Accepting request 1144160 from home:dspinella:branches:Archiving

- Update to 2.15:
  * Fix the operation of --no-absolute-filenames --make-directories.
  * Restore access and modification times of symlinks in copy-in and
    copy-pass modes.
- Remove fix-operation-no-absolute-filenames.patch

  * Rewrite the fix for CVE-2015-1197
- Fix CVE-2023-7207, path traversal vulnerability, bsc#1218571

OBS-URL: https://build.opensuse.org/request/show/1144160
OBS-URL: https://build.opensuse.org/package/show/Archiving/cpio?expand=0&rev=94

cpio-2.14.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fcdc15d60f7267a6fc7efcd6b9db7b6c8966c4f2fbbb964c24d41336fd3f2c12
-size 1521004

cpio.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Feb  5 09:22:10 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 2.15:
+  * Fix the operation of --no-absolute-filenames --make-directories.
+  * Restore access and modification times of symlinks in copy-in and
+    copy-pass modes.
+- Remove fix-operation-no-absolute-filenames.patch
+
 -------------------------------------------------------------------
 Mon Jul 10 14:52:48 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com>
 
@@ -18,7 +27,7 @@ Fri Jun 23 13:02:55 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com>
   * Fix cpio header verification.
   * Fix handling of device numbers on copy out.
   * Fix calculation of CRC in copy-out mode.
-  * Rewrite the fix for CVE-2015-1197.
+  * Rewrite the fix for CVE-2015-1197
   * Fix combination of --create --append --directory.
   * Fix appending to archives bigger than 2G.
 - Refresh patches:
@@ -31,6 +40,7 @@ Fri Jun 23 13:02:55 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com>
   * fix-CVE-2021-38185.patch
   * fix-CVE-2021-38185_2.patch
   * fix-CVE-2021-38185_3.patch
+- Fix CVE-2023-7207, path traversal vulnerability, bsc#1218571
 
 -------------------------------------------------------------------
 Tue Dec 27 10:29:29 UTC 2022 - Ludwig Nussel <lnussel@suse.com>

cpio.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package cpio
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           cpio
-Version:        2.14
+Version:        2.15
 Release:        0
 Summary:        A Backup and Archiving Utility
 License:        GPL-3.0-only
@@ -41,8 +41,6 @@ Patch20:        cpio-close_files_after_copy.patch
 Patch21:        cpio-pattern-file-sigsegv.patch
 Patch23:        paxutils-rtapelib_mtget.patch
 Patch25:        cpio-fix_truncation_check.patch
-# PATCH-FIX-UPSTREAM
-Patch26:        fix-operation-no-absolute-filenames.patch
 BuildRequires:  autoconf >= 2.71
 BuildRequires:  automake
 #Requires(post): %{xinstall_info_prereq}
@@ -83,7 +81,6 @@ This package includes the 'mt', a local tape drive control program.
 %patch21 -p1
 %patch23 -p1
 %patch25 -p1
-%patch26 -p1
 
 %build
 gettextize -f --no-changelog

fix-operation-no-absolute-filenames.patch

@@ -1,31 +0,0 @@
-From e3cc782c610729de7622a274e532817c18262a9d Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Thu, 18 May 2023 09:00:12 +0300
-Subject: Fix operation of --no-absolute-filenames --make-directories
-
-* src/copyin.c (symlink_placeholder): Try to create leading
-directories if unable to create placeholder.
----
- src/copyin.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/copyin.c b/src/copyin.c
-index 1e4921f..08df12c 100644
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -668,6 +668,12 @@ symlink_placeholder (char *oldpath, char *newpath, struct cpio_file_stat *file_s
-   struct delayed_link *p;
-   size_t newlen = strlen (newpath);
- 
-+  if (fd < 0 && create_dir_flag)
-+    {
-+      create_all_directories (newpath);
-+      fd = open (newpath, O_WRONLY | O_CREAT | O_EXCL, 0);
-+    }
-+
-   if (fd < 0)
-     {
-       open_error (newpath);
--- 
-cgit v1.1
-