From cc8446f3ae0102e023882476f1d29ee1f804028f Mon Sep 17 00:00:00 2001 From: Christian Weisgerber Date: Thu, 17 Sep 2015 20:15:23 +0000 Subject: Update to 2.12, but retain local fix for CVE-2015-1197. --- archivers/gcpio/Makefile | 3 +- archivers/gcpio/distinfo | 4 +- archivers/gcpio/files/patch-doc_Makefile.in | 11 --- archivers/gcpio/files/patch-doc_cpio.1 | 52 ++++++---- archivers/gcpio/files/patch-gnu_Makefile.in | 4 +- archivers/gcpio/files/patch-src_copyin.c | 114 +--------------------- archivers/gcpio/files/patch-src_extern.h | 6 +- archivers/gcpio/files/patch-src_filetypes.h | 12 --- archivers/gcpio/files/patch-src_global.c | 2 +- archivers/gcpio/files/patch-src_main.c | 20 ++-- archivers/gcpio/files/patch-src_util.c | 14 --- archivers/gcpio/files/patch-tests_symlink-long.at | 15 +++ archivers/gcpio/pkg-plist | 4 + 13 files changed, 73 insertions(+), 188 deletions(-) delete mode 100644 archivers/gcpio/files/patch-doc_Makefile.in delete mode 100644 archivers/gcpio/files/patch-src_filetypes.h delete mode 100644 archivers/gcpio/files/patch-src_util.c create mode 100644 archivers/gcpio/files/patch-tests_symlink-long.at (limited to 'archivers/gcpio') diff --git a/archivers/gcpio/Makefile b/archivers/gcpio/Makefile index 6ebbf11bf39d..e8ce58c39f11 100644 --- a/archivers/gcpio/Makefile +++ b/archivers/gcpio/Makefile @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= cpio -PORTVERSION= 2.11 -PORTREVISION= 3 +PORTVERSION= 2.12 CATEGORIES= archivers MASTER_SITES= GNU PKGNAMEPREFIX= g diff --git a/archivers/gcpio/distinfo b/archivers/gcpio/distinfo index dd94d7b52ba5..ff2d78f5423e 100644 --- a/archivers/gcpio/distinfo +++ b/archivers/gcpio/distinfo @@ -1,2 +1,2 @@ -SHA256 (cpio-2.11.tar.bz2) = bb820bfd96e74fc6ce43104f06fe733178517e7f5d1cdee553773e8eff7d5bbd -SIZE (cpio-2.11.tar.bz2) = 1018483 +SHA256 (cpio-2.12.tar.bz2) = 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e +SIZE (cpio-2.12.tar.bz2) = 1258605 diff --git a/archivers/gcpio/files/patch-doc_Makefile.in b/archivers/gcpio/files/patch-doc_Makefile.in deleted file mode 100644 index dd3d7a0fe6fc..000000000000 --- a/archivers/gcpio/files/patch-doc_Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- doc/Makefile.in.orig 2010-03-10 13:00:35 UTC -+++ doc/Makefile.in -@@ -813,7 +813,7 @@ top_build_prefix = @top_build_prefix@ - top_builddir = @top_builddir@ - top_srcdir = @top_srcdir@ - info_TEXINFOS = cpio.texi --man_MANS = cpio.1 mt.1 -+man_MANS = cpio.1 - EXTRA_DIST = $(man_MANS) gendocs_template - all: all-am - diff --git a/archivers/gcpio/files/patch-doc_cpio.1 b/archivers/gcpio/files/patch-doc_cpio.1 index ea859d85e90c..bec2650a0798 100644 --- a/archivers/gcpio/files/patch-doc_cpio.1 +++ b/archivers/gcpio/files/patch-doc_cpio.1 @@ -1,34 +1,44 @@ ---- doc/cpio.1.orig 2009-02-14 18:15:50 UTC +--- doc/cpio.1.orig 2015-09-12 10:57:30 UTC +++ doc/cpio.1 -@@ -1,8 +1,8 @@ - .TH CPIO 1L \" -*- nroff -*- +@@ -15,9 +15,9 @@ + .\" along with GNU cpio. If not, see . + .TH CPIO 1 "December 1, 2014" "CPIO" "GNU CPIO" .SH NAME -cpio \- copy files to and from archives +gcpio \- copy files to and from archives .SH SYNOPSIS -.B cpio +.B gcpio - {\-o|\-\-create} [\-0acvABLV] [\-C bytes] [\-H format] [\-M message] - [\-O [[user@]host:]archive] [\-F [[user@]host:]archive] - [\-\-file=[[user@]host:]archive] [\-\-format=format] [\-\-message=message] -@@ -11,7 +11,7 @@ cpio \- copy files to and from archives - [\-\-force\-local] [\-\-rsh-command=command] [\-\-help] [\-\-version] - < name-list [> archive] + {\fB\-o\fR|\fB\-\-create\fR} [\fB\-0acvABLV\fR] [\fB\-C\fR \fIBYTES\fR] + [\fB\-H\fR \fIFORMAT\fR] [\fB\-M\fR \fIMESSAGE\fR] + [\fB\-O\fR [[\fIUSER\fB@\fR]\fIHOST\fB:\fR]\fIARCHIVE\fR] +@@ -31,7 +31,7 @@ cpio \- copy files to and from archives + [\fB\-\-force\-local\fR] [\fB\-\-rsh\-command=\fICOMMAND\fR] + \fB<\fR \fIname-list\fR [\fB>\fR \fIarchive\fR] -.B cpio +.B gcpio - {\-i|\-\-extract} [\-bcdfmnrtsuvBSV] [\-C bytes] [\-E file] [\-H format] - [\-M message] [\-R [user][:.][group]] [\-I [[user@]host:]archive] - [\-F [[user@]host:]archive] [\-\-file=[[user@]host:]archive] -@@ -22,9 +22,10 @@ cpio \- copy files to and from archives - [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message] - [\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse] - [\-\-only\-verify\-crc] [\-\-to\-stdout] [\-\-quiet] [\-\-rsh-command=command] -+[\-\-extract\-over\-symlinks] - [\-\-help] [\-\-version] [pattern...] [< archive] + {\fB\-i\fR|\fB\-\-extract\fR} [\fB\-bcdfmnrtsuvBSV\fR] [\fB\-C\fR \fIBYTES\fR] + [\fB\-E\fR \fIFILE\fR] [\fB\-H\fR \fIFORMAT\fR] + [\fB\-M\fR \fIMESSAGE\fR] [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]] +@@ -50,9 +50,10 @@ cpio \- copy files to and from archives + [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR] + [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR] + [\fB\-\-rsh\-command=\fICOMMAND\fR] ++[\fB\-\-extract\-over\-symlinks\fR] + [\fIpattern\fR...] [\fB<\fR \fIarchive\fR] -.B cpio +.B gcpio - {\-p|\-\-pass-through} [\-0adlmuvLV] [\-R [user][:.][group]] - [\-\-null] [\-\-reset-access-time] [\-\-make-directories] [\-\-link] [\-\-quiet] - [\-\-preserve-modification-time] [\-\-unconditional] [\-\-verbose] [\-\-dot] + {\fB\-p\fR|\fB\-\-pass\-through\fR} [\fB\-0adlmuvLV\fR] + [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]] + [\fB\-\-null\fR] [\fB\-\-reset\-access\-time\fR] +@@ -63,7 +64,7 @@ cpio \- copy files to and from archives + [\fB\-\-no\-preserve\-owner\fR] [\fB\-\-sparse\fR] + \fIdestination-directory\fR \fB<\fR \fIname-list\fR + +-.B cpio ++.B gcpio + {\fB\-?\fR|\fB\-\-help\fR|\fB\-\-usage\fR|\fB\-\-version\fR} + .SH NOTE + This manpage is a short description of GNU \fBcpio\fR. For a detailed diff --git a/archivers/gcpio/files/patch-gnu_Makefile.in b/archivers/gcpio/files/patch-gnu_Makefile.in index 125dd9cf546d..0080d8a07c52 100644 --- a/archivers/gcpio/files/patch-gnu_Makefile.in +++ b/archivers/gcpio/files/patch-gnu_Makefile.in @@ -1,6 +1,6 @@ ---- gnu/Makefile.in.orig 2010-03-10 13:00:36 UTC +--- gnu/Makefile.in.orig 2015-09-12 11:11:14 UTC +++ gnu/Makefile.in -@@ -1720,7 +1720,7 @@ inttypes.h: inttypes.in.h $(WARN_ON_USE_ +@@ -2077,7 +2077,7 @@ inttypes.h: inttypes.in.h $(top_builddir # avoid installing it. all-local: charset.alias ref-add.sed ref-del.sed diff --git a/archivers/gcpio/files/patch-src_copyin.c b/archivers/gcpio/files/patch-src_copyin.c index 0727a49d40d8..dfb98df06001 100644 --- a/archivers/gcpio/files/patch-src_copyin.c +++ b/archivers/gcpio/files/patch-src_copyin.c @@ -1,92 +1,6 @@ ---- src/copyin.c.orig 2010-02-15 10:02:23 UTC +--- src/copyin.c.orig 2015-09-12 10:57:30 UTC +++ src/copyin.c -@@ -124,10 +124,30 @@ tape_skip_padding (int in_file_des, off_ - if (pad != 0) - tape_toss_input (in_file_des, pad); - } -- -+ -+static char * -+get_link_name (struct cpio_file_stat *file_hdr, int in_file_des) -+{ -+ char *link_name; -+ -+ if (file_hdr->c_filesize < 0 || file_hdr->c_filesize > SIZE_MAX-1) -+ { -+ error (0, 0, _("%s: stored filename length is out of range"), -+ file_hdr->c_name); -+ link_name = NULL; -+ } -+ else -+ { -+ link_name = xmalloc (file_hdr->c_filesize + 1); -+ tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); -+ link_name[file_hdr->c_filesize] = '\0'; -+ tape_skip_padding (in_file_des, file_hdr->c_filesize); -+ } -+ return link_name; -+} - - static void --list_file(struct cpio_file_stat* file_hdr, int in_file_des) -+list_file (struct cpio_file_stat* file_hdr, int in_file_des) - { - if (verbose_flag) - { -@@ -136,21 +156,16 @@ list_file(struct cpio_file_stat* file_hd - { - if (archive_format != arf_tar && archive_format != arf_ustar) - { -- char *link_name = NULL; /* Name of hard and symbolic links. */ -- -- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); -- link_name[file_hdr->c_filesize] = '\0'; -- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); -- long_format (file_hdr, link_name); -- free (link_name); -- tape_skip_padding (in_file_des, file_hdr->c_filesize); -- return; -+ char *link_name = get_link_name (file_hdr, in_file_des); -+ if (link_name) -+ { -+ long_format (file_hdr, link_name); -+ free (link_name); -+ } - } - else -- { -- long_format (file_hdr, file_hdr->c_tar_linkname); -- return; -- } -+ long_format (file_hdr, file_hdr->c_tar_linkname); -+ return; - } - else - #endif -@@ -640,7 +655,7 @@ copyin_device (struct cpio_file_stat* fi - } - - static void --copyin_link(struct cpio_file_stat *file_hdr, int in_file_des) -+copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) - { - char *link_name = NULL; /* Name of hard and symbolic links. */ - int res; /* Result of various function calls. */ -@@ -650,10 +665,9 @@ copyin_link(struct cpio_file_stat *file_ - - if (archive_format != arf_tar && archive_format != arf_ustar) - { -- link_name = (char *) xmalloc ((unsigned int) file_hdr->c_filesize + 1); -- link_name[file_hdr->c_filesize] = '\0'; -- tape_buffered_read (link_name, in_file_des, file_hdr->c_filesize); -- tape_skip_padding (in_file_des, file_hdr->c_filesize); -+ link_name = get_link_name (file_hdr, in_file_des); -+ if (!link_name) -+ return; - } - else - { -@@ -686,6 +700,51 @@ copyin_link(struct cpio_file_stat *file_ +@@ -695,6 +695,51 @@ copyin_link (struct cpio_file_stat *file free (link_name); } @@ -138,27 +52,7 @@ static void copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) { -@@ -1005,7 +1064,7 @@ read_in_header (struct cpio_file_stat *f - - file_hdr->c_tar_linkname = NULL; - -- tape_buffered_read (magic.str, in_des, 6L); -+ tape_buffered_read (magic.str, in_des, sizeof (magic.str)); - while (1) - { - if (append_flag) -@@ -1050,8 +1109,8 @@ read_in_header (struct cpio_file_stat *f - break; - } - bytes_skipped++; -- memmove (magic.str, magic.str + 1, 5); -- tape_buffered_read (magic.str, in_des, 1L); -+ memmove (magic.str, magic.str + 1, sizeof (magic.str) - 1); -+ tape_buffered_read (magic.str + sizeof (magic.str) - 1, in_des, 1L); - } - } - -@@ -1457,6 +1516,23 @@ process_copy_in () +@@ -1468,6 +1513,23 @@ process_copy_in () { /* Copy the input file into the directory structure. */ @@ -175,7 +69,7 @@ + continue; + */ + /* terminate */ -+ error (1, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); ++ error (PAXEXIT_FAILURE, 0, _("Can't write over symlinks: %s\n"), file_hdr.c_name); + } + } + diff --git a/archivers/gcpio/files/patch-src_extern.h b/archivers/gcpio/files/patch-src_extern.h index b9b70c52be68..f226fb2e240f 100644 --- a/archivers/gcpio/files/patch-src_extern.h +++ b/archivers/gcpio/files/patch-src_extern.h @@ -1,10 +1,10 @@ ---- src/extern.h.orig 2010-02-15 10:02:23 UTC +--- src/extern.h.orig 2015-09-12 10:57:30 UTC +++ src/extern.h -@@ -95,6 +95,7 @@ extern char input_is_special; +@@ -96,6 +96,7 @@ extern char input_is_special; extern char output_is_special; extern char input_is_seekable; extern char output_is_seekable; +extern bool extract_over_symlinks; extern int (*xstat) (); extern void (*copy_function) (); - + extern char *change_directory_option; diff --git a/archivers/gcpio/files/patch-src_filetypes.h b/archivers/gcpio/files/patch-src_filetypes.h deleted file mode 100644 index d2f1c2824863..000000000000 --- a/archivers/gcpio/files/patch-src_filetypes.h +++ /dev/null @@ -1,12 +0,0 @@ ---- src/filetypes.h.orig 2010-02-12 10:19:23 UTC -+++ src/filetypes.h -@@ -81,5 +81,9 @@ - #ifndef S_ISLNK - #define lstat stat - #endif -+#ifndef lstat - int lstat (); -+#endif -+#ifndef stat - int stat (); -+#endif diff --git a/archivers/gcpio/files/patch-src_global.c b/archivers/gcpio/files/patch-src_global.c index 55b2e386b825..e4a68ffc6dd2 100644 --- a/archivers/gcpio/files/patch-src_global.c +++ b/archivers/gcpio/files/patch-src_global.c @@ -1,4 +1,4 @@ ---- src/global.c.orig 2010-02-12 10:19:23 UTC +--- src/global.c.orig 2015-09-12 10:57:30 UTC +++ src/global.c @@ -187,6 +187,9 @@ bool to_stdout_option = false; /* The name this program was run with. */ diff --git a/archivers/gcpio/files/patch-src_main.c b/archivers/gcpio/files/patch-src_main.c index 56e13fd08bdb..f3abc14a81f7 100644 --- a/archivers/gcpio/files/patch-src_main.c +++ b/archivers/gcpio/files/patch-src_main.c @@ -1,16 +1,16 @@ ---- src/main.c.orig 2010-02-12 11:35:09 UTC +--- src/main.c.orig 2015-09-12 10:57:30 UTC +++ src/main.c -@@ -57,7 +57,8 @@ enum cpio_options { - FORCE_LOCAL_OPTION, - DEBUG_OPTION, - BLOCK_SIZE_OPTION, -- TO_STDOUT_OPTION -+ TO_STDOUT_OPTION, +@@ -61,7 +61,8 @@ enum cpio_options { + TO_STDOUT_OPTION, + RENUMBER_INODES_OPTION, + IGNORE_DEVNO_OPTION, +- DEVICE_INDEPENDENT_OPTION ++ DEVICE_INDEPENDENT_OPTION, + EXTRACT_OVER_SYMLINKS }; const char *program_authors[] = -@@ -222,6 +223,8 @@ static struct argp_option options[] = { +@@ -243,6 +244,8 @@ static struct argp_option options[] = { N_("Create leading directories where needed"), GRID+1 }, {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0, N_("Do not change the ownership of the files"), GRID+1 }, @@ -19,7 +19,7 @@ {"unconditional", 'u', NULL, 0, N_("Replace all files unconditionally"), GRID+1 }, {"sparse", SPARSE_OPTION, NULL, 0, -@@ -412,6 +415,10 @@ crc newc odc bin ustar tar (all-caps als +@@ -432,6 +435,10 @@ crc newc odc bin ustar tar (all-caps als no_chown_flag = true; break; @@ -29,4 +29,4 @@ + case 'o': /* Copy-out mode. */ if (copy_function != 0) - error (PAXEXIT_FAILURE, 0, _("Mode already defined")); + USAGE_ERROR ((0, 0, _("Mode already defined"))); diff --git a/archivers/gcpio/files/patch-src_util.c b/archivers/gcpio/files/patch-src_util.c deleted file mode 100644 index 8c365f8ba2f8..000000000000 --- a/archivers/gcpio/files/patch-src_util.c +++ /dev/null @@ -1,14 +0,0 @@ ---- src/util.c.orig 2010-03-10 10:22:30 UTC -+++ src/util.c -@@ -206,10 +206,7 @@ tape_fill_input_buffer (int in_des, int - if (input_size < 0) - error (1, errno, _("read error")); - if (input_size == 0) -- { -- error (0, 0, _("premature end of file")); -- exit (1); -- } -+ error (PAXEXIT_FAILURE, 0, _("premature end of file")); - input_bytes += input_size; - } - diff --git a/archivers/gcpio/files/patch-tests_symlink-long.at b/archivers/gcpio/files/patch-tests_symlink-long.at new file mode 100644 index 000000000000..e95dde74b9d3 --- /dev/null +++ b/archivers/gcpio/files/patch-tests_symlink-long.at @@ -0,0 +1,15 @@ +--- tests/symlink-long.at.orig 2015-09-12 10:57:30 UTC ++++ tests/symlink-long.at +@@ -27,9 +27,11 @@ AT_CHECK([ + + # len(dirname) > READBUFSIZE + dirname= +-for i in {1..52}; do ++i=1 ++while test $i -le 52; do + dirname="xxxxxxxxx/$dirname" + mkdir "$dirname" ++ i=`expr $i + 1` + done + ln -s "$dirname" x || AT_SKIP_TEST + diff --git a/archivers/gcpio/pkg-plist b/archivers/gcpio/pkg-plist index 6dc615df53b2..bd709428009d 100644 --- a/archivers/gcpio/pkg-plist +++ b/archivers/gcpio/pkg-plist @@ -7,14 +7,18 @@ man/man1/gcpio.1.gz %%NLS%%share/locale/fr/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ga/LC_MESSAGES/cpio.mo %%NLS%%share/locale/gl/LC_MESSAGES/cpio.mo +%%NLS%%share/locale/hr/LC_MESSAGES/cpio.mo %%NLS%%share/locale/hu/LC_MESSAGES/cpio.mo %%NLS%%share/locale/id/LC_MESSAGES/cpio.mo +%%NLS%%share/locale/it/LC_MESSAGES/cpio.mo +%%NLS%%share/locale/ja/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ko/LC_MESSAGES/cpio.mo %%NLS%%share/locale/nl/LC_MESSAGES/cpio.mo %%NLS%%share/locale/pl/LC_MESSAGES/cpio.mo %%NLS%%share/locale/pt_BR/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ro/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ru/LC_MESSAGES/cpio.mo +%%NLS%%share/locale/sr/LC_MESSAGES/cpio.mo %%NLS%%share/locale/sv/LC_MESSAGES/cpio.mo %%NLS%%share/locale/tr/LC_MESSAGES/cpio.mo %%NLS%%share/locale/uk/LC_MESSAGES/cpio.mo -- cgit v1.2.3