public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2016-02-14 19:48 Mike Frysinger
  0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2016-02-14 19:48 UTC (permalink / raw
  To: gentoo-commits

commit:     5a7c109933aac0f9de580513346ebe94f3acd4f2
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 14 19:46:49 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Feb 14 19:47:27 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a7c1099

app-arch/cpio: fix small buffer overflow #572428

 app-arch/cpio/cpio-2.12-r1.ebuild                 | 28 +++++++++++++++++++++++
 app-arch/cpio/files/cpio-2.12-name-overflow.patch | 15 ++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/app-arch/cpio/cpio-2.12-r1.ebuild b/app-arch/cpio/cpio-2.12-r1.ebuild
new file mode 100644
index 0000000..b946520
--- /dev/null
+++ b/app-arch/cpio/cpio-2.12-r1.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils
+
+DESCRIPTION="A file archival tool which can also read and write tar files"
+HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
+SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="nls"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
+	epatch "${FILESDIR}"/${PN}-2.12-name-overflow.patch #572428
+}
+
+src_configure() {
+	econf \
+		$(use_enable nls) \
+		--bindir="${EPREFIX}"/bin \
+		--with-rmt="${EPREFIX}"/usr/sbin/rmt
+}

diff --git a/app-arch/cpio/files/cpio-2.12-name-overflow.patch b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
new file mode 100644
index 0000000..f852468
--- /dev/null
+++ b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
@@ -0,0 +1,15 @@
+https://bugs.gentoo.org/572428
+https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00002.html
+http://seclists.org/oss-sec/2016/q1/136
+
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -1385,6 +1385,8 @@
+ 	  break;
+ 	}
+ 
++      if (file_hdr.c_namesize <= 1)
++	file_hdr.c_name = xrealloc (file_hdr.c_name, 2);
+       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+ 			      false);
+       


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2017-06-17 21:39 Lars Wendler
  0 siblings, 0 replies; 6+ messages in thread
From: Lars Wendler @ 2017-06-17 21:39 UTC (permalink / raw
  To: gentoo-commits

commit:     b4bfb97b8aa3796671419af704279ffa69f383ca
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 11 10:23:01 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jun 17 21:39:20 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4bfb97b

app-arch/cpio: Security cleanup (bug #572428)

Package-Manager: Portage-2.3.5, Repoman-2.3.2
Closes: https://github.com/gentoo/gentoo/pull/4909

 app-arch/cpio/Manifest                             |   1 -
 app-arch/cpio/cpio-2.11-r3.ebuild                  |  36 ---
 app-arch/cpio/cpio-2.12.ebuild                     |  26 --
 app-arch/cpio/files/cpio-2.11-no-gets.patch        |  24 --
 .../cpio/files/cpio-2.11-non-gnu-compilers.patch   |  18 --
 app-arch/cpio/files/cpio-2.11-security.patch       | 266 ---------------------
 app-arch/cpio/files/cpio-2.11-stat.patch           |  25 --
 .../files/cpio-2.11-symlink-bad-length-test.patch  |  39 ---
 8 files changed, 435 deletions(-)

diff --git a/app-arch/cpio/Manifest b/app-arch/cpio/Manifest
index cd00f1ed150..7f50fff8b17 100644
--- a/app-arch/cpio/Manifest
+++ b/app-arch/cpio/Manifest
@@ -1,2 +1 @@
-DIST cpio-2.11.tar.bz2 1018483 SHA256 bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd SHA512 b6ccb3e121ea29780219d21c9cd6267c2f7b7ae72fb899bb80e1c54cc33e9eac5363443d93dbfbe37e8e8d295dad2724ac607f0543cc62797919605f68c396aa WHIRLPOOL 3e19212f8d5c16de0d531d189fa9fc288ff90d6299c1f3f98f61e182bb0ec278705ae5021c85c7aaeab869ad36b2b3bcd11327a746cde0bf5a596049d711d9cd
 DIST cpio-2.12.tar.bz2 1258605 SHA256 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e SHA512 0cd4da5f2fbca179ab4e666a5f878414c086a5f98bce4c76273f21d9b2a6fe422d901b5d453826c5f81bbe363aa015047a1e99779ad1a451c8feca6205c63120 WHIRLPOOL 2990d54b0832e36239737fbd71f197b28703ec22de8dbbab57c7b97dab88a6107cf5464e4dd0bbf208f2c3d49839c7c2abe8ef68c1f2318ff7018d0b07f179fc

diff --git a/app-arch/cpio/cpio-2.11-r3.ebuild b/app-arch/cpio/cpio-2.11-r3.ebuild
deleted file mode 100644
index 2c7553bfd85..00000000000
--- a/app-arch/cpio/cpio-2.11-r3.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit autotools eutils
-
-DESCRIPTION="A file archival tool which can also read and write tar files"
-HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
-SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls"
-
-src_prepare() {
-	epatch "${FILESDIR}"/${P}-stat.patch #328531
-	epatch "${FILESDIR}"/${P}-no-gets.patch #424974
-	epatch "${FILESDIR}"/${P}-non-gnu-compilers.patch #275295
-	epatch "${FILESDIR}"/${P}-security.patch #530512 #536010
-	epatch "${FILESDIR}"/${P}-symlink-bad-length-test.patch #554760
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		$(use_enable nls) \
-		--bindir="${EPREFIX}"/bin \
-		--with-rmt="${EPREFIX}"/usr/sbin/rmt
-}
-
-src_install() {
-	default
-	rm "${ED}"/usr/share/man/man1/mt.1 || die
-}

diff --git a/app-arch/cpio/cpio-2.12.ebuild b/app-arch/cpio/cpio-2.12.ebuild
deleted file mode 100644
index 08343edfc68..00000000000
--- a/app-arch/cpio/cpio-2.12.ebuild
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils
-
-DESCRIPTION="A file archival tool which can also read and write tar files"
-HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
-SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls"
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
-}
-
-src_configure() {
-	econf \
-		$(use_enable nls) \
-		--bindir="${EPREFIX}"/bin \
-		--with-rmt="${EPREFIX}"/usr/sbin/rmt
-}

diff --git a/app-arch/cpio/files/cpio-2.11-no-gets.patch b/app-arch/cpio/files/cpio-2.11-no-gets.patch
deleted file mode 100644
index f7a9be324df..00000000000
--- a/app-arch/cpio/files/cpio-2.11-no-gets.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-https://bugs.gentoo.org/424974
-
-hack until gzip pulls a newer gnulib version
-
-From 66712c23388e93e5c518ebc8515140fa0c807348 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 29 Mar 2012 13:30:41 -0600
-Subject: [PATCH] stdio: don't assume gets any more
-
-Gnulib intentionally does not have a gets module, and now that C11
-and glibc have dropped it, we should be more proactive about warning
-any user on a platform that still has a declaration of this dangerous
-interface.
-
---- a/gnu/stdio.in.h
-+++ b/gnu/stdio.in.h
-@@ -125,7 +125,6 @@
-    so any use of gets warrants an unconditional warning.  Assume it is
-    always declared, since it is required by C89.  */
- #undef gets
--_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
- 
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@

diff --git a/app-arch/cpio/files/cpio-2.11-non-gnu-compilers.patch b/app-arch/cpio/files/cpio-2.11-non-gnu-compilers.patch
deleted file mode 100644
index 25e7373d4fc..00000000000
--- a/app-arch/cpio/files/cpio-2.11-non-gnu-compilers.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-srcshelton@gmail.com: Patch for IRIX
-
-http://bugs.gentoo.org/show_bug.cgi?id=275295
-
-Sent upstream:
-https://savannah.gnu.org/patch/?7838
-
---- src/cpiohdr.h.dist  2009-06-24 15:41:26.983725240 +0100
-+++ src/cpiohdr.h       2009-06-24 15:41:59.753567720 +0100
-@@ -24,6 +24,8 @@
-
- #ifdef HAVE_ATTRIB_PACKED
- #define ATTRIB_PACKED __attribute__((packed))
-+#else
-+#define ATTRIB_PACKED
- #endif
-
- #ifdef HAVE_PRAGMA_PACK

diff --git a/app-arch/cpio/files/cpio-2.11-security.patch b/app-arch/cpio/files/cpio-2.11-security.patch
deleted file mode 100644
index e3ad7a44d00..00000000000
--- a/app-arch/cpio/files/cpio-2.11-security.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-diff -uNr cpio-2.11.ORIG/src/copyin.c cpio-2.11/src/copyin.c
---- cpio-2.11.ORIG/src/copyin.c	2015-01-09 11:31:49.017090090 +0000
-+++ cpio-2.11/src/copyin.c	2015-01-09 11:35:37.723092293 +0000
-@@ -124,10 +124,30 @@
-   if (pad != 0)
-     tape_toss_input (in_file_des, pad);
- }
--
-+\f
-+static char *
-+get_link_name (struct cpio_file_stat *file_hdr, int in_file_des)
-+{
-+  char *link_name;
-+  
-+  if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1)
-+    {
-+      error (0, 0, _("%s: stored filename length is out of range"),
-+	     file_hdr->c_name);
-+      link_name = NULL;
-+    }
-+  else
-+    {
-+      link_name = xmalloc (file_hdr->c_filesize + 1);
-+      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
-+      link_name[file_hdr->c_filesize] = '\0';
-+      tape_skip_padding (in_file_des, file_hdr->c_filesize);
-+    }
-+  return link_name;
-+}
- \f
- static void
--list_file(struct cpio_file_stat* file_hdr, int in_file_des)
-+list_file (struct cpio_file_stat* file_hdr, int in_file_des)
- {
-   if (verbose_flag)
-     {
-@@ -136,21 +156,16 @@
- 	{
- 	  if (archive_format != arf_tar && archive_format != arf_ustar)
- 	    {
--	      char *link_name = NULL;	/* Name of hard and symbolic links.  */
--
--	      link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
--	      link_name[file_hdr->c_filesize] = '\0';
--	      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
--	      long_format (file_hdr, link_name);
--	      free (link_name);
--	      tape_skip_padding (in_file_des, file_hdr->c_filesize);
--	      return;
-+	      char *link_name = get_link_name (file_hdr, in_file_des);
-+	      if (link_name)
-+		{
-+		  long_format (file_hdr, link_name);
-+		  free (link_name);
-+		}
- 	    }
- 	  else
--	    {
--	      long_format (file_hdr, file_hdr->c_tar_linkname);
--	      return;
--	    }
-+	    long_format (file_hdr, file_hdr->c_tar_linkname);
-+	  return;
- 	}
-       else
- #endif
-@@ -640,7 +655,7 @@
- }
- \f
- static void
--copyin_link(struct cpio_file_stat *file_hdr, int in_file_des)
-+copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
- {
-   char *link_name = NULL;	/* Name of hard and symbolic links.  */
-   int res;			/* Result of various function calls.  */
-@@ -650,10 +665,9 @@
- 
-   if (archive_format != arf_tar && archive_format != arf_ustar)
-     {
--      link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1);
--      link_name[file_hdr->c_filesize] = '\0';
--      tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize);
--      tape_skip_padding (in_file_des, file_hdr->c_filesize);
-+      link_name = get_link_name (file_hdr, in_file_des);
-+      if (!link_name)
-+	return;
-     }
-   else
-     {
-@@ -1005,7 +1019,7 @@
- 
-   file_hdr->c_tar_linkname = NULL;
- 
--  tape_buffered_read (magic.str, in_des, 6L);
-+  tape_buffered_read (magic.str, in_des, sizeof (magic.str));
-   while (1)
-     {
-       if (append_flag)
-@@ -1050,8 +1064,8 @@
- 	  break;
- 	}
-       bytes_skipped++;
--      memmove (magic.str, magic.str + 1, 5);
--      tape_buffered_read (magic.str, in_des, 1L);
-+      memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1);
-+      tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L);
-     }
- }
- 
-diff -uNr cpio-2.11.ORIG/src/util.c cpio-2.11/src/util.c
---- cpio-2.11.ORIG/src/util.c	2015-01-09 11:31:49.018090090 +0000
-+++ cpio-2.11/src/util.c	2015-01-09 11:36:55.794093045 +0000
-@@ -206,10 +206,7 @@
-   if (input_size < 0)
-     error (1, errno, _("read error"));
-   if (input_size == 0)
--    {
--      error (0, 0, _("premature end of file"));
--      exit (1);
--    }
-+    error (PAXEXIT_FAILURE, 0, _("premature end of file"));
-   input_bytes += input_size;
- }
- 
-diff -uNr cpio-2.11.ORIG/tests/Makefile.am cpio-2.11/tests/Makefile.am
---- cpio-2.11.ORIG/tests/Makefile.am	2015-01-09 11:31:49.020090090 +0000
-+++ cpio-2.11/tests/Makefile.am	2015-01-09 11:34:05.121091401 +0000
-@@ -52,6 +52,8 @@
-  setstat04.at\
-  setstat05.at\
-  symlink.at\
-+ symlink-bad-length.at\
-+ symlink-long.at\
-  version.at
- 
- TESTSUITE = $(srcdir)/testsuite
-diff -uNr cpio-2.11.ORIG/tests/symlink-bad-length.at cpio-2.11/tests/symlink-bad-length.at
---- cpio-2.11.ORIG/tests/symlink-bad-length.at	1970-01-01 01:00:00.000000000 +0100
-+++ cpio-2.11/tests/symlink-bad-length.at	2015-01-09 11:35:52.124092432 +0000
-@@ -0,0 +1,64 @@
-+# Process this file with autom4te to create testsuite.  -*- Autotest -*-
-+# Copyright (C) 2014 Free Software Foundation, Inc.
-+
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 3, or (at your option)
-+# any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-+# 02110-1301 USA.
-+
-+# Cpio v2.11 did segfault with badly set symlink length.
-+# References:
-+# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
-+
-+AT_SETUP([symlink-bad-length])
-+AT_KEYWORDS([symlink-long copyout])
-+
-+AT_DATA([ARCHIVE.base64],
-+[x3EjAIBAtIEtJy8nAQAAAHRUYW0FAAAADQBGSUxFAABzb21lIGNvbnRlbnQKAMdxIwBgQ/+hLScv
-+JwEAAAB0VEhuBQD/////TElOSwAARklMRcdxAAAAAAAAAAAAAAEAAAAAAAAACwAAAAAAVFJBSUxF
-+UiEhIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-+])
-+
-+# The exact error message and exit status depend on the host architecture,
-+# therefore strderr is filtered out and error code is not checked.
-+
-+# So far the only case when cpio would exit with code 0 is when it skips
-+# several bytes and encounters a valid record header.  Perhaps it should
-+# exit with code 2 (non-critical error), if at least one byte was skipped,
-+# but that could hurt backward compatibility.
-+
-+AT_CHECK([
-+base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
-+TZ=UTC cpio -ntv < ARCHIVE 2>stderr 
-+cat stderr | grep -v \
-+    -e 'stored filename length is out of range' \
-+    -e 'premature end of file' \
-+    -e 'archive header has reverse byte-order' \
-+    -e 'memory exhausted' \
-+    -e 'skipped [[0-9][0-9]*] bytes of junk' \
-+    -e '[[0-9][0-9]*] block' \
-+    >&2
-+echo >&2 STDERR
-+],
-+[0],
-+[-rw-rw-r--   1 10029    10031          13 Nov 25 11:52 FILE
-+],[STDERR
-+])
-+
-+AT_CLEANUP
-diff -uNr cpio-2.11.ORIG/tests/symlink-long.at cpio-2.11/tests/symlink-long.at
---- cpio-2.11.ORIG/tests/symlink-long.at	1970-01-01 01:00:00.000000000 +0100
-+++ cpio-2.11/tests/symlink-long.at	2015-01-09 11:32:53.908090715 +0000
-@@ -0,0 +1,46 @@
-+# Process this file with autom4te to create testsuite.  -*- Autotest -*-
-+# Copyright (C) 2014 Free Software Foundation, Inc.
-+
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 3, or (at your option)
-+# any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-+# 02110-1301 USA.
-+
-+# Cpio v2.11.90 changed the way symlink name is read from archive.
-+# References:
-+# http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
-+
-+AT_SETUP([symlink-long])
-+AT_KEYWORDS([symlink-long copyout])
-+
-+AT_CHECK([
-+
-+# len(dirname) > READBUFSIZE
-+dirname=
-+for i in {1..52}; do
-+    dirname="xxxxxxxxx/$dirname"
-+    mkdir "$dirname"
-+done
-+ln -s "$dirname" x || AT_SKIP_TEST
-+
-+echo x | cpio -o > ar
-+list=`cpio -tv < ar | sed 's|.*-> ||'`
-+test "$list" = "$dirname" && echo success || echo fail
-+],
-+[0],
-+[success
-+],[2 blocks
-+2 blocks
-+])
-+
-+AT_CLEANUP
-diff -uNr cpio-2.11.ORIG/tests/testsuite.at cpio-2.11/tests/testsuite.at
---- cpio-2.11.ORIG/tests/testsuite.at	2015-01-09 11:31:49.020090090 +0000
-+++ cpio-2.11/tests/testsuite.at	2015-01-09 11:34:34.386091683 +0000
-@@ -31,6 +31,8 @@
- 
- m4_include([inout.at])
- m4_include([symlink.at])
-+m4_include([symlink-bad-length.at])
-+m4_include([symlink-long.at])
- m4_include([interdir.at])
- 
- m4_include([setstat01.at])

diff --git a/app-arch/cpio/files/cpio-2.11-stat.patch b/app-arch/cpio/files/cpio-2.11-stat.patch
deleted file mode 100644
index dcd991e3f20..00000000000
--- a/app-arch/cpio/files/cpio-2.11-stat.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-http://bugs.gentoo.org/328531
-
-From 3a7a1820d4cecbd77c7b74c785af5942510bf080 Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org.ua>
-Date: Thu, 22 Jul 2010 13:13:34 +0300
-Subject: [PATCH] Minor fix.
-
-* src/filetypes.h: Remove declarations of stat and lstat.
----
- src/filetypes.h |    2 --
- 1 files changed, 0 insertions(+), 2 deletions(-)
-
-diff --git a/src/filetypes.h b/src/filetypes.h
-index f80faab..81f0c32 100644
---- a/src/filetypes.h
-+++ b/src/filetypes.h
-@@ -81,5 +81,3 @@
- #ifndef S_ISLNK
- #define lstat stat
- #endif
--int lstat ();
--int stat ();
--- 
-1.7.3
-

diff --git a/app-arch/cpio/files/cpio-2.11-symlink-bad-length-test.patch b/app-arch/cpio/files/cpio-2.11-symlink-bad-length-test.patch
deleted file mode 100644
index 7af5fe0f0bc..00000000000
--- a/app-arch/cpio/files/cpio-2.11-symlink-bad-length-test.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-https://lists.gnu.org/archive/html/bug-cpio/2015-06/msg00001.html
-https://bugs.gentoo.org/554760
-
-this fix is squashed into 0396591026410f91f7a81b4b150bc7285d9f2278
-(as upstream doesn't seem to understand git)
-
->From bebf9662c406d1d137a66c567d8748b489d352e7 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <address@hidden>
-Date: Thu, 4 Jun 2015 13:27:42 +0200
-Subject: [PATCH] tests: fix expected output for old file
-
-Thanks Victor Rodriguez.  Upstream thread:
-http://lists.gnu.org/archive/html/bug-cpio/2015-06/msg00000.html
-
-* tests/symlink-bad-length.at (STDOUT): Expect the year string
-'2014' is printed and not time because the file in archive is
-older than 6 months.
-* Thanks: Mention Victor.
----
- THANKS                      | 1 +
- tests/symlink-bad-length.at | 2 +-
- 2 files changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tests/symlink-bad-length.at b/tests/symlink-bad-length.at
-index e1a7093..2cdc692 100644
---- a/tests/symlink-bad-length.at
-+++ b/tests/symlink-bad-length.at
-@@ -57,7 +57,7 @@ cat stderr | grep -v \
- echo >&2 STDERR
- ],
- [0],
--[-rw-rw-r--   1 10029    10031          13 Nov 25 11:52 FILE
-+[-rw-rw-r--   1 10029    10031          13 Nov 25  2014 FILE
- ],[STDERR
- ])
- 
--- 
-2.1.0
-


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2020-02-18 20:46 Sergei Trofimovich
  0 siblings, 0 replies; 6+ messages in thread
From: Sergei Trofimovich @ 2020-02-18 20:46 UTC (permalink / raw
  To: gentoo-commits

commit:     d78585ef0dc6ded24811254595ea3741f196bc46
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 18 20:46:27 2020 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Tue Feb 18 20:46:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d78585ef

app-arch/cpio: backport tweak for gcc-10, bug #705900

Closes: https://bugs.gentoo.org/705900
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>

 app-arch/cpio/cpio-2.12-r1.ebuild          |  1 +
 app-arch/cpio/cpio-2.13.ebuild             |  3 ++-
 app-arch/cpio/files/cpio-2.12-gcc-10.patch | 27 +++++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/app-arch/cpio/cpio-2.12-r1.ebuild b/app-arch/cpio/cpio-2.12-r1.ebuild
index a32dcef968d..2c74b76cbc1 100644
--- a/app-arch/cpio/cpio-2.12-r1.ebuild
+++ b/app-arch/cpio/cpio-2.12-r1.ebuild
@@ -17,6 +17,7 @@ IUSE="nls"
 src_prepare() {
 	epatch "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
 	epatch "${FILESDIR}"/${PN}-2.12-name-overflow.patch #572428
+	epatch "${FILESDIR}"/${PN}-2.12-gcc-10.patch #705900
 }
 
 src_configure() {

diff --git a/app-arch/cpio/cpio-2.13.ebuild b/app-arch/cpio/cpio-2.13.ebuild
index 30557dbd043..4f5966691a5 100644
--- a/app-arch/cpio/cpio-2.13.ebuild
+++ b/app-arch/cpio/cpio-2.13.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -14,6 +14,7 @@ IUSE="nls"
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
+	"${FILESDIR}"/${PN}-2.12-gcc-10.patch #705900
 )
 
 src_configure() {

diff --git a/app-arch/cpio/files/cpio-2.12-gcc-10.patch b/app-arch/cpio/files/cpio-2.12-gcc-10.patch
new file mode 100644
index 00000000000..9c7d7edd88f
--- /dev/null
+++ b/app-arch/cpio/files/cpio-2.12-gcc-10.patch
@@ -0,0 +1,27 @@
+From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 20 Jan 2020 07:45:39 +0200
+Subject: Minor fix * src/global.c: Remove superfluous declaration of
+ program_name
+
+---
+ src/global.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/global.c b/src/global.c
+index fb3abe9..acf92bc 100644
+--- a/src/global.c
++++ b/src/global.c
+@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
+ /* Extract to standard output? */
+ bool to_stdout_option = false;
+ 
+-/* The name this program was run with.  */
+-char *program_name;
+-
+ /* A pointer to either lstat or stat, depending on whether
+    dereferencing of symlinks is done for input files.  */
+ int (*xstat) ();
+-- 
+cgit v1.2.1
+


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2022-10-18 18:41 Sam James
  0 siblings, 0 replies; 6+ messages in thread
From: Sam James @ 2022-10-18 18:41 UTC (permalink / raw
  To: gentoo-commits

commit:     30d0bdb974112f7857d6e50efb7d6b4b2b1ec295
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 18 18:40:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 18 18:41:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30d0bdb9

app-arch/cpio: patch regressions in 2.13, allowing CVE-2021-38185 fix (unkeyworded)

To be keyworded after testing on more machines.

Bug: https://bugs.gentoo.org/699456
Bug: https://bugs.gentoo.org/807088
Bug: https://bugs.gentoo.org/854192
Closes: https://bugs.gentoo.org/700020
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-arch/cpio/Manifest                             |  1 +
 app-arch/cpio/cpio-2.13-r1.ebuild                  | 39 ++++++++++++++++++++++
 .../files/cpio-2.13-sysmacros-glibc-2.26.patch     | 12 +++++++
 3 files changed, 52 insertions(+)

diff --git a/app-arch/cpio/Manifest b/app-arch/cpio/Manifest
index e3d8f9e77f92..c9fcf3fa150e 100644
--- a/app-arch/cpio/Manifest
+++ b/app-arch/cpio/Manifest
@@ -1,2 +1,3 @@
 DIST cpio-2.12.tar.bz2 1258605 BLAKE2B 4b6d42a1d8aaeaa980cab5894b2e264451e96a108f2c3aa89d3e6fde0bff338e026ee233ebd7c8cf41f3c926d42d38b866778244db774055736ca8792889e160 SHA512 0cd4da5f2fbca179ab4e666a5f878414c086a5f98bce4c76273f21d9b2a6fe422d901b5d453826c5f81bbe363aa015047a1e99779ad1a451c8feca6205c63120
+DIST cpio-2.13-CVE-2021-38185.patch.xz 7844 BLAKE2B e338950e03c3eed3b4288435c9c75af8f0c3497b43680be4ee347e628db7cfac616b437a848094bf82cfc2c7f29d59b388bf0f6368b3b99770022e3f9533be11 SHA512 4d2cafefcd1ae9d86cb5171de2896799713490dfd9ed27d3dce0886fa4588c8df2b16ad8508a5dbb9155c9de6e40b6d1083bdb4774d967193a270a1dcbe37a33
 DIST cpio-2.13.tar.bz2 1354559 BLAKE2B 45d77723acb55f15c8574ab5a2fdff6fb1767629d177dd3416b0268e9f82ee6bdd11b4fa591ef020efccbdc3f4918cf77263169da1a0f6422dfe1a9712295778 SHA512 459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3

diff --git a/app-arch/cpio/cpio-2.13-r1.ebuild b/app-arch/cpio/cpio-2.13-r1.ebuild
new file mode 100644
index 000000000000..6005349fe120
--- /dev/null
+++ b/app-arch/cpio/cpio-2.13-r1.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="A file archival tool which can also read and write tar files"
+HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
+SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
+SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021-38185.patch.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="nls"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
+	"${WORKDIR}"/${P}-CVE-2021-38185.patch
+	"${FILESDIR}"/${PN}-2.13-sysmacros-glibc-2.26.patch
+)
+
+src_prepare() {
+	default
+
+	# Drop after 2.13 (only here for CVE patch)
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable nls)
+		--bindir="${EPREFIX}"/bin
+		--with-rmt="${EPREFIX}"/usr/sbin/rmt
+	)
+
+	econf "${myeconfargs[@]}"
+}

diff --git a/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch b/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch
new file mode 100644
index 000000000000..0f902f060f86
--- /dev/null
+++ b/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch
@@ -0,0 +1,12 @@
+--- a/am/ax_compile_check_rettype.m4
++++ b/am/ax_compile_check_rettype.m4
+@@ -70,6 +70,7 @@ AC_CACHE_VAL(AC_CV_NAME,
+ [for ac_type in char short int long "long long" $4
+  do 
+   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ $3
+ ]], [[switch (0) case 0: case (sizeof ($1($2)) == sizeof ($ac_type)):;]])], [AC_CV_NAME=$ac_type])
+ 
+ 


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2022-10-18 19:12 Sam James
  0 siblings, 0 replies; 6+ messages in thread
From: Sam James @ 2022-10-18 19:12 UTC (permalink / raw
  To: gentoo-commits

commit:     a52ec56f85b11ee1faceddac7874666ad6d2b164
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 18 19:11:52 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 18 19:12:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a52ec56f

app-arch/cpio: revert CVE-2015-1197 fix for --no-absolute-filenames

At least we can have the fix for CVE-2021-38185.

Bug: https://bugs.gentoo.org/699456
Bug: https://bugs.gentoo.org/807088
Closes: https://bugs.gentoo.org/700020
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../{cpio-2.13-r1.ebuild => cpio-2.13-r2.ebuild}   |  1 +
 ...e-filenames-revert-CVE-2015-1197-handling.patch | 47 ++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/app-arch/cpio/cpio-2.13-r1.ebuild b/app-arch/cpio/cpio-2.13-r2.ebuild
similarity index 92%
rename from app-arch/cpio/cpio-2.13-r1.ebuild
rename to app-arch/cpio/cpio-2.13-r2.ebuild
index 6005349fe120..c3924649236b 100644
--- a/app-arch/cpio/cpio-2.13-r1.ebuild
+++ b/app-arch/cpio/cpio-2.13-r2.ebuild
@@ -19,6 +19,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
 	"${WORKDIR}"/${P}-CVE-2021-38185.patch
 	"${FILESDIR}"/${PN}-2.13-sysmacros-glibc-2.26.patch
+	"${FILESDIR}"/${PN}-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
 )
 
 src_prepare() {

diff --git a/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch b/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
new file mode 100644
index 000000000000..326489a54943
--- /dev/null
+++ b/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
@@ -0,0 +1,47 @@
+https://sources.debian.org/patches/cpio/2.13%2Bdfsg-7.1/revert-CVE-2015-1197-handling.patch/
+https://bugs.gentoo.org/700020
+
+From: Chris Lamb <lamby@debian.org>
+Date: Sat, 1 Feb 2020 13:36:37 +0100
+Subject: Fix a regression in handling of CVE-2015-1197 &
+ --no-absolute-filenames.
+
+See:
+
+  * https://bugs.debian.org/946267
+  * https://bugs.debian.org/946469
+
+This reverts (most of): https://git.savannah.gnu.org/cgit/cpio.git/diff/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca&id2=3177d660a4c62a6acb538b0f7c54ba423698889a
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -646,8 +646,6 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
+       link_name = xstrdup (file_hdr->c_tar_linkname);
+     }
+ 
+-  cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
+-  
+   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ 			 file_hdr->c_mode);
+   if (res < 0 && create_dir_flag)
+--- a/tests/testsuite
++++ b/tests/testsuite
+@@ -2787,7 +2787,7 @@ read at_status <"$at_status_file"
+ #AT_START_14
+ at_fn_group_banner 14 'CVE-2015-1197.at:17' \
+   "CVE-2015-1197 (--no-absolute-filenames for symlinks)" ""
+-at_xfail=no
++at_xfail=yes
+ (
+   $as_echo "14. $at_setup_line: testing $at_desc ..."
+   $at_traceon
+
+--- a/tests/CVE-2015-1197.at
++++ b/tests/CVE-2015-1197.at
+@@ -15,6 +15,7 @@
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ 
+ AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
++AT_XFAIL_IF([true])
+ AT_CHECK([
+ tempdir=$(pwd)/tmp
+ mkdir $tempdir


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/
@ 2022-12-28  0:33 Sam James
  0 siblings, 0 replies; 6+ messages in thread
From: Sam James @ 2022-12-28  0:33 UTC (permalink / raw
  To: gentoo-commits

commit:     35f18448ac5707b834a0e7df35c934c0bef430b7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 27 23:53:21 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Dec 28 00:32:13 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35f18448

app-arch/cpio: drop 2.12-r1, 2.13-r3

Bug: https://bugs.gentoo.org/807088
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-arch/cpio/Manifest                            |  1 -
 app-arch/cpio/cpio-2.12-r1.ebuild                 | 26 ------------
 app-arch/cpio/cpio-2.13-r3.ebuild                 | 50 -----------------------
 app-arch/cpio/files/cpio-2.12-gcc-10.patch        | 27 ------------
 app-arch/cpio/files/cpio-2.12-name-overflow.patch | 15 -------
 5 files changed, 119 deletions(-)

diff --git a/app-arch/cpio/Manifest b/app-arch/cpio/Manifest
index c9fcf3fa150e..1bc147148d44 100644
--- a/app-arch/cpio/Manifest
+++ b/app-arch/cpio/Manifest
@@ -1,3 +1,2 @@
-DIST cpio-2.12.tar.bz2 1258605 BLAKE2B 4b6d42a1d8aaeaa980cab5894b2e264451e96a108f2c3aa89d3e6fde0bff338e026ee233ebd7c8cf41f3c926d42d38b866778244db774055736ca8792889e160 SHA512 0cd4da5f2fbca179ab4e666a5f878414c086a5f98bce4c76273f21d9b2a6fe422d901b5d453826c5f81bbe363aa015047a1e99779ad1a451c8feca6205c63120
 DIST cpio-2.13-CVE-2021-38185.patch.xz 7844 BLAKE2B e338950e03c3eed3b4288435c9c75af8f0c3497b43680be4ee347e628db7cfac616b437a848094bf82cfc2c7f29d59b388bf0f6368b3b99770022e3f9533be11 SHA512 4d2cafefcd1ae9d86cb5171de2896799713490dfd9ed27d3dce0886fa4588c8df2b16ad8508a5dbb9155c9de6e40b6d1083bdb4774d967193a270a1dcbe37a33
 DIST cpio-2.13.tar.bz2 1354559 BLAKE2B 45d77723acb55f15c8574ab5a2fdff6fb1767629d177dd3416b0268e9f82ee6bdd11b4fa591ef020efccbdc3f4918cf77263169da1a0f6422dfe1a9712295778 SHA512 459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3

diff --git a/app-arch/cpio/cpio-2.12-r1.ebuild b/app-arch/cpio/cpio-2.12-r1.ebuild
deleted file mode 100644
index 684d6aa82dfa..000000000000
--- a/app-arch/cpio/cpio-2.12-r1.ebuild
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="A file archival tool which can also read and write tar files"
-HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
-SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
-	"${FILESDIR}"/${PN}-2.12-name-overflow.patch #572428
-	"${FILESDIR}"/${PN}-2.12-gcc-10.patch #705900
-)
-
-src_configure() {
-	econf \
-		$(use_enable nls) \
-		--bindir="${EPREFIX}"/bin \
-		--with-rmt="${EPREFIX}"/usr/sbin/rmt
-}

diff --git a/app-arch/cpio/cpio-2.13-r3.ebuild b/app-arch/cpio/cpio-2.13-r3.ebuild
deleted file mode 100644
index a09ffc983c4c..000000000000
--- a/app-arch/cpio/cpio-2.13-r3.ebuild
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit autotools
-
-DESCRIPTION="A file archival tool which can also read and write tar files"
-HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
-SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
-SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021-38185.patch.xz"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="nls"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
-	"${WORKDIR}"/${P}-CVE-2021-38185.patch
-	"${FILESDIR}"/${PN}-2.13-sysmacros-glibc-2.26.patch
-	"${FILESDIR}"/${PN}-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
-)
-
-src_prepare() {
-	default
-
-	# Drop after 2.13 (only here for CVE patch)
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		$(use_enable nls)
-		--bindir="${EPREFIX}"/bin
-		--with-rmt="${EPREFIX}"/usr/sbin/rmt
-		# install as gcpio for better compatibility with non-GNU userland
-		--program-prefix=g
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	# make cpio a symlink
-	dosym gcpio /bin/cpio
-	dosym gcpio.1 /usr/share/man/man1/cpio.1
-}

diff --git a/app-arch/cpio/files/cpio-2.12-gcc-10.patch b/app-arch/cpio/files/cpio-2.12-gcc-10.patch
deleted file mode 100644
index 9c7d7edd88f5..000000000000
--- a/app-arch/cpio/files/cpio-2.12-gcc-10.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Mon, 20 Jan 2020 07:45:39 +0200
-Subject: Minor fix * src/global.c: Remove superfluous declaration of
- program_name
-
----
- src/global.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/global.c b/src/global.c
-index fb3abe9..acf92bc 100644
---- a/src/global.c
-+++ b/src/global.c
-@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
- /* Extract to standard output? */
- bool to_stdout_option = false;
- 
--/* The name this program was run with.  */
--char *program_name;
--
- /* A pointer to either lstat or stat, depending on whether
-    dereferencing of symlinks is done for input files.  */
- int (*xstat) ();
--- 
-cgit v1.2.1
-

diff --git a/app-arch/cpio/files/cpio-2.12-name-overflow.patch b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
deleted file mode 100644
index f85246884c39..000000000000
--- a/app-arch/cpio/files/cpio-2.12-name-overflow.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-https://bugs.gentoo.org/572428
-https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00002.html
-http://seclists.org/oss-sec/2016/q1/136
-
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -1385,6 +1385,8 @@
- 	  break;
- 	}
- 
-+      if (file_hdr.c_namesize <= 1)
-+	file_hdr.c_name = xrealloc (file_hdr.c_name, 2);
-       cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
- 			      false);
-       


^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2022-12-28  0:33 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-14 19:48 [gentoo-commits] repo/gentoo:master commit in: app-arch/cpio/files/, app-arch/cpio/ Mike Frysinger
  -- strict thread matches above, loose matches on Subject: below --
2017-06-17 21:39 Lars Wendler
2020-02-18 20:46 Sergei Trofimovich
2022-10-18 18:41 Sam James
2022-10-18 19:12 Sam James
2022-12-28  0:33 Sam James

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox