Browse Source

initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 2 years ago
commit
840649df8a
  1. 27
      SOURCES/cpio-2.10-longnames-split.patch
  2. 49
      SOURCES/cpio-2.10-patternnamesigsegv.patch
  3. 19
      SOURCES/cpio-2.11-crc-fips-nit.patch
  4. 94
      SOURCES/cpio-2.11-retain-symlink-times.patch
  5. 621
      SOURCES/cpio-2.13-CVE-2021-38185.patch
  6. 28
      SOURCES/cpio-2.13-dev_number.patch
  7. 39
      SOURCES/cpio-2.13-exitCode.patch
  8. 13
      SOURCES/cpio-2.13-mutiple-definition.patch
  9. 63
      SOURCES/cpio-2.13-reset-gid-uid.patch
  10. 91
      SOURCES/cpio-2.13-revert-CVE-2015-1197-fix.patch
  11. 69
      SOURCES/cpio-2.9-rh.patch
  12. 20
      SOURCES/cpio-2.9.90-defaultremoteshell.patch
  13. 438
      SOURCES/cpio.1
  14. 607
      SPECS/cpio.spec

27
SOURCES/cpio-2.10-longnames-split.patch

@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 14 Sep 2015 09:49:12 +0200
Subject: [PATCH 6/7] Fix for splitting long file names while creating ustar
archive

Resolves: #866467

diff --git a/src/tar.c b/src/tar.c
index a2ce171..e2b5f45 100644
--- a/src/tar.c
+++ b/src/tar.c
@@ -49,10 +49,12 @@ split_long_name (const char *name, size_t length)
{
size_t i;
- if (length > TARPREFIXSIZE)
- length = TARPREFIXSIZE+2;
+ if (length > TARPREFIXSIZE + 1)
+ length = TARPREFIXSIZE + 1;
+ else if (ISSLASH (name[length - 1]))
+ length--;
for (i = length - 1; i > 0; i--)
- if (name[i] == '/')
+ if (ISSLASH (name[i]))
break;
return i;
}

49
SOURCES/cpio-2.10-patternnamesigsegv.patch

@ -0,0 +1,49 @@ @@ -0,0 +1,49 @@
From: =?UTF-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <ovasik@redhat.com>
Date: Mon, 14 Sep 2015 09:47:05 +0200
Subject: [PATCH 5/7] fix segfault with nonexisting file with patternnames
(#567022)

diff --git a/src/copyin.c b/src/copyin.c
index 12bd27c..183b5b5 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -870,21 +870,24 @@ read_pattern_file ()
pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL)
- open_fatal (pattern_file_name);
- while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
- {
- if (new_num_patterns >= max_new_patterns)
- {
- max_new_patterns += 1;
- new_save_patterns = (char **)
- xrealloc ((char *) new_save_patterns,
- max_new_patterns * sizeof (char *));
- }
- new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
- ++new_num_patterns;
- }
- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
- close_error (pattern_file_name);
+ open_error (pattern_file_name);
+ else
+ {
+ while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
+ {
+ if (new_num_patterns >= max_new_patterns)
+ {
+ max_new_patterns += 1;
+ new_save_patterns = (char **)
+ xrealloc ((char *) new_save_patterns,
+ max_new_patterns * sizeof (char *));
+ }
+ new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
+ ++new_num_patterns;
+ }
+ if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
+ close_error (pattern_file_name);
+ }
for (i = 0; i < num_patterns; ++i)
new_save_patterns[i] = save_patterns[i];

19
SOURCES/cpio-2.11-crc-fips-nit.patch

@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
From: Pavel Raiskup <pavel@raiskup.cz>
Date: Mon, 14 Sep 2015 09:51:12 +0200
Subject: [PATCH 7/7] Note that cpio uses Sum32 checksum only

Related to Package Wrangler and FIPS check.

diff --git a/src/main.c b/src/main.c
index a875a13..13cdfcf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -167,7 +167,7 @@ static struct argp_option options[] = {
{"pattern-file", 'E', N_("FILE"), 0,
N_("Read additional patterns specifying filenames to extract or list from FILE"), 210},
{"only-verify-crc", ONLY_VERIFY_CRC_OPTION, 0, 0,
- N_("When reading a CRC format archive, only verify the CRC's of each file in the archive, don't actually extract the files"), 210},
+ N_("When reading a CRC format archive, only verify the checksum of each file in the archive, don't actually extract the files"), 210},
{"rename", 'r', 0, 0,
N_("Interactively rename files"), GRID+1 },
{"rename-batch-file", RENAME_BATCH_FILE_OPTION, N_("FILE"), OPTION_HIDDEN,

94
SOURCES/cpio-2.11-retain-symlink-times.patch

@ -0,0 +1,94 @@ @@ -0,0 +1,94 @@
From 8bce60df53f93c9cbfb18274c6700c143a0092c6 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 3 Jul 2020 13:00:18 +0200
Subject: [PATCH] Extract: retain times for symlinks

Original report by Pat Riehecky at
https://bugzilla.redhat.com/1486364

* src/copyin.c (copyin_device): Don't check for retain_time_flag
global, it's done by set_file_times.
(copyin_link): Call set_file_times to restore symlink times.
* src/util.c (set_perms): Don't check for retain_time_flag global,
done by set_file_times call.
(set_file_times): Do nothing if retain_time_flag global is false.
* src/copypass.c (process_copy_pass): Call set_file_times for
symlinks.
---
src/copyin.c | 5 ++---
src/copypass.c | 2 ++
src/util.c | 8 +++++---
3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/copyin.c b/src/copyin.c
index bf3b0a8..93b006a 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -615,9 +615,7 @@ copyin_device (struct cpio_file_stat* file_hdr)
/* chown may have turned off some permissions we wanted. */
if (chmod (file_hdr->c_name, file_hdr->c_mode) < 0)
chmod_error_details (file_hdr->c_name, file_hdr->c_mode);
- if (retain_time_flag)
- set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime,
- file_hdr->c_mtime);
+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
}
static void
@@ -668,6 +666,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
&& errno != EPERM)
chown_error_details (file_hdr->c_name, uid, gid);
}
+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
free (link_name);
}
diff --git a/src/copypass.c b/src/copypass.c
index dc13b5b..a5f9b7b 100644
--- a/src/copypass.c
+++ b/src/copypass.c
@@ -306,6 +306,8 @@ process_copy_pass ()
&& errno != EPERM)
chown_error_details (output_name.ds_string, uid, gid);
}
+ set_file_times (-1, output_name.ds_string,
+ in_file_stat.st_atime, in_file_stat.st_mtime);
free (link_name);
}
#endif
diff --git a/src/util.c b/src/util.c
index 4421b20..0e8d88c 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1230,8 +1230,7 @@ set_perms (int fd, struct cpio_file_stat *header)
/* chown may have turned off some permissions we wanted. */
if (fchmod_or_chmod (fd, header->c_name, header->c_mode) < 0)
chmod_error_details (header->c_name, header->c_mode);
- if (retain_time_flag)
- set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime);
+ set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime);
}
void
@@ -1239,6 +1238,8 @@ set_file_times (int fd,
const char *name, unsigned long atime, unsigned long mtime)
{
struct timespec ts[2];
+ if (!retain_time_flag)
+ return;
memset (&ts, 0, sizeof ts);
@@ -1247,7 +1248,8 @@ set_file_times (int fd,
/* Silently ignore EROFS because reading the file won't have upset its
timestamp if it's on a read-only filesystem. */
- if (fdutimens (fd, name, ts) < 0 && errno != EROFS)
+ if ((fd >= 0 ? fdutimens (fd, NULL, ts) : lutimens (name, ts)) < 0
+ && errno != EROFS)
utime_error (name);
}
--
2.24.1

621
SOURCES/cpio-2.13-CVE-2021-38185.patch

@ -0,0 +1,621 @@ @@ -0,0 +1,621 @@
From a458d64ad1e47c0912c2ba0702a148c396984105 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Mon, 13 Sep 2021 08:13:08 +0200
Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument.
(ds_free): New function. (ds_resize): Take a single argument. Use
x2nrealloc to expand the storage.
(ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr):
Rewrite. In particular, this fixes integer overflow. (ds_resize): Take
additional argument: number of bytes to leave available after ds_idx. All
uses changed. * src/dstring.h (dynamic_string): Keep both the allocated
length (ds_size) and index of the next free byte in the string (ds_idx).
(ds_init,ds_resize): Change signature. (ds_len): New macro.
(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. *
src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0.
(read_name_from_file): Print error message and skip file if its name is not
nul-terminated. (long_format): Cast rdev numbers to unsigned long *
src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise.
(tape_empty_output_buffer): Fix condition. * src/idcache.c
(getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c
(parse_user_spec): Likewise. * configure.ac: Raise version number to 2.13.90.

---
configure.ac | 6 ++--
src/copyin.c | 69 ++++++++++++++++++++++------------------
src/copyout.c | 16 ++++------
src/copypass.c | 32 +++++++++----------
src/dstring.c | 85 ++++++++++++++++++++++++++++++++++++--------------
src/dstring.h | 30 +++++++++---------
src/idcache.c | 11 +++----
src/userspec.c | 9 ++----
src/util.c | 9 ++----
9 files changed, 150 insertions(+), 117 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2132256..875b44f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,13 +15,13 @@ dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program. If not, see <http://www.gnu.org/licenses/>.
-AC_INIT([GNU cpio], [2.13], [bug-cpio@gnu.org],,
+AC_INIT([GNU cpio], [2.13.90], [bug-cpio@gnu.org],,
[http://www.gnu.org/software/cpio])
AC_CONFIG_SRCDIR(src/cpio.h)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
-AC_PREREQ([2.63])
-AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules])
+AC_PREREQ([2.64])
+AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules])
# Enable silent rules by default:
AM_SILENT_RULES([yes])
diff --git a/src/copyin.c b/src/copyin.c
index 93b006a..df5da9c 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
static dynamic_string new_name; /* New file name for rename option. */
static int initialized_new_name = false;
if (!initialized_new_name)
- {
- ds_init (&new_name, 128);
- initialized_new_name = true;
- }
+ {
+ ds_init (&new_name);
+ initialized_new_name = true;
+ }
if (rename_flag)
{
@@ -756,8 +756,9 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name)
if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR
|| (file_hdr->c_mode & CP_IFMT) == CP_IFBLK)
- printf ("%3lu, %3lu ", file_hdr->c_rdev_maj,
- file_hdr->c_rdev_min);
+ printf ("%3lu, %3lu ",
+ (unsigned long) file_hdr->c_rdev_maj,
+ (unsigned long) file_hdr->c_rdev_min);
else
printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize);
@@ -777,21 +778,20 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name)
already in `save_patterns' (from the command line) are preserved. */
static void
-read_pattern_file ()
+read_pattern_file (void)
{
- int max_new_patterns;
- char **new_save_patterns;
- int new_num_patterns;
+ char **new_save_patterns = NULL;
+ size_t max_new_patterns;
+ size_t new_num_patterns;
int i;
- dynamic_string pattern_name;
+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER;
FILE *pattern_fp;
if (num_patterns < 0)
num_patterns = 0;
- max_new_patterns = 1 + num_patterns;
- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *));
new_num_patterns = num_patterns;
- ds_init (&pattern_name, 128);
+ max_new_patterns = num_patterns;
+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0]));
pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL)
@@ -800,16 +800,16 @@ read_pattern_file ()
{
while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
{
- if (new_num_patterns >= max_new_patterns)
- {
- max_new_patterns += 1;
- new_save_patterns = (char **)
- xrealloc ((char *) new_save_patterns,
- max_new_patterns * sizeof (char *));
- }
+ if (new_num_patterns == max_new_patterns)
+ new_save_patterns = x2nrealloc (new_save_patterns,
+ &max_new_patterns,
+ sizeof (new_save_patterns[0]));
new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
++new_num_patterns;
}
+
+ ds_free (&pattern_name);
+
if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
close_error (pattern_file_name);
}
@@ -999,8 +999,21 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
static void
read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
{
- cpio_realloc_c_name (file_hdr, len);
- tape_buffered_read (file_hdr->c_name, fd, len);
+ if (len == 0)
+ {
+ error (0, 0, _("malformed header: file name of zero length"));
+ }
+ else
+ {
+ cpio_realloc_c_name (file_hdr, len);
+ tape_buffered_read (file_hdr->c_name, fd, len);
+ if (file_hdr->c_name[len-1] != 0)
+ {
+ error (0, 0, _("malformed header: file name is not nul-terminated"));
+ /* Skip this file */
+ len = 0;
+ }
+ }
file_hdr->c_namesize = len;
}
@@ -1197,9 +1210,8 @@ swab_array (char *ptr, int count)
in the file system. */
void
-process_copy_in ()
+process_copy_in (void)
{
- char done = false; /* True if trailer reached. */
FILE *tty_in = NULL; /* Interactive file for rename option. */
FILE *tty_out = NULL; /* Interactive file for rename option. */
FILE *rename_in = NULL; /* Batch file for rename option. */
@@ -1271,7 +1283,7 @@ process_copy_in ()
change_dir ();
/* While there is more input in the collection, process the input. */
- while (!done)
+ while (1)
{
swapping_halfwords = swapping_bytes = false;
@@ -1305,10 +1317,7 @@ process_copy_in ()
{
/* Is this the header for the TRAILER file? */
if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
- {
- done = true;
- break;
- }
+ break;
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
diff --git a/src/copyout.c b/src/copyout.c
index 4b7336b..421d36d 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value)
The format of the header depends on the compatibility (-c) flag. */
void
-process_copy_out ()
+process_copy_out (void)
{
- dynamic_string input_name; /* Name of file read from stdin. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file read from stdin. */
struct stat file_stat; /* Stat record for file. */
struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;
/* Output header information. */
@@ -605,7 +606,6 @@ process_copy_out ()
char *orig_file_name = NULL;
/* Initialize the copy out. */
- ds_init (&input_name, 128);
file_hdr.c_magic = 070707;
/* Check whether the output file might be a tape. */
@@ -657,14 +657,9 @@ process_copy_out ()
{
if (file_hdr.c_mode & CP_IFDIR)
{
- int len = strlen (input_name.ds_string);
/* Make sure the name ends with a slash */
- if (input_name.ds_string[len-1] != '/')
- {
- ds_resize (&input_name, len + 2);
- input_name.ds_string[len] = '/';
- input_name.ds_string[len+1] = 0;
- }
+ if (!ds_endswith (&input_name, '/'))
+ ds_append (&input_name, '/');
}
}
@@ -875,6 +870,7 @@ process_copy_out ()
(unsigned long) blocks), (unsigned long) blocks);
}
cpio_file_stat_free (&file_hdr);
+ ds_free (&input_name);
}
diff --git a/src/copypass.c b/src/copypass.c
index a5f9b7b..43bde7e 100644
--- a/src/copypass.c
+++ b/src/copypass.c
@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st)
If `link_flag', link instead of copying. */
void
-process_copy_pass ()
+process_copy_pass (void)
{
- dynamic_string input_name; /* Name of file from stdin. */
- dynamic_string output_name; /* Name of new file. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file from stdin. */
+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of new file. */
size_t dirname_len; /* Length of `directory_name'. */
int res; /* Result of functions. */
char *slash; /* For moving past slashes in input name. */
@@ -65,25 +67,18 @@ process_copy_pass ()
created files */
/* Initialize the copy pass. */
- ds_init (&input_name, 128);
dirname_len = strlen (directory_name);
if (change_directory_option && !ISSLASH (directory_name[0]))
{
char *pwd = xgetcwd ();
- dirname_len += strlen (pwd) + 1;
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, pwd);
- strcat (output_name.ds_string, "/");
- strcat (output_name.ds_string, directory_name);
+ ds_concat (&output_name, pwd);
+ ds_append (&output_name, '/');
}
- else
- {
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, directory_name);
- }
- output_name.ds_string[dirname_len] = '/';
+ ds_concat (&output_name, directory_name);
+ ds_append (&output_name, '/');
+ dirname_len = ds_len (&output_name);
output_is_seekable = true;
change_dir ();
@@ -116,8 +111,8 @@ process_copy_pass ()
/* Make the name of the new file. */
for (slash = input_name.ds_string; *slash == '/'; ++slash)
;
- ds_resize (&output_name, dirname_len + strlen (slash) + 2);
- strcpy (output_name.ds_string + dirname_len + 1, slash);
+ ds_reset (&output_name, dirname_len);
+ ds_concat (&output_name, slash);
existing_dir = false;
if (lstat (output_name.ds_string, &out_file_stat) == 0)
@@ -335,6 +330,9 @@ process_copy_pass ()
(unsigned long) blocks),
(unsigned long) blocks);
}
+
+ ds_free (&input_name);
+ ds_free (&output_name);
}
/* Try and create a hard link from FILE_NAME to another file
diff --git a/src/dstring.c b/src/dstring.c
index e9c063f..c788057 100644
--- a/src/dstring.c
+++ b/src/dstring.c
@@ -22,6 +22,7 @@
#endif
#include <stdio.h>
+#include <stdlib.h>
#if defined(HAVE_STRING_H) || defined(STDC_HEADERS)
#include <string.h>
#else
@@ -33,24 +34,40 @@
/* Initialiaze dynamic string STRING with space for SIZE characters. */
void
-ds_init (dynamic_string *string, int size)
+ds_init (dynamic_string *string)
{
- string->ds_length = size;
- string->ds_string = (char *) xmalloc (size);
+ memset (string, 0, sizeof *string);
}
-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */
+/* Free the dynamic string storage. */
void
-ds_resize (dynamic_string *string, int size)
+ds_free (dynamic_string *string)
{
- if (size > string->ds_length)
+ free (string->ds_string);
+}
+
+/* Expand dynamic string STRING, if necessary. */
+
+void
+ds_resize (dynamic_string *string, size_t len)
+{
+ while (len + string->ds_idx >= string->ds_size)
{
- string->ds_length = size;
- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size);
+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
+ 1);
}
}
+/* Reset the index of the dynamic string S to LEN. */
+
+void
+ds_reset (dynamic_string *s, size_t len)
+{
+ ds_resize (s, len);
+ s->ds_idx = len;
+}
+
/* Dynamic string S gets a string terminated by the EOS character
(which is removed) from file F. S will increase
in size during the function if the string from F is longer than
@@ -61,34 +78,49 @@ ds_resize (dynamic_string *string, int size)
char *
ds_fgetstr (FILE *f, dynamic_string *s, char eos)
{
- int insize; /* Amount needed for line. */
- int strsize; /* Amount allocated for S. */
int next_ch;
/* Initialize. */
- insize = 0;
- strsize = s->ds_length;
+ s->ds_idx = 0;
/* Read the input string. */
- next_ch = getc (f);
- while (next_ch != eos && next_ch != EOF)
+ while ((next_ch = getc (f)) != eos && next_ch != EOF)
{
- if (insize >= strsize - 1)
- {
- ds_resize (s, strsize * 2 + 2);
- strsize = s->ds_length;
- }
- s->ds_string[insize++] = next_ch;
- next_ch = getc (f);
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx++] = next_ch;
}
- s->ds_string[insize++] = '\0';
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = '\0';
- if (insize == 1 && next_ch == EOF)
+ if (s->ds_idx == 0 && next_ch == EOF)
return NULL;
else
return s->ds_string;
}
+void
+ds_append (dynamic_string *s, int c)
+{
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = c;
+ if (c)
+ {
+ s->ds_idx++;
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = 0;
+ }
+}
+
+void
+ds_concat (dynamic_string *s, char const *str)
+{
+ size_t len = strlen (str);
+ ds_resize (s, len);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;
+}
+
char *
ds_fgets (FILE *f, dynamic_string *s)
{
@@ -100,3 +132,10 @@ ds_fgetname (FILE *f, dynamic_string *s)
{
return ds_fgetstr (f, s, '\0');
}
+
+/* Return true if the dynamic string S ends with character C. */
+int
+ds_endswith (dynamic_string *s, int c)
+{
+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c);
+}
diff --git a/src/dstring.h b/src/dstring.h
index b5135fe..756cc1f 100644
--- a/src/dstring.h
+++ b/src/dstring.h
@@ -17,10 +17,6 @@
Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA. */
-#ifndef NULL
-#define NULL 0
-#endif
-
/* A dynamic string consists of record that records the size of an
allocated string and the pointer to that string. The actual string
is a normal zero byte terminated string that can be used with the
@@ -30,22 +26,24 @@
typedef struct
{
- int ds_length; /* Actual amount of storage allocated. */
- char *ds_string; /* String. */
+ size_t ds_size; /* Actual amount of storage allocated. */
+ size_t ds_idx; /* Index of the next free byte in the string. */
+ char *ds_string; /* String storage. */
} dynamic_string;
+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL }
-/* Macros that look similar to the original string functions.
- WARNING: These macros work only on pointers to dynamic string records.
- If used with a real record, an "&" must be used to get the pointer. */
-#define ds_strlen(s) strlen ((s)->ds_string)
-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string)
-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n)
-#define ds_index(s, c) index ((s)->ds_string, c)
-#define ds_rindex(s, c) rindex ((s)->ds_string, c)
+void ds_init (dynamic_string *string);
+void ds_free (dynamic_string *string);
+void ds_reset (dynamic_string *s, size_t len);
-void ds_init (dynamic_string *string, int size);
-void ds_resize (dynamic_string *string, int size);
+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */
char *ds_fgetname (FILE *f, dynamic_string *s);
char *ds_fgets (FILE *f, dynamic_string *s);
char *ds_fgetstr (FILE *f, dynamic_string *s, char eos);
+void ds_append (dynamic_string *s, int c);
+void ds_concat (dynamic_string *s, char const *str);
+
+#define ds_len(s) ((s)->ds_idx)
+
+int ds_endswith (dynamic_string *s, int c);
diff --git a/src/idcache.c b/src/idcache.c
index 33b0d3f..6bd1f3e 100644
--- a/src/idcache.c
+++ b/src/idcache.c
@@ -34,6 +34,7 @@
#endif
#include <unistd.h>
+#include <inttostr.h>
struct userid
{
@@ -59,7 +60,6 @@ getuser (uid_t uid)
{
register struct userid *tail;
struct passwd *pwent;
- char usernum_string[20];
for (tail = user_alist; tail; tail = tail->next)
if (tail->id.u == uid)
@@ -70,8 +70,8 @@ getuser (uid_t uid)
tail->id.u = uid;
if (pwent == 0)
{
- sprintf (usernum_string, "%u", (unsigned) uid);
- tail->name = xstrdup (usernum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (uid, nbuf));
}
else
tail->name = xstrdup (pwent->pw_name);
@@ -134,7 +134,6 @@ getgroup (gid_t gid)
{
register struct userid *tail;
struct group *grent;
- char groupnum_string[20];
for (tail = group_alist; tail; tail = tail->next)
if (tail->id.g == gid)
@@ -145,8 +144,8 @@ getgroup (gid_t gid)
tail->id.g = gid;
if (grent == 0)
{
- sprintf (groupnum_string, "%u", (unsigned int) gid);
- tail->name = xstrdup (groupnum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (gid, nbuf));
}
else
tail->name = xstrdup (grent->gr_name);
diff --git a/src/userspec.c b/src/userspec.c
index eb3640e..b03234e 100644
--- a/src/userspec.c
+++ b/src/userspec.c
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <ctype.h>
#include <sys/types.h>
+#include <inttostr.h>
#ifndef HAVE_ENDPWENT
# define endpwent()
@@ -141,12 +142,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid,
grp = getgrgid (pwd->pw_gid);
if (grp == NULL)
{
- /* This is enough room to hold the unsigned decimal
- representation of any 32-bit quantity and the trailing
- zero byte. */
- char uint_buf[21];
- sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid));
- V_STRDUP (groupname, uint_buf);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ V_STRDUP (groupname, umaxtostr (pwd->pw_gid, nbuf));
}
else
{
diff --git a/src/util.c b/src/util.c
index 0e8d88c..b721f37 100644
--- a/src/util.c
+++ b/src/util.c
@@ -79,8 +79,7 @@ tape_empty_output_buffer (int out_des)
if (output_is_special
&& (bytes_written >= 0
- || (bytes_written < 0
- && (errno == ENOSPC || errno == EIO || errno == ENXIO))))
+ || (errno == ENOSPC || errno == EIO || errno == ENXIO)))
{
get_next_reel (out_des);
if (bytes_written > 0)
@@ -846,11 +845,9 @@ get_next_reel (int tape_des)
FILE *tty_out; /* File for interacting with user. */
int old_tape_des;
char *next_archive_name;
- dynamic_string new_name;
+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER;
char *str_res;
- ds_init (&new_name, 128);
-
/* Open files for interactive communication. */
tty_in = fopen (TTY_NAME, "r");
if (tty_in == NULL)
@@ -925,7 +922,7 @@ get_next_reel (int tape_des)
error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"),
old_tape_des, tape_des);
- free (new_name.ds_string);
+ ds_free (&new_name);
fclose (tty_in);
fclose (tty_out);
}
--
2.31.1

28
SOURCES/cpio-2.13-dev_number.patch

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Sep 2015 09:37:15 +0200
Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109)

diff --git a/src/copyin.c b/src/copyin.c
index b29f348..1142d6a 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *file_hdr,
swab_array ((char *) short_hdr, 13);
}
- file_hdr->c_dev_maj = major (short_hdr->c_dev);
- file_hdr->c_dev_min = minor (short_hdr->c_dev);
+ file_hdr->c_dev_maj = major ((unsigned short)short_hdr->c_dev);
+ file_hdr->c_dev_min = minor ((unsigned short)short_hdr->c_dev);
file_hdr->c_ino = short_hdr->c_ino;
file_hdr->c_mode = short_hdr->c_mode;
file_hdr->c_uid = short_hdr->c_uid;
file_hdr->c_gid = short_hdr->c_gid;
file_hdr->c_nlink = short_hdr->c_nlink;
- file_hdr->c_rdev_maj = major (short_hdr->c_rdev);
- file_hdr->c_rdev_min = minor (short_hdr->c_rdev);
+ file_hdr->c_rdev_maj = major ((unsigned short)short_hdr->c_rdev);
+ file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);
file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
| short_hdr->c_mtimes[1];
file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16

39
SOURCES/cpio-2.13-exitCode.patch

@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
(#183224)

diff --git a/src/copyout.c b/src/copyout.c
index 8b0beb6..4b7336b 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -290,7 +290,7 @@ field_width_error (const char *filename, const char *fieldname,
{
char valbuf[UINTMAX_STRSIZE_BOUND + 1];
char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
- error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
+ error (1, 0, _("%s: value %s %s out of allowed range 0..%s"),
filename, fieldname,
STRINGIFY_BIGINT (value, valbuf),
STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at
index e877b39..50ad60b 100644
--- a/tests/CVE-2019-14866.at
+++ b/tests/CVE-2019-14866.at
@@ -30,6 +30,5 @@ fi
[0],
[],
[cpio: file: value size 17179869184 out of allowed range 0..8589934591
-2 blocks
])
AT_CLEANUP
diff --git a/tests/testsuite b/tests/testsuite
index b45c731..fd8454d 100755
--- a/tests/testsuite
+++ b/tests/testsuite
@@ -2885,7 +2885,6 @@ fi
at_status=$? at_failed=false
$at_check_filter
echo >>"$at_stderr"; $as_echo "cpio: file: value size 17179869184 out of allowed range 0..8589934591
-2 blocks
" | \
$at_diff - "$at_stderr" || at_failed=:
at_fn_diff_devnull "$at_stdout" || at_failed=:

13
SOURCES/cpio-2.13-mutiple-definition.patch

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
diff -up cpio-2.13/src/global.c.me cpio-2.13/src/global.c
--- cpio-2.13/src/global.c.me 2020-01-30 17:17:42.015259283 +0100
+++ cpio-2.13/src/global.c 2020-01-30 17:24:12.680794025 +0100
@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
/* Extract to standard output? */
bool to_stdout_option = false;
-/* The name this program was run with. */
-char *program_name;
-
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();

63
SOURCES/cpio-2.13-reset-gid-uid.patch

@ -0,0 +1,63 @@ @@ -0,0 +1,63 @@
From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 18 Feb 2021 09:59:31 +0100
Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove. Not used anymore.
(sys_reset_uid_gid): Re-initialize supplementary groups when switching
privileges. Fix ordering of setgid and setuid calls.

---
lib/system.h | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/lib/system.h b/lib/system.h
index 1c1a5d0..4fd3ce9 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -470,19 +470,37 @@ char *getenv ();
#if MSDOS
# include <process.h>
# define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
-# define ERRNO_IS_EACCES errno == EACCES
# define mkdir(file, mode) (mkdir) (file)
# define TTY_NAME "con"
# define sys_reset_uid_gid()
#else
# define SET_BINARY_MODE(arc)
-# define ERRNO_IS_EACCES 0
# define TTY_NAME "/dev/tty"
-# define sys_reset_uid_gid() \
- do { \
- if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
- abort (); \
- } while (0)
+# include <paxlib.h>
+static inline void
+sys_reset_uid_gid (void)
+{
+ struct passwd *pw;
+ uid_t uid = getuid ();
+ gid_t gid = getgid ();
+
+ if ((pw = getpwuid (uid)) == NULL)
+ {
+ FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
+ }
+ if (initgroups (pw->pw_name, getgid ()))
+ {
+ FATAL_ERROR ((0, errno, "%s", "initgroups"));
+ }
+ if (gid != getegid () && setgid (gid) && errno != EPERM)
+ {
+ FATAL_ERROR ((0, errno, "%s", "setgid"));
+ }
+ if (uid != geteuid () && setuid (uid) && errno != EPERM)
+ {
+ FATAL_ERROR ((0, errno, "%s", "setuid"));
+ }
+}
#endif
#if XENIX
--
2.26.0

91
SOURCES/cpio-2.13-revert-CVE-2015-1197-fix.patch

@ -0,0 +1,91 @@ @@ -0,0 +1,91 @@
revert fix for CVE-2015-1197 as it causes shutdown issues

revert suggested as a workaround by upstream:
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html

--- b/src/copyin.c
+++ a/src/copyin.c
@@ -645,14 +645,13 @@
link_name = xstrdup (file_hdr->c_tar_linkname);
}
- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-
res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
file_hdr->c_mode);
if (res < 0 && create_dir_flag)
{
create_all_directories (file_hdr->c_name);
+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ file_hdr->c_mode);
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
}
if (res < 0)
{
--- b/tests/CVE-2015-1197.at
+++ /dev/null
@@ -1,43 +0,0 @@
-# Process this file with autom4te to create testsuite. -*- Autotest -*-
-# Copyright (C) 2009-2019 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
-AT_CHECK([
-tempdir=$(pwd)/tmp
-mkdir $tempdir
-touch $tempdir/file
-ln -s $tempdir dir
-AT_DATA([filelist],
-[dir
-dir/file
-])
-ln -s /tmp dir
-touch /tmp/file
-cpio -o < filelist > test.cpio
-rm dir /tmp/file
-cpio --no-absolute-filenames -iv < test.cpio
-],
-[2],
-[],
-[1 block
-cpio: Removing leading `/' from hard link targets
-dir
-cpio: dir/file: Cannot open: No such file or directory
-dir/file
-1 block
-])
-AT_CLEANUP
-
--- b/tests/Makefile.am
+++ a/tests/Makefile.am
@@ -56,9 +56,8 @@
symlink-long.at\
symlink-to-stdout.at\
version.at\
big-block-size.at\
- CVE-2015-1197.at\
CVE-2019-14866.at
TESTSUITE = $(srcdir)/testsuite

--- b/tests/testsuite.at
+++ a/tests/testsuite.at
@@ -43,6 +43,5 @@
m4_include([setstat04.at])
m4_include([setstat05.at])
m4_include([big-block-size.at])

-m4_include([CVE-2015-1197.at])
m4_include([CVE-2019-14866.at])

69
SOURCES/cpio-2.9-rh.patch

@ -0,0 +1,69 @@ @@ -0,0 +1,69 @@
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 14 Sep 2015 09:27:21 +0200
Subject: [PATCH 1/7] make '-c' equivalent to '-H newc'

diff --git a/doc/cpio.texi b/doc/cpio.texi
index e631934..a788b5d 100644
--- a/doc/cpio.texi
+++ b/doc/cpio.texi
@@ -261,7 +261,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
@item -B
Set the I/O block size to 5120 bytes.
@item -c
-Use the old portable (ASCII) archive format.
+Identical to "-H newc", use the new (SVR4) portable format. If you wish the old
+portable (ASCII) archive format, use "-H odc" instead.
@item -C @var{number}
@itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes.
@@ -343,7 +344,8 @@ Equivalent to @option{-sS}.
@item -B
Set the I/O block size to 5120 bytes.
@item -c
-Use the old portable (ASCII) archive format.
+Identical to "-H newc", use the new (SVR4) portable format. If you wish the old
+portable (ASCII) archive format, use "-H odc" instead.
@item -C @var{number}
@itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes.
@@ -454,7 +456,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
@item -B
Set the I/O block size to 5120 bytes.
@item -c
-Use the old portable (ASCII) archive format.
+Identical to "-H newc", use the new (SVR4) portable format. If you wish the old
+portable (ASCII) archive format, use "-H odc" instead.
@item -C @var{number}
@itemx --io-size=@var{number}
Set the I/O block size to the given @var{number} of bytes.
@@ -600,7 +603,8 @@ block size is 512 bytes.
@item -c
[@ref{copy-in},@ref{copy-out},@ref{copy-pass}]
-@*Use the old portable (ASCII) archive format.
+@*Identical to "-H newc", use the new (SVR4) portable format. If you wish the
+old portable (ASCII) archive format, use "-H odc" instead.
@item -C @var{io-size}
@itemx --io-size=@var{io-size}
diff --git a/src/main.c b/src/main.c
index a13861f..a875a13 100644
--- a/src/main.c
+++ b/src/main.c
@@ -124,7 +124,7 @@ static struct argp_option options[] = {
{"block-size", BLOCK_SIZE_OPTION, N_("BLOCK-SIZE"), 0,
N_("Set the I/O block size to BLOCK-SIZE * 512 bytes"), GRID+1 },
{NULL, 'c', NULL, 0,
- N_("Use the old portable (ASCII) archive format"), GRID+1 },
+ N_("Identical to \"-H newc\", use the new (SVR4) portable format. If you wish the old portable (ASCII) archive format, use \"-H odc\" instead."), GRID+1 },
{"dot", 'V', NULL, 0,
N_("Print a \".\" for each file processed"), GRID+1 },
{"io-size", 'C', N_("NUMBER"), 0,
@@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'c': /* Use the old portable ASCII format. */
if (archive_format != arf_unknown)
USAGE_ERROR ((0, 0, _("Archive format multiply defined")));
+#define SVR4_COMPAT
#ifdef SVR4_COMPAT
archive_format = arf_newascii; /* -H newc. */
#else

20
SOURCES/cpio-2.9.90-defaultremoteshell.patch

@ -0,0 +1,20 @@ @@ -0,0 +1,20 @@
From: =?UTF-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <ovasik@redhat.com>
Date: Mon, 14 Sep 2015 09:39:13 +0200
Subject: [PATCH 4/7] define default remote shell as /usr/bin/ssh(#452904), use
/etc/rmt as default rmt command

diff --git a/lib/rtapelib.c b/lib/rtapelib.c
index 7213031..7d0bd52 100644
--- a/lib/rtapelib.c
+++ b/lib/rtapelib.c
@@ -59,6 +59,10 @@
# include <netdb.h>
#endif
+#ifndef REMOTE_SHELL
+# define REMOTE_SHELL "/usr/bin/ssh"
+#endif
+
#include <rmt.h>
#include <rmt-command.h>

438
SOURCES/cpio.1

@ -0,0 +1,438 @@ @@ -0,0 +1,438 @@
.\" DO NOT MODIFY THIS FILE! It was (partly) generated by help2man from
.\" cpio --help/cpio --version output and partly patched by downstream
.\" package maintainers.
.TH CPIO 1L \" -*- nroff -*-
.SH NAME
cpio \- copy files to and from archives
.SH __WARNING__
.PP
The cpio utility is considered LEGACY based on POSIX specification. Users are
encouraged to use other archiving tools for archive creation.

If you decided to use cpio, you should almost always force cpio to use the
ustar format in copy-out mode by the -H option (cpio -o -H ustar). This is
because the ustar format is well defined in POSIX specification and thus
readable by wide range of other archiving tools (including tar e.g.).

By default, GNU cpio uses (for historical reasons) the very old binary format
('bin') which has significant problems nowadays, e.g. with storing big inode
numbers (see the Red Hat bug #952313).

Note also that these days the modern 'pax' archive format should be considered
as the default -- but this format is not implemented in GNU cpio. You should,
again, consider using other archivers (e.g. 'tar --format=pax').

.SH SYNOPSIS
\&\fBCopy-out mode\fR
.PP
In copy-out mode, cpio copies files into an archive. It reads a list
of filenames, one per line, on the standard input, and writes the
archive onto the standard output. A typical way to generate the list
of filenames is with the find command; you should give find the \-depth
option to minimize problems with permissions on directories that are
unreadable. see \*(lqOptions\*(rq.
.PP
.B cpio
{\-o|\-\-create} [\-0acvABLV] [\-C bytes] [\-H format] [\-D DIR]
[\-M message] [\-O [[user@]host:]archive] [\-F [[user@]host:]archive]
[\-\-file=[[user@]host:]archive] [\-\-format=format] [\-\-warning=FLAG]
[\-\-message=message][\-\-null] [\-\-reset\-access\-time] [\-\-verbose]
[\-\-dot] [\-\-append] [\-\-block\-size=blocks] [\-\-dereference]
[\-\-io\-size=bytes] [\-\-rsh\-command=command] [\-\-license] [\-\-usage]
[\-\-help] [\-\-version]
< name-list [> archive]
.PP
\&\fBCopy-in mode\fR
.PP
In copy-in mode, cpio copies files out of an archive or lists the
archive contents. It reads the archive from the standard input. Any
non-option command line arguments are shell globbing patterns; only
files in the archive whose names match one or more of those patterns are
copied from the archive. Unlike in the shell, an initial `\fB.\fR' in a
filename does match a wildcard at the start of a pattern, and a `\fB/\fR' in a
filename can match wildcards. If no patterns are given, all files are
extracted. see \*(lqOptions\*(rq.
.PP
.B cpio
{\-i|\-\-extract} [\-bcdfmnrtsuvBSV] [\-C bytes] [\-E file] [\-H format]
[\-D DIR]
[\-M message] [\-R [user][:.][group]] [\-I [[user@]host:]archive]
[\-F [[user@]host:]archive] [\-\-file=[[user@]host:]archive]
[\-\-make-directories] [\-\-nonmatching] [\-\-preserve-modification-time]
[\-\-numeric-uid-gid] [\-\-rename] [\-t|\-\-list] [\-\-swap-bytes] [\-\-swap]
[\-\-dot] [\-\-warning=FLAG] [\-\-unconditional] [\-\-verbose]
[\-\-block-size=blocks] [\-\-swap-halfwords] [\-\-io-size=bytes]
[\-\-pattern-file=file] [\-\-format=format] [\-\-owner=[user][:.][group]]
[\-\-no-preserve-owner] [\-\-message=message]
[\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-absolute\-filenames]
[\-\-sparse] [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet]
[\-\-ignore\-devno] [\-\-renumber\-inodes] [\-\-device\-independent]
[\-\-reproducible]
[\-\-rsh-command=command] [\-\-license] [\-\-usage] [\-\-help]
[\-\-version] [pattern...] [< archive]
.PP
\&\fBCopy-pass mode\fR
.PP
In copy-pass mode, cpio copies files from one directory tree to
another, combining the copy-out and copy-in steps without actually
using an archive. It reads the list of files to copy from the standard
input; the directory into which it will copy them is given as a
non-option argument. see \*(lqOptions\*(rq.
.PP
.B cpio
{\-p|\-\-pass-through} [\-0adlmuvLV] [\-R [user][:.][group]] [\-D DIR]
[\-\-null] [\-\-reset-access-time] [\-\-make-directories] [\-\-link] [\-\-quiet]
[\-\-preserve-modification-time] [\-\-unconditional] [\-\-verbose] [\-\-dot]
[\-\-warning=FLAG] [\-\-dereference] [\-\-owner=[user][:.][group]]
[\-\-no-preserve-owner] [\-\-sparse] [\-\-license] [\-\-usage] [\-\-help]
[\-\-version] destination-directory < name-list
.PP
.SH DESCRIPTION
GNU cpio is a tool for creating and extracting archives, or copying
files from one place to another. It handles a number of cpio formats as
well as reading and writing tar files.
.PP
Following archive formats are supported: binary, old ASCII, new ASCII, crc, HPUX binary, HPUX old
ASCII, old tar, and POSIX.1 tar. The tar format is provided for compatibility with the tar program. By
default, cpio creates binary format archives, for compatibility with older cpio programs. When extracting
from archives, cpio automatically recognizes which kind of archive it is reading and can read archives created
on machines with a different byte-order.
.PP
.SS "Main operation mode:"
.TP
\fB\-i\fR, \fB\-\-extract\fR
Extract files from an archive (run in copy\-in
mode)
.TP
\fB\-o\fR, \fB\-\-create\fR
Create the archive (run in copy\-out mode)
.TP
\fB\-p\fR, \fB\-\-pass\-through\fR
Run in copy\-pass mode
.TP
\fB\-t\fR, \fB\-\-list\fR
Print a table of contents of the input
.SS "Operation modifiers valid in any mode:"
.TP
\fB\-\-block\-size\fR=\fI\,BLOCK\-SIZE\/\fR
Set the I/O block size to BLOCK\-SIZE * 512
bytes
.TP
\fB\-B\fR
Set the I/O block size to 5120 bytes.
Initially the block size is 512 bytes.
.TP
\fB\-c\fR
Identical to "\-H newc", use the new (SVR4)
portable format. If you wish the old portable
(ASCII) archive format, use "\-H odc" instead.
.TP
\fB\-C\fR, \fB\-\-io\-size\fR=\fI\,NUMBER\/\fR
Set the I/O block size to the given NUMBER of
bytes
.TP
\fB\-D\fR, \fB\-\-directory\fR=\fI\,DIR\/\fR
Change to directory DIR
.TP
\fB\-\-force\-local\fR
With \-F, \-I, or \-O, take the archive file name to be a local file
even if it contains a colon, which would ordinarily indicate a
remote host name.
.TP
\fB\-H\fR, \fB\-\-format\fR=\fI\,FORMAT\/\fR
Use given archive FORMAT.
The valid formats are listed below; the same names are also recognized in
all\-caps. The default in copy-in mode is to automatically detect the archive
format, and in copy-out mode is `\fBbin\fR'.
.TP
`bin'
The obsolete binary format.
.TP
`odc'
The old (\s-1POSIX\s0.1) portable format.
.TP
`newc'
The new (\s-1SVR4\s0) portable format, which supports file systems
having more than 65536 i\-nodes.
.TP
`crc'
The new (\s-1SVR4\s0) portable format with a checksum (Sum32) added.
.TP
`tar'
The old tar format.
.TP
`ustar'
The \s-1POSIX\s0.1 tar format. Also recognizes \s-1GNU\s0 tar archives,
which are similar but not identical.
.TP
`hpbin'
The obsolete binary format used by \s-1HPUX\s0's cpio (which stores
device files differently).
.TP
`hpodc'
The portable format used by \s-1HPUX\s0's cpio (which stores device
files differently).
.TP
\fB\-\-quiet\fR
Do not print the number of blocks copied
.TP
\fB\-R\fR, \fB\-\-owner\fR=\fI\,[USER][\/\fR:.][GROUP]
Set the ownership of all files created to the
specified USER and/or GROUP.
Either the user, the group, or both, must be present. If the group is omitted
but the \&\*(lq:\*(rq or \*(lq.\*(rq separator is given, use the given user's
login group. Only the super-user can change files' ownership in copy\-in mode.
.TP
\fB\-v\fR, \fB\-\-verbose\fR
List the files processed, or with `\fB\-t\fR', give an `\fBls \-l\fR' style
table of contents listing. In a verbose table of contents of a
ustar archive, user and group names in the archive that do not
exist on the local system are replaced by the names that
correspond locally to the numeric \s-1UID\s0 and \s-1GID\s0 stored in the
archive.
.TP
\fB\-V\fR, \fB\-\-dot\fR
Print a "." for each file processed
.TP
\fB\-W\fR, \fB\-\-warning\fR=\fI\,FLAG\/\fR
Control warning display. Currently FLAG is one of
\&'none', 'truncate', 'all'. Multiple options
accumulate.
.SS "Operation modifiers valid in copy-in and copy-out modes:"
.TP
\fB\-F\fR, \fB\-\-file\fR=\fI\,[[USER\/\fR@]HOST:]FILE\-NAME
Use this FILE\-NAME instead of standard input or
output. Optional USER and HOST specify the user
and host names in case of a remote archive
.TP
\fB\-M\fR, \fB\-\-message\fR=\fI\,STRING\/\fR
Print \s-1STRING\s0 when the end of a volume of the backup media (such
as a tape or a floppy disk) is reached, to prompt the user to
insert a new volume. If \s-1STRING\s0 contains the string \*(lq%d\*(rq, it is
replaced by the current volume number (starting at 1).
.TP
\fB\-\-rsh\-command\fR=\fI\,COMMAND\/\fR
Use COMMAND instead of rsh
(typically /usr/bin/ssh)
.SS "Operation modifiers valid only in copy-in mode:"
.TP
\fB\-b\fR, \fB\-\-swap\fR
Swap both halfwords of words and bytes of
halfwords in the data. Equivalent to \fB\-sS\fR
Use this option to convert 32\-bit integers between big-endian and little-endian
machines.
.TP
\fB\-f\fR, \fB\-\-nonmatching\fR
Only copy files that do not match any of the given
patterns
.TP
\fB\-I\fR [[USER@]HOST:]FILE\-NAME
Archive filename to use instead of standard input.
Optional USER and HOST specify the user and host
names in case of a remote archive
.TP
\fB\-n\fR, \fB\-\-numeric\-uid\-gid\fR
In the verbose table of contents listing, show
numeric UID and GID
.TP
\fB\-r\fR, \fB\-\-rename\fR
Interactively rename files
.TP
\fB\-s\fR, \fB\-\-swap\-bytes\fR
Swap the bytes of each halfword in the files
.TP
\fB\-S\fR, \fB\-\-swap\-halfwords\fR
Swap the halfwords of each word (4 bytes) in the
files
.TP
\fB\-\-to\-stdout\fR
Extract files to standard output
.TP
\fB\-E\fR, \fB\-\-pattern\-file\fR=\fI\,FILE\/\fR
Read additional patterns specifying filenames to
extract or list from FILE
.TP
\fB\-\-only\-verify\-crc\fR
When reading a CRC format archive, only verify the
checksum of each file in the archive, don't
actually extract the files
.SS "Operation modifiers valid only in copy-out mode:"
.TP
\fB\-A\fR, \fB\-\-append\fR
Append to an existing archive.
The archive must be a disk file specified with the \-O or \-F (\-file) option.
.TP
\fB\-\-device\-independent\fR, \fB\-\-reproducible\fR
Create device\-independent (reproducible) archives
.TP
\fB\-\-ignore\-devno\fR
Don't store device numbers
.TP
\fB\-O\fR [[USER@]HOST:]FILE\-NAME
Archive filename to use instead of standard
output. Optional USER and HOST specify the user
and host names in case of a remote archive
.TP
\fB\-\-renumber\-inodes\fR
Renumber inodes
.SS "Operation modifiers valid only in copy-pass mode:"
.TP
\fB\-l\fR, \fB\-\-link\fR
Link files instead of copying them, when
possible
.SS "Operation modifiers valid in copy-in and copy-out modes:"
.TP
\fB\-\-absolute\-filenames\fR
Do not strip file system prefix components from
the file names
.TP
\fB\-\-no\-absolute\-filenames\fR
Create all files relative to the current
directory
.SS "Operation modifiers valid in copy-out and copy-pass modes:"
.TP
\fB\-0\fR, \fB\-\-null\fR
Filenames in the list are delimited by null
characters instead of newlines, so that files whose names contain newlines can
be archived. \s-1GNU\s0 find is one way to produce a list of null-terminated
filenames.
.TP
\fB\-a\fR, \fB\-\-reset\-access\-time\fR
Reset the access times of files after reading them, so that it
does not look like they have just been read.
.TP
\fB\-L\fR, \fB\-\-dereference\fR
Dereference symbolic links (copy the files
that they point to instead of copying the links).
.SS "Operation modifiers valid in copy-in and copy-pass modes:"
.TP
\fB\-d\fR, \fB\-\-make\-directories\fR
Create leading directories where needed
.TP
\fB\-m\fR, \fB\-\-preserve\-modification\-time\fR
Retain previous file modification times when
creating files
.TP
\fB\-\-no\-preserve\-owner\fR
Do not change the ownership of the files; leave them owned by the
user extracting them. This is the default for non-root users, so
that users on System V don't inadvertently give away files. This
option can be used in copy-in mode and copy-pass mode
.TP
\fB\-\-sparse\fR
Write files with large blocks of zeros as sparse
files
.TP
\fB\-u\fR, \fB\-\-unconditional\fR
Replace all files unconditionally
.TP
\-?, \fB\-\-help\fR
give this help list
.TP
\fB\-\-usage\fR
give a short usage message
.TP
\fB\-\-version\fR
print program version
.PP
Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.

.PP
.SH EXAMPLES
When creating an archive, cpio takes the list of files to be
processed from the standard input, and then sends the archive to the
standard output, or to the device defined by the `\fB\-F\fR' option.
Usually find or ls is used to provide this list to
the standard input. In the following example you can see the
possibilities for archiving the contents of a single directory.
.PP
.B % ls | cpio \-ov > directory.cpio
.PP
The `\fB\-o\fR' option creates the archive, and the `\fB\-v\fR' option prints the
names of the files archived as they are added. Notice that the options
can be put together after a single `\fB\-\fR' or can be placed separately on
the command line. The `\fB>\fR' redirects the cpio output to the file
`\fBdirectory.cpio\fR'.
.PP
If you wanted to archive an entire directory tree, the find command
can provide the file list to cpio:
.PP
.B % find . \-print \-depth | cpio \-ov > tree.cpio
.PP
This will take all the files in the current directory, the
directories below and place them in the archive tree.cpio. Again the
`\fB\-o\fR' creates an archive, and the `\fB\-v\fR' option shows you the name of the
files as they are archived. see \*(lqCopy\-out mode\*(rq. Using the `\fB.\fR' in
the find statement will give you more flexibility when doing restores,
as it will save file names with a relative path vice a hard wired,
absolute path. The `\fB\-depth\fR' option forces `\fBfind\fR' to print of the
entries in a directory before printing the directory itself. This
limits the effects of restrictive directory permissions by printing the
directory entries in a directory before the directory name itself.
.PP
Extracting an archive requires a bit more thought because cpio will
not create directories by default. Another characteristic, is it will
not overwrite existing files unless you tell it to.
.PP
.B % cpio \-iv < directory.cpio
.PP
This will retrieve the files archived in the file directory.cpio and
place them in the present directory. The `\fB\-i\fR' option extracts the
archive and the `\fB\-v\fR' shows the file names as they are extracted. If
you are dealing with an archived directory tree, you need to use the
`\fB\-d\fR' option to create directories as necessary, something like:
.PP
.B % cpio \-idv < tree.cpio
.PP
This will take the contents of the archive tree.cpio and extract it
to the current directory. If you try to extract the files on top of
files of the same name that already exist (and have the same or later
modification time) cpio will not extract the file unless told to do so
by the \-u option. see \*(lqCopy\-in mode\*(rq.
.PP
In copy-pass mode, cpio copies files from one directory tree to
another, combining the copy-out and copy-in steps without actually
using an archive. It reads the list of files to copy from the standard
input; the directory into which it will copy them is given as a
non-option argument. see \*(lqCopy\-pass mode\*(rq.
.PP
.B % find . \-depth \-print0 | cpio \-\-null \-pvd new-dir
.PP
The example shows copying the files of the present directory, and
sub-directories to a new directory called new\-dir. Some new options are
the `\fB\-print0\fR' available with \s-1GNU\s0 find, combined with the `\fB\-\-null\fR'
option of cpio. These two options act together to send file names
between find and cpio, even if special characters are embedded in the
file names. Another is `\fB\-p\fR', which tells cpio to pass the files it
finds to the directory `\fBnew-dir\fR'.


.SH AUTHOR
Written by Phil Nelson, David MacKenzie, John Oleynick,
and Sergey Poznyakoff.
.SH "REPORTING BUGS"
Report bugs to <bug\-cpio@gnu.org>.
Report bugs in this manual page via https://bugzilla.redhat.com.
.SH COPYRIGHT
Copyright \(co 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
.br
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
.SH "SEE ALSO"
The full documentation for
.B cpio
is maintained as a Texinfo manual. If the
.B info
and
.B cpio
programs are properly installed at your site, the command
.IP
.B info cpio
.PP
should give you access to the complete manual.

The online copy of the documentation is available at the following address:
.PP
http://www.gnu.org/software/cpio/manual

607
SPECS/cpio.spec

@ -0,0 +1,607 @@ @@ -0,0 +1,607 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.13
Release: 16%{?dist}
License: GPLv3+
URL: https://www.gnu.org/software/cpio/
Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2

# help2man generated manual page distributed only in RHEL/Fedora
Source1: cpio.1

# We use SVR4 portable format as default.
Patch1: cpio-2.9-rh.patch

# fix warn_if_file_changed() and set exit code to 1 when cpio fails to store
# file > 4GB (#183224)
# http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html
Patch2: cpio-2.13-exitCode.patch

# Support major/minor device numbers over 127 (bz#450109)
# http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html
Patch3: cpio-2.13-dev_number.patch

# Define default remote shell as /usr/bin/ssh (#452904)
Patch4: cpio-2.9.90-defaultremoteshell.patch

# Fix segfault with nonexisting file with patternnames (#567022)
# http://savannah.gnu.org/bugs/index.php?28954
# We have slightly different solution than upstream.
Patch5: cpio-2.10-patternnamesigsegv.patch

# Fix bad file name splitting while creating ustar archive (#866467)
# (fix backported from tar's source)
Patch7: cpio-2.10-longnames-split.patch

# Cpio does Sum32 checksum, not CRC (downstream)
Patch8: cpio-2.11-crc-fips-nit.patch

# Fix multiple definition of `program_name'
Patch9: cpio-2.13-mutiple-definition.patch

# Revert fix for CVE-2015-1197 (#1797163)
# reverts upstream commit 45b0ee2b4
Patch10: cpio-2.13-revert-CVE-2015-1197-fix.patch

# Extract: retain times for symlinks
# downstream patch (#1486364)
# https://www.mail-archive.com/bug-cpio@gnu.org/msg00605.html
Patch11: cpio-2.11-retain-symlink-times.patch

# Properly drop priviledges for remote command
# http://git.savannah.gnu.org/cgit/paxutils.git/commit/?id=d247e3c2809a37b6d0c3067251d96bb7f12555e7
Patch12: cpio-2.13-reset-gid-uid.patch

# Fixed integer overflow in ds_fgetstr()
# upstream patch (#1992512)
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=4d169305dcb34137dc41acc761d8703eae2c63bf
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=86dacfe3e060ce95d5a2c0c5ec01f6437b0b6089
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7dd8ba91d8b6a2640e6c01c3e3a4234828646f23
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=684b7ac5767e676cda78c161aeb7fe7b45a07529
# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=b1c85839bf1381f749dd45bf6a5a38924e3315a0
Patch13: cpio-2.13-CVE-2021-38185.patch

Provides: bundled(gnulib)
Provides: bundled(paxutils)
Provides: /bin/cpio
BuildRequires: gcc
BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt
BuildRequires: make

%description
GNU cpio copies files into or out of a cpio or tar archive. Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions. The archive can be another file on the disk, a magnetic
tape, or a pipe. GNU cpio supports the following archive formats: binary,
old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
tar. By default, cpio creates binary format archives, so that they are
compatible with older cpio programs. When it is extracting files from
archives, cpio automatically recognizes which kind of archive it is reading
and can read archives created on machines with a different byte-order.

Install cpio if you need a program to manage file archives.


%prep
%autosetup -p1


%build
autoreconf -fi
export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -pedantic -fno-strict-aliasing -Wall $CFLAGS"
%configure --with-rmt="%{_sysconfdir}/rmt"
%make_build
(cd po && make update-gmo)


%install
%make_install

rm -f $RPM_BUILD_ROOT%{_libexecdir}/rmt
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/*.1*
install -c -p -m 0644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_mandir}/man1

%find_lang %{name}

%check
rm -f ${RPM_BUILD_ROOT}/test/testsuite
make check || {
echo "### TESTSUITE.LOG ###"
cat tests/testsuite.log
exit 1
}


%files -f %{name}.lang
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%license COPYING
%{_bindir}/*
%{_mandir}/man*/*
%{_infodir}/*.info*

%changelog
* Thu Aug 26 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-16
- Fixed CVE-2021-38185 (#1992512)

* Thu Aug 19 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-15
- Revert patch for CVE-2021-38185 (#1992512)

* Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-14
- Minor fix for CVE-2021-38185 (#1992512)

* Mon Aug 16 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-13
- Fixed CVE-2021-38185 (#1992512)

* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-12
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-11
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Thu Feb 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-10
- Properly drop priviledges for remote command

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.13-7
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro

* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 2.13-6
- Extract: retain times for symlinks (#1486364)

* Tue Apr 07 2020 Ondrej Dubaj <odubaj@redhat.com> - 2.13-5.1
- Release bump due to testing of gating

* Wed Feb 05 2020 Petr Kubat <pkubat@redhat.com> - 2.13-4
- Revert fix for CVE-2015-1197 as it causes shutdown issues (#1797163)

* Thu Jan 30 2020 Than Ngo <than@redhat.com> - 2.13-3
- Fix multiple definition of program_name

* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Wed Nov 06 2019 Pavel Raiskup <praiskup@redhat.com> - 2.13-1
- new upstream release, per release notes
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html

* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Feb 19 2019 Pavel Raiskup <praiskup@redhat.com> - 2.12-11
- admit that we bundle paxutils project

* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Wed Apr 11 2018 Pavel Raiskup <praiskup@redhat.com> - 2.12-8
- spring spec cleanup

* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Mon Sep 14 2015 Pavel Raiskup <praiskup@redhat.com> - 2.12-2
- (re)generate manual page for new options

* Mon Sep 14 2015 Pavel Raiskup <praiskup@redhat.com> - 2.12-1
- rebase, per release notes
http://lists.gnu.org/archive/html/bug-cpio/2015-09/msg00004.html

* Mon Jul 06 2015 Ondrej Vasik <ovasik@redhat.com> - 2.11-36
- in 2015, file name in CVE-2014-9112 shows in a bit different timestamp
format (fix FTBFS, #1239416)

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-35
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.11-34
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

* Wed Dec 03 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-33
- the stored archive in testsuite has little endian headers, expect also
'reversed byte-order' warning on big-endian

* Wed Dec 03 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-32
- adjust the testsuite fix for CVE-2014-9112 (#1167573)
- put the testsuite.log to standard output if make check fails

* Tue Dec 02 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-31
- fix for CVE-2014-9112 (#1167573)

* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 2.11-29
- fix license handling

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat May 24 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-27
- better fix for bad read() error checking (#996150)

* Mon Apr 07 2014 Pavel Raiskup <praiskup@redhat.com> - 2.11-26
- fix manual page to warn users about inode truncation (#952313)
- fix for RU translation (#1075510)

* Tue Nov 12 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-25
- fix build for ppc64le (#1029540)

* Mon Sep 30 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-24
- properly trim "crc" checksum to 32 bits (#1001965)
- remove unneeded patch for config.gues/config.sub (#951442)
- allow treat read() errors (#996150)

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Wed Mar 27 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-20
- fix another bogus date in changelog
- update config.guess/config.sub for aarm64 build (#925189)
- run autoreconf instead of autoheader

* Fri Mar 15 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-19
- revert the fix for memory leak (at least for now) #921725

* Tue Mar 12 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-18
- explicitly provide /bin/cpio for packages that are dependant on this file

* Mon Mar 11 2013 Pavel Raiskup <praiskup@redhat.com> - 2.11-17
- fix small memory leak in copyin.c (#919454)
- remove %%defattr and install 'cpio' to real %%{_bindir}
- CovScan: add %%{?_rawbuild}

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Mon Nov 05 2012 Pavel Raiskup <praiskup@redhat.com> - 2.11-15
- disable the temporary O_SYNC fix (glibc is fixed - #872366)

* Fri Nov 02 2012 Pavel Raiskup <praiskup@redhat.com> - 2.11-14
- fix bad changelog entries
- allow to build in Fedora Rawhide (temporarily because of #872336) (the value
is guessed from from /usr/include/asm-generic/fcntl.h)

* Mon Oct 22 2012 Pavel Raiskup <praiskup@redhat.com> 2.11-13
- move RH-only manual page cpio.1 from look-aside cache into dist-git repository

* Thu Oct 18 2012 Pavel Raiskup <praiskup@redhat.com> 2.11-12
- fix for bad file name splitting while creating ustar archive (#866467)

* Wed Aug 29 2012 Ondrej Vasik <ovasik@redhat.com> 2.11-11
- add missing options to manpage (#852765)

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Mon Jun 04 2012 Ondrej Vasik <ovasik@redhat.com> 2.11-9
- fix build failure in rawhide build system (gets undefined)

* Wed May 30 2012 Ondrej Vasik <ovasik@redhat.com> 2.11-8
- drop unnecessary patches: cpio-2.9-dir_perm.patch and
cpio-2.9-sys_umask.patch - reported by M.Castellini

* Tue May 15 2012 Ondrej Vasik <ovasik@redhat.com> 2.11-7
- add virtual provides for bundled(gnulib) copylib (#821749)

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Fri Oct 14 2011 Ondrej Vasik <ovasik@redhat.com> 2.11-5
- update manpage to reflect new option, polish the style (#746209)

* Mon Mar 07 2011 Ondrej Vasik <ovasik@redhat.com> 2.11-4
- fix several typos and manpage syntax(Ville Skyttä, #682470)

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Mon May 31 2010 Ondrej Vasik <ovasik@redhat.com> 2.11-2
- built with fno-strict-aliasing(#596153)

* Thu Mar 11 2010 Ondrej Vasik <ovasik@redhat.com> 2.11-1
- new upstream release 2.11
- removed applied patches, run test suite

* Wed Mar 10 2010 Ondrej Vasik <ovasik@redhat.com> 2.10-6
- CVE-2010-0624 fix heap-based buffer overflow by expanding
a specially-crafted archive(#572150)
- comment patches

* Thu Feb 25 2010 Ondrej Vasik <ovasik@redhat.com> 2.10-5
- remove redundant setLocale patch
- fix segfault with nonexisting file with patternnames
(#567022)

* Wed Jan 06 2010 Ondrej Vasik <ovasik@redhat.com> 2.10-4
- do not fail with new POSIX 2008 utimens() glibc call
(#552320)

* Thu Aug 06 2009 Ondrej Vasik <ovasik@redhat.com> 2.10-3
- do process install-info only without --excludedocs(#515924)

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Jun 22 2009 Ondrej Vasik <ovasik@redhat.com> 2.10-1
- new upstream release 2.10

* Mon Mar 9 2009 Ondrej Vasik <ovasik@redhat.com> 2.9.90-5
- define default remote shell as /usr/bin/ssh(#452904)
- use /etc/rmt as default rmt command

* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.90-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Wed Feb 11 2009 Ondrej Vasik <ovasik@redhat.com> 2.9.90-3
- make -d honor system umask(#484997)

* Fri Jul 18 2008 Kamil Dudka <kdudka@redhat.com> 2.9.90-2
- Support major/minor device numbers over 127 (bz#450109)

* Tue Jun 03 2008 Ondrej Vasik <ovasik@redhat.com> 2.9.90-1
- new upstream alpha version 2.9.90 + removed applied patches

* Mon Mar 03 2008 Radek Brich <rbrich@redhat.com> 2.9-7
- fix -dir_perm patch to restore permissions correctly even
in passthrough mode -- revert affected code to cpio 2.8 state
(bz#430835)

* Thu Feb 14 2008 Radek Brich <rbrich@redhat.com> 2.9-6
- when extracting archive created with 'find -depth',
restore the permissions of directories properly (bz#430835)
- fix for GCC 4.3

* Thu Nov 01 2007 Radek Brich <rbrich@redhat.com> 2.9-5
- upstream patch for CVE-2007-4476 (stack crashing in safer_name_suffix)

* Tue Sep 04 2007 Radek Brich <rbrich@redhat.com> 2.9-4
- Updated license tag

* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.9-3
- Rebuild for selinux ppc32 issue.

* Thu Jul 19 2007 Radek Brich <rbrich@redhat.com> 2.9-1.1
- fix spec, rebuild

* Thu Jul 19 2007 Radek Brich <rbrich@redhat.com> 2.9-1
- update to 2.9, GPLv3

* Tue Feb 20 2007 Peter Vrabec <pvrabec@redhat.com> 2.6-27
- fix typo in changelog

* Thu Feb 08 2007 Ruben Kerkhof <ruben@rubenkerkhof.com> 2.6-26
- Preserve timestamps when installing files

* Thu Feb 08 2007 Peter Vrabec <pvrabec@redhat.com> 2.6-25
- set cpio bindir properly

* Wed Feb 07 2007 Peter Vrabec <pvrabec@redhat.com> 2.6-24
- fix spec file to meet Fedora standards (#225656)

* Mon Jan 22 2007 Peter Vrabec <pvrabec@redhat.com> 2.6-23
- fix non-failsafe install-info use in scriptlets (#223682)

* Sun Dec 10 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-22
- fix rpmlint issue in spec file

* Tue Dec 05 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-21
- fix setlocale (#200478)

* Sat Nov 25 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-20
- cpio man page provided by RedHat

* Tue Jul 18 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-19
- fix cpio --help output (#197597)

* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.6-18.1
- rebuild

* Sat Jun 10 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-18
- autoconf was added to BuildRequires, because autoheader is
used in prep phase (#194737)

* Tue Mar 28 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-17
- rebuild

* Sat Mar 25 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-15
- fix (#186339) on ppc and s390

* Thu Mar 23 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-14
- init struct file_hdr (#186339)

* Wed Mar 15 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-13
- merge toAsciiError.patch with writeOutHeaderBufferOverflow.patch
- merge largeFileGrew.patch with lfs.patch
- fix large file support, cpio is able to store files<8GB
in 'old ascii' format (-H odc option)
- adjust warnings.patch

* Tue Mar 14 2006 Peter Vrabec <pvrabec@redhat.com> 2.6-12
- fix warn_if_file_changed() and set exit code to #1 when
cpio fails to store file > 4GB (#183224)

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.6-11.2.1
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.6-11.2
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Wed Nov 23 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-11
- fix previous patch(writeOutHeaderBufferOverflow)

* Wed Nov 23 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-10
- write_out_header rewritten to fix buffer overflow(#172669)

* Mon Oct 31 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-9
- fix checksum error on 64-bit machines (#171649)

* Fri Jul 01 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-8
- fix large file support, archive >4GiB, archive members <4GiB (#160056)
- fix race condition holes, use mode 0700 for dir creation

* Tue May 17 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-7
- fix #156314 (CAN-2005-1229) cpio directory traversal issue
- fix some gcc warnings

* Mon Apr 25 2005 Peter Vrabec <pvrabec@redhat.com> 2.6-6
- fix race condition (#155749)
- use find_lang macro

* Thu Mar 17 2005 Peter Vrabec <pvrabec@redhat.com>
- rebuild 2.6-5

* Mon Jan 24 2005 Peter Vrabec <pvrabec@redhat.com>
- insecure file creation (#145721)

* Mon Jan 17 2005 Peter Vrabec <pvrabec@redhat.com>
- fix symlinks pack (#145225)

* Fri Jan 14 2005 Peter Vrabec <pvrabec@redhat.com>
- new fixed version of lfs patch (#144688)

* Thu Jan 13 2005 Peter Vrabec <pvrabec@redhat.com>
- upgrade to cpio-2.6

* Tue Nov 09 2004 Peter Vrabec <pvrabec@redhat.com>
- fixed "cpio -oH ustar (or tar) saves bad mtime date after Jan 10 2004" (#114580)

* Mon Nov 01 2004 Peter Vrabec <pvrabec@redhat.com>
- support large files > 2GB (#105617)

* Thu Oct 21 2004 Peter Vrabec <pvrabec@redhat.com>
- fix dependencies in spec

* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Tue Sep 23 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- do not link against -lnsl

* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt

* Fri Feb 14 2003 Jeff Johnson <jbj@redhat.com> 2.5-3
- setlocale for i18n compliance (#79136).

* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt

* Mon Nov 18 2002 Jeff Johnson <jbj@redhat.com> 2.5-1
- update 2.5, restack and consolidate patches.
- don't apply (but include for now) freebsd and #56346 patches.
- add url (#54598).

* Thu Nov 7 2002 Jeff Johnson <jbj@redhat.com> 2.4.2-30
- rebuild from CVS.

* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
- automated rebuild

* Thu Nov 22 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.4.2-25
- Fix up extraction of multiply linked files when the first link is
excluded (Bug #56346)

* Mon Oct 1 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.4.2-24
- Merge and adapt patches from FreeBSD, this should fix FIFO handling

* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com>
- Add and adapt Debian patch (pl36), fixes #45285 and a couple of other issues

* Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
- Bump release + rebuild.

* Tue Aug 8 2000 Jeff Johnson <jbj@redhat.com>
- update man page with decription of -c behavior (#10581).

* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild

* Thu Jun 29 2000 Preston Brown <pbrown@redhat.com>
- patch from HJ Lu for better error codes upon exit

* Mon Jun 5 2000 Jeff Johnson <jbj@redhat.com>
- FHS packaging.

* Wed Feb 9 2000 Jeff Johnson <jbj@redhat.com>
- missing defattr.

* Mon Feb 7 2000 Bill Nottingham <notting@redhat.com>
- handle compressed manpages

* Fri Dec 17 1999 Jeff Johnson <jbj@redhat.com>
- revert the stdout patch (#3358), restoring original GNU cpio behavior
(#6376, #7538), the patch was dumb.

* Tue Aug 31 1999 Jeff Johnson <jbj@redhat.com>
- fix infinite loop unpacking empty files with hard links (#4208).
- stdout should contain progress information (#3358).

* Sun Mar 21 1999 Crstian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 12)

* Sat Dec 5 1998 Jeff Johnson <jbj@redhat.com>
- longlong dev wrong with "-o -H odc" headers (formerly "-oc").

* Thu Dec 03 1998 Cristian Gafton <gafton@redhat.com>
- patch to compile on glibc 2.1, where strdup is a macro

* Tue Jul 14 1998 Jeff Johnson <jbj@redhat.com>
- Fiddle bindir/libexecdir to get RH install correct.
- Don't include /sbin/rmt -- use the rmt from dump package.
- Don't include /bin/mt -- use the mt from mt-st package.
- Add prereq's

* Tue Jun 30 1998 Jeff Johnson <jbj@redhat.com>
- fix '-c' to duplicate svr4 behavior (problem #438)
- install support programs & info pages

* Mon Apr 27 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr

* Fri Oct 17 1997 Donnie Barnes <djb@redhat.com>
- added BuildRoot
- removed "(used by RPM)" comment in Summary

* Thu Jun 19 1997 Erik Troan <ewt@redhat.com>
- built against glibc
- no longer statically linked as RPM doesn't use cpio for unpacking packages
Loading…
Cancel
Save