import UBI cpio-2.15-3.el10

.cpio.metadata

@@ -1 +0,0 @@
-60358408c76db354f6716724c4bcbcb6e18ab642 SOURCES/cpio-2.12.tar.bz2

.gitignore

@@ -1 +1,2 @@
-SOURCES/cpio-2.12.tar.bz2
+cpio-2.15.tar.bz2
+cpio-2.15.tar.bz2.sig

SOURCES/cpio-2.11-retain-symlink-times.patch

@@ -1,92 +0,0 @@
-From 7a4094d382e74aaed0a0b8356dc24d64952852f9 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Fri, 3 Jul 2020 12:32:58 +0200
-Subject: [PATCH] Extract: retain times for symlinks
-
-Original report by Pat Riehecky at
-https://bugzilla.redhat.com/1486364
-
-* src/copyin.c (copyin_device): Don't check for retain_time_flag
-global, it's done by set_file_times.
-(copyin_link): Call set_file_times to restore symlink times.
-* src/util.c (set_perms): Don't check for retain_time_flag global,
-done by set_file_times call.
-(set_file_times): Do nothing if retain_time_flag global is false.
-* src/copypass.c (process_copy_pass): Call set_file_times for
-symlinks.
----
- src/copyin.c   | 5 ++---
- src/copypass.c | 2 ++
- src/util.c     | 6 ++++--
- 3 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/src/copyin.c b/src/copyin.c
-index 183b5b5..267ed4b 100644
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -639,9 +639,7 @@ copyin_device (struct cpio_file_stat* file_hdr)
-   /* chown may have turned off some permissions we wanted. */
-   if (chmod (file_hdr->c_name, file_hdr->c_mode) < 0)
-     chmod_error_details (file_hdr->c_name, file_hdr->c_mode);
--  if (retain_time_flag)
--    set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime,
--		    file_hdr->c_mtime);
-+  set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
- }
- 
- static void
-@@ -692,6 +690,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
-   	  && errno != EPERM)
- 	chown_error_details (file_hdr->c_name, uid, gid);
-     }
-+  set_file_times (-1, file_hdr->c_name, file_hdr->c_mtime, file_hdr->c_mtime);
-   free (link_name);
- }
- 
-diff --git a/src/copypass.c b/src/copypass.c
-index c5a9899..b4e7169 100644
---- a/src/copypass.c
-+++ b/src/copypass.c
-@@ -317,6 +317,8 @@ process_copy_pass ()
- 		  && errno != EPERM)
- 	        chown_error_details (output_name.ds_string, uid, gid);
-             }
-+		  set_file_times (-1, output_name.ds_string,
-+        				  in_file_stat.st_atime, in_file_stat.st_mtime);
- 	  free (link_name);
- 	}
- #endif
-diff --git a/src/util.c b/src/util.c
-index 6ff6032..11f9c30 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -1389,7 +1389,6 @@ set_perms (int fd, struct cpio_file_stat *header)
-        we have to refer to it using name+ instead of name.  */
-     file_hdr->c_name [cdf_char] = '+';
- #endif
--  if (retain_time_flag)
-     set_file_times (fd, header->c_name, header->c_mtime, header->c_mtime);
- }
- 
-@@ -1398,6 +1397,8 @@ set_file_times (int fd,
- 		const char *name, unsigned long atime, unsigned long mtime)
- {
-   struct timespec ts[2];
-+  if (!retain_time_flag)
-+    return;
-   
-   memset (&ts, 0, sizeof ts);
- 
-@@ -1406,7 +1407,8 @@ set_file_times (int fd,
- 
-   /* Silently ignore EROFS because reading the file won't have upset its 
-      timestamp if it's on a read-only filesystem. */
--  if (fdutimens (fd, name, ts) < 0 && errno != EROFS)
-+  if ((fd >= 0 ? fdutimens (fd, NULL, ts) : lutimens (name, ts)) < 0
-+      && errno != EROFS)
-     utime_error (name);
- }
- 
--- 
-2.24.1
-

SOURCES/cpio-2.12-improper-input-validation.patch

@@ -1,154 +0,0 @@
-From: Thomas Habets <habets@google.com>
-Subject: [PATCH] Check for size overflow in tar header fields.
-
-This prevents surprising outputs being created, e.g. this cpio tar
-output with more than one file:
-
-tar cf suffix.tar AUTHORS
-dd if=/dev/zero seek=16G bs=1 count=0 of=suffix.tar
-echo suffix.tar | cpio -H tar -o | tar tvf -
-
--rw-r--r-- 1000/1000       0 2019-08-30 16:40 suffix.tar
--rw-r--r-- thomas/thomas 161 2019-08-30 16:40 AUTHORS
----
- src/copyout.c |  3 +--
- src/extern.h  |  2 +-
- src/tar.c     | 45 ++++++++++++++++++++++++++++++++-------------
- 3 files changed, 34 insertions(+), 16 deletions(-)
-
-diff --git a/src/copyout.c b/src/copyout.c
-index dcae449..56416ba 100644
---- a/src/copyout.c
-+++ b/src/copyout.c
-@@ -552,8 +552,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des)
- 	  error (0, 0, _("%s: file name too long"), file_hdr->c_name);
- 	  return 1;
- 	}
--      write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */
--      return 0;
-+      return write_out_tar_header (file_hdr, out_des);
- 
-     case arf_binary:
-       return write_out_binary_header (makedev (file_hdr->c_rdev_maj,
-diff --git a/src/extern.h b/src/extern.h
-index e27d662..47b477a 100644
---- a/src/extern.h
-+++ b/src/extern.h
-@@ -145,7 +145,7 @@ int make_path (char *argpath, uid_t owner, gid_t group,
- 	       const char *verbose_fmt_string);
- 
- /* tar.c */
--void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
-+int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);
- int null_block (long *block, int size);
- void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);
- int otoa (char *s, unsigned long *n);
-diff --git a/src/tar.c b/src/tar.c
-index e2b5f45..53dc99a 100644
---- a/src/tar.c
-+++ b/src/tar.c
-@@ -93,8 +93,9 @@ stash_tar_filename (char *prefix, char *filename)
-    sprintf (where, "%*lo ", digits - 2, value);
-    except that sprintf fills in the trailing NUL and we don't.  */
- 
--static void
--to_oct (register long value, register int digits, register char *where)
-+static int
-+to_oct_or_error (register long value, register int digits, register char *where,
-+                 const char *filename, const char *fieldname)
- {
-   --digits;			/* Leave the trailing NUL slot alone.  */
- 
-@@ -105,10 +106,17 @@ to_oct (register long value, register int digits, register char *where)
-       value >>= 3;
-     }
-   while (digits > 0 && value != 0);
-+  if (value > 0)
-+    {
-+      error (1, 0, _("%s: field width not sufficient for storing %s"),
-+             filename, fieldname);
-+      return 1;
-+    }
- 
-   /* Add leading zeroes, if necessary.  */
-   while (digits > 0)
-     where[--digits] = '0';
-+  return 0;
- }
- 
- 
-@@ -139,7 +147,7 @@ tar_checksum (struct tar_header *tar_hdr)
- /* Write out header FILE_HDR, including the file name, to file
-    descriptor OUT_DES.  */
- 
--void
-+int
- write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
- {
-   int name_len;
-@@ -168,11 +176,16 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
- 
-   /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal
-      digits */
--  to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);
--  to_oct (file_hdr->c_uid, 8, tar_hdr->uid);
--  to_oct (file_hdr->c_gid, 8, tar_hdr->gid);
--  to_oct (file_hdr->c_filesize, 12, tar_hdr->size);
--  to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);
-+  if (to_oct_or_error (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode, file_hdr->c_name, _("mode")))
-+    return 1;
-+  if (to_oct_or_error (file_hdr->c_uid, 8, tar_hdr->uid, file_hdr->c_name, _("uid")))
-+    return 1;
-+  if (to_oct_or_error (file_hdr->c_gid, 8, tar_hdr->gid, file_hdr->c_name, _("gid")))
-+    return 1;
-+  if (to_oct_or_error (file_hdr->c_filesize, 12, tar_hdr->size, file_hdr->c_name, _("file size")))
-+    return 1;
-+  if (to_oct_or_error (file_hdr->c_mtime, 12, tar_hdr->mtime, file_hdr->c_name, _("modification time")))
-+    return 1;
- 
-   switch (file_hdr->c_mode & CP_IFMT)
-     {
-@@ -184,7 +197,8 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
- 	  strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
- 		   TARLINKNAMESIZE);
- 	  tar_hdr->typeflag = LNKTYPE;
--	  to_oct (0, 12, tar_hdr->size);
-+	  if (to_oct_or_error (0, 12, tar_hdr->size, file_hdr->c_name, _("file size")))
-+            return 1;
- 	}
-       else
- 	tar_hdr->typeflag = REGTYPE;
-@@ -210,7 +224,8 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
- 	 than TARLINKNAMESIZE.  */
-       strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,
- 	       TARLINKNAMESIZE);
--      to_oct (0, 12, tar_hdr->size);
-+      if (to_oct_or_error (0, 12, tar_hdr->size, file_hdr->c_name, _("file size")))
-+        return 1;
-       break;
- #endif /* CP_IFLNK */
-     }
-@@ -229,13 +244,17 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)
-       if (name)
- 	strcpy (tar_hdr->gname, name);
- 
--      to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);
--      to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);
-+      if (to_oct_or_error (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor, file_hdr->c_name, _("rdev major")))
-+        return 1;
-+      if (to_oct_or_error (file_hdr->c_rdev_min, 8, tar_hdr->devminor, file_hdr->c_name, _("rdev minor")))
-+        return 1;
-     }
- 
--  to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);
-+  if (to_oct_or_error (tar_checksum (tar_hdr), 8, tar_hdr->chksum, file_hdr->c_name, _("checksum")))
-+    return 1;
- 
-   tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);
-+  return 0;
- }
- 
- /* Return nonzero iff all the bytes in BLOCK are NUL.
--- 
-2.26.0
-

SOURCES/cpio-2.9-exitCode.patch

@@ -1,18 +0,0 @@
-From: Peter Vrabec <pvrabec@redhat.com>
-Date: Mon, 14 Sep 2015 09:31:08 +0200
-Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
- (#183224)
-
-diff --git a/src/copyout.c b/src/copyout.c
-index 1f0987a..dcae449 100644
---- a/src/copyout.c
-+++ b/src/copyout.c
-@@ -287,7 +287,7 @@ to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
- static void
- field_width_error (const char *filename, const char *fieldname)
- {
--  error (0, 0, _("%s: field width not sufficient for storing %s"),
-+  error (1, 0, _("%s: field width not sufficient for storing %s"),
- 	 filename, fieldname);
- }
- 

cpio-2.14-dev_number.patch

@@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:37:15 +0200
 Subject: [PATCH 3/7] Support major/minor device numbers over 127 (bz#450109)
 
 diff --git a/src/copyin.c b/src/copyin.c
-index cde911e..12bd27c 100644
+index 2e72356..5d88a23 100644
 --- a/src/copyin.c
 +++ b/src/copyin.c
-@@ -1196,15 +1196,15 @@ read_in_binary (struct cpio_file_stat *file_hdr,
+@@ -1287,15 +1287,15 @@ read_in_binary (struct cpio_file_stat *file_hdr,
        swab_array ((char *) short_hdr, 13);
      }
  
@@ -24,5 +24,5 @@ index cde911e..12bd27c 100644
 +  file_hdr->c_rdev_maj = major ((unsigned short)short_hdr->c_rdev);
 +  file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);
    file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
-                       | short_hdr->c_mtimes[1];
- 
+ 		      | short_hdr->c_mtimes[1];
+   file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16

cpio-2.14-exitCode.patch

@@ -0,0 +1,39 @@
+Subject: [PATCH 2/7] set exit code to 1 when cpio fails to store file > 4GB
+ (#183224)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index fa999bd..6e82f4c 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -287,7 +287,7 @@ field_width_error (const char *filename, const char *fieldname,
+ {
+   char valbuf[UINTMAX_STRSIZE_BOUND + 1];
+   char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+-  error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),
++  error (1, 0, _("%s: value %s %s out of allowed range 0..%s"),
+ 	 filename, fieldname,
+ 	 STRINGIFY_BIGINT (value, valbuf),
+ 	 STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
+diff --git a/tests/CVE-2019-14866.at b/tests/CVE-2019-14866.at
+index 530365a..5a4e15c 100644
+--- a/tests/CVE-2019-14866.at
++++ b/tests/CVE-2019-14866.at
+@@ -30,6 +30,5 @@ fi
+ [0],
+ [],
+ [cpio: file: value size 17179869184 out of allowed range 0..8589934591
+-2 blocks
+ ])
+ AT_CLEANUP
+diff --git a/tests/testsuite b/tests/testsuite
+index 10531d1..d69dad9 100755
+--- a/tests/testsuite
++++ b/tests/testsuite
+@@ -2927,7 +2927,6 @@ fi
+ at_status=$? at_failed=false
+ $at_check_filter
+ echo >>"$at_stderr"; printf "%s\n" "cpio: file: value size 17179869184 out of allowed range 0..8589934591
+-2 blocks
+ " | \
+   $at_diff - "$at_stderr" || at_failed=:
+ at_fn_diff_devnull "$at_stdout" || at_failed=:

cpio-2.14-patternnamesigsegv.patch

@@ -4,43 +4,34 @@ Subject: [PATCH 5/7] fix segfault with nonexisting file with patternnames
  (#567022)
 
 diff --git a/src/copyin.c b/src/copyin.c
-index 12bd27c..183b5b5 100644
+index 5d88a23..f2babb7 100644
 --- a/src/copyin.c
 +++ b/src/copyin.c
-@@ -870,21 +870,24 @@ read_pattern_file ()
+@@ -948,21 +948,24 @@ read_pattern_file (void)
  
    pattern_fp = fopen (pattern_file_name, "r");
    if (pattern_fp == NULL)
 -    open_fatal (pattern_file_name);
 -  while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
--    {
--      if (new_num_patterns >= max_new_patterns)
--	{
--	  max_new_patterns += 1;
--	  new_save_patterns = (char **)
--	    xrealloc ((char *) new_save_patterns,
--		      max_new_patterns * sizeof (char *));
--	}
--      new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
--      ++new_num_patterns;
--    }
--  if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
--    close_error (pattern_file_name);
 +    open_error (pattern_file_name);
 +  else
 +  {
 +    while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
-+      {
-+        if (new_num_patterns >= max_new_patterns)
-+        {
-+          max_new_patterns += 1;
-+          new_save_patterns = (char **)
-+          xrealloc ((char *) new_save_patterns,
-+            max_new_patterns * sizeof (char *));
-+        }
-+        new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
-+        ++new_num_patterns;
-+      }
+     {
+       if (new_num_patterns == max_new_patterns)
+-	new_save_patterns = x2nrealloc (new_save_patterns,
++        new_save_patterns = x2nrealloc (new_save_patterns,
+ 					&max_new_patterns,
+ 					sizeof (new_save_patterns[0]));
+       new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
+       ++new_num_patterns;
+     }
+ 
+-  ds_free (&pattern_name);
++    ds_free (&pattern_name);
+ 
+-  if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
+-    close_error (pattern_file_name);
 +    if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
 +      close_error (pattern_file_name);
 +  }

cpio-2.14-rh.patch

@@ -3,10 +3,10 @@ Date: Mon, 14 Sep 2015 09:27:21 +0200
 Subject: [PATCH 1/7] make '-c' equivalent to '-H newc'
 
 diff --git a/doc/cpio.texi b/doc/cpio.texi
-index e631934..a788b5d 100644
+index edf0c12..bef7ba5 100644
 --- a/doc/cpio.texi
 +++ b/doc/cpio.texi
-@@ -261,7 +261,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
+@@ -271,7 +271,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
  @item -B
  Set the I/O block size to 5120 bytes.
  @item -c
@@ -16,7 +16,7 @@ index e631934..a788b5d 100644
  @item -C @var{number}
  @itemx --io-size=@var{number}
  Set the I/O block size to the given @var{number} of bytes.
-@@ -343,7 +344,8 @@ Equivalent to @option{-sS}.
+@@ -354,7 +355,8 @@ Equivalent to @option{-sS}.
  @item -B
  Set the I/O block size to 5120 bytes.
  @item -c
@@ -26,7 +26,7 @@ index e631934..a788b5d 100644
  @item -C @var{number}
  @itemx --io-size=@var{number}
  Set the I/O block size to the given @var{number} of bytes.
-@@ -454,7 +456,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
+@@ -465,7 +467,8 @@ Sets the I/O block size to @var{block-size} * 512 bytes.
  @item -B
  Set the I/O block size to 5120 bytes.
  @item -c
@@ -36,7 +36,7 @@ index e631934..a788b5d 100644
  @item -C @var{number}
  @itemx --io-size=@var{number}
  Set the I/O block size to the given @var{number} of bytes.
-@@ -600,7 +603,8 @@ block size is 512 bytes.
+@@ -614,7 +617,8 @@ block size is 512 bytes.
  
  @item -c
  [@ref{copy-in},@ref{copy-out},@ref{copy-pass}]
@@ -47,7 +47,7 @@ index e631934..a788b5d 100644
  @item -C @var{io-size}
  @itemx --io-size=@var{io-size}
 diff --git a/src/main.c b/src/main.c
-index a13861f..a875a13 100644
+index b27bd17..542a71f 100644
 --- a/src/main.c
 +++ b/src/main.c
 @@ -124,7 +124,7 @@ static struct argp_option options[] = {
@@ -56,10 +56,10 @@ index a13861f..a875a13 100644
    {NULL, 'c', NULL, 0,
 -   N_("Use the old portable (ASCII) archive format"), GRID+1 },
 +   N_("Identical to \"-H newc\", use the new (SVR4) portable format. If you wish the old portable (ASCII) archive format, use \"-H odc\" instead."), GRID+1 },
-   {"dot", 'V', NULL, 0, 
+   {"dot", 'V', NULL, 0,
     N_("Print a \".\" for each file processed"), GRID+1 },
    {"io-size", 'C', N_("NUMBER"), 0,
-@@ -329,6 +329,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
+@@ -331,6 +331,7 @@ parse_opt (int key, char *arg, struct argp_state *state)
      case 'c':		/* Use the old portable ASCII format.  */
        if (archive_format != arf_unknown)
  	USAGE_ERROR ((0, 0, _("Archive format multiply defined")));

cpio.spec

@@ -1,25 +1,30 @@
 Summary: A GNU archiving program
 Name: cpio
-Version: 2.12
-Release: 11%{?dist}
-License: GPLv3+
-URL: http://www.gnu.org/software/cpio/
-Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
+Version: 2.15
+Release: 3%{?dist}
+License: GPL-3.0-or-later
+URL: https://www.gnu.org/software/cpio/
+Source0: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
 
 # help2man generated manual page distributed only in RHEL/Fedora
 Source1: cpio.1
 
+Source2: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2.sig
+# https://savannah.gnu.org/projects/cpio/ lists one maintainer, gray
+# and their GPG key is https://savannah.gnu.org/people/viewgpg.php?user_id=311
+Source3: gray-key.gpg
+
 # We use SVR4 portable format as default.
-Patch1: cpio-2.9-rh.patch
+Patch1: cpio-2.14-rh.patch
 
 # fix warn_if_file_changed() and set exit code to 1 when cpio fails to store
 # file > 4GB (#183224)
 # http://lists.gnu.org/archive/html/bug-cpio/2006-11/msg00000.html
-Patch2: cpio-2.9-exitCode.patch
+Patch2: cpio-2.14-exitCode.patch
 
 # Support major/minor device numbers over 127 (bz#450109)
 # http://lists.gnu.org/archive/html/bug-cpio/2008-07/msg00000.html
-Patch3: cpio-2.9-dev_number.patch
+Patch3: cpio-2.14-dev_number.patch
 
 # Define default remote shell as /usr/bin/ssh (#452904)
 Patch4: cpio-2.9.90-defaultremoteshell.patch
@@ -27,7 +32,7 @@ Patch4: cpio-2.9.90-defaultremoteshell.patch
 # Fix segfault with nonexisting file with patternnames (#567022)
 # http://savannah.gnu.org/bugs/index.php?28954
 # We have slightly different solution than upstream.
-Patch5: cpio-2.10-patternnamesigsegv.patch
+Patch5: cpio-2.14-patternnamesigsegv.patch
 
 # Fix bad file name splitting while creating ustar archive (#866467)
 # (fix backported from tar's source)
@@ -36,33 +41,13 @@ Patch7: cpio-2.10-longnames-split.patch
 # Cpio does Sum32 checksum, not CRC (downstream)
 Patch8: cpio-2.11-crc-fips-nit.patch
 
-# Extract: retain times for symlinks
-# downstream patch (#1487673)
-# https://www.mail-archive.com/bug-cpio@gnu.org/msg00605.html
-Patch9: cpio-2.11-retain-symlink-times.patch
-
-# Fixed improper input validation when writing tar header fields
-# upstream patch (#1766223)
-# https://cement.retrofitta.se/tmp/cpio-tar.patch
-Patch10: cpio-2.12-improper-input-validation.patch
-
-# Fixed integer overflow in ds_fgetstr()
-# upstream patch (#1992511)
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=4d169305dcb34137dc41acc761d8703eae2c63bf
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=86dacfe3e060ce95d5a2c0c5ec01f6437b0b6089
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7dd8ba91d8b6a2640e6c01c3e3a4234828646f23
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=684b7ac5767e676cda78c161aeb7fe7b45a07529
-# https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=b1c85839bf1381f749dd45bf6a5a38924e3315a0
-Patch11: cpio-2.13-CVE-2021-38185.patch
-
-
 Provides: bundled(gnulib)
+Provides: bundled(paxutils)
 Provides: /bin/cpio
 BuildRequires: gcc
 BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt
+BuildRequires: make
+BuildRequires: gnupg2
 
 %description
 GNU cpio copies files into or out of a cpio or tar archive.  Archives
@@ -80,6 +65,7 @@ Install cpio if you need a program to manage file archives.
 
 
 %prep
+%{gpgverify} --keyring='%{SOURCE3}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
 %autosetup -p1
 
 
@@ -87,12 +73,12 @@ Install cpio if you need a program to manage file archives.
 autoreconf -fi
 export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -pedantic -fno-strict-aliasing -Wall $CFLAGS"
 %configure --with-rmt="%{_sysconfdir}/rmt"
-make %{?_smp_mflags}
+%make_build
 (cd po && make update-gmo)
 
 
 %install
-make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+%make_install
 
 rm -f $RPM_BUILD_ROOT%{_libexecdir}/rmt
 rm -f $RPM_BUILD_ROOT%{_infodir}/dir
@@ -112,24 +98,102 @@ make check || {
 
 %files -f %{name}.lang
 %doc AUTHORS ChangeLog NEWS README THANKS TODO
-%{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_bindir}/*
 %{_mandir}/man*/*
 %{_infodir}/*.info*
 
 %changelog
-* Mon Sep 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.12-11
-- Fixed CVE-2021-38185 (#1992511)
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.15-3
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Thu Jan 21 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.12-10
-- Fixed improper input validation when writing tar header fields (#1766223)
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.15-2
+- Bump release for June 2024 mass rebuild
 
-* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 2.12-9
-- Extract: retain times for symlinks (#1487673)
+* Tue Jan 24 2024 Lukas Javorsky <ljavorsk@redhat.com> - 2.15-1
+- Rebase to version 2.15
 
-* Tue Jul 17 2018 Pavel Raiskup <praiskup@redhat.com> - 2.12-8
-- cleanup, sync with rawhide
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Nov 15 2023 Florian Weimer <fweimer@redhat.com> - 2.14-5
+- Backport upstream patch for C99 compatibility issue
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.14-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sun Jul 16 2023 Stewart Smith <trawets@amazon.com> - 2.14-3
+- gpg verify source tarball
+
+* Mon May 29 2023 Lukas Javorsky <ljavorsk@redhat.com> - 2.14-2
+- Release bump
+
+* Tue May 16 2023 Lukas Javorsky <ljavorsk@redhat.com> - 2.14-1
+- Rebase to version 2.14
+- Resolves #1188590 CVE-2015-1197
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Feb 18 2021 Ondrej Dubaj <odubaj@redhat.com> - 2.13-10
+- Properly drop priviledges for remote command
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.13-7
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Mon Jun 15 2020 Ondrej Dubaj <odubaj@redhat.com> - 2.13-6
+- Extract: retain times for symlinks (#1486364)
+
+* Tue Apr 07 2020 Ondrej Dubaj <odubaj@redhat.com> - 2.13-5.1
+- Release bump due to testing of gating
+
+* Wed Feb 05 2020 Petr Kubat <pkubat@redhat.com> - 2.13-4
+- Revert fix for CVE-2015-1197 as it causes shutdown issues (#1797163)
+
+* Thu Jan 30 2020 Than Ngo <than@redhat.com> - 2.13-3
+- Fix multiple definition of program_name
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Nov 06 2019 Pavel Raiskup <praiskup@redhat.com> - 2.13-1
+- new upstream release, per release notes
+  https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Feb 19 2019 Pavel Raiskup <praiskup@redhat.com> - 2.12-11
+- admit that we bundle paxutils project
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Apr 11 2018 Pavel Raiskup <praiskup@redhat.com> - 2.12-8
+- spring spec cleanup
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.12-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

gray-key.gpg

@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.7 (GNU/Linux)
+
+mQGiBDxhQHkRBACyhJxCLQvLs70IUZSlYVKAm+u1Oa4RyUo5/ctCcMm2KOcjui3z
+xs+yUwlglo1n/de9NNJY98PJNLHniMVi5sPba8OKwYx9bilwuAWLgTsgfpX8UuuY
+TANQmTybmrxjzxrGqN7eyjBT3utgbK3ACKDo/JUCgZMkdFu2c2i7186sDwCgo9pQ
+ygxOOWEWBm70Rymdfvkon6EEAKY5h9nL1qYw46vM1+QY+vhyX2lHTD/E9QyFQv4L
+driY3CerLAZ07yk5p8I6T31d7HEUt9DZcl0ZD99Y9IH84wWvms1xtnCuoLlP4ntw
+FQ5ZUZtMY0AIVRtFbgkTDDLZsdanscqMu/LqnO2/QWjCQhaO/tcaIdPVgBIbCr28
+fuBJA/9KA5vbQBd4WnNFLVJsr47irnJBYdR+OqPQAUFUcQPO1metR76UZ7+7LwtO
+ldAjPN3RDJtRB8/JooHDNq+VCEzjs02JaBpQ+BCOzzqELnkoBPl26yHR56r4WbC5
++FH/QxEaicjVGxIF/Z9crzG/XUMXwieTNcM6HoGCnMboGqCM4bQjU2VyZ2V5IFBv
+em55YWtvZmYgPGdyYXlAZ251Lm9yZy51YT6IXgQTEQIAHgUCQ/CVdwIbAwYLCQgH
+AwIDFQIDAxYCAQIeAQIXgAAKCRA2ArB/VdDHMubqAJ9tq+C7VtEMexpRAq9jzcKo
+5fZFywCeKtqljjB7nsCIKvZNOV1D4fn7HDm0MlNlcmdleSBQb3pueWFrb2ZmIChH
+cmF5KSA8Z3JheUBtaXJkZGluLmZhcmxlcC5uZXQ+iFcEExECABcFAjxhQHkFCwcK
+AwQDFQMCAxYCAQIXgAAKCRA2ArB/VdDHMg3iAKCVtLVewNzCDfjui1wTWmz73IcU
+aQCcDjK4771A6G/z6qX5bDuK1yL/YeSIRgQSEQIABgUCP1tgaAAKCRCjCdZ5GaIl
+R3GsAJ9IHf/Rl/2+eR03mdAe+AeSTaBfagCfUsLc7/wp+fb7Xo6lKQezvJzGBqu0
+IFNlcmdleSBQb3pueWFrb2ZmIDxncmF5QGdudS5vcmc+iF4EExECAB4FAkPwlbUC
+GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQNgKwf1XQxzJFSgCeNYJSs7nalOVI
+MTJB3Ui6NvKL/nAAni1KxoLZr/+jG5iAnhuuL+ijq54GuQENBDxhQHwQBAD3qEph
+UOWRg9C8hSJpZ9Zo8F+hXnF6mvMWuy76R+yHqg4H5CPWSH116lOKl5xpGeXdOOzM
+5OxGgdEChb+jLoszM9rc3HQfcKAQmFMd03Iay4/5jMAS+vNgCfDV98nj6gU0Y3ku
+UdTkyMPDObQWv1ginAnkoOVXb7nAVW/X5n8izwADBQP8CPuRROj2FC+w2tTXDgaJ
+am9PEm1coHRJAoHef1nBZfOAOZLjRD10wBg2m8q2EUJ4/mr/1D0whTINThJkvmZk
+RGVkuNILeC3X5dMQ1AX4fIOOnVObWVrlg5etH8ichIOYOUOqCx/cuV9F6Apg9PE6
+vcFqmh4BoOlb0qOaIdzN1sWIRgQYEQIABgUCPGFAfAAKCRA2ArB/VdDHMlPgAKCM
+9FxutfWWvZqNKW5up6GnB4y6WwCeN5k4mxck975PULOk8jq/ZqLGvnQ=
+=5lxD
+-----END PGP PUBLIC KEY BLOCK-----

sources

@@ -0,0 +1,2 @@
+SHA512 (cpio-2.15.tar.bz2) = e3c3d0344d13d540887198ee5d6209a9254ed34b87c3b3cabe6dc3ce22ef94d3f380bb60d3395eee44e4b0ec8460b957032c6251f101b4a9fbc5951a701aadff
+SHA512 (cpio-2.15.tar.bz2.sig) = 94662e623c23c3e0d3299a2e7f9c3d59f5d31393b89c5d0512fc3fcaac1045bf9e272b26073c4dfc4bdc4a25b07fa81d36ed55b0b9a9972a6d813ec946f2e407