[packages/cpio] up to 2.14

atler atler at pld-linux.org
Wed May 3 20:38:57 CEST 2023 

commit 5570dd3824bd8663b1d6bd641006a80136c6ec9f
Author: Jan Palus <atler at pld-linux.org>
Date:   Wed May 3 20:37:58 2023 +0200

    up to 2.14
    
    - fix for CVE-2015-1197 rewritten and revert not required anymore
      according to https://lists.gnu.org/archive/html/bug-cpio/2023-04/msg00013.html

 cpio.spec                      | 14 +++----
 gcc10.patch                    | 27 -------------
 revert-CVE-2015-1197-fix.patch | 91 ------------------------------------------
 3 files changed, 5 insertions(+), 127 deletions(-)
---
diff --git a/cpio.spec b/cpio.spec
index 56fa370..cbbb250 100644
--- a/cpio.spec
+++ b/cpio.spec
@@ -8,21 +8,19 @@ Summary(ru.UTF-8):	Архивная программа GNU
 Summary(tr.UTF-8):	GNU cpio arşivleme programı
 Summary(uk.UTF-8):	Архівна програма GNU
 Name:		cpio
-Version:	2.13
-Release:	4
+Version:	2.14
+Release:	1
 License:	GPL v3+
 Group:		Applications/Archiving
 Source0:	https://ftp.gnu.org/gnu/cpio/%{name}-%{version}.tar.bz2
-# Source0-md5:	f3438e672e3fa273a7dc26339dd1eed6
+# Source0-md5:	b153e1843561841d37190e48b891188d
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	027552f4053477462a09fadc162a5e65
 Patch0:		%{name}-info.patch
 Patch1:		%{name}-ifdef.patch
-Patch2:		revert-CVE-2015-1197-fix.patch
-Patch3:		gcc10.patch
 URL:		http://www.gnu.org/software/cpio/
-BuildRequires:	autoconf >= 2.63
-BuildRequires:	automake >= 1:1.11.1
+BuildRequires:	autoconf >= 2.71
+BuildRequires:	automake >= 1:1.16.5
 BuildRequires:	gettext-tools >= 0.19
 BuildRequires:	texinfo
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -106,8 +104,6 @@ cpio копіює файли в або з архіву cpio або tar, який
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
 %{__gettextize}
diff --git a/gcc10.patch b/gcc10.patch
deleted file mode 100644
index 9c7d7ed..0000000
--- a/gcc10.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray at gnu.org>
-Date: Mon, 20 Jan 2020 07:45:39 +0200
-Subject: Minor fix * src/global.c: Remove superfluous declaration of
- program_name
-
----
- src/global.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/global.c b/src/global.c
-index fb3abe9..acf92bc 100644
---- a/src/global.c
-+++ b/src/global.c
-@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
- /* Extract to standard output? */
- bool to_stdout_option = false;
- 
--/* The name this program was run with.  */
--char *program_name;
--
- /* A pointer to either lstat or stat, depending on whether
-    dereferencing of symlinks is done for input files.  */
- int (*xstat) ();
--- 
-cgit v1.2.1
-
diff --git a/revert-CVE-2015-1197-fix.patch b/revert-CVE-2015-1197-fix.patch
deleted file mode 100644
index 1106ac7..0000000
--- a/revert-CVE-2015-1197-fix.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-revert fix for CVE-2015-1197 as it causes shutdown issues
-
-revert suggested as a workaround by upstream:
-https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
-
---- b/src/copyin.c
-+++ a/src/copyin.c
-@@ -645,14 +645,13 @@
-       link_name = xstrdup (file_hdr->c_tar_linkname);
-     }
- 
--  cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
--  
-   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
- 			 file_hdr->c_mode);
-   if (res < 0 && create_dir_flag)
-     {
-       create_all_directories (file_hdr->c_name);
-+      res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
-+			     file_hdr->c_mode);
--      res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
-     }
-   if (res < 0)
-     {
---- b/tests/CVE-2015-1197.at
-+++ /dev/null
-@@ -1,43 +0,0 @@
--# Process this file with autom4te to create testsuite.  -*- Autotest -*-
--# Copyright (C) 2009-2019 Free Software Foundation, Inc.
--#
--# This program is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 3, or (at your option)
--# any later version.
--#
--# This program is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with this program.  If not, see <http://www.gnu.org/licenses/>.
--
--AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
--AT_CHECK([
--tempdir=$(pwd)/tmp
--mkdir $tempdir
--touch $tempdir/file
--ln -s $tempdir dir
--AT_DATA([filelist],
--[dir
--dir/file
--])
--ln -s /tmp dir
--touch /tmp/file
--cpio -o < filelist > test.cpio
--rm dir /tmp/file
--cpio --no-absolute-filenames -iv < test.cpio
--],
--[2],
--[],
--[1 block
--cpio: Removing leading `/' from hard link targets
--dir
--cpio: dir/file: Cannot open: No such file or directory
--dir/file
--1 block
--])
--AT_CLEANUP
--
---- b/tests/Makefile.am
-+++ a/tests/Makefile.am
-@@ -56,9 +56,8 @@
-  symlink-long.at\
-  symlink-to-stdout.at\
-  version.at\
-  big-block-size.at\
-- CVE-2015-1197.at\
-  CVE-2019-14866.at
- 
- TESTSUITE = $(srcdir)/testsuite
-
---- b/tests/testsuite.at
-+++ a/tests/testsuite.at
-@@ -43,6 +43,5 @@
- m4_include([setstat04.at])
- m4_include([setstat05.at])
- m4_include([big-block-size.at])
-
--m4_include([CVE-2015-1197.at])
- m4_include([CVE-2019-14866.at])
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/cpio.git/commitdiff/5570dd3824bd8663b1d6bd641006a80136c6ec9f

More information about the pld-cvs-commit mailing list