From d205eb129124c71a6615a55d2ccc71bf0abffb50 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 18:57:46 +0000 Subject: [PATCH] import UBI cpio-2.15-3.el10 --- .cpio.metadata | 1 - .gitignore | 3 +- SOURCES/cpio-2.11-retain-symlink-times.patch | 92 -- .../cpio-2.12-improper-input-validation.patch | 154 -- SOURCES/cpio-2.13-CVE-2021-38185.patch | 1266 ----------------- SOURCES/cpio-2.9-exitCode.patch | 18 - ...t.patch => cpio-2.10-longnames-split.patch | 0 ...-nit.patch => cpio-2.11-crc-fips-nit.patch | 0 ...number.patch => cpio-2.14-dev_number.patch | 8 +- cpio-2.14-exitCode.patch | 39 + ...atch => cpio-2.14-patternnamesigsegv.patch | 43 +- .../cpio-2.9-rh.patch => cpio-2.14-rh.patch | 16 +- ...ch => cpio-2.9.90-defaultremoteshell.patch | 0 SOURCES/cpio.1 => cpio.1 | 0 SPECS/cpio.spec => cpio.spec | 150 +- gray-key.gpg | 31 + sources | 2 + 17 files changed, 210 insertions(+), 1613 deletions(-) delete mode 100644 .cpio.metadata delete mode 100644 SOURCES/cpio-2.11-retain-symlink-times.patch delete mode 100644 SOURCES/cpio-2.12-improper-input-validation.patch delete mode 100644 SOURCES/cpio-2.13-CVE-2021-38185.patch delete mode 100644 SOURCES/cpio-2.9-exitCode.patch rename SOURCES/cpio-2.10-longnames-split.patch => cpio-2.10-longnames-split.patch (100%) rename SOURCES/cpio-2.11-crc-fips-nit.patch => cpio-2.11-crc-fips-nit.patch (100%) rename SOURCES/cpio-2.9-dev_number.patch => cpio-2.14-dev_number.patch (83%) create mode 100644 cpio-2.14-exitCode.patch rename SOURCES/cpio-2.10-patternnamesigsegv.patch => cpio-2.14-patternnamesigsegv.patch (53%) rename SOURCES/cpio-2.9-rh.patch => cpio-2.14-rh.patch (87%) rename SOURCES/cpio-2.9.90-defaultremoteshell.patch => cpio-2.9.90-defaultremoteshell.patch (100%) rename SOURCES/cpio.1 => cpio.1 (100%) rename SPECS/cpio.spec => cpio.spec (80%) create mode 100644 gray-key.gpg create mode 100644 sources diff --git a/.cpio.metadata b/.cpio.metadata deleted file mode 100644 index e725b54..0000000 --- a/.cpio.metadata +++ /dev/null @@ -1 +0,0 @@ -60358408c76db354f6716724c4bcbcb6e18ab642 SOURCES/cpio-2.12.tar.bz2 diff --git a/.gitignore b/.gitignore index 80366d6..b5013e0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/cpio-2.12.tar.bz2 +cpio-2.15.tar.bz2 +cpio-2.15.tar.bz2.sig diff --git a/SOURCES/cpio-2.11-retain-symlink-times.patch b/SOURCES/cpio-2.11-retain-symlink-times.patch deleted file mode 100644 index a4e015d..0000000 --- a/SOURCES/cpio-2.11-retain-symlink-times.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 7a4094d382e74aaed0a0b8356dc24d64952852f9 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup -Date: Fri, 3 Jul 2020 12:32:58 +0200 -Subject: [PATCH] Extract: retain times for symlinks - -Original report by Pat Riehecky at -https://bugzilla.redhat.com/1486364 - -* src/copyin.c (copyin_device): Don't check for retain_time_flag -global, it's done by set_file_times. -(copyin_link): Call set_file_times to restore symlink times. -* src/util.c (set_perms): Don't check for retain_time_flag global, -done by set_file_times call. -(set_file_times): Do nothing if retain_time_flag global is false. -* src/copypass.c (process_copy_pass): Call set_file_times for -symlinks. ---- - src/copyin.c | 5 ++--- - src/copypass.c | 2 ++ - src/util.c | 6 ++++-- - 3 files changed, 8 insertions(+), 5 deletions(-) - -diff --git a/src/copyin.c b/src/copyin.c -index 183b5b5..267ed4b 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -639,9 +639,7 @@ copyin_device (struct cpio_file_stat* file_hdr) - /* chown may have turned off some permissions we wanted. */ - if (chmod (file_hdr->c_name, file_hdr->c_mode) < 0) - chmod_error_details (file_hdr->c_name, file_hdr->c_mode); -- if (retain_time_flag) -- set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, -- file_hdr->c_mtime); -+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime); - } - - static void -@@ -692,6 +690,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - && errno != EPERM) - chown_error_details (file_hdr->c_name, uid, gid); - } -+ set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime); - free (link_name); - } - -diff --git a/src/copypass.c b/src/copypass.c -index c5a9899..b4e7169 100644 ---- a/src/copypass.c -+++ b/src/copypass.c -@@ -317,6 +317,8 @@ process_copy_pass () - && errno != EPERM) - chown_error_details (output_name.ds_string, uid, gid); - } -+ set_file_times (-1, output_name.ds_string, -+ in_file_stat.st_atime, in_file_stat.st_mtime); - free (link_name); - } - #endif -diff --git a/src/util.c b/src/util.c -index 6ff6032..11f9c30 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -1389,7 +1389,6 @@ set_perms (int fd, struct cpio_file_stat *header) - we have to refer to it using name+ instead of name. */ - file_hdr->c_name [cdf_char] = '+'; - #endif -- if (retain_time_flag) - set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime); - } - -@@ -1398,6 +1397,8 @@ set_file_times (int fd, - const char *name, unsigned long atime, unsigned long mtime) - { - struct timespec ts[2]; -+ if (!retain_time_flag) -+ return; - - memset (&ts, 0, sizeof ts); - -@@ -1406,7 +1407,8 @@ set_file_times (int fd, - - /* Silently ignore EROFS because reading the file won't have upset its - timestamp if it's on a read-only filesystem. */ -- if (fdutimens (fd, name, ts) < 0 && errno != EROFS) -+ if ((fd >= 0 ? fdutimens (fd, NULL, ts) : lutimens (name, ts)) < 0 -+ && errno != EROFS) - utime_error (name); - } - --- -2.24.1 - diff --git a/SOURCES/cpio-2.12-improper-input-validation.patch b/SOURCES/cpio-2.12-improper-input-validation.patch deleted file mode 100644 index ae75da5..0000000 --- a/SOURCES/cpio-2.12-improper-input-validation.patch +++ /dev/null @@ -1,154 +0,0 @@ -From: Thomas Habets -Subject: [PATCH] Check for size overflow in tar header fields. - -This prevents surprising outputs being created, e.g. this cpio tar -output with more than one file: - -tar cf suffix.tar AUTHORS -dd if=/dev/zero seek=16G bs=1 count=0 of=suffix.tar -echo suffix.tar | cpio -H tar -o | tar tvf - - --rw-r--r-- 1000/1000 0 2019-08-30 16:40 suffix.tar --rw-r--r-- thomas/thomas 161 2019-08-30 16:40 AUTHORS ---- - src/copyout.c | 3 +-- - src/extern.h | 2 +- - src/tar.c | 45 ++++++++++++++++++++++++++++++++------------- - 3 files changed, 34 insertions(+), 16 deletions(-) - -diff --git a/src/copyout.c b/src/copyout.c -index dcae449..56416ba 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -552,8 +552,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des) - error (0, 0, _("%s: file name too long"), file_hdr->c_name); - return 1; - } -- write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */ -- return 0; -+ return write_out_tar_header (file_hdr, out_des); - - case arf_binary: - return write_out_binary_header (makedev (file_hdr->c_rdev_maj, -diff --git a/src/extern.h b/src/extern.h -index e27d662..47b477a 100644 ---- a/src/extern.h -+++ b/src/extern.h -@@ -145,7 +145,7 @@ int make_path (char *argpath, uid_t owner, gid_t group, - const char *verbose_fmt_string); - - /* tar.c */ --void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); -+int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des); - int null_block (long *block, int size); - void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des); - int otoa (char *s, unsigned long *n); -diff --git a/src/tar.c b/src/tar.c -index e2b5f45..53dc99a 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -93,8 +93,9 @@ stash_tar_filename (char *prefix, char *filename) - sprintf (where, "%*lo ", digits - 2, value); - except that sprintf fills in the trailing NUL and we don't. */ - --static void --to_oct (register long value, register int digits, register char *where) -+static int -+to_oct_or_error (register long value, register int digits, register char *where, -+ const char *filename, const char *fieldname) - { - --digits; /* Leave the trailing NUL slot alone. */ - -@@ -105,10 +106,17 @@ to_oct (register long value, register int digits, register char *where) - value >>= 3; - } - while (digits > 0 && value != 0); -+ if (value > 0) -+ { -+ error (1, 0, _("%s: field width not sufficient for storing %s"), -+ filename, fieldname); -+ return 1; -+ } - - /* Add leading zeroes, if necessary. */ - while (digits > 0) - where[--digits] = '0'; -+ return 0; - } - - -@@ -139,7 +147,7 @@ tar_checksum (struct tar_header *tar_hdr) - /* Write out header FILE_HDR, including the file name, to file - descriptor OUT_DES. */ - --void -+int - write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - { - int name_len; -@@ -168,11 +176,16 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - - /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal - digits */ -- to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode); -- to_oct (file_hdr->c_uid, 8, tar_hdr->uid); -- to_oct (file_hdr->c_gid, 8, tar_hdr->gid); -- to_oct (file_hdr->c_filesize, 12, tar_hdr->size); -- to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime); -+ if (to_oct_or_error (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode, file_hdr->c_name, _("mode"))) -+ return 1; -+ if (to_oct_or_error (file_hdr->c_uid, 8, tar_hdr->uid, file_hdr->c_name, _("uid"))) -+ return 1; -+ if (to_oct_or_error (file_hdr->c_gid, 8, tar_hdr->gid, file_hdr->c_name, _("gid"))) -+ return 1; -+ if (to_oct_or_error (file_hdr->c_filesize, 12, tar_hdr->size, file_hdr->c_name, _("file size"))) -+ return 1; -+ if (to_oct_or_error (file_hdr->c_mtime, 12, tar_hdr->mtime, file_hdr->c_name, _("modification time"))) -+ return 1; - - switch (file_hdr->c_mode & CP_IFMT) - { -@@ -184,7 +197,8 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); - tar_hdr->typeflag = LNKTYPE; -- to_oct (0, 12, tar_hdr->size); -+ if (to_oct_or_error (0, 12, tar_hdr->size, file_hdr->c_name, _("file size"))) -+ return 1; - } - else - tar_hdr->typeflag = REGTYPE; -@@ -210,7 +224,8 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - than TARLINKNAMESIZE. */ - strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname, - TARLINKNAMESIZE); -- to_oct (0, 12, tar_hdr->size); -+ if (to_oct_or_error (0, 12, tar_hdr->size, file_hdr->c_name, _("file size"))) -+ return 1; - break; - #endif /* CP_IFLNK */ - } -@@ -229,13 +244,17 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des) - if (name) - strcpy (tar_hdr->gname, name); - -- to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor); -- to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor); -+ if (to_oct_or_error (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor, file_hdr->c_name, _("rdev major"))) -+ return 1; -+ if (to_oct_or_error (file_hdr->c_rdev_min, 8, tar_hdr->devminor, file_hdr->c_name, _("rdev minor"))) -+ return 1; - } - -- to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum); -+ if (to_oct_or_error (tar_checksum (tar_hdr), 8, tar_hdr->chksum, file_hdr->c_name, _("checksum"))) -+ return 1; - - tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE); -+ return 0; - } - - /* Return nonzero iff all the bytes in BLOCK are NUL. --- -2.26.0 - diff --git a/SOURCES/cpio-2.13-CVE-2021-38185.patch b/SOURCES/cpio-2.13-CVE-2021-38185.patch deleted file mode 100644 index 556959c..0000000 --- a/SOURCES/cpio-2.13-CVE-2021-38185.patch +++ /dev/null @@ -1,1266 +0,0 @@ -From be54882039632c791493d3657042f7ea9d6f4a20 Mon Sep 17 00:00:00 2001 -From: Ondrej Dubaj -Date: Tue, 21 Sep 2021 11:42:02 +0200 -Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument. - (ds_free): New function. (ds_resize): Take a single argument. Use - x2nrealloc to expand the storage. - (ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr): - Rewrite. In particular, this fixes integer overflow. (ds_resize): Take - additional argument: number of bytes to leave available after ds_idx. All - uses changed. * src/dstring.h (dynamic_string): Keep both the allocated - length (ds_size) and index of the next free byte in the string (ds_idx). - (ds_init,ds_resize): Change signature. (ds_len): New macro. - (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. * - src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0. - (read_name_from_file): Print error message and skip file if its name is not - nul-terminated. (long_format): Cast rdev numbers to unsigned long * - src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise. - (tape_empty_output_buffer): Fix condition. * src/idcache.c - (getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c - (parse_user_spec): Likewise. - ---- - configure.ac | 4 +- - src/copyin.c | 228 ++++++++++++++++++------------------------------- - src/copyout.c | 77 +++++++++-------- - src/copypass.c | 34 ++++---- - src/cpiohdr.h | 9 +- - src/dstring.c | 89 +++++++++++++------ - src/dstring.h | 30 +++---- - src/extern.h | 22 +++-- - src/idcache.c | 11 ++- - src/makepath.c | 2 +- - src/userspec.c | 9 +- - src/util.c | 53 +++++++++--- - 12 files changed, 294 insertions(+), 274 deletions(-) - -diff --git a/configure.ac b/configure.ac -index c68bd44..49eaacd 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -21,8 +21,8 @@ AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],, - AC_CONFIG_SRCDIR(src/cpio.h) - AC_CONFIG_AUX_DIR([build-aux]) - AC_CONFIG_HEADERS([config.h]) --AC_PREREQ([2.63]) --AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules]) -+AC_PREREQ([2.64]) -+AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules]) - - # Enable silent rules by default: - AM_SILENT_RULES([yes]) -diff --git a/src/copyin.c b/src/copyin.c -index 267ed4b..2f9da73 100644 ---- a/src/copyin.c -+++ b/src/copyin.c -@@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - static dynamic_string new_name; /* New file name for rename option. */ - static int initialized_new_name = false; - if (!initialized_new_name) -- { -- ds_init (&new_name, 128); -- initialized_new_name = true; -- } -+ { -+ ds_init (&new_name); -+ initialized_new_name = true; -+ } - - if (rename_flag) - { -@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, - return -1; - } - else -- /* Debian hack: file_hrd.c_name is sometimes set to -- point to static memory by code in tar.c. This -- causes a segfault. This has been fixed and an -- additional check to ensure that the file name -- is not too long has been added. (Reported by -- Horst Knobloch.) This bug has been reported to -- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */ -- { -- if (archive_format != arf_tar && archive_format != arf_ustar) -- { -- free (file_hdr->c_name); -- file_hdr->c_name = xstrdup (new_name.ds_string); -- } -- else -- { -- if (is_tar_filename_too_long (new_name.ds_string)) -- error (0, 0, _("%s: file name too long"), -- new_name.ds_string); -- else -- strcpy (file_hdr->c_name, new_name.ds_string); -- } -- } -+ cpio_set_c_name (file_hdr, new_name.ds_string); - return 0; - } - -@@ -173,10 +152,8 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des) - } - else - { -- /* Debian hack: Modified to print a list of filenames -- terminiated by a null character when the -t and -0 -- flags are used. This has been submitted as a -- suggestion to "bug-gnu-utils@prep.ai.mit.edu". -BEM */ -+ /* Print out the name as it is. The name_end delimiter is normally -+ '\n', but can be reset to '\0' by the -0 option. */ - printf ("%s%c", file_hdr->c_name, name_end); - } - -@@ -201,7 +178,7 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des) - - static int - try_existing_file (struct cpio_file_stat* file_hdr, int in_file_des, -- int *existing_dir) -+ bool *existing_dir) - { - struct stat file_stat; - -@@ -344,8 +321,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr, - d_prev->next = d->next; - else - deferments = d->next; -- free (file_hdr->c_name); -- file_hdr->c_name = xstrdup(d->header.c_name); -+ cpio_set_c_name (file_hdr, d->header.c_name); - free_deferment (d); - copyin_regular_file(file_hdr, in_file_des); - return 0; -@@ -697,7 +673,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - static void - copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) - { -- int existing_dir; -+ bool existing_dir = false; - - if (!to_stdout_option - && try_existing_file (file_hdr, in_file_des, &existing_dir) < 0) -@@ -748,7 +724,7 @@ static time_t current_time; - this file is a symbolic link to. */ - - void --long_format (struct cpio_file_stat *file_hdr, char *link_name) -+long_format (struct cpio_file_stat *file_hdr, char const *link_name) - { - char mbuf[11]; - char tbuf[40]; -@@ -780,92 +756,42 @@ long_format (struct cpio_file_stat *file_hdr, char *link_name) - - if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR - || (file_hdr->c_mode & CP_IFMT) == CP_IFBLK) -- printf ("%3lu, %3lu ", file_hdr->c_rdev_maj, -- file_hdr->c_rdev_min); -+ printf ("%3lu, %3lu ", -+ (unsigned long) file_hdr->c_rdev_maj, -+ (unsigned long) file_hdr->c_rdev_min); - else - printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize); - - printf ("%s ", tbuf + 4); - -- print_name_with_quoting (file_hdr->c_name); -+ printf ("%s", quotearg (file_hdr->c_name)); - if (link_name) - { - printf (" -> "); -- print_name_with_quoting (link_name); -+ printf ("%s", quotearg (link_name)); - } - putc ('\n', stdout); - } - --void --print_name_with_quoting (register char *p) --{ -- register unsigned char c; -- -- while ( (c = *p++) ) -- { -- switch (c) -- { -- case '\\': -- printf ("\\\\"); -- break; -- -- case '\n': -- printf ("\\n"); -- break; -- -- case '\b': -- printf ("\\b"); -- break; -- -- case '\r': -- printf ("\\r"); -- break; -- -- case '\t': -- printf ("\\t"); -- break; -- -- case '\f': -- printf ("\\f"); -- break; -- -- case ' ': -- printf ("\\ "); -- break; -- -- case '"': -- printf ("\\\""); -- break; -- -- default: -- if (c > 040 && c < 0177) -- putchar (c); -- else -- printf ("\\%03o", (unsigned int) c); -- } -- } --} -- - /* Read a pattern file (for the -E option). Put a list of - `num_patterns' elements in `save_patterns'. Any patterns that were - already in `save_patterns' (from the command line) are preserved. */ - - static void --read_pattern_file () -+read_pattern_file (void) - { -- int max_new_patterns; -- char **new_save_patterns; -- int new_num_patterns; -+ char **new_save_patterns = NULL; -+ size_t max_new_patterns; -+ size_t new_num_patterns; - int i; -- dynamic_string pattern_name; -+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; - FILE *pattern_fp; - - if (num_patterns < 0) - num_patterns = 0; -- max_new_patterns = 1 + num_patterns; -- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); - new_num_patterns = num_patterns; -- ds_init (&pattern_name, 128); -+ max_new_patterns = num_patterns; -+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); - - pattern_fp = fopen (pattern_file_name, "r"); - if (pattern_fp == NULL) -@@ -874,16 +800,16 @@ read_pattern_file () - { - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) - { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -+ if (new_num_patterns == max_new_patterns) -+ new_save_patterns = x2nrealloc (new_save_patterns, -+ &max_new_patterns, -+ sizeof (new_save_patterns[0])); - new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); - ++new_num_patterns; - } -+ -+ ds_free (&pattern_name); -+ - if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) - close_error (pattern_file_name); - } -@@ -1066,6 +992,27 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) - } - } - -+static void -+read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len) -+{ -+ if (len == 0) -+ { -+ error (0, 0, _("malformed header: file name of zero length")); -+ } -+ else -+ { -+ cpio_realloc_c_name (file_hdr, len); -+ tape_buffered_read (file_hdr->c_name, fd, len); -+ if (file_hdr->c_name[len-1] != 0) -+ { -+ error (0, 0, _("malformed header: file name is not nul-terminated")); -+ /* Skip this file */ -+ len = 0; -+ } -+ } -+ file_hdr->c_namesize = len; -+} -+ - /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from - file descriptor IN_DES, except for the magic number, which is - already filled in. */ -@@ -1092,14 +1039,9 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des) - file_hdr->c_rdev_min = minor (dev); - - file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime); -- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize); - file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize); - -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize)); - - /* HP/UX cpio creates archives that look just like ordinary archives, - but for devices it sets major = 0, minor = 1, and puts the -@@ -1154,14 +1096,9 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des) - file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min); - file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj); - file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min); -- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize); - file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum); - -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize)); - - /* In SVR4 ASCII format, the amount of space allocated for the header - is rounded up to the next long-word, so we might need to drop -@@ -1209,16 +1146,10 @@ read_in_binary (struct cpio_file_stat *file_hdr, - file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); - file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 - | short_hdr->c_mtimes[1]; -- -- file_hdr->c_namesize = short_hdr->c_namesize; - file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 - | short_hdr->c_filesizes[1]; - -- /* Read file name from input. */ -- if (file_hdr->c_name != NULL) -- free (file_hdr->c_name); -- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); -- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); -+ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize); - - /* In binary mode, the amount of space allocated in the header for - the filename is `c_namesize' rounded up to the next short-word, -@@ -1278,14 +1209,14 @@ swab_array (char *ptr, int count) - in the file system. */ - - void --process_copy_in () -+process_copy_in (void) - { -- char done = false; /* True if trailer reached. */ - FILE *tty_in = NULL; /* Interactive file for rename option. */ - FILE *tty_out = NULL; /* Interactive file for rename option. */ - FILE *rename_in = NULL; /* Batch file for rename option. */ - struct stat file_stat; /* Output file stat record. */ -- struct cpio_file_stat file_hdr; /* Output header information. */ -+ struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; -+ /* Output header information. */ - int in_file_des; /* Input file descriptor. */ - char skip_file; /* Flag for use with patterns. */ - int i; /* Loop index variable. */ -@@ -1298,8 +1229,7 @@ process_copy_in () - { - read_pattern_file (); - } -- file_hdr.c_name = NULL; -- -+ file_hdr.c_namesize = 0; - if (rename_batch_file) - { - rename_in = fopen (rename_batch_file, "r"); -@@ -1352,7 +1282,7 @@ process_copy_in () - change_dir (); - - /* While there is more input in the collection, process the input. */ -- while (!done) -+ while (1) - { - swapping_halfwords = swapping_bytes = false; - -@@ -1380,30 +1310,32 @@ process_copy_in () - - } - #endif -- /* Is this the header for the TRAILER file? */ -- if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0) -+ if (file_hdr.c_namesize == 0) -+ skip_file = true; -+ else - { -- done = true; -- break; -- } -+ /* Is this the header for the TRAILER file? */ -+ if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0) -+ break; - -- cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, -- false); -+ cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, -+ false); - -- /* Does the file name match one of the given patterns? */ -- if (num_patterns <= 0) -- skip_file = false; -- else -- { -- skip_file = copy_matching_files; -- for (i = 0; i < num_patterns -- && skip_file == copy_matching_files; i++) -+ /* Does the file name match one of the given patterns? */ -+ if (num_patterns <= 0) -+ skip_file = false; -+ else - { -- if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0) -- skip_file = !copy_matching_files; -+ skip_file = copy_matching_files; -+ for (i = 0; i < num_patterns -+ && skip_file == copy_matching_files; i++) -+ { -+ if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0) -+ skip_file = !copy_matching_files; -+ } - } - } -- -+ - if (skip_file) - { - /* If we're skipping a file with links, there might be other -@@ -1494,6 +1426,8 @@ process_copy_in () - fputc ('\n', stderr); - - apply_delayed_set_stat (); -+ -+ cpio_file_stat_free (&file_hdr); - - if (append_flag) - return; -diff --git a/src/copyout.c b/src/copyout.c -index 56416ba..a576f27 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -269,26 +269,32 @@ writeout_final_defers (int out_des) - so it should be moved to paxutils too. - Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */ - int --to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) -+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul) - { - static char codetab[] = "0123456789ABCDEF"; -- int i = digits; - -- do -+ if (nul) -+ where[--digits] = 0; -+ while (digits > 0) - { -- where[--i] = codetab[(v & ((1 << logbase) - 1))]; -+ where[--digits] = codetab[(v & ((1 << logbase) - 1))]; - v >>= logbase; - } -- while (i); - - return v != 0; - } - --static void --field_width_error (const char *filename, const char *fieldname) -+void -+field_width_error (const char *filename, const char *fieldname, -+ uintmax_t value, size_t width, bool nul) - { -- error (1, 0, _("%s: field width not sufficient for storing %s"), -- filename, fieldname); -+ char valbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (1, 0, _("%s: value %s %s out of allowed range 0..%s"), -+ filename, fieldname, -+ STRINGIFY_BIGINT (value, valbuf), -+ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), -+ maxbuf)); - } - - static void -@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits, - unsigned logbase, - const char *filename, const char *fieldname) - { -- if (to_ascii (where, n, digits, logbase)) -+ if (to_ascii (where, n, digits, logbase, false)) - field_width_warning (filename, fieldname); - } - -@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits, - unsigned logbase, - const char *filename, const char *fieldname) - { -- if (to_ascii (where, n, digits, logbase)) -+ if (to_ascii (where, n, digits, logbase, false)) - { -- field_width_error (filename, fieldname); -+ field_width_error (filename, fieldname, n, digits, false); - return 1; - } - return 0; -@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string, - _("name size"))) - return 1; - p += 8; -- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16); -+ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); - - tape_buffered_write (ascii_header, out_des, sizeof ascii_header); - -@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev, - char ascii_header[76]; - char *p = ascii_header; - -- to_ascii (p, file_hdr->c_magic, 6, LG_8); -+ to_ascii (p, file_hdr->c_magic, 6, LG_8, false); - p += 6; - to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number")); - p += 6; -@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev, - short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF; - if (short_hdr.c_namesize != file_hdr->c_namesize) - { -- field_width_error (file_hdr->c_name, _("name size")); -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (1, 0, _("%s: value %s %s out of allowed range 0..%u"), -+ file_hdr->c_name, _("name size"), -+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu); - return 1; - } - -@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev, - if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1] - != file_hdr->c_filesize) - { -- field_width_error (file_hdr->c_name, _("file size")); -+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; -+ error (1, 0, _("%s: value %s %s out of allowed range 0..%lu"), -+ file_hdr->c_name, _("file size"), -+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu); - return 1; - } - -@@ -582,17 +594,18 @@ assign_string (char **pvar, char *value) - The format of the header depends on the compatibility (-c) flag. */ - - void --process_copy_out () -+process_copy_out (void) - { -- dynamic_string input_name; /* Name of file read from stdin. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file read from stdin. */ - struct stat file_stat; /* Stat record for file. */ -- struct cpio_file_stat file_hdr; /* Output header information. */ -+ struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; -+ /* Output header information. */ - int in_file_des; /* Source file descriptor. */ - int out_file_des; /* Output file descriptor. */ - char *orig_file_name = NULL; - - /* Initialize the copy out. */ -- ds_init (&input_name, 128); - file_hdr.c_magic = 070707; - - /* Check whether the output file might be a tape. */ -@@ -644,14 +657,9 @@ process_copy_out () - { - if (file_hdr.c_mode & CP_IFDIR) - { -- int len = strlen (input_name.ds_string); - /* Make sure the name ends with a slash */ -- if (input_name.ds_string[len-1] != '/') -- { -- ds_resize (&input_name, len + 2); -- input_name.ds_string[len] = '/'; -- input_name.ds_string[len+1] = 0; -- } -+ if (!ds_endswith (&input_name, '/')) -+ ds_append (&input_name, '/'); - } - } - -@@ -659,8 +667,7 @@ process_copy_out () - cpio_safer_name_suffix (input_name.ds_string, false, - !no_abs_paths_flag, true); - #ifndef HPUX_CDF -- file_hdr.c_name = input_name.ds_string; -- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; -+ cpio_set_c_name (&file_hdr, input_name.ds_string); - #else - if ( (archive_format != arf_tar) && (archive_format != arf_ustar) ) - { -@@ -669,16 +676,15 @@ process_copy_out () - properly recreate the directory as hidden (in case the - files of a directory go into the archive before the - directory itself (e.g from "find ... -depth ... | cpio")). */ -- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string); -- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1; -+ cpio_set_c_name (&file_hdr, -+ add_cdf_double_slashes (input_name.ds_string)); - } - else - { - /* We don't mark CDF's in tar files. We assume the "hidden" - directory will always go into the archive before any of - its files. */ -- file_hdr.c_name = input_name.ds_string; -- file_hdr.c_namesize = strlen (input_name.ds_string) + 1; -+ cpio_set_c_name (&file_hdr, input_name.ds_string); - } - #endif - -@@ -865,8 +871,7 @@ process_copy_out () - file_hdr.c_chksum = 0; - - file_hdr.c_filesize = 0; -- file_hdr.c_namesize = 11; -- file_hdr.c_name = CPIO_TRAILER_NAME; -+ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME); - if (archive_format != arf_tar && archive_format != arf_ustar) - write_out_header (&file_hdr, out_file_des); - else -@@ -884,6 +889,8 @@ process_copy_out () - ngettext ("%lu block\n", "%lu blocks\n", - (unsigned long) blocks), (unsigned long) blocks); - } -+ cpio_file_stat_free (&file_hdr); -+ ds_free (&input_name); - } - - -diff --git a/src/tar.c b/src/tar.c -index 1b1156e..0a34845 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - if (null_block ((long *) &tar_rec, TARRECORDSIZE)) - #endif - { -- file_hdr->c_name = CPIO_TRAILER_NAME; -+ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME); - return; - } - #if 0 -@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - } - - if (archive_format != arf_ustar) -- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name); -+ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name)); - else -- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name); -+ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix, -+ tar_hdr->name)); -+ - file_hdr->c_nlink = 1; - file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode); - file_hdr->c_mode = file_hdr->c_mode & 07777; -@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) - case AREGTYPE: - /* Old tar format; if the last char in filename is '/' then it is - a directory, otherwise it's a regular file. */ -- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/') -+ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/') - file_hdr->c_mode |= CP_IFDIR; - else - file_hdr->c_mode |= CP_IFREG; -diff --git a/src/copypass.c b/src/copypass.c -index b4e7169..8378a9b 100644 ---- a/src/copypass.c -+++ b/src/copypass.c -@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) - If `link_flag', link instead of copying. */ - - void --process_copy_pass () -+process_copy_pass (void) - { -- dynamic_string input_name; /* Name of file from stdin. */ -- dynamic_string output_name; /* Name of new file. */ -+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of file from stdin. */ -+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; -+ /* Name of new file. */ - size_t dirname_len; /* Length of `directory_name'. */ - int res; /* Result of functions. */ - char *slash; /* For moving past slashes in input name. */ -@@ -69,25 +71,19 @@ process_copy_pass () - created files */ - - /* Initialize the copy pass. */ -- ds_init (&input_name, 128); - - dirname_len = strlen (directory_name); - if (change_directory_option && !ISSLASH (directory_name[0])) - { - char *pwd = xgetcwd (); - -- dirname_len += strlen (pwd) + 1; -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, pwd); -- strcat (output_name.ds_string, "/"); -- strcat (output_name.ds_string, directory_name); -+ ds_concat (&output_name, pwd); -+ ds_append (&output_name, '/'); - } -- else -- { -- ds_init (&output_name, dirname_len + 2); -- strcpy (output_name.ds_string, directory_name); -- } -- output_name.ds_string[dirname_len] = '/'; -+ -+ ds_concat (&output_name, directory_name); -+ ds_append (&output_name, '/'); -+ dirname_len = ds_len (&output_name); - output_is_seekable = true; - - change_dir (); -@@ -127,8 +123,8 @@ process_copy_pass () - keep track of which directories in a path are "hidden". */ - slash = add_cdf_double_slashes (slash); - #endif -- ds_resize (&output_name, dirname_len + strlen (slash) + 2); -- strcpy (output_name.ds_string + dirname_len + 1, slash); -+ ds_reset (&output_name, dirname_len); -+ ds_concat (&output_name, slash); - - existing_dir = false; - if (lstat (output_name.ds_string, &out_file_stat) == 0) -@@ -346,6 +342,8 @@ process_copy_pass () - (unsigned long) blocks), - (unsigned long) blocks); - } -+ ds_free (&input_name); -+ ds_free (&output_name); - } - - /* Try and create a hard link from FILE_NAME to another file -@@ -385,7 +383,7 @@ link_to_maj_min_ino (char *file_name, int st_dev_maj, int st_dev_min, - is created, -1 otherwise. */ - - int --link_to_name (char *link_name, char *link_target) -+link_to_name (char const *link_name, char const *link_target) - { - int res = link (link_target, link_name); - if (res < 0 && create_dir_flag) -diff --git a/src/cpiohdr.h b/src/cpiohdr.h -index b29e6fb..aa4a8c4 100644 ---- a/src/cpiohdr.h -+++ b/src/cpiohdr.h -@@ -126,8 +126,15 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ - size_t c_namesize; - uint32_t c_chksum; - char *c_name; -- char *c_tar_linkname; -+ size_t c_name_buflen; -+ char const *c_tar_linkname; - }; - -+#define CPIO_FILE_STAT_INITIALIZER \ -+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL } -+void cpio_file_stat_init (struct cpio_file_stat *file_hdr); -+void cpio_file_stat_free (struct cpio_file_stat *file_hdr); -+void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); -+void cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len); - - #endif /* cpiohdr.h */ -diff --git a/src/dstring.c b/src/dstring.c -index 2e6b97b..b70d72e 100644 ---- a/src/dstring.c -+++ b/src/dstring.c -@@ -22,37 +22,52 @@ - #endif - - #include -+#include - #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) - #include - #else - #include - #endif - #include "dstring.h" -- --char *xmalloc (unsigned n); --char *xrealloc (char *p, unsigned n); -+#include - - /* Initialiaze dynamic string STRING with space for SIZE characters. */ - - void --ds_init (dynamic_string *string, int size) -+ds_init (dynamic_string *string) -+{ -+ memset (string, 0, sizeof *string); -+} -+ -+/* Free the dynamic string storage. */ -+ -+void -+ds_free (dynamic_string *string) - { -- string->ds_length = size; -- string->ds_string = (char *) xmalloc (size); -+ free (string->ds_string); - } - --/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ -+/* Expand dynamic string STRING, if necessary. */ - - void --ds_resize (dynamic_string *string, int size) -+ds_resize (dynamic_string *string, size_t len) - { -- if (size > string->ds_length) -+ while (len + string->ds_idx >= string->ds_size) - { -- string->ds_length = size; -- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); -+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, -+ 1); - } - } - -+/* Reset the index of the dynamic string S to LEN. */ -+ -+void -+ds_reset (dynamic_string *s, size_t len) -+{ -+ ds_resize (s, len); -+ s->ds_idx = len; -+} -+ - /* Dynamic string S gets a string terminated by the EOS character - (which is removed) from file F. S will increase - in size during the function if the string from F is longer than -@@ -63,34 +78,49 @@ ds_resize (dynamic_string *string, int size) - char * - ds_fgetstr (FILE *f, dynamic_string *s, char eos) - { -- int insize; /* Amount needed for line. */ -- int strsize; /* Amount allocated for S. */ - int next_ch; - - /* Initialize. */ -- insize = 0; -- strsize = s->ds_length; -+ s->ds_idx = 0; - - /* Read the input string. */ -- next_ch = getc (f); -- while (next_ch != eos && next_ch != EOF) -+ while ((next_ch = getc (f)) != eos && next_ch != EOF) - { -- if (insize >= strsize - 1) -- { -- ds_resize (s, strsize * 2 + 2); -- strsize = s->ds_length; -- } -- s->ds_string[insize++] = next_ch; -- next_ch = getc (f); -+ ds_resize (s, 0); -+ s->ds_string[s->ds_idx++] = next_ch; - } -- s->ds_string[insize++] = '\0'; -+ ds_resize (s, 0); -+ s->ds_string[s->ds_idx] = '\0'; - -- if (insize == 1 && next_ch == EOF) -+ if (s->ds_idx == 0 && next_ch == EOF) - return NULL; - else - return s->ds_string; - } - -+void -+ds_append (dynamic_string *s, int c) -+{ -+ ds_resize (s, 0); -+ s->ds_string[s->ds_idx] = c; -+ if (c) -+ { -+ s->ds_idx++; -+ ds_resize (s, 0); -+ s->ds_string[s->ds_idx] = 0; -+ } -+} -+ -+void -+ds_concat (dynamic_string *s, char const *str) -+{ -+ size_t len = strlen (str); -+ ds_resize (s, len); -+ memcpy (s->ds_string + s->ds_idx, str, len); -+ s->ds_idx += len; -+ s->ds_string[s->ds_idx] = 0; -+} -+ - char * - ds_fgets (FILE *f, dynamic_string *s) - { -@@ -102,3 +132,10 @@ ds_fgetname (FILE *f, dynamic_string *s) - { - return ds_fgetstr (f, s, '\0'); - } -+ -+/* Return true if the dynamic string S ends with character C. */ -+int -+ds_endswith (dynamic_string *s, int c) -+{ -+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); -+} -diff --git a/src/dstring.h b/src/dstring.h -index 5b49def..a2b6183 100644 ---- a/src/dstring.h -+++ b/src/dstring.h -@@ -17,10 +17,6 @@ - Software Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301 USA. */ - --#ifndef NULL --#define NULL 0 --#endif -- - /* A dynamic string consists of record that records the size of an - allocated string and the pointer to that string. The actual string - is a normal zero byte terminated string that can be used with the -@@ -30,22 +26,24 @@ - - typedef struct - { -- int ds_length; /* Actual amount of storage allocated. */ -- char *ds_string; /* String. */ -+ size_t ds_size; /* Actual amount of storage allocated. */ -+ size_t ds_idx; /* Index of the next free byte in the string. */ -+ char *ds_string; /* String storage. */ - } dynamic_string; - -+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } - --/* Macros that look similar to the original string functions. -- WARNING: These macros work only on pointers to dynamic string records. -- If used with a real record, an "&" must be used to get the pointer. */ --#define ds_strlen(s) strlen ((s)->ds_string) --#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) --#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) --#define ds_index(s, c) index ((s)->ds_string, c) --#define ds_rindex(s, c) rindex ((s)->ds_string, c) -+void ds_init (dynamic_string *string); -+void ds_free (dynamic_string *string); -+void ds_reset (dynamic_string *s, size_t len); - --void ds_init (dynamic_string *string, int size); --void ds_resize (dynamic_string *string, int size); -+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ - char *ds_fgetname (FILE *f, dynamic_string *s); - char *ds_fgets (FILE *f, dynamic_string *s); - char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); -+void ds_append (dynamic_string *s, int c); -+void ds_concat (dynamic_string *s, char const *str); -+ -+#define ds_len(s) ((s)->ds_idx) -+ -+int ds_endswith (dynamic_string *s, int c); -diff --git a/src/extern.h b/src/extern.h -index 47b477a..6330e04 100644 ---- a/src/extern.h -+++ b/src/extern.h -@@ -111,18 +111,21 @@ void read_in_binary (struct cpio_file_stat *file_hdr, - struct old_cpio_header *short_hdr, int in_des); - void swab_array (char *arg, int count); - void process_copy_in (void); --void long_format (struct cpio_file_stat *file_hdr, char *link_name); --void print_name_with_quoting (char *p); -+void long_format (struct cpio_file_stat *file_hdr, char const *link_name); - - /* copyout.c */ - int write_out_header (struct cpio_file_stat *file_hdr, int out_des); - void process_copy_out (void); -+int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, -+ bool nul); -+void field_width_error (const char *filename, const char *fieldname, -+ uintmax_t value, size_t width, bool nul); - - /* copypass.c */ - void process_copy_pass (void); - int link_to_maj_min_ino (char *file_name, int st_dev_maj, - int st_dev_min, ino_t st_ino); --int link_to_name (char *link_name, char *link_target); -+int link_to_name (char const *link_name, char const *link_target); - - /* dirname.c */ - char *dirname (char *path); -@@ -141,7 +144,7 @@ void process_args (int argc, char *argv[]); - void initialize_buffers (void); - - /* makepath.c */ --int make_path (char *argpath, uid_t owner, gid_t group, -+int make_path (char const *argpath, uid_t owner, gid_t group, - const char *verbose_fmt_string); - - /* tar.c */ -@@ -169,7 +172,7 @@ void copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, char *fi - void copy_files_disk_to_disk (int in_des, int out_des, off_t num_bytes, char *filename); - void warn_if_file_changed (char *file_name, off_t old_file_size, - time_t old_file_mtime); --void create_all_directories (char *name); -+void create_all_directories (char const *name); - void prepare_append (int out_file_des); - char *find_inode_file (ino_t node_num, - unsigned long major_num, unsigned long minor_num); -@@ -204,10 +207,17 @@ void cpio_safer_name_suffix (char *name, bool link_target, - int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir); - void change_dir (void); - --/* FIXME: These two defines should be defined in paxutils */ -+/* FIXME: The following three should be defined in paxutils */ - #define LG_8 3 - #define LG_16 4 - -+/* The maximum uintmax_t value that can be represented with DIGITS digits, -+ assuming that each digit is BITS_PER_DIGIT wide. */ -+#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \ -+ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \ -+ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \ -+ : (uintmax_t) -1) -+ - uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); - - #define FROM_OCTAL(f) from_ascii (f, sizeof f, LG_8) -diff --git a/src/idcache.c b/src/idcache.c -index c89e7f1..e82414e 100644 ---- a/src/idcache.c -+++ b/src/idcache.c -@@ -34,6 +34,7 @@ - #endif - - #include -+#include - - struct userid - { -@@ -59,7 +60,6 @@ getuser (uid_t uid) - { - register struct userid *tail; - struct passwd *pwent; -- char usernum_string[20]; - - for (tail = user_alist; tail; tail = tail->next) - if (tail->id.u == uid) -@@ -70,8 +70,8 @@ getuser (uid_t uid) - tail->id.u = uid; - if (pwent == 0) - { -- sprintf (usernum_string, "%u", (unsigned) uid); -- tail->name = xstrdup (usernum_string); -+ char nbuf[UINTMAX_STRSIZE_BOUND]; -+ tail->name = xstrdup (umaxtostr (uid, nbuf)); - } - else - tail->name = xstrdup (pwent->pw_name); -@@ -134,7 +134,6 @@ getgroup (gid_t gid) - { - register struct userid *tail; - struct group *grent; -- char groupnum_string[20]; - - for (tail = group_alist; tail; tail = tail->next) - if (tail->id.g == gid) -@@ -145,8 +144,8 @@ getgroup (gid_t gid) - tail->id.g = gid; - if (grent == 0) - { -- sprintf (groupnum_string, "%u", (unsigned int) gid); -- tail->name = xstrdup (groupnum_string); -+ char nbuf[UINTMAX_STRSIZE_BOUND]; -+ tail->name = xstrdup (umaxtostr (gid, nbuf)); - } - else - tail->name = xstrdup (grent->gr_name); -diff --git a/src/makepath.c b/src/makepath.c -index 18d5b69..bad2537 100644 ---- a/src/makepath.c -+++ b/src/makepath.c -@@ -49,7 +49,7 @@ - ownership and permissions when done, otherwise 1. */ - - int --make_path (char *argpath, -+make_path (char const *argpath, - uid_t owner, - gid_t group, - const char *verbose_fmt_string) -diff --git a/src/userspec.c b/src/userspec.c -index 14d608c..7b8bf2f 100644 ---- a/src/userspec.c -+++ b/src/userspec.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - - #ifndef HAVE_ENDPWENT - # define endpwent() -@@ -141,12 +142,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid, - grp = getgrgid (pwd->pw_gid); - if (grp == NULL) - { -- /* This is enough room to hold the unsigned decimal -- representation of any 32-bit quantity and the trailing -- zero byte. */ -- char uint_buf[21]; -- sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid)); -- V_STRDUP (groupname, uint_buf); -+ char nbuf[UINTMAX_STRSIZE_BOUND]; -+ V_STRDUP (groupname, umaxtostr (pwd->pw_gid, nbuf)); - } - else - { -diff --git a/src/util.c b/src/util.c -index 11f9c30..097304f 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -79,8 +79,7 @@ tape_empty_output_buffer (int out_des) - - if (output_is_special - && (bytes_written >= 0 -- || (bytes_written < 0 -- && (errno == ENOSPC || errno == EIO || errno == ENXIO)))) -+ || (errno == ENOSPC || errno == EIO || errno == ENXIO))) - { - get_next_reel (out_des); - if (bytes_written > 0) -@@ -596,7 +595,7 @@ warn_if_file_changed (char *file_name, off_t old_file_size, - Do not destroy any nondirectories while creating directories. */ - - void --create_all_directories (char *name) -+create_all_directories (char const *name) - { - char *dir; - int mode; -@@ -718,7 +717,6 @@ find_inode_val (ino_t node_num, unsigned long major_num, - unsigned long minor_num) - { - struct inode_val sample; -- struct inode_val *ival; - - if (!hash_table) - return NULL; -@@ -768,7 +766,7 @@ add_inode (ino_t node_num, char *file_name, unsigned long major_num, - return e; - } - --static ino_t -+static void - get_inode_and_dev (struct cpio_file_stat *hdr, struct stat *st) - { - if (renumber_inodes_option) -@@ -859,11 +857,9 @@ get_next_reel (int tape_des) - FILE *tty_out; /* File for interacting with user. */ - int old_tape_des; - char *next_archive_name; -- dynamic_string new_name; -+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; - char *str_res; - -- ds_init (&new_name, 128); -- - /* Open files for interactive communication. */ - tty_in = fopen (TTY_NAME, "r"); - if (tty_in == NULL) -@@ -938,7 +934,7 @@ get_next_reel (int tape_des) - error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), - old_tape_des, tape_des); - -- free (new_name.ds_string); -+ ds_free (&new_name); - fclose (tty_in); - fclose (tty_out); - } -@@ -1412,8 +1408,28 @@ set_file_times (int fd, - utime_error (name); - } - -+/* Reallocate file_hdr->c_name to accomodate len bytes (including final \0) */ -+void -+cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len) -+{ -+ while (file_hdr->c_name_buflen < len) -+ file_hdr->c_name = x2realloc (file_hdr->c_name, &file_hdr->c_name_buflen); -+} -+ -+void -+cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) -+{ -+ size_t len = strlen (name) + 1; -+ -+ cpio_realloc_c_name (file_hdr, len); -+ file_hdr->c_namesize = len; -+ memmove (file_hdr->c_name, name, len); -+} -+ - /* Do we have to ignore absolute paths, and if so, does the filename -- have an absolute path? */ -+ have an absolute path? Before calling this function make sure that the -+ allocated NAME buffer has capacity at least 2 bytes. */ -+ - void - cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, - bool strip_leading_dots) -@@ -1428,6 +1444,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, - ++p; - } - if (p != name) -+ /* The 'p' string is shortened version of 'name' with one exception; when -+ the 'name' points to an empty string (buffer where name[0] == '\0') the -+ 'p' then points to static string ".". So caller needs to ensure there -+ are at least two bytes available in 'name' buffer so memmove succeeds. */ - memmove (name, p, (size_t)(strlen (p) + 1)); - } - -@@ -1689,4 +1709,17 @@ arf_stores_inode_p (enum archive_format arf) - } - return 1; - } -+ -+void -+cpio_file_stat_init (struct cpio_file_stat *file_hdr) -+{ -+ memset (file_hdr, 0, sizeof (*file_hdr)); -+} -+ -+void -+cpio_file_stat_free (struct cpio_file_stat *file_hdr) -+{ -+ free (file_hdr->c_name); -+ cpio_file_stat_init (file_hdr); -+} - --- -2.31.1 - diff --git a/SOURCES/cpio-2.9-exitCode.patch b/SOURCES/cpio-2.9-exitCode.patch deleted file mode 100644 index e4a4781..0000000 --- a/SOURCES/cpio-2.9-exitCode.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Peter Vrabec -Date: Mon, 14 Sep 2015 09:31:08 +0200 -Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB - (#183224) - -diff --git a/src/copyout.c b/src/copyout.c -index 1f0987a..dcae449 100644 ---- a/src/copyout.c -+++ b/src/copyout.c -@@ -287,7 +287,7 @@ to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) - static void - field_width_error (const char *filename, const char *fieldname) - { -- error (0, 0, _("%s: field width not sufficient for storing %s"), -+ error (1, 0, _("%s: field width not sufficient for storing %s"), - filename, fieldname); - } - diff --git a/SOURCES/cpio-2.10-longnames-split.patch b/cpio-2.10-longnames-split.patch similarity index 100% rename from SOURCES/cpio-2.10-longnames-split.patch rename to cpio-2.10-longnames-split.patch diff --git a/SOURCES/cpio-2.11-crc-fips-nit.patch b/cpio-2.11-crc-fips-nit.patch similarity index 100% rename from SOURCES/cpio-2.11-crc-fips-nit.patch rename to cpio-2.11-crc-fips-nit.patch diff --git a/SOURCES/cpio-2.9-dev_number.patch b/cpio-2.14-dev_number.patch similarity index 83% rename from SOURCES/cpio-2.9-dev_number.patch rename to cpio-2.14-dev_number.patch index cf6d242..4a115e2 100644 --- a/SOURCES/cpio-2.9-dev_number.patch +++ b/cpio-2.14-dev_number.patch @@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:37:15 +0200 Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109) diff --git a/src/copyin.c b/src/copyin.c -index cde911e..12bd27c 100644 +index 2e72356..5d88a23 100644 --- a/src/copyin.c +++ b/src/copyin.c -@@ -1196,15 +1196,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, +@@ -1287,15 +1287,15 @@ read_in_binary (struct cpio_file_stat *file_hdr, swab_array ((char *) short_hdr, 13); } @@ -24,5 +24,5 @@ index cde911e..12bd27c 100644 + file_hdr->c_rdev_maj = major ((unsigned short)short_hdr->c_rdev); + file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 - | short_hdr->c_mtimes[1]; - + | short_hdr->c_mtimes[1]; + file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 diff --git a/cpio-2.14-exitCode.patch b/cpio-2.14-exitCode.patch new file mode 100644 index 0000000..8c300a5 --- /dev/null +++ b/cpio-2.14-exitCode.patch @@ -0,0 +1,39 @@ +Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB + (#183224) + +diff --git a/src/copyout.c b/src/copyout.c +index fa999bd..6e82f4c 100644 +--- a/src/copyout.c ++++ b/src/copyout.c +@@ -287,7 +287,7 @@ field_width_error (const char *filename, const char *fieldname, + { + char valbuf[UINTMAX_STRSIZE_BOUND + 1]; + char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; +- error (0, 0, _("%s: value %s %s out of allowed range 0..%s"), ++ error (1, 0, _("%s: value %s %s out of allowed range 0..%s"), + filename, fieldname, + STRINGIFY_BIGINT (value, valbuf), + STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), +diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at +index 530365a..5a4e15c 100644 +--- a/tests/CVE-2019-14866.at ++++ b/tests/CVE-2019-14866.at +@@ -30,6 +30,5 @@ fi + [0], + [], + [cpio: file: value size 17179869184 out of allowed range 0..8589934591 +-2 blocks + ]) + AT_CLEANUP +diff --git a/tests/testsuite b/tests/testsuite +index 10531d1..d69dad9 100755 +--- a/tests/testsuite ++++ b/tests/testsuite +@@ -2927,7 +2927,6 @@ fi + at_status=$? at_failed=false + $at_check_filter + echo >>"$at_stderr"; printf "%s\n" "cpio: file: value size 17179869184 out of allowed range 0..8589934591 +-2 blocks + " | \ + $at_diff - "$at_stderr" || at_failed=: + at_fn_diff_devnull "$at_stdout" || at_failed=: diff --git a/SOURCES/cpio-2.10-patternnamesigsegv.patch b/cpio-2.14-patternnamesigsegv.patch similarity index 53% rename from SOURCES/cpio-2.10-patternnamesigsegv.patch rename to cpio-2.14-patternnamesigsegv.patch index 27e3742..6e3ac1d 100644 --- a/SOURCES/cpio-2.10-patternnamesigsegv.patch +++ b/cpio-2.14-patternnamesigsegv.patch @@ -4,43 +4,34 @@ Subject: [PATCH 5/7] fix segfault with nonexisting file with patternnames (#567022) diff --git a/src/copyin.c b/src/copyin.c -index 12bd27c..183b5b5 100644 +index 5d88a23..f2babb7 100644 --- a/src/copyin.c +++ b/src/copyin.c -@@ -870,21 +870,24 @@ read_pattern_file () +@@ -948,21 +948,24 @@ read_pattern_file (void) pattern_fp = fopen (pattern_file_name, "r"); if (pattern_fp == NULL) - open_fatal (pattern_file_name); - while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) -- { -- if (new_num_patterns >= max_new_patterns) -- { -- max_new_patterns += 1; -- new_save_patterns = (char **) -- xrealloc ((char *) new_save_patterns, -- max_new_patterns * sizeof (char *)); -- } -- new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); -- ++new_num_patterns; -- } -- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) -- close_error (pattern_file_name); + open_error (pattern_file_name); + else + { + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) -+ { -+ if (new_num_patterns >= max_new_patterns) -+ { -+ max_new_patterns += 1; -+ new_save_patterns = (char **) -+ xrealloc ((char *) new_save_patterns, -+ max_new_patterns * sizeof (char *)); -+ } -+ new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); -+ ++new_num_patterns; -+ } + { + if (new_num_patterns == max_new_patterns) +- new_save_patterns = x2nrealloc (new_save_patterns, ++ new_save_patterns = x2nrealloc (new_save_patterns, + &max_new_patterns, + sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } + +- ds_free (&pattern_name); ++ ds_free (&pattern_name); + +- if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) +- close_error (pattern_file_name); + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + } diff --git a/SOURCES/cpio-2.9-rh.patch b/cpio-2.14-rh.patch similarity index 87% rename from SOURCES/cpio-2.9-rh.patch rename to cpio-2.14-rh.patch index 23d70db..ff4c7cd 100644 --- a/SOURCES/cpio-2.9-rh.patch +++ b/cpio-2.14-rh.patch @@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:27:21 +0200 Subject: [PATCH 1/7] make '-c' equivalent to '-H newc' diff --git a/doc/cpio.texi b/doc/cpio.texi -index e631934..a788b5d 100644 +index edf0c12..bef7ba5 100644 --- a/doc/cpio.texi +++ b/doc/cpio.texi -@@ -261,7 +261,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. +@@ -271,7 +271,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. @item -B Set the I/O block size to 5120 bytes. @item -c @@ -16,7 +16,7 @@ index e631934..a788b5d 100644 @item -C @var{number} @itemx --io-size=@var{number} Set the I/O block size to the given @var{number} of bytes. -@@ -343,7 +344,8 @@ Equivalent to @option{-sS}. +@@ -354,7 +355,8 @@ Equivalent to @option{-sS}. @item -B Set the I/O block size to 5120 bytes. @item -c @@ -26,7 +26,7 @@ index e631934..a788b5d 100644 @item -C @var{number} @itemx --io-size=@var{number} Set the I/O block size to the given @var{number} of bytes. -@@ -454,7 +456,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. +@@ -465,7 +467,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes. @item -B Set the I/O block size to 5120 bytes. @item -c @@ -36,7 +36,7 @@ index e631934..a788b5d 100644 @item -C @var{number} @itemx --io-size=@var{number} Set the I/O block size to the given @var{number} of bytes. -@@ -600,7 +603,8 @@ block size is 512 bytes. +@@ -614,7 +617,8 @@ block size is 512 bytes. @item -c [@ref{copy-in},@ref{copy-out},@ref{copy-pass}] @@ -47,7 +47,7 @@ index e631934..a788b5d 100644 @item -C @var{io-size} @itemx --io-size=@var{io-size} diff --git a/src/main.c b/src/main.c -index a13861f..a875a13 100644 +index b27bd17..542a71f 100644 --- a/src/main.c +++ b/src/main.c @@ -124,7 +124,7 @@ static struct argp_option options[] = { @@ -56,10 +56,10 @@ index a13861f..a875a13 100644 {NULL, 'c', NULL, 0, - N_("Use the old portable (ASCII) archive format"), GRID+1 }, + N_("Identical to \"-H newc\", use the new (SVR4) portable format. If you wish the old portable (ASCII) archive format, use \"-H odc\" instead."), GRID+1 }, - {"dot", 'V', NULL, 0, + {"dot", 'V', NULL, 0, N_("Print a \".\" for each file processed"), GRID+1 }, {"io-size", 'C', N_("NUMBER"), 0, -@@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct argp_state *state) +@@ -331,6 +331,7 @@ parse_opt (int key, char *arg, struct argp_state *state) case 'c': /* Use the old portable ASCII format. */ if (archive_format != arf_unknown) USAGE_ERROR ((0, 0, _("Archive format multiply defined"))); diff --git a/SOURCES/cpio-2.9.90-defaultremoteshell.patch b/cpio-2.9.90-defaultremoteshell.patch similarity index 100% rename from SOURCES/cpio-2.9.90-defaultremoteshell.patch rename to cpio-2.9.90-defaultremoteshell.patch diff --git a/SOURCES/cpio.1 b/cpio.1 similarity index 100% rename from SOURCES/cpio.1 rename to cpio.1 diff --git a/SPECS/cpio.spec b/cpio.spec similarity index 80% rename from SPECS/cpio.spec rename to cpio.spec index ee1404e..992f3ac 100644 --- a/SPECS/cpio.spec +++ b/cpio.spec @@ -1,25 +1,30 @@ Summary: A GNU archiving program Name: cpio -Version: 2.12 -Release: 11%{?dist} -License: GPLv3+ -URL: http://www.gnu.org/software/cpio/ -Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 +Version: 2.15 +Release: 3%{?dist} +License: GPL-3.0-or-later +URL: https://www.gnu.org/software/cpio/ +Source0: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 # help2man generated manual page distributed only in RHEL/Fedora Source1: cpio.1 +Source2: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2.sig +# https://savannah.gnu.org/projects/cpio/ lists one maintainer, gray +# and their GPG key is https://savannah.gnu.org/people/viewgpg.php?user_id=311 +Source3: gray-key.gpg + # We use SVR4 portable format as default. -Patch1: cpio-2.9-rh.patch +Patch1: cpio-2.14-rh.patch # fix warn_if_file_changed() and set exit code to 1 when cpio fails to store # file > 4GB (#183224) # http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html -Patch2: cpio-2.9-exitCode.patch +Patch2: cpio-2.14-exitCode.patch # Support major/minor device numbers over 127 (bz#450109) # http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html -Patch3: cpio-2.9-dev_number.patch +Patch3: cpio-2.14-dev_number.patch # Define default remote shell as /usr/bin/ssh (#452904) Patch4: cpio-2.9.90-defaultremoteshell.patch @@ -27,7 +32,7 @@ Patch4: cpio-2.9.90-defaultremoteshell.patch # Fix segfault with nonexisting file with patternnames (#567022) # http://savannah.gnu.org/bugs/index.php?28954 # We have slightly different solution than upstream. -Patch5: cpio-2.10-patternnamesigsegv.patch +Patch5: cpio-2.14-patternnamesigsegv.patch # Fix bad file name splitting while creating ustar archive (#866467) # (fix backported from tar's source) @@ -36,33 +41,13 @@ Patch7: cpio-2.10-longnames-split.patch # Cpio does Sum32 checksum, not CRC (downstream) Patch8: cpio-2.11-crc-fips-nit.patch -# Extract: retain times for symlinks -# downstream patch (#1487673) -# https://www.mail-archive.com/bug-cpio@gnu.org/msg00605.html -Patch9: cpio-2.11-retain-symlink-times.patch - -# Fixed improper input validation when writing tar header fields -# upstream patch (#1766223) -# https://cement.retrofitta.se/tmp/cpio-tar.patch -Patch10: cpio-2.12-improper-input-validation.patch - -# Fixed integer overflow in ds_fgetstr() -# upstream patch (#1992511) -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8 -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=4d169305dcb34137dc41acc761d8703eae2c63bf -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=86dacfe3e060ce95d5a2c0c5ec01f6437b0b6089 -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7dd8ba91d8b6a2640e6c01c3e3a4234828646f23 -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=684b7ac5767e676cda78c161aeb7fe7b45a07529 -# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=b1c85839bf1381f749dd45bf6a5a38924e3315a0 -Patch11: cpio-2.13-CVE-2021-38185.patch - - Provides: bundled(gnulib) +Provides: bundled(paxutils) Provides: /bin/cpio BuildRequires: gcc BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt +BuildRequires: make +BuildRequires: gnupg2 %description GNU cpio copies files into or out of a cpio or tar archive. Archives @@ -80,6 +65,7 @@ Install cpio if you need a program to manage file archives. %prep +%{gpgverify} --keyring='%{SOURCE3}' --signature='%{SOURCE2}' --data='%{SOURCE0}' %autosetup -p1 @@ -87,12 +73,12 @@ Install cpio if you need a program to manage file archives. autoreconf -fi export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -pedantic -fno-strict-aliasing -Wall $CFLAGS" %configure --with-rmt="%{_sysconfdir}/rmt" -make %{?_smp_mflags} +%make_build (cd po && make update-gmo) %install -make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install +%make_install rm -f $RPM_BUILD_ROOT%{_libexecdir}/rmt rm -f $RPM_BUILD_ROOT%{_infodir}/dir @@ -112,24 +98,102 @@ make check || { %files -f %{name}.lang %doc AUTHORS ChangeLog NEWS README THANKS TODO -%{!?_licensedir:%global license %%doc} %license COPYING %{_bindir}/* %{_mandir}/man*/* %{_infodir}/*.info* %changelog -* Mon Sep 20 2021 Ondrej Dubaj - 2.12-11 -- Fixed CVE-2021-38185 (#1992511) +* Tue Oct 29 2024 Troy Dawson - 2.15-3 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Thu Jan 21 2021 Ondrej Dubaj - 2.12-10 -- Fixed improper input validation when writing tar header fields (#1766223) +* Mon Jun 24 2024 Troy Dawson - 2.15-2 +- Bump release for June 2024 mass rebuild -* Mon Jun 15 2020 Ondrej Dubaj - 2.12-9 -- Extract: retain times for symlinks (#1487673) +* Tue Jan 24 2024 Lukas Javorsky - 2.15-1 +- Rebase to version 2.15 -* Tue Jul 17 2018 Pavel Raiskup - 2.12-8 -- cleanup, sync with rawhide +* Wed Jan 24 2024 Fedora Release Engineering - 2.14-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.14-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Nov 15 2023 Florian Weimer - 2.14-5 +- Backport upstream patch for C99 compatibility issue + +* Wed Jul 19 2023 Fedora Release Engineering - 2.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sun Jul 16 2023 Stewart Smith - 2.14-3 +- gpg verify source tarball + +* Mon May 29 2023 Lukas Javorsky - 2.14-2 +- Release bump + +* Tue May 16 2023 Lukas Javorsky - 2.14-1 +- Rebase to version 2.14 +- Resolves #1188590 CVE-2015-1197 + +* Thu Jan 19 2023 Fedora Release Engineering - 2.13-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 2.13-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 2.13-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Jul 21 2021 Fedora Release Engineering - 2.13-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Feb 18 2021 Ondrej Dubaj - 2.13-10 +- Properly drop priviledges for remote command + +* Tue Jan 26 2021 Fedora Release Engineering - 2.13-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 2.13-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 2.13-7 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Mon Jun 15 2020 Ondrej Dubaj - 2.13-6 +- Extract: retain times for symlinks (#1486364) + +* Tue Apr 07 2020 Ondrej Dubaj - 2.13-5.1 +- Release bump due to testing of gating + +* Wed Feb 05 2020 Petr Kubat - 2.13-4 +- Revert fix for CVE-2015-1197 as it causes shutdown issues (#1797163) + +* Thu Jan 30 2020 Than Ngo - 2.13-3 +- Fix multiple definition of program_name + +* Tue Jan 28 2020 Fedora Release Engineering - 2.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Nov 06 2019 Pavel Raiskup - 2.13-1 +- new upstream release, per release notes + https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html + +* Wed Jul 24 2019 Fedora Release Engineering - 2.12-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Feb 19 2019 Pavel Raiskup - 2.12-11 +- admit that we bundle paxutils project + +* Thu Jan 31 2019 Fedora Release Engineering - 2.12-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 12 2018 Fedora Release Engineering - 2.12-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Apr 11 2018 Pavel Raiskup - 2.12-8 +- spring spec cleanup * Wed Feb 07 2018 Fedora Release Engineering - 2.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild diff --git a/gray-key.gpg b/gray-key.gpg new file mode 100644 index 0000000..87daece --- /dev/null +++ b/gray-key.gpg @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.7 (GNU/Linux) + +mQGiBDxhQHkRBACyhJxCLQvLs70IUZSlYVKAm+u1Oa4RyUo5/ctCcMm2KOcjui3z +xs+yUwlglo1n/de9NNJY98PJNLHniMVi5sPba8OKwYx9bilwuAWLgTsgfpX8UuuY +TANQmTybmrxjzxrGqN7eyjBT3utgbK3ACKDo/JUCgZMkdFu2c2i7186sDwCgo9pQ +ygxOOWEWBm70Rymdfvkon6EEAKY5h9nL1qYw46vM1+QY+vhyX2lHTD/E9QyFQv4L +driY3CerLAZ07yk5p8I6T31d7HEUt9DZcl0ZD99Y9IH84wWvms1xtnCuoLlP4ntw +FQ5ZUZtMY0AIVRtFbgkTDDLZsdanscqMu/LqnO2/QWjCQhaO/tcaIdPVgBIbCr28 +fuBJA/9KA5vbQBd4WnNFLVJsr47irnJBYdR+OqPQAUFUcQPO1metR76UZ7+7LwtO +ldAjPN3RDJtRB8/JooHDNq+VCEzjs02JaBpQ+BCOzzqELnkoBPl26yHR56r4WbC5 ++FH/QxEaicjVGxIF/Z9crzG/XUMXwieTNcM6HoGCnMboGqCM4bQjU2VyZ2V5IFBv +em55YWtvZmYgPGdyYXlAZ251Lm9yZy51YT6IXgQTEQIAHgUCQ/CVdwIbAwYLCQgH +AwIDFQIDAxYCAQIeAQIXgAAKCRA2ArB/VdDHMubqAJ9tq+C7VtEMexpRAq9jzcKo +5fZFywCeKtqljjB7nsCIKvZNOV1D4fn7HDm0MlNlcmdleSBQb3pueWFrb2ZmIChH +cmF5KSA8Z3JheUBtaXJkZGluLmZhcmxlcC5uZXQ+iFcEExECABcFAjxhQHkFCwcK +AwQDFQMCAxYCAQIXgAAKCRA2ArB/VdDHMg3iAKCVtLVewNzCDfjui1wTWmz73IcU +aQCcDjK4771A6G/z6qX5bDuK1yL/YeSIRgQSEQIABgUCP1tgaAAKCRCjCdZ5GaIl +R3GsAJ9IHf/Rl/2+eR03mdAe+AeSTaBfagCfUsLc7/wp+fb7Xo6lKQezvJzGBqu0 +IFNlcmdleSBQb3pueWFrb2ZmIDxncmF5QGdudS5vcmc+iF4EExECAB4FAkPwlbUC +GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQNgKwf1XQxzJFSgCeNYJSs7nalOVI +MTJB3Ui6NvKL/nAAni1KxoLZr/+jG5iAnhuuL+ijq54GuQENBDxhQHwQBAD3qEph +UOWRg9C8hSJpZ9Zo8F+hXnF6mvMWuy76R+yHqg4H5CPWSH116lOKl5xpGeXdOOzM +5OxGgdEChb+jLoszM9rc3HQfcKAQmFMd03Iay4/5jMAS+vNgCfDV98nj6gU0Y3ku +UdTkyMPDObQWv1ginAnkoOVXb7nAVW/X5n8izwADBQP8CPuRROj2FC+w2tTXDgaJ +am9PEm1coHRJAoHef1nBZfOAOZLjRD10wBg2m8q2EUJ4/mr/1D0whTINThJkvmZk +RGVkuNILeC3X5dMQ1AX4fIOOnVObWVrlg5etH8ichIOYOUOqCx/cuV9F6Apg9PE6 +vcFqmh4BoOlb0qOaIdzN1sWIRgQYEQIABgUCPGFAfAAKCRA2ArB/VdDHMlPgAKCM +9FxutfWWvZqNKW5up6GnB4y6WwCeN5k4mxck975PULOk8jq/ZqLGvnQ= +=5lxD +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/sources b/sources new file mode 100644 index 0000000..2414977 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (cpio-2.15.tar.bz2) = e3c3d0344d13d540887198ee5d6209a9254ed34b87c3b3cabe6dc3ce22ef94d3f380bb60d3395eee44e4b0ec8460b957032c6251f101b4a9fbc5951a701aadff +SHA512 (cpio-2.15.tar.bz2.sig) = 94662e623c23c3e0d3299a2e7f9c3d59f5d31393b89c5d0512fc3fcaac1045bf9e272b26073c4dfc4bdc4a25b07fa81d36ed55b0b9a9972a6d813ec946f2e407