diff --git a/add-option-to-add-metadata-in-copy-out-mode.patch b/add-option-to-add-metadata-in-copy-out-mode.patch index b275c0190c9c2d9c8ed98a0473fe2839a8dacb77..46fcc4100317ba71e3838e3f66afbbfc58d2dd90 100644 --- a/add-option-to-add-metadata-in-copy-out-mode.patch +++ b/add-option-to-add-metadata-in-copy-out-mode.patch @@ -18,23 +18,24 @@ The format of metadata for the xattr type is: \0 Signed-off-by: Roberto Sassu + --- doc/cpio.texi | 3 ++ - src/copyout.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - src/dstring.c | 26 +++++++++-- + src/copyout.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++- + src/dstring.c | 26 +++++++-- src/dstring.h | 1 + - src/extern.h | 4 +- - src/global.c | 2 + - src/initramfs.h | 21 +++++++++ - src/main.c | 22 +++++++++ - 8 files changed, 211 insertions(+), 8 deletions(-) + src/extern.h | 2 + + src/global.c | 4 ++ + src/initramfs.h | 21 ++++++++ + src/main.c | 22 ++++++++ + 8 files changed, 212 insertions(+), 5 deletions(-) create mode 100644 src/initramfs.h diff --git a/doc/cpio.texi b/doc/cpio.texi -index 31a15fa..03d9585 100644 +index bef7ba5..ea73a92 100644 --- a/doc/cpio.texi +++ b/doc/cpio.texi -@@ -276,6 +276,9 @@ Set the I/O block size to the given @var{number} of bytes. +@@ -279,6 +279,9 @@ Set the I/O block size to the given @var{number} of bytes. @item -D @var{dir} @itemx --directory=@var{dir} Change to directory @var{dir} @@ -45,10 +46,10 @@ index 31a15fa..03d9585 100644 Treat the archive file as local, even if its name contains colons. @item -F [[@var{user}@@]@var{host}:]@var{archive-file} diff --git a/src/copyout.c b/src/copyout.c -index 421d36d..4cd60a3 100644 +index 6e82f4c..8ae1a48 100644 --- a/src/copyout.c +++ b/src/copyout.c -@@ -22,6 +22,7 @@ +@@ -21,6 +21,7 @@ #include #include #include @@ -56,7 +57,7 @@ index 421d36d..4cd60a3 100644 #include "filetypes.h" #include "cpiohdr.h" #include "dstring.h" -@@ -589,6 +590,94 @@ assign_string (char **pvar, char *value) +@@ -586,6 +587,94 @@ assign_string (char **pvar, char *value) *pvar = p; } @@ -151,7 +152,7 @@ index 421d36d..4cd60a3 100644 /* Read a list of file names from the standard input and write a cpio collection on the standard output. The format of the header depends on the compatibility (-c) flag. */ -@@ -604,6 +693,8 @@ process_copy_out (void) +@@ -601,6 +690,8 @@ process_copy_out (void) int in_file_des; /* Source file descriptor. */ int out_file_des; /* Output file descriptor. */ char *orig_file_name = NULL; @@ -160,9 +161,9 @@ index 421d36d..4cd60a3 100644 /* Initialize the copy out. */ file_hdr.c_magic = 070707; -@@ -635,9 +726,37 @@ process_copy_out (void) - prepare_append (out_file_des); - } +@@ -632,9 +723,37 @@ process_copy_out (void) + else + change_dir (); + /* Create a temporary file to store file metadata */ + if (metadata_type != TYPE_NONE) { @@ -199,25 +200,23 @@ index 421d36d..4cd60a3 100644 /* Check for blank line. */ if (input_name.ds_string[0] == 0) { -@@ -662,8 +781,15 @@ process_copy_out (void) - ds_append (&input_name, '/'); +@@ -660,7 +779,14 @@ process_copy_out (void) } } -- + - assign_string (&orig_file_name, input_name.ds_string); -+ -+ if (old_metadata) { -+ assign_string (&orig_file_name, template); -+ ds_sgetstr (METADATA_FILENAME, &input_name, name_end); -+ file_hdr.c_mode |= 0x10000; ++ if (old_metadata) { ++ assign_string (&orig_file_name, template); ++ ds_sgetstr (METADATA_FILENAME, &input_name, name_end); ++ file_hdr.c_mode |= 0x10000; + } else { -+ assign_string (&orig_file_name, input_name.ds_string); ++ assign_string (&orig_file_name, input_name.ds_string); + } + cpio_safer_name_suffix (input_name.ds_string, false, !no_abs_paths_flag, true); cpio_set_c_name (&file_hdr, input_name.ds_string); -@@ -695,6 +821,7 @@ process_copy_out (void) +@@ -692,6 +818,7 @@ process_copy_out (void) else { add_link_defer (&file_hdr); @@ -225,7 +224,7 @@ index 421d36d..4cd60a3 100644 break; } } -@@ -831,6 +958,8 @@ process_copy_out (void) +@@ -830,6 +957,8 @@ process_copy_out (void) fprintf (stderr, "%s\n", orig_file_name); if (dot_flag) fputc ('.', stderr); @@ -234,7 +233,7 @@ index 421d36d..4cd60a3 100644 } } -@@ -871,6 +1000,11 @@ process_copy_out (void) +@@ -870,4 +999,9 @@ process_copy_out (void) } cpio_file_stat_free (&file_hdr); ds_free (&input_name); @@ -244,13 +243,11 @@ index 421d36d..4cd60a3 100644 + unlink(template); + } } - - diff --git a/src/dstring.c b/src/dstring.c -index 0f597cc..07e827f 100644 +index b425121..f5d8ab5 100644 --- a/src/dstring.c +++ b/src/dstring.c -@@ -74,8 +74,8 @@ ds_reset (dynamic_string *s, size_t len) +@@ -73,8 +73,8 @@ ds_reset (dynamic_string *s, size_t len) Return NULL if end of file is detected. Otherwise, Return a pointer to the null-terminated string in S. */ @@ -261,7 +258,7 @@ index 0f597cc..07e827f 100644 { int next_ch; -@@ -83,10 +83,18 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) +@@ -82,10 +82,18 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) s->ds_idx = 0; /* Read the input string. */ @@ -281,20 +278,20 @@ index 0f597cc..07e827f 100644 } ds_resize (s, 0); s->ds_string[s->ds_idx] = '\0'; -@@ -121,6 +129,12 @@ ds_concat (dynamic_string *s, char const *str) +@@ -119,6 +127,12 @@ ds_concat (dynamic_string *s, char const *str) + s->ds_string[s->ds_idx] = 0; } - char * ++char * +ds_fgetstr (FILE *f, dynamic_string *s, char eos) +{ + return ds_fgetstr_common (f, NULL, s, eos); +} + -+char * + char * ds_fgets (FILE *f, dynamic_string *s) { - return ds_fgetstr (f, s, '\n'); -@@ -132,6 +146,12 @@ ds_fgetname (FILE *f, dynamic_string *s) +@@ -131,6 +145,12 @@ ds_fgetname (FILE *f, dynamic_string *s) return ds_fgetstr (f, s, '\0'); } @@ -308,10 +305,10 @@ index 0f597cc..07e827f 100644 int ds_endswith (dynamic_string *s, int c) diff --git a/src/dstring.h b/src/dstring.h -index f5b04ef..50c877d 100644 +index ac540be..d934d1d 100644 --- a/src/dstring.h +++ b/src/dstring.h -@@ -41,6 +41,7 @@ void ds_reset (dynamic_string *s, size_t len); +@@ -40,6 +40,7 @@ void ds_reset (dynamic_string *s, size_t len); char *ds_fgetname (FILE *f, dynamic_string *s); char *ds_fgets (FILE *f, dynamic_string *s); char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); @@ -320,37 +317,38 @@ index f5b04ef..50c877d 100644 void ds_concat (dynamic_string *s, char const *str); diff --git a/src/extern.h b/src/extern.h -index 11ac6bf..f295fcf 100644 +index 6afbdd2..49369ab 100644 --- a/src/extern.h +++ b/src/extern.h -@@ -19,6 +19,7 @@ +@@ -18,6 +18,7 @@ #include "paxlib.h" #include "quotearg.h" +#include "initramfs.h" #include "quote.h" + #include "inttostr.h" - enum archive_format -@@ -99,7 +100,8 @@ extern char output_is_seekable; +@@ -100,6 +101,7 @@ extern char output_is_seekable; extern int (*xstat) (); extern void (*copy_function) (); extern char *change_directory_option; -- +extern enum metadata_types metadata_type; -+ - /* copyin.c */ - void warn_junk_bytes (long bytes_skipped); + #define STRINGIFY_BIGINT(i, b) umaxtostr (i, b) + enum { UINTMAX_STRSIZE_BOUND = INT_BUFSIZE_BOUND (intmax_t) }; diff --git a/src/global.c b/src/global.c -index acf92bc..d45e19b 100644 +index 7c4bca8..bbd84fe 100644 --- a/src/global.c +++ b/src/global.c -@@ -196,3 +196,5 @@ char *change_directory_option; +@@ -194,4 +194,8 @@ char *change_directory_option; + int renumber_inodes_option; int ignore_devno_option; - ++ +/* include file metadata into the image */ +enum metadata_types metadata_type = TYPE_NONE; ++ + int ignore_dirnlink_option; diff --git a/src/initramfs.h b/src/initramfs.h new file mode 100644 index 0000000..88abae7 @@ -379,19 +377,19 @@ index 0000000..88abae7 + +#endif /*_LINUX_INITRAMFS_H*/ diff --git a/src/main.c b/src/main.c -index 6f90055..e343286 100644 +index f9b4d85..8d5988e 100644 --- a/src/main.c +++ b/src/main.c -@@ -199,6 +199,8 @@ static struct argp_option options[] = { +@@ -202,6 +202,8 @@ static struct argp_option options[] = { {"device-independent", DEVICE_INDEPENDENT_OPTION, NULL, 0, N_("Create device-independent (reproducible) archives") }, {"reproducible", 0, NULL, OPTION_ALIAS }, + {"file-metadata", 'e', N_("TYPE"), 0, + N_("Include file metadata"), GRID+1 }, #undef GRID - + /* ********** */ -@@ -292,6 +294,22 @@ warn_control (char *arg) +@@ -295,6 +297,22 @@ warn_control (char *arg) return 1; } @@ -414,7 +412,7 @@ index 6f90055..e343286 100644 static error_t parse_opt (int key, char *arg, struct argp_state *state) { -@@ -354,6 +372,10 @@ parse_opt (int key, char *arg, struct argp_state *state) +@@ -357,6 +375,10 @@ parse_opt (int key, char *arg, struct argp_state *state) copy_matching_files = false; break; @@ -426,5 +424,5 @@ index 6f90055..e343286 100644 pattern_file_name = arg; break; -- -1.8.3.1 +2.27.0 diff --git a/backport-0001-CVE-2021-38185-Rewrite-dynamic-string-support.patch b/backport-0001-CVE-2021-38185-Rewrite-dynamic-string-support.patch deleted file mode 100644 index ae06f18b5665f761a1a57d30d5ba97498a7e7326..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2021-38185-Rewrite-dynamic-string-support.patch +++ /dev/null @@ -1,462 +0,0 @@ -From dd96882877721703e19272fe25034560b794061b Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Sat, 7 Aug 2021 12:52:21 +0300 -Subject: [PATCH 11/13] Rewrite dynamic string support. - -* src/dstring.c (ds_init): Take a single argument. -(ds_free): New function. -(ds_resize): Take a single argument. Use x2nrealloc to expand -the storage. -(ds_reset,ds_append,ds_concat,ds_endswith): New function. -(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. -* src/dstring.h (dynamic_string): Keep both the allocated length -(ds_size) and index of the next free byte in the string (ds_idx). -(ds_init,ds_resize): Change signature. -(ds_len): New macro. -(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. -* src/copyin.c: Use new ds_ functions. -* src/copyout.c: Likewise. -* src/copypass.c: Likewise. -* src/util.c: Likewise. ---- - src/copyin.c | 40 +++++++++++++------------- - src/copyout.c | 16 ++++------- - src/copypass.c | 34 +++++++++++------------ - src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++++++++---------------- - src/dstring.h | 31 ++++++++++----------- - src/util.c | 6 ++-- - 6 files changed, 123 insertions(+), 92 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index bf3b0a8..c7f4b49 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - char *str_res; /* Result for string function. */ - static dynamic_string new_name; /* New file name for rename option. */ - static int initialized_new_name = false; -+ - if (!initialized_new_name) -- { -- ds_init (&new_name, 128); -- initialized_new_name = true; -- } -+ { -+ ds_init (&new_name); -+ initialized_new_name = true; -+ } - - if (rename_flag) - { -@@ -778,39 +779,41 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name) - already in `save_patterns' (from the command line) are preserved. */ - - static void --read_pattern_file () -+read_pattern_file (void) - { -- int max_new_patterns; -- char **new_save_patterns; -- int new_num_patterns; -+ char **new_save_patterns = NULL; -+ size_t max_new_patterns; -+ size_t new_num_patterns; - int i; -- dynamic_string pattern_name; -+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; - FILE *pattern_fp; - - if (num_patterns < 0) - num_patterns = 0; -- max_new_patterns = 1 + num_patterns; -- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); - new_num_patterns = num_patterns; -- ds_init (&pattern_name, 128); -+ max_new_patterns = num_patterns; -+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); - - pattern_fp = fopen (pattern_file_name, "r"); - if (pattern_fp == NULL) -+ { - open_error (pattern_file_name); -+ ds_free (&pattern_name); -+ } - else - { - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -+ if (new_num_patterns == max_new_patterns) -+ new_save_patterns = x2nrealloc (new_save_patterns, -+ &max_new_patterns, -+ sizeof (new_save_patterns[0])); - new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); - ++new_num_patterns; - } -+ -+ ds_free (&pattern_name); -+ - if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) - close_error (pattern_file_name); - } -@@ -1198,7 +1201,7 @@ swab_array (char *ptr, int count) - in the file system. */ - - void --process_copy_in () -+process_copy_in (void) - { - char done = false; /* True if trailer reached. */ - FILE *tty_in = NULL; /* Interactive file for rename option. */ -diff --git a/src/copyout.c b/src/copyout.c -index 4b7336b..421d36d 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) - The format of the header depends on the compatibility (-c) flag. */ - - void --process_copy_out () -+process_copy_out (void) - { -- dynamic_string input_name; /* Name of file read from stdin. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file read from stdin. */ - struct stat file_stat; /* Stat record for file. */ - struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; - /* Output header information. */ -@@ -605,7 +606,6 @@ process_copy_out () - char *orig_file_name = NULL; - - /* Initialize the copy out. */ -- ds_init (&input_name, 128); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -@@ -657,14 +657,9 @@ process_copy_out () - { - if (file_hdr.c_mode & CP_IFDIR) - { -- int len = strlen (input_name.ds_string); - /* Make sure the name ends with a slash */ -- if (input_name.ds_string[len-1] != '/') -- { -- ds_resize (&input_name, len + 2); -- input_name.ds_string[len] = '/'; -- input_name.ds_string[len+1] = 0; -- } -+ if (!ds_endswith (&input_name, '/')) -+ ds_append (&input_name, '/'); - } - } - -@@ -875,6 +870,7 @@ process_copy_out () - (unsigned long) blocks), (unsigned long) blocks); - } - cpio_file_stat_free (&file_hdr); -+ ds_free (&input_name); - } - - -diff --git a/src/copypass.c b/src/copypass.c -index dc13b5b..62f31c6 100644 ---- a/src/copypass.c -+++ b/src/copypass.c -@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) - If `link_flag', link instead of copying. */ - - void --process_copy_pass () -+process_copy_pass (void) - { -- dynamic_string input_name; /* Name of file from stdin. */ -- dynamic_string output_name; /* Name of new file. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file from stdin. */ -+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of new file. */ - size_t dirname_len; /* Length of `directory_name'. */ - int res; /* Result of functions. */ - char *slash; /* For moving past slashes in input name. */ -@@ -65,25 +67,18 @@ process_copy_pass () - created files */ - - /* Initialize the copy pass. */ -- ds_init (&input_name, 128); - - dirname_len = strlen (directory_name); - if (change_directory_option && !ISSLASH (directory_name[0])) - { - char *pwd = xgetcwd (); -- -- dirname_len += strlen (pwd) + 1; -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, pwd); -- strcat (output_name.ds_string, "/"); -- strcat (output_name.ds_string, directory_name); -+ -+ ds_concat (&output_name, pwd); -+ ds_append (&output_name, '/'); - } -- else -- { -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, directory_name); -- } -- output_name.ds_string[dirname_len] = '/'; -+ ds_concat (&output_name, directory_name); -+ ds_append (&output_name, '/'); -+ dirname_len = ds_len (&output_name); - output_is_seekable = true; - - change_dir (); -@@ -116,8 +111,8 @@ process_copy_pass () - /* Make the name of the new file. */ - for (slash = input_name.ds_string; *slash == '/'; ++slash) - ; -- ds_resize (&output_name, dirname_len + strlen (slash) + 2); -- strcpy (output_name.ds_string + dirname_len + 1, slash); -+ ds_reset (&output_name, dirname_len); -+ ds_concat (&output_name, slash); - - existing_dir = false; - if (lstat (output_name.ds_string, &out_file_stat) == 0) -@@ -333,6 +328,9 @@ process_copy_pass () - (unsigned long) blocks), - (unsigned long) blocks); - } -+ -+ ds_free (&input_name); -+ ds_free (&output_name); - } - - /* Try and create a hard link from FILE_NAME to another file -diff --git a/src/dstring.c b/src/dstring.c -index e9c063f..358f356 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -20,8 +20,8 @@ - #if defined(HAVE_CONFIG_H) - # include - #endif -- - #include -+#include - #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) - #include - #else -@@ -33,24 +33,41 @@ - /* Initialiaze dynamic string STRING with space for SIZE characters. */ - - void --ds_init (dynamic_string *string, int size) -+ds_init (dynamic_string *string) -+{ -+ memset (string, 0, sizeof *string); -+} -+ -+/* Free the dynamic string storage. */ -+ -+void -+ds_free (dynamic_string *string) - { -- string->ds_length = size; -- string->ds_string = (char *) xmalloc (size); -+ free (string->ds_string); - } - --/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ -+/* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string, int size) -+ds_resize (dynamic_string *string) - { -- if (size > string->ds_length) -+ if (string->ds_idx == string->ds_size) - { -- string->ds_length = size; -- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); -+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, -+ 1); - } - } - -+/* Reset the index of the dynamic string S to LEN. */ -+ -+void -+ds_reset (dynamic_string *s, size_t len) -+{ -+ while (len > s->ds_size) -+ ds_resize (s); -+ s->ds_idx = len; -+} -+ - /* Dynamic string S gets a string terminated by the EOS character - (which is removed) from file F. S will increase - in size during the function if the string from F is longer than -@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size) - char * - ds_fgetstr (FILE *f, dynamic_string *s, char eos) - { -- int insize; /* Amount needed for line. */ -- int strsize; /* Amount allocated for S. */ - int next_ch; - - /* Initialize. */ -- insize = 0; -- strsize = s->ds_length; -+ s->ds_idx = 0; - - /* Read the input string. */ -- next_ch = getc (f); -- while (next_ch != eos && next_ch != EOF) -+ while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- if (insize >= strsize - 1) -- { -- ds_resize (s, strsize * 2 + 2); -- strsize = s->ds_length; -- } -- s->ds_string[insize++] = next_ch; -- next_ch = getc (f); -+ ds_resize (s); -+ s->ds_string[s->ds_idx++] = next_ch; - } -- s->ds_string[insize++] = '\0'; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = '\0'; - -- if (insize == 1 && next_ch == EOF) -+ if (s->ds_idx == 0 && next_ch == EOF) - return NULL; - else - return s->ds_string; - } - -+void -+ds_append (dynamic_string *s, int c) -+{ -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = c; -+ if (c) -+ { -+ s->ds_idx++; -+ ds_resize (s); -+ s->ds_string[s->ds_idx] = 0; -+ } -+} -+ -+void -+ds_concat (dynamic_string *s, char const *str) -+{ -+ size_t len = strlen (str); -+ while (len + 1 > s->ds_size) -+ ds_resize (s); -+ memcpy (s->ds_string + s->ds_idx, str, len); -+ s->ds_idx += len; -+ s->ds_string[s->ds_idx] = 0; -+} -+ - char * - ds_fgets (FILE *f, dynamic_string *s) - { -@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) - { - return ds_fgetstr (f, s, '\0'); - } -+ -+/* Return true if the dynamic string S ends with character C. */ -+int -+ds_endswith (dynamic_string *s, int c) -+{ -+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); -+} -diff --git a/src/dstring.h b/src/dstring.h -index b5135fe..f5b04ef 100644 ---- a/src/dstring.h -+++ b/src/dstring.h -@@ -17,10 +17,6 @@ - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA. */ - --#ifndef NULL --#define NULL 0 --#endif -- - /* A dynamic string consists of record that records the size of an - allocated string and the pointer to that string. The actual string - is a normal zero byte terminated string that can be used with the -@@ -30,22 +26,25 @@ - - typedef struct - { -- int ds_length; /* Actual amount of storage allocated. */ -- char *ds_string; /* String. */ -+ size_t ds_size; /* Actual amount of storage allocated. */ -+ size_t ds_idx; /* Index of the next free byte in the string. */ -+ char *ds_string; /* String storage. */ - } dynamic_string; - -+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } - --/* Macros that look similar to the original string functions. -- WARNING: These macros work only on pointers to dynamic string records. -- If used with a real record, an "&" must be used to get the pointer. */ --#define ds_strlen(s) strlen ((s)->ds_string) --#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) --#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) --#define ds_index(s, c) index ((s)->ds_string, c) --#define ds_rindex(s, c) rindex ((s)->ds_string, c) -+void ds_init (dynamic_string *string); -+void ds_free (dynamic_string *string); -+void ds_reset (dynamic_string *s, size_t len); - --void ds_init (dynamic_string *string, int size); --void ds_resize (dynamic_string *string, int size); -+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ - char *ds_fgetname (FILE *f, dynamic_string *s); - char *ds_fgets (FILE *f, dynamic_string *s); - char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); -+void ds_append (dynamic_string *s, int c); -+void ds_concat (dynamic_string *s, char const *str); -+ -+#define ds_len(s) ((s)->ds_idx) -+ -+int ds_endswith (dynamic_string *s, int c); -+ -diff --git a/src/util.c b/src/util.c -index 4421b20..6d6bbaa 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -846,11 +846,9 @@ get_next_reel (int tape_des) - FILE *tty_out; /* File for interacting with user. */ - int old_tape_des; - char *next_archive_name; -- dynamic_string new_name; -+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; - char *str_res; - -- ds_init (&new_name, 128); -- - /* Open files for interactive communication. */ - tty_in = fopen (TTY_NAME, "r"); - if (tty_in == NULL) -@@ -925,7 +923,7 @@ get_next_reel (int tape_des) - error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), - old_tape_des, tape_des); - -- free (new_name.ds_string); -+ ds_free (&new_name); - fclose (tty_in); - fclose (tty_out); - } --- -1.8.3.1 - diff --git a/backport-0002-CVE-2021-38185-Fix-previous-commit.patch b/backport-0002-CVE-2021-38185-Fix-previous-commit.patch deleted file mode 100644 index f310a1184ff3b2499623fbec25bfb5e45b2e2c09..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2021-38185-Fix-previous-commit.patch +++ /dev/null @@ -1,36 +0,0 @@ -From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 11 Aug 2021 18:10:38 +0300 -Subject: [PATCH 12/13] Fix previous commit - -* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a -loop. ---- - src/dstring.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index 692d3e7..b7e0bb5 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -64,7 +64,7 @@ void - ds_reset (dynamic_string *s, size_t len) - { - while (len > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - s->ds_idx = len; - } - -@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); - while (len + 1 > s->ds_size) -- ds_resize (s); -+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -1.8.3.1 - diff --git a/backport-0003-CVE-2021-38185-Fix-dynamic-string-reallocations.patch b/backport-0003-CVE-2021-38185-Fix-dynamic-string-reallocations.patch deleted file mode 100644 index b7ee7cdfbbdd04467aebeff30742a3daf88a2e52..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2021-38185-Fix-dynamic-string-reallocations.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 236684f6deb3178043fe72a8e2faca538fa2aae1 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 18 Aug 2021 09:41:39 +0300 -Subject: [PATCH 13/13] Fix dynamic string reallocations - -* src/dstring.c (ds_resize): Take additional argument: number of -bytes to leave available after ds_idx. All uses changed. ---- - src/dstring.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/src/dstring.c b/src/dstring.c -index b7e0bb5..fd4e030 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -49,9 +49,9 @@ ds_free (dynamic_string *string) - /* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string) -+ds_resize (dynamic_string *string, size_t len) - { -- if (string->ds_idx == string->ds_size) -+ while (len + string->ds_idx >= string->ds_size) - { - string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, - 1); -@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string) - void - ds_reset (dynamic_string *s, size_t len) - { -- while (len > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - s->ds_idx = len; - } - -@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - /* Read the input string. */ - while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx++] = next_ch; - } -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = '\0'; - - if (s->ds_idx == 0 && next_ch == EOF) -@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos) - void - ds_append (dynamic_string *s, int c) - { -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = c; - if (c) - { - s->ds_idx++; -- ds_resize (s); -+ ds_resize (s, 0); - s->ds_string[s->ds_idx] = 0; - } - } -@@ -115,8 +114,7 @@ void - ds_concat (dynamic_string *s, char const *str) - { - size_t len = strlen (str); -- while (len + 1 > s->ds_size) -- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); -+ ds_resize (s, len); - memcpy (s->ds_string + s->ds_idx, str, len); - s->ds_idx += len; - s->ds_string[s->ds_idx] = 0; --- -1.8.3.1 - diff --git a/backport-cpio-2.13-mutiple-definition.patch b/backport-cpio-2.13-mutiple-definition.patch deleted file mode 100644 index 4a23474954681bb2e0d9e4401f5c795f644f2c6d..0000000000000000000000000000000000000000 --- a/backport-cpio-2.13-mutiple-definition.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Mon, 20 Jan 2020 07:45:39 +0200 -Subject: [PATCH] Minor fix * src/global.c: Remove superfluous declaration of - program_name - ---- - src/global.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/global.c b/src/global.c -index fb3abe9..acf92bc 100644 ---- a/src/global.c -+++ b/src/global.c -@@ -184,9 +184,6 @@ unsigned int warn_option = 0; - /* Extract to standard output? */ - bool to_stdout_option = false; - --/* The name this program was run with. */ --char *program_name; -- - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); --- -1.8.3.1 - diff --git a/cpio-2.10-patternnamesigsegv.patch b/cpio-2.10-patternnamesigsegv.patch index 27e37425a5c755d2f97714ce950891b4084c1968..6e3ac1df33c3a4162cb30dd9340858ec6159fca6 100644 --- a/cpio-2.10-patternnamesigsegv.patch +++ b/cpio-2.10-patternnamesigsegv.patch @@ -4,43 +4,34 @@ Subject: [PATCH 5/7] fix segfault with nonexisting file with patternnames (#567022) diff --git a/src/copyin.c b/src/copyin.c -index 12bd27c..183b5b5 100644 +index 5d88a23..f2babb7 100644 --- a/src/copyin.c +++ b/src/copyin.c -@@ -870,21 +870,24 @@ read_pattern_file () +@@ -948,21 +948,24 @@ read_pattern_file (void) pattern_fp = fopen (pattern_file_name, "r"); if (pattern_fp == NULL) - open_fatal (pattern_file_name); - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) -- { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -- new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); -- ++new_num_patterns; -- } -- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) -- close_error (pattern_file_name); + open_error (pattern_file_name); + else + { + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) -+ { -+ if (new_num_patterns >= max_new_patterns) -+ { -+ max_new_patterns += 1; -+ new_save_patterns = (char **) -+ xrealloc ((char *) new_save_patterns, -+ max_new_patterns * sizeof (char *)); -+ } -+ new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); -+ ++new_num_patterns; -+ } + { + if (new_num_patterns == max_new_patterns) +- new_save_patterns = x2nrealloc (new_save_patterns, ++ new_save_patterns = x2nrealloc (new_save_patterns, + &max_new_patterns, + sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } + +- ds_free (&pattern_name); ++ ds_free (&pattern_name); + +- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) +- close_error (pattern_file_name); + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + } diff --git a/cpio-2.13-dev_number.patch b/cpio-2.13-dev_number.patch index 20943a30b97a13debc282f0fbbb016aaa0dfa051..4a115e26c84dd2c27d0764ea42c1ebeb4ff56a94 100644 --- a/cpio-2.13-dev_number.patch +++ b/cpio-2.13-dev_number.patch @@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:37:15 +0200 Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109) diff --git a/src/copyin.c b/src/copyin.c -index b29f348..1142d6a 100644 +index 2e72356..5d88a23 100644 --- a/src/copyin.c +++ b/src/copyin.c -@@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, +@@ -1287,15 +1287,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, swab_array ((char *) short_hdr, 13); } @@ -24,5 +24,5 @@ index b29f348..1142d6a 100644 + file_hdr->c_rdev_maj = major ((unsigned short)short_hdr->c_rdev); + file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 - | short_hdr->c_mtimes[1]; + | short_hdr->c_mtimes[1]; file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 diff --git a/cpio-2.13-exitCode.patch b/cpio-2.13-exitCode.patch index 4af7736980794e38a7f78f782e429e220079c425..cd5ef99c251c0c65954a743e81c3289d7098dd03 100644 --- a/cpio-2.13-exitCode.patch +++ b/cpio-2.13-exitCode.patch @@ -32,7 +32,7 @@ index b45c731..fd8454d 100755 @@ -2885,7 +2885,6 @@ fi at_status=$? at_failed=false $at_check_filter - echo >>"$at_stderr"; $as_echo "cpio: file: value size 17179869184 out of allowed range 0..8589934591 + echo >>"$at_stderr"; printf "%s\n" "cpio: file: value size 17179869184 out of allowed range 0..8589934591 -2 blocks " | \ $at_diff - "$at_stderr" || at_failed=: diff --git a/cpio-2.13.tar.bz2 b/cpio-2.13.tar.bz2 deleted file mode 100644 index ed2aa3ec7cd594c9862b12b44957e28ba46547a9..0000000000000000000000000000000000000000 Binary files a/cpio-2.13.tar.bz2 and /dev/null differ diff --git a/cpio-2.14.tar.bz2 b/cpio-2.14.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..6eb607629164590bc99202280de1ba98d03b33ee Binary files /dev/null and b/cpio-2.14.tar.bz2 differ diff --git a/cpio-2.9-rh.patch b/cpio-2.9-rh.patch index 23d70dbe001b0004ec58633bc5bd5bd7aa6b6fe5..78eaadb7660d0ddf37aaea0459aac5085c5baf0c 100644 --- a/cpio-2.9-rh.patch +++ b/cpio-2.9-rh.patch @@ -56,7 +56,7 @@ index a13861f..a875a13 100644 {NULL, 'c', NULL, 0, - N_("Use the old portable (ASCII) archive format"), GRID+1 }, + N_("Identical to \"-H newc\", use the new (SVR4) portable format. If you wish the old portable (ASCII) archive format, use \"-H odc\" instead."), GRID+1 }, - {"dot", 'V', NULL, 0, + {"dot", 'V', NULL, 0, N_("Print a \".\" for each file processed"), GRID+1 }, {"io-size", 'C', N_("NUMBER"), 0, @@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct argp_state *state) diff --git a/cpio.spec b/cpio.spec index 45bd6d6409d9b1ceda34e8985d00ba015a2494b8..3e786ee1583ffeb0f28ae4be568cb6aaef79387d 100644 --- a/cpio.spec +++ b/cpio.spec @@ -1,6 +1,6 @@ Name: cpio -Version: 2.13 -Release: 9 +Version: 2.14 +Release: 1 Summary: A GNU archiving program License: GPLv3+ @@ -14,11 +14,8 @@ Patch3: cpio-2.9.90-defaultremoteshell.patch Patch4: cpio-2.10-patternnamesigsegv.patch Patch5: cpio-2.10-longnames-split.patch Patch6: cpio-2.11-crc-fips-nit.patch -Patch7: revert-CVE-2015-1197.patch -Patch8: backport-cpio-2.13-mutiple-definition.patch -Patch9: backport-0001-CVE-2021-38185-Rewrite-dynamic-string-support.patch -Patch10: backport-0002-CVE-2021-38185-Fix-previous-commit.patch -Patch11: backport-0003-CVE-2021-38185-Fix-dynamic-string-reallocations.patch +Patch7: revert-CVE-2015-1197.patch +Patch8: revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch Patch9000: add-option-to-add-metadata-in-copy-out-mode.patch Patch9001: Fix-use-after-free-and-return-appropriate-error.patch @@ -64,6 +61,12 @@ make check %{_datadir}/man/man1/%{name}.1.gz %changelog +* Mon Jul 17 2023 zhangruifang - 2.14-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:update to 2.14 + * Tue Jun 20 2023 fuanan - 2.13-9 - Type:bugfix - ID:NA diff --git a/revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch b/revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch new file mode 100644 index 0000000000000000000000000000000000000000..16e84018e0ae6fe4be15935c55781636e0abcf6e --- /dev/null +++ b/revert-CVE-2015-1197-Fix-45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca.patch @@ -0,0 +1,218 @@ +From a365d052b01a5df1ffe716ee8af3e71ee15836fa Mon Sep 17 00:00:00 2001 +From: zhangruifang2020 +Date: Mon, 17 Jul 2023 11:39:03 +0800 +Subject: [PATCH] revert Fix 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca + +--- + src/copyin.c | 173 +++++++-------------------------------------------- + 1 file changed, 22 insertions(+), 151 deletions(-) + +diff --git a/src/copyin.c b/src/copyin.c +index f2babb7..2316feb 100644 +--- a/src/copyin.c ++++ b/src/copyin.c +@@ -30,7 +30,6 @@ + #ifndef FNM_PATHNAME + # include + #endif +-#include + + #ifndef HAVE_LCHOWN + # define lchown(f,u,g) 0 +@@ -622,136 +621,6 @@ copyin_device (struct cpio_file_stat* file_hdr) + file_hdr->c_mtime); + } + +-struct delayed_link +- { +- /* The device and inode number of the placeholder. */ +- dev_t dev; +- ino_t ino; +- +- /* The desired link metadata. */ +- mode_t mode; +- uid_t uid; +- gid_t gid; +- time_t mtime; +- +- /* Link source and target names. */ +- char *source; +- char target[1]; +- }; +- +-static Hash_table *delayed_link_table; +- +-static size_t +-dl_hash (void const *entry, size_t table_size) +-{ +- struct delayed_link const *dl = entry; +- uintmax_t n = dl->dev; +- int nshift = (sizeof (n) - sizeof (dl->dev)) * CHAR_BIT; +- if (0 < nshift) +- n <<= nshift; +- n ^= dl->ino; +- return n % table_size; +-} +- +-static bool +-dl_compare (void const *a, void const *b) +-{ +- struct delayed_link const *da = a, *db = b; +- return (da->dev == db->dev) & (da->ino == db->ino); +-} +- +-static int +-symlink_placeholder (char *oldpath, char *newpath, struct cpio_file_stat *file_stat) +-{ +- int fd = open (newpath, O_WRONLY | O_CREAT | O_EXCL, 0); +- struct stat st; +- struct delayed_link *p; +- size_t newlen = strlen (newpath); +- +- if (fd < 0) +- { +- open_error (newpath); +- return -1; +- } +- +- if (fstat (fd, &st) != 0) +- { +- stat_error (newpath); +- close (fd); +- return -1; +- } +- +- close (fd); +- +- p = xmalloc (sizeof (*p) + strlen (oldpath) + newlen + 1); +- p->dev = st.st_dev; +- p->ino = st.st_ino; +- +- p->mode = file_stat->c_mode; +- p->uid = file_stat->c_uid; +- p->gid = file_stat->c_gid; +- p->mtime = file_stat->c_mtime; +- +- strcpy (p->target, newpath); +- p->source = p->target + newlen + 1; +- strcpy (p->source, oldpath); +- +- if (!((delayed_link_table +- || (delayed_link_table = hash_initialize (0, 0, dl_hash, +- dl_compare, free))) +- && hash_insert (delayed_link_table, p))) +- xalloc_die (); +- +- return 0; +-} +- +-static void +-replace_symlink_placeholders (void) +-{ +- struct delayed_link *dl; +- +- if (!delayed_link_table) +- return; +- for (dl = hash_get_first (delayed_link_table); +- dl; +- dl = hash_get_next (delayed_link_table, dl)) +- { +- struct stat st; +- +- /* Make sure the placeholder file is still there. If not, +- don't create a link, as the placeholder was probably +- removed by a later extraction. */ +- if (lstat (dl->target, &st) == 0 +- && st.st_dev == dl->dev +- && st.st_ino == dl->ino) +- { +- if (unlink (dl->target)) +- unlink_error (dl->target); +- else +- { +- int res = UMASKED_SYMLINK (dl->source, dl->target, dl->mode); +- if (res < 0 && create_dir_flag) +- { +- create_all_directories (dl->target); +- res = UMASKED_SYMLINK (dl->source, dl->target, dl->mode); +- } +- if (res < 0) +- symlink_error (dl->source, dl->target); +- else if (!no_chown_flag) +- { +- uid_t uid = set_owner_flag ? set_owner : dl->uid; +- gid_t gid = set_group_flag ? set_group : dl->gid; +- if (lchown (dl->target, uid, gid) < 0 && errno != EPERM) +- chown_error_details (dl->target, uid, gid); +- } +- } +- } +- } +- +- hash_free (delayed_link_table); +- delayed_link_table = NULL; +-} +- + static void + copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) + { +@@ -777,26 +646,29 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) + link_name = xstrdup (file_hdr->c_tar_linkname); + } + +- if (no_abs_paths_flag) +- symlink_placeholder (link_name, file_hdr->c_name, file_hdr); +- else ++ cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); ++ ++ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, ++ file_hdr->c_mode); ++ if (res < 0 && create_dir_flag) + { +- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, +- file_hdr->c_mode); +- if (res < 0 && create_dir_flag) +- { +- create_all_directories (file_hdr->c_name); +- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); +- } +- if (res < 0) +- symlink_error (link_name, file_hdr->c_name); +- else if (!no_chown_flag) +- { +- uid_t uid = set_owner_flag ? set_owner : file_hdr->c_uid; +- gid_t gid = set_group_flag ? set_group : file_hdr->c_gid; +- if (lchown (file_hdr->c_name, uid, gid) < 0 && errno != EPERM) +- chown_error_details (file_hdr->c_name, uid, gid); +- } ++ create_all_directories (file_hdr->c_name); ++ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); ++ } ++ if (res < 0) ++ { ++ error (0, errno, _("%s: Cannot symlink to %s"), ++ quotearg_colon (link_name), quote_n (1, file_hdr->c_name)); ++ free (link_name); ++ return; ++ } ++ if (!no_chown_flag) ++ { ++ uid_t uid = set_owner_flag ? set_owner : file_hdr->c_uid; ++ gid_t gid = set_group_flag ? set_group : file_hdr->c_gid; ++ if ((lchown (file_hdr->c_name, uid, gid) < 0) ++ && errno != EPERM) ++ chown_error_details (file_hdr->c_name, uid, gid); + } + free (link_name); + } +@@ -1577,7 +1449,6 @@ process_copy_in (void) + if (dot_flag) + fputc ('\n', stderr); + +- replace_symlink_placeholders (); + apply_delayed_set_stat (); + + cpio_file_stat_free (&file_hdr); +-- +2.27.0 + diff --git a/revert-CVE-2015-1197.patch b/revert-CVE-2015-1197.patch index eacd27b46e168c26830fd156385536baca8e65ff..666764a3feb5c61f00a549c95356f1ebb84673eb 100644 --- a/revert-CVE-2015-1197.patch +++ b/revert-CVE-2015-1197.patch @@ -4,43 +4,22 @@ Date: Thu, 26 Nov 2020 19:13:13 +0800 Subject: [PATCH] revert "CVE-2015-1197" reason:https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html + --- - src/copyin.c | 5 ++--- - tests/CVE-2015-1197.at | 43 ------------------------------------------ + tests/CVE-2015-1197.at | 40 ---------------------------------------- tests/Makefile.am | 1 - tests/testsuite.at | 1 - - 4 files changed, 2 insertions(+), 48 deletions(-) + 3 files changed, 42 deletions(-) delete mode 100644 tests/CVE-2015-1197.at -diff --git a/src/copyin.c b/src/copyin.c -index de31636..bf3b0a8 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -645,14 +645,13 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - link_name = xstrdup (file_hdr->c_tar_linkname); - } - -- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); -- - res = UMASKED_SYMLINK (link_name, file_hdr->c_name, - file_hdr->c_mode); - if (res < 0 && create_dir_flag) - { - create_all_directories (file_hdr->c_name); -- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); -+ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, -+ file_hdr->c_mode); - } - if (res < 0) - { diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at deleted file mode 100644 -index 6079af7..0000000 +index 74591b1..0000000 --- a/tests/CVE-2015-1197.at +++ /dev/null -@@ -1,43 +0,0 @@ +@@ -1,40 +0,0 @@ -# Process this file with autom4te to create testsuite. -*- Autotest -*- --# Copyright (C) 2009-2019 Free Software Foundation, Inc. +-# Copyright (C) 2009-2023 Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by @@ -65,25 +44,22 @@ index 6079af7..0000000 -[dir -dir/file -]) --ln -s /tmp dir --touch /tmp/file -cpio -o < filelist > test.cpio --rm dir /tmp/file +-rm -rf dir $tempdir -cpio --no-absolute-filenames -iv < test.cpio -], -[2], -[], -[1 block --cpio: Removing leading `/' from hard link targets -dir --cpio: dir/file: Cannot open: No such file or directory +-cpio: dir/file: Cannot open: Not a directory -dir/file -1 block -]) -AT_CLEANUP - diff --git a/tests/Makefile.am b/tests/Makefile.am -index 65bf470..a71c057 100644 +index 52503c9..022a856 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -56,7 +56,6 @@ TESTSUITE_AT = \ @@ -95,10 +71,10 @@ index 65bf470..a71c057 100644 TESTSUITE = $(srcdir)/testsuite diff --git a/tests/testsuite.at b/tests/testsuite.at -index aa56bb9..58ed1d2 100644 +index c58cbb7..da3ba75 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at -@@ -44,5 +44,4 @@ m4_include([setstat04.at]) +@@ -43,5 +43,4 @@ m4_include([setstat04.at]) m4_include([setstat05.at]) m4_include([big-block-size.at])