-out mode. + * Rewrite the fix for CVE-2015-1197. + * Fix combination of --create --append --directory. + * Fix appending to archives bigger than 2G. +- Refresh patches: + * cpio-open_nonblock.patch + * cpio-dev_number.patch + * cpio-default_tape_dev.patch + * cpio-pattern-file-sigsegv.patch +- Remove patches: + * cpio-revert-CVE-2015-1197-fix.patch + * fix-CVE-2021-38185.patch + * fix-CVE-2021-38185_2.patch + * fix-CVE-2021-38185_3.patch + ------------------------------------------------------------------- Tue Dec 27 10:29:29 UTC 2022 - Ludwig Nussel diff --git a/cpio.spec b/cpio.spec index 0e1b960..59c24e1 100644 --- a/cpio.spec +++ b/cpio.spec @@ -17,7 +17,7 @@ Name: cpio -Version: 2.13 +Version: 2.14 Release: 0 Summary: A Backup and Archiving Utility License: GPL-3.0-only @@ -40,14 +40,7 @@ Patch18: cpio-default_tape_dev.patch Patch20: cpio-close_files_after_copy.patch Patch21: cpio-pattern-file-sigsegv.patch Patch23: paxutils-rtapelib_mtget.patch -# see https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html -Patch24: cpio-revert-CVE-2015-1197-fix.patch Patch25: cpio-fix_truncation_check.patch -# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1189206 -# Remote code execution caused by an integer overflow in ds_fgetstr -Patch26: fix-CVE-2021-38185.patch -Patch27: fix-CVE-2021-38185_2.patch -Patch28: fix-CVE-2021-38185_3.patch BuildRequires: autoconf BuildRequires: automake #Requires(post): %{xinstall_info_prereq} @@ -87,11 +80,7 @@ This package includes the 'mt', a local tape drive control program. ### %patch21 -p1 %patch23 -p1 -%patch24 -p1 %patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 %build gettextize -f --no-changelog diff --git a/fix-CVE-2021-38185.patch b/fix-CVE-2021-38185.patch deleted file mode 100644 index b32614a..0000000 --- a/fix-CVE-2021-38185.patch +++ /dev/null @@ -1,446 +0,0 @@ -From dd96882877721703e19272fe25034560b794061b Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Sat, 7 Aug 2021 12:52:21 +0300 -Subject: Rewrite dynamic string support. - -* src/dstring.c (ds_init): Take a single argument. -(ds_free): New function. -(ds_resize): Take a single argument. Use x2nrealloc to expand -the storage. -(ds_reset,ds_append,ds_concat,ds_endswith): New function. -(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. -* src/dstring.h (dynamic_string): Keep both the allocated length -(ds_size) and index of the next free byte in the string (ds_idx). -(ds_init,ds_resize): Change signature. -(ds_len): New macro. -(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. -* src/copyin.c: Use new ds_ functions. -* src/copyout.c: Likewise. -* src/copypass.c: Likewise. -* src/util.c: Likewise. ---- - src/copyin.c | 40 +++++++++++++------------- - src/copyout.c | 16 ++++------- - src/copypass.c | 34 +++++++++++------------ - src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++++++++---------------- - src/dstring.h | 31 ++++++++++----------- - src/util.c | 6 ++-- - 6 files changed, 123 insertions(+), 92 deletions(-) - -Index: cpio-2.13/src/copyin.c -=================================================================== ---- cpio-2.13.orig/src/copyin.c -+++ cpio-2.13/src/copyin.c -@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file - char *str_res; /* Result for string function. */ - static dynamic_string new_name; /* New file name for rename option. */ - static int initialized_new_name = false; -+ - if (!initialized_new_name) -- { -- ds_init (&new_name, 128); -- initialized_new_name = true; -- } -+ { -+ ds_init (&new_name); -+ initialized_new_name = true; -+ } - - if (rename_flag) - { -@@ -778,21 +779,20 @@ long_format (struct cpio_file_stat *file - already in `save_patterns' (from the command line) are preserved. */ - - static void --read_pattern_file () -+read_pattern_file (void) - { -- int max_new_patterns; -- char **new_save_patterns; -- int new_num_patterns; -+ char **new_save_patterns = NULL; -+ size_t max_new_patterns; -+ size_t new_num_patterns; - int i; -- dynamic_string pattern_name; -+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; - FILE *pattern_fp; - - if (num_patterns < 0) - num_patterns = 0; -- max_new_patterns = 1 + num_patterns; -- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); - new_num_patterns = num_patterns; -- ds_init (&pattern_name, 128); -+ max_new_patterns = num_patterns; -+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); - - pattern_fp = fopen (pattern_file_name, "r"); - if (pattern_fp == NULL) -@@ -801,16 +801,16 @@ read_pattern_file () - { - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -+ if (new_num_patterns == max_new_patterns) -+ new_save_patterns = x2nrealloc (new_save_patterns, -+ &max_new_patterns, -+ sizeof (new_save_patterns[0])); - new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); - ++new_num_patterns; - } -+ -+ ds_free (&pattern_name); -+ - if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) - close_error (pattern_file_name); - } -Index: cpio-2.13/src/copyout.c -=================================================================== ---- cpio-2.13.orig/src/copyout.c -+++ cpio-2.13/src/copyout.c -@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) - The format of the header depends on the compatibility (-c) flag. */ - - void --process_copy_out () -+process_copy_out (void) - { -- dynamic_string input_name; /* Name of file read from stdin. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file read from stdin. */ - struct stat file_stat; /* Stat record for file. */ - struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; - /* Output header information. */ -@@ -605,7 +606,6 @@ process_copy_out () - char *orig_file_name = NULL; - - /* Initialize the copy out. */ -- ds_init (&input_name, 128); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -@@ -657,14 +657,9 @@ process_copy_out () - { - if (file_hdr.c_mode & CP_IFDIR) - { -- int len = strlen (input_name.ds_string); - /* Make sure the name ends with a slash */ -- if (input_name.ds_string[len-1] != '/') -- { -- ds_resize (&input_name, len + 2); -- input_name.ds_string[len] = '/'; -- input_name.ds_string[len+1] = 0; -- } -+ if (!ds_endswith (&input_name, '/')) -+ ds_append (&input_name, '/'); - } - } - -@@ -875,6 +870,7 @@ process_copy_out () - (unsigned long) blocks), (unsigned long) blocks); - } - cpio_file_stat_free (&file_hdr); -+ ds_free (&input_name); - } - - -Index: cpio-2.13/src/copypass.c -=================================================================== ---- cpio-2.13.orig/src/copypass.c -+++ cpio-2.13/src/copypass.c -@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char * - If `link_flag', link instead of copying. */ - - void --process_copy_pass () -+process_copy_pass (void) - { -- dynamic_string input_name; /* Name of file from stdin. */ -- dynamic_string output_name; /* Name of new file. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file from stdin. */ -+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of new file. */ - size_t dirname_len; /* Length of `directory_name'. */ - int res; /* Result of functions. */ - char *slash; /* For moving past slashes in input name. */ -@@ -65,25 +67,18 @@ process_copy_pass () - created files */ - - /* Initialize the copy pass. */ -- ds_init (&input_name, 128); - - dirname_len = strlen (directory_name); - if (change_directory_option && !ISSLASH (directory_name[0])) - { - char *pwd = xgetcwd (); -- -- dirname_len += strlen (pwd) + 1; -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, pwd); -- strcat (output_name.ds_string, "/"); -- strcat (output_name.ds_string, directory_name); -- } -- else -- { -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, directory_name); -+ -+ ds_concat (&output_name, pwd); -+ ds_append (&output_name, '/'); - } -- output_name.ds_string[dirname_len] = '/'; -+ ds_concat (&output_name, directory_name); -+ ds_append (&output_name, '/'); -+ dirname_len = ds_len (&output_name); - output_is_seekable = true; - - change_dir (); -@@ -116,8 +111,8 @@ process_copy_pass () - /* Make the name of the new file. */ - for (slash = input_name.ds_string; *slash == '/'; ++slash) - ; -- ds_resize (&output_name, dirname_len + strlen (slash) + 2); -- strcpy (output_name.ds_string + dirname_len + 1, slash); -+ ds_reset (&output_name, dirname_len); -+ ds_concat (&output_name, slash); - - existing_dir = false; - if (lstat (output_name.ds_string, &out_file_stat) == 0) -@@ -333,6 +328,9 @@ process_copy_pass () - (unsigned long) blocks), - (unsigned long) blocks); - } -+ -+ ds_free (&input_name); -+ ds_free (&output_name); - } - - /* Try and create a hard link from FILE_NAME to another file -Index: cpio-2.13/src/dstring.c -=================================================================== ---- cpio-2.13.orig/src/dstring.c -+++ cpio-2.13/src/dstring.c -@@ -20,8 +20,8 @@ - #if defined(HAVE_CONFIG_H) - # include - #endif -- - #include -+#include - #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) - #include - #else -@@ -33,24 +33,41 @@ - /* Initialiaze dynamic string STRING with space for SIZE characters. */ - - void --ds_init (dynamic_string *string, int size) -+ds_init (dynamic_string *string) -+{ -+ memset (string, 0, sizeof *string); -+} -+ -+/* Free the dynamic string storage. */ -+ -+void -+ds_free (dynamic_string *string) - { -- string->ds_length = size; -- string->ds_string = (char *) xmalloc (size); -+ free (string->ds_string); - } - --/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ -+/* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string, int size) -+ds_resize (dynamic_string *string) - { -- if (size > string->ds_length) -+ if (string->ds_idx == string->ds_size) - { -- string->ds_length = size; -- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); -+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, -+ 1); - } - } - -+/* Reset the index of the dynamic string S to LEN. */ -+ -+void -+ds_reset (dynamic_string *s, size_t len) -+{ -+ while (len > s->ds_size) -+ ds_resize (s); -+ s->ds_idx = len; -+} -+ - /* Dynamic string S gets a string terminated by the EOS character - (which is removed) from file F. S will increase - in size during the function if the string from F is longer than -@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int s - char * - ds_fgetstr (FILE *f, dynamic_string *s, char eos) - { -- int insize; /* Amount needed for line. */ -- int strsize; /* Amount allocated for S. */ - int next_ch; - - /* Initialize. */ -- insize = 0; -- strsize = s->ds_length; -+ s->ds_idx = 0; - - /* Read the input string. */ -- next_ch = getc (f); -- while (next_ch != eos && next_ch != EOF) -+ while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- if (insize >= strsize - 1) -- { -- ds_resize (s, strsize * 2 + 2); -- strsize = s->ds_length; -- } -- s->ds_string[insize++] = next_ch; -- next_ch = getc (f); -+ ds_resize (s); -+ s->ds_string[s->ds_idx++] = next_ch; - } -- s->ds_string[insize++] = '\0'; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = '\0'; - -- if (insize == 1 && next_ch == EOF) -+ if (s->ds_idx == 0 && next_ch == EOF) - return NULL; - else - return s->ds_string; - } - -+void -+ds_append (dynamic_string *s, int c) -+{ -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = c; -+ if (c) -+ { -+ s->ds_idx++; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = 0; -+ } -+} -+ -+void -+ds_concat (dynamic_string *s, char const *str) -+{ -+ size_t len = strlen (str); -+ while (len + 1 > s->ds_size) -+ ds_resize (s); -+ memcpy (s->ds_string + s->ds_idx, str, len); -+ s->ds_idx += len; -+ s->ds_string[s->ds_idx] = 0; -+} -+ - char * - ds_fgets (FILE *f, dynamic_string *s) - { -@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) - { - return ds_fgetstr (f, s, '\0'); - } -+ -+/* Return true if the dynamic string S ends with character C. */ -+int -+ds_endswith (dynamic_string *s, int c) -+{ -+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); -+} -Index: cpio-2.13/src/dstring.h -=================================================================== ---- cpio-2.13.orig/src/dstring.h -+++ cpio-2.13/src/dstring.h -@@ -17,10 +17,6 @@ - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA. */ - --#ifndef NULL --#define NULL 0 --#endif -- - /* A dynamic string consists of record that records the size of an - allocated string and the pointer to that string. The actual string - is a normal zero byte terminated string that can be used with the -@@ -30,22 +26,25 @@ - - typedef struct - { -- int ds_length; /* Actual amount of storage allocated. */ -- char *ds_string; /* String. */ -+ size_t ds_size; /* Actual amount of storage allocated. */ -+ size_t ds_idx; /* Index of the next free byte in the string. */ -+ char *ds_string; /* String storage. */ - } dynamic_string; - -+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } - --/* Macros that look similar to the original string functions. -- WARNING: These macros work only on pointers to dynamic string records. -- If used with a real record, an "&" must be used to get the pointer. */ --#define ds_strlen(s) strlen ((s)->ds_string) --#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) --#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) --#define ds_index(s, c) index ((s)->ds_string, c) --#define ds_rindex(s, c) rindex ((s)->ds_string, c) -+void ds_init (dynamic_string *string); -+void ds_free (dynamic_string *string); -+void ds_reset (dynamic_string *s, size_t len); - --void ds_init (dynamic_string *string, int size); --void ds_resize (dynamic_string *string, int size); -+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ - char *ds_fgetname (FILE *f, dynamic_string *s); - char *ds_fgets (FILE *f, dynamic_string *s); - char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); -+void ds_append (dynamic_string *s, int c); -+void ds_concat (dynamic_string *s, char const *str); -+ -+#define ds_len(s) ((s)->ds_idx) -+ -+int ds_endswith (dynamic_string *s, int c); -+ -Index: cpio-2.13/src/util.c -=================================================================== ---- cpio-2.13.orig/src/util.c -+++ cpio-2.13/src/util.c -@@ -894,11 +894,9 @@ get_next_reel (int tape_des) - FILE *tty_out; /* File for interacting with user. */ - int old_tape_des; - char *next_archive_name; -- dynamic_string new_name; -+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; - char *str_res; - -- ds_init (&new_name, 128); -- - /* Open files for interactive communication. */ - tty_in = fopen (TTY_NAME, "r"); - if (tty_in == NULL) -@@ -973,7 +971,7 @@ get_next_reel (int tape_des) - error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), - old_tape_des, tape_des); - -- free (new_name.ds_string); -+ ds_free (&new_name); - fclose (tty_in); - fclose (tty_out); - } diff --git a/fix-CVE-2021-38185_2.patch b/fix-CVE-2021-38185_2.patch deleted file mode 100644 index e14b91b..0000000 --- a/fix-CVE-2021-38185_2.patch +++ /dev/null @@ -1,36 +0,0 @@ -From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 11 Aug 2021 18:10:38 +0300 -Subject: Fix previous commit - -* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a -loop. ---- - src/dstring.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index 692d3e7..b7e0bb5 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -64,7 +64,7 @@ void - ds_reset (dynamic_string *s, size_t len) - { - while (len > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - s->ds_idx = len; - } - -@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); - while (len + 1 > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -cgit v1.2.1 - diff --git a/fix-CVE-2021-38185_3.patch b/fix-CVE-2021-38185_3.patch deleted file mode 100644 index 098859e..0000000 --- a/fix-CVE-2021-38185_3.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: cpio-2.13/src/dstring.c -=================================================================== ---- cpio-2.13.orig/src/dstring.c -+++ cpio-2.13/src/dstring.c -@@ -115,7 +115,7 @@ void - ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); -- while (len + 1 > s->ds_size) -+ while (len + s->ds_idx + 1 > s->ds_size) - s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len;