revert fix for CVE-2015-1197 as it causes shutdown issues revert suggested as a workaround by upstream: https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html --- b/src/copyin.c +++ a/src/copyin.c @@ -645,14 +645,13 @@ link_name = xstrdup (file_hdr->c_tar_linkname); } - cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); - res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); if (res < 0 && create_dir_flag) { create_all_directories (file_hdr->c_name); + res = UMASKED_SYMLINK (link_name, file_hdr->c_name, + file_hdr->c_mode); - res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); } if (res < 0) { --- b/tests/CVE-2015-1197.at +++ /dev/null @@ -1,43 +0,0 @@ -# Process this file with autom4te to create testsuite. -*- Autotest -*- -# Copyright (C) 2009-2019 Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)]) -AT_CHECK([ -tempdir=$(pwd)/tmp -mkdir $tempdir -touch $tempdir/file -ln -s $tempdir dir -AT_DATA([filelist], -[dir -dir/file -]) -ln -s /tmp dir -touch /tmp/file -cpio -o < filelist > test.cpio -rm dir /tmp/file -cpio --no-absolute-filenames -iv < test.cpio -], -[2], -[], -[1 block -cpio: Removing leading `/' from hard link targets -dir -cpio: dir/file: Cannot open: No such file or directory -dir/file -1 block -]) -AT_CLEANUP - --- b/tests/Makefile.am +++ a/tests/Makefile.am @@ -56,9 +56,8 @@ symlink-long.at\ symlink-to-stdout.at\ version.at\ big-block-size.at\ - CVE-2015-1197.at\ CVE-2019-14866.at TESTSUITE = $(srcdir)/testsuite --- b/tests/testsuite.at +++ a/tests/testsuite.at @@ -43,6 +43,5 @@ m4_include([setstat04.at]) m4_include([setstat05.at]) m4_include([big-block-size.at]) -m4_include([CVE-2015-1197.at]) m4_include([CVE-2019-14866.at])