Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/cpio.git#b4d8ec44b97a9207a0f16abfd0b408ed9d2b346c
2021-03-11 20:21:03 +00:00 · 2021-03-11 20:21:03 +00:00 · d538b5a19c
commit d538b5a19c
parent ed621d6b28
2 changed files with 71 additions and 1 deletions
--- a/cpio-2.13-reset-gid-uid.patch
+++ b/cpio-2.13-reset-gid-uid.patch
@ -0,0 +1,63 @@
+From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Thu, 18 Feb 2021 09:59:31 +0100
+Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove.  Not used anymore.
+ (sys_reset_uid_gid): Re-initialize supplementary groups when switching
+ privileges. Fix ordering of setgid and setuid calls.
+
+---
+ lib/system.h | 32 +++++++++++++++++++++++++-------
+ 1 file changed, 25 insertions(+), 7 deletions(-)
+
+diff --git a/lib/system.h b/lib/system.h
+index 1c1a5d0..4fd3ce9 100644
+--- a/lib/system.h
+++ b/lib/system.h
+@@ -470,19 +470,37 @@ char *getenv ();
+ #if MSDOS
+ # include <process.h>
+ # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
+-# define ERRNO_IS_EACCES errno == EACCES
+ # define mkdir(file, mode) (mkdir) (file)
+ # define TTY_NAME "con"
+ # define sys_reset_uid_gid()
+ #else
+ # define SET_BINARY_MODE(arc)
+-# define ERRNO_IS_EACCES 0
+ # define TTY_NAME "/dev/tty"
+-# define sys_reset_uid_gid()					\
+-  do {								\
+-    if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
+-      abort ();							\
+-  } while (0)
+# include <paxlib.h>
+static inline void
+sys_reset_uid_gid (void)
+{
+  struct passwd *pw;
+  uid_t uid = getuid ();
+  gid_t gid = getgid ();
+  
+  if ((pw = getpwuid (uid)) == NULL)
+    {
+      FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
+    }
+  if (initgroups (pw->pw_name, getgid ()))
+    {
+      FATAL_ERROR ((0, errno, "%s", "initgroups"));
+    }
+  if (gid != getegid () && setgid (gid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setgid"));
+    }
+  if (uid != geteuid () && setuid (uid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setuid"));
+    }
+}
+ #endif
+ 
+ #if XENIX
+-- 
+2.26.0
+
--- a/cpio.spec
+++ b/cpio.spec
@ -1,7 +1,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.13
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv3+
 URL: https://www.gnu.org/software/cpio/
 Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
@ -48,6 +48,10 @@ Patch10: cpio-2.13-revert-CVE-2015-1197-fix.patch
 # https://www.mail-archive.com/bug-cpio@gnu.org/msg00605.html
 Patch11: cpio-2.11-retain-symlink-times.patch

+# Properly drop priviledges for remote command
+# http://git.savannah.gnu.org/cgit/paxutils.git/commit/?id=d247e3c2809a37b6d0c3067251d96bb7f12555e7
+Patch12: cpio-2.13-reset-gid-uid.patch
+
 Provides: bundled(gnulib)
 Provides: bundled(paxutils)
 Provides: /bin/cpio
@ -109,6 +113,9 @@ make check || {
 %{_infodir}/*.info*

 %changelog
+* Thu Feb 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-10
+- Properly drop priviledges for remote command
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild