[Midnightbsd-cvs] mports [20930] trunk/archivers/gcpio/files: security update for gnu cpio to 2.12

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Mon Feb 1 16:47:26 EST 2016 

Revision: 20930
          http://svnweb.midnightbsd.org/mports/?rev=20930
Author:   laffer1
Date:     2016-02-01 16:47:26 -0500 (Mon, 01 Feb 2016)
Log Message:
-----------
security update for gnu cpio to 2.12

Modified Paths:
--------------
    trunk/archivers/gcpio/Makefile
    trunk/archivers/gcpio/distinfo
    trunk/archivers/gcpio/files/patch-doc_cpio.1
    trunk/archivers/gcpio/files/patch-gnu_Makefile.in

Added Paths:
-----------
    trunk/archivers/gcpio/files/patch-po_Makefile.in.in
    trunk/archivers/gcpio/files/patch-src_copyin.c
    trunk/archivers/gcpio/files/patch-src_extern.h
    trunk/archivers/gcpio/files/patch-src_global.c
    trunk/archivers/gcpio/files/patch-src_main.c
    trunk/archivers/gcpio/files/patch-tests_symlink-long.at

Removed Paths:
-------------
    trunk/archivers/gcpio/files/patch-doc_Makefile.in
    trunk/archivers/gcpio/files/patch-src_filetypes.h

Property Changed:
----------------
    trunk/archivers/gcpio/files/patch-doc_cpio.1
    trunk/archivers/gcpio/files/patch-gnu_Makefile.in

Modified: trunk/archivers/gcpio/Makefile
===================================================================
--- trunk/archivers/gcpio/Makefile	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/Makefile	2016-02-01 21:47:26 UTC (rev 20930)
@@ -5,7 +5,7 @@
 # $MidnightBSD$
 
 PORTNAME=	cpio
-PORTVERSION=	2.11
+PORTVERSION=	2.12
 CATEGORIES=	archivers sysutils
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}

Modified: trunk/archivers/gcpio/distinfo
===================================================================
--- trunk/archivers/gcpio/distinfo	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/distinfo	2016-02-01 21:47:26 UTC (rev 20930)
@@ -1,2 +1,2 @@
-SHA256 (cpio-2.11.tar.bz2) = bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd
-SIZE (cpio-2.11.tar.bz2) = 1018483
+SHA256 (cpio-2.12.tar.bz2) = 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e
+SIZE (cpio-2.12.tar.bz2) = 1258605

Deleted: trunk/archivers/gcpio/files/patch-doc_Makefile.in
===================================================================
--- trunk/archivers/gcpio/files/patch-doc_Makefile.in	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/files/patch-doc_Makefile.in	2016-02-01 21:47:26 UTC (rev 20930)
@@ -1,11 +0,0 @@
---- doc/Makefile.in.orig	2010-03-25 22:34:54.000000000 +0100
-+++ doc/Makefile.in	2010-03-25 22:35:08.000000000 +0100
-@@ -813,7 +813,7 @@ top_build_prefix = @top_build_prefix@
- top_builddir = @top_builddir@
- top_srcdir = @top_srcdir@
- info_TEXINFOS = cpio.texi
--man_MANS = cpio.1 mt.1
-+man_MANS = cpio.1
- EXTRA_DIST = $(man_MANS) gendocs_template
- all: all-am
- 

Modified: trunk/archivers/gcpio/files/patch-doc_cpio.1
===================================================================
--- trunk/archivers/gcpio/files/patch-doc_cpio.1	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/files/patch-doc_cpio.1	2016-02-01 21:47:26 UTC (rev 20930)
@@ -1,8 +1,8 @@
---- doc/cpio.1.orig	2009-02-14 19:15:50.000000000 +0100
-+++ doc/cpio.1	2010-03-25 22:35:50.000000000 +0100
-@@ -1,8 +1,8 @@
--.TH CPIO 1L \" -*- nroff -*-
-+.TH GCPIO 1L \" -*- nroff -*-
+--- doc/cpio.1.orig	2015-09-12 10:57:30 UTC
++++ doc/cpio.1
+@@ -15,9 +15,9 @@
+ .\" along with GNU cpio.  If not, see <http://www.gnu.org/licenses/>.
+ .TH CPIO 1 "December 1, 2014" "CPIO" "GNU CPIO"
  .SH NAME
 -cpio \- copy files to and from archives
 +gcpio \- copy files to and from archives
@@ -9,24 +9,36 @@
  .SH SYNOPSIS
 -.B cpio
 +.B gcpio
- {\-o|\-\-create} [\-0acvABLV] [\-C bytes] [\-H format] [\-M message]
- [\-O [[user@]host:]archive] [\-F [[user@]host:]archive]
- [\-\-file=[[user@]host:]archive] [\-\-format=format] [\-\-message=message]
-@@ -11,7 +11,7 @@ cpio \- copy files to and from archives
- [\-\-force\-local] [\-\-rsh-command=command] [\-\-help] [\-\-version]
- < name-list [> archive]
+ {\fB\-o\fR|\fB\-\-create\fR} [\fB\-0acvABLV\fR] [\fB\-C\fR \fIBYTES\fR]
+ [\fB\-H\fR \fIFORMAT\fR] [\fB\-M\fR \fIMESSAGE\fR]
+ [\fB\-O\fR [[\fIUSER\fB@\fR]\fIHOST\fB:\fR]\fIARCHIVE\fR]
+@@ -31,7 +31,7 @@ cpio \- copy files to and from archives
+ [\fB\-\-force\-local\fR] [\fB\-\-rsh\-command=\fICOMMAND\fR]
+ \fB<\fR \fIname-list\fR [\fB>\fR \fIarchive\fR]
  
 -.B cpio
 +.B gcpio
- {\-i|\-\-extract} [\-bcdfmnrtsuvBSV] [\-C bytes] [\-E file] [\-H format]
- [\-M message] [\-R [user][:.][group]] [\-I [[user@]host:]archive]
- [\-F [[user@]host:]archive] [\-\-file=[[user@]host:]archive]
-@@ -24,7 +24,7 @@ cpio \- copy files to and from archives
- [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet] [\-\-rsh-command=command]
- [\-\-help] [\-\-version] [pattern...] [< archive]
+ {\fB\-i\fR|\fB\-\-extract\fR} [\fB\-bcdfmnrtsuvBSV\fR] [\fB\-C\fR \fIBYTES\fR]
+ [\fB\-E\fR \fIFILE\fR] [\fB\-H\fR \fIFORMAT\fR]
+ [\fB\-M\fR \fIMESSAGE\fR] [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]]
+@@ -50,9 +50,10 @@ cpio \- copy files to and from archives
+ [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR]
+ [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR]
+ [\fB\-\-rsh\-command=\fICOMMAND\fR]
++[\fB\-\-extract\-over\-symlinks\fR]
+ [\fIpattern\fR...] [\fB<\fR \fIarchive\fR]
  
 -.B cpio
 +.B gcpio
- {\-p|\-\-pass-through} [\-0adlmuvLV] [\-R [user][:.][group]]
- [\-\-null] [\-\-reset-access-time] [\-\-make-directories] [\-\-link] [\-\-quiet]
- [\-\-preserve-modification-time] [\-\-unconditional] [\-\-verbose] [\-\-dot]
+ {\fB\-p\fR|\fB\-\-pass\-through\fR} [\fB\-0adlmuvLV\fR]
+ [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]]
+ [\fB\-\-null\fR] [\fB\-\-reset\-access\-time\fR]
+@@ -63,7 +64,7 @@ cpio \- copy files to and from archives
+ [\fB\-\-no\-preserve\-owner\fR] [\fB\-\-sparse\fR]
+ \fIdestination-directory\fR \fB<\fR \fIname-list\fR
+ 
+-.B cpio
++.B gcpio
+ {\fB\-?\fR|\fB\-\-help\fR|\fB\-\-usage\fR|\fB\-\-version\fR}
+ .SH NOTE
+ This manpage is a short description of GNU \fBcpio\fR.  For a detailed


Property changes on: trunk/archivers/gcpio/files/patch-doc_cpio.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1
\ No newline at end of property
Modified: trunk/archivers/gcpio/files/patch-gnu_Makefile.in
===================================================================
--- trunk/archivers/gcpio/files/patch-gnu_Makefile.in	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/files/patch-gnu_Makefile.in	2016-02-01 21:47:26 UTC (rev 20930)
@@ -1,6 +1,6 @@
---- gnu/Makefile.in.orig	2010-03-25 22:13:33.000000000 +0100
-+++ gnu/Makefile.in	2010-03-25 22:14:21.000000000 +0100
-@@ -1720,7 +1720,7 @@ inttypes.h: inttypes.in.h $(WARN_ON_USE_
+--- gnu/Makefile.in.orig	2015-09-12 11:11:14 UTC
++++ gnu/Makefile.in
+@@ -2077,7 +2077,7 @@ inttypes.h: inttypes.in.h $(top_builddir
  # avoid installing it.
  
  all-local: charset.alias ref-add.sed ref-del.sed


Property changes on: trunk/archivers/gcpio/files/patch-gnu_Makefile.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1
\ No newline at end of property
Added: trunk/archivers/gcpio/files/patch-po_Makefile.in.in
===================================================================
--- trunk/archivers/gcpio/files/patch-po_Makefile.in.in	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-po_Makefile.in.in	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,10 @@
+--- po/Makefile.in.in.orig	2015-09-12 10:51:46 UTC
++++ po/Makefile.in.in
+@@ -80,6 +80,7 @@ CATALOGS = @CATALOGS@
+ POFILESDEPS_ = $(srcdir)/$(DOMAIN).pot
+ POFILESDEPS_yes = $(POFILESDEPS_)
+ POFILESDEPS_no =
++PO_DEPENDS_ON_POT =
+ POFILESDEPS = $(POFILESDEPS_$(PO_DEPENDS_ON_POT))
+ 
+ DISTFILESDEPS_ = update-po


Property changes on: trunk/archivers/gcpio/files/patch-po_Makefile.in.in
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/archivers/gcpio/files/patch-src_copyin.c
===================================================================
--- trunk/archivers/gcpio/files/patch-src_copyin.c	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-src_copyin.c	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,78 @@
+--- src/copyin.c.orig	2015-09-12 10:57:30 UTC
++++ src/copyin.c
+@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file
+   free (link_name);
+ }
+ 

++
++static int
++path_contains_symlink(char *path)
++{
++  struct stat st;
++  char *slash;
++  char *nextslash;
++
++  /* we got NULL pointer or empty string */
++  if (!path || !*path) {
++    return false;
++  }
++
++  slash = path;
++
++  while ((nextslash = strchr(slash + 1, '/')) != NULL) {
++    slash = nextslash;
++    *slash = '\0';
++
++    if (lstat(path, &st) != 0) {
++      if (errno == ELOOP) {
++        /* ELOOP - too many symlinks */
++        *slash = '/';
++        return true;
++      } else if (errno == ENOMEM) {
++        /* No memory for lstat - terminate */
++        xalloc_die();
++      } else {
++        /* cannot lstat path - give up */
++        *slash = '/';
++        return false;
++      }
++    }
++
++    if (S_ISLNK(st.st_mode)) {
++      *slash = '/';
++      return true;
++    }
++
++    *slash = '/';
++  }
++
++  return false;
++}
++
+ static void
+ copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
+ {
+@@ -1468,6 +1513,23 @@ process_copy_in ()
+ 	{
+ 	  /* Copy the input file into the directory structure.  */
+ 
++          /* Can we write files over symlinks? */
++          if (!extract_over_symlinks)
++            {
++              if (path_contains_symlink(file_hdr.c_name))
++                {
++                  /* skip the file */
++                  /*
++                  fprintf(stderr, "Can't write over symlinks. Skipping %s\n", file_hdr.c_name);
++                  tape_toss_input (in_file_des, file_hdr.c_filesize);
++                  tape_skip_padding (in_file_des, file_hdr.c_filesize);
++                  continue;
++                  */
++                  /* terminate */
++	          error (PAXEXIT_FAILURE, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name);
++                }
++            }
++
+ 	  /* Do we need to rename the file? */
+ 	  if (rename_flag || rename_batch_file)
+ 	    {


Property changes on: trunk/archivers/gcpio/files/patch-src_copyin.c
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/archivers/gcpio/files/patch-src_extern.h
===================================================================
--- trunk/archivers/gcpio/files/patch-src_extern.h	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-src_extern.h	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,10 @@
+--- src/extern.h.orig	2015-09-12 10:57:30 UTC
++++ src/extern.h
+@@ -96,6 +96,7 @@ extern char input_is_special;
+ extern char output_is_special;
+ extern char input_is_seekable;
+ extern char output_is_seekable;
++extern bool extract_over_symlinks;
+ extern int (*xstat) ();
+ extern void (*copy_function) ();
+ extern char *change_directory_option;


Property changes on: trunk/archivers/gcpio/files/patch-src_extern.h
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Deleted: trunk/archivers/gcpio/files/patch-src_filetypes.h
===================================================================
--- trunk/archivers/gcpio/files/patch-src_filetypes.h	2016-02-01 21:14:56 UTC (rev 20929)
+++ trunk/archivers/gcpio/files/patch-src_filetypes.h	2016-02-01 21:47:26 UTC (rev 20930)
@@ -1,12 +0,0 @@
---- src/filetypes.h.orig	2010-04-19 22:01:16.000000000 +0200
-+++ src/filetypes.h	2010-04-19 22:04:16.000000000 +0200
-@@ -81,5 +81,9 @@
- #ifndef S_ISLNK
- #define lstat stat
- #endif
-+#ifndef lstat
- int lstat ();
-+#endif
-+#ifndef stat
- int stat ();
-+#endif

Added: trunk/archivers/gcpio/files/patch-src_global.c
===================================================================
--- trunk/archivers/gcpio/files/patch-src_global.c	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-src_global.c	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,12 @@
+--- src/global.c.orig	2015-09-12 10:57:30 UTC
++++ src/global.c
+@@ -187,6 +187,9 @@ bool to_stdout_option = false;
+ /* The name this program was run with.  */
+ char *program_name;
+ 
++/* Extract files over symbolic links */
++bool extract_over_symlinks;
++
+ /* A pointer to either lstat or stat, depending on whether
+    dereferencing of symlinks is done for input files.  */
+ int (*xstat) ();


Property changes on: trunk/archivers/gcpio/files/patch-src_global.c
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/archivers/gcpio/files/patch-src_main.c
===================================================================
--- trunk/archivers/gcpio/files/patch-src_main.c	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-src_main.c	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,32 @@
+--- src/main.c.orig	2015-09-12 10:57:30 UTC
++++ src/main.c
+@@ -61,7 +61,8 @@ enum cpio_options {
+   TO_STDOUT_OPTION,
+   RENUMBER_INODES_OPTION,
+   IGNORE_DEVNO_OPTION,
+-  DEVICE_INDEPENDENT_OPTION
++  DEVICE_INDEPENDENT_OPTION,
++  EXTRACT_OVER_SYMLINKS
+ };
+ 
+ const char *program_authors[] =
+@@ -243,6 +244,8 @@ static struct argp_option options[] = {
+    N_("Create leading directories where needed"), GRID+1 },
+   {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
+    N_("Do not change the ownership of the files"), GRID+1 },
++  {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
++   N_("Force writing over symbolic links"), GRID+1 },
+   {"unconditional", 'u', NULL, 0,
+    N_("Replace all files unconditionally"), GRID+1 },
+   {"sparse", SPARSE_OPTION, NULL, 0,
+@@ -432,6 +435,10 @@ crc newc odc bin ustar tar (all-caps als
+       no_chown_flag = true;
+       break;
+ 
++    case EXTRACT_OVER_SYMLINKS:		        /* --extract-over-symlinks */
++      extract_over_symlinks = true;
++      break;
++
+     case 'o':		/* Copy-out mode.  */
+       if (copy_function != 0)
+ 	USAGE_ERROR ((0, 0, _("Mode already defined")));


Property changes on: trunk/archivers/gcpio/files/patch-src_main.c
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/archivers/gcpio/files/patch-tests_symlink-long.at
===================================================================
--- trunk/archivers/gcpio/files/patch-tests_symlink-long.at	                        (rev 0)
+++ trunk/archivers/gcpio/files/patch-tests_symlink-long.at	2016-02-01 21:47:26 UTC (rev 20930)
@@ -0,0 +1,15 @@
+--- tests/symlink-long.at.orig	2015-09-12 10:57:30 UTC
++++ tests/symlink-long.at
+@@ -27,9 +27,11 @@ AT_CHECK([
+ 
+ # len(dirname) > READBUFSIZE
+ dirname=
+-for i in {1..52}; do
++i=1
++while test $i -le 52; do
+     dirname="xxxxxxxxx/$dirname"
+     mkdir "$dirname"
++    i=`expr $i + 1`
+ done
+ ln -s "$dirname" x || AT_SKIP_TEST
+ 


Property changes on: trunk/archivers/gcpio/files/patch-tests_symlink-long.at
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property

More information about the Midnightbsd-cvs mailing list