up to 2.14

- fix for CVE-2015-1197 rewritten and revert not required anymore
  according to https://lists.gnu.org/archive/html/bug-cpio/2023-04/msg00013.html

diff --git a/cpio.spec b/cpio.spec
index 56fa3700ea157849f25fc185f1cbe4f35657c172..cbbb250e2b26334c128cedabe3e9b91463f106c1 100644 (file)
--- a/cpio.spec
+++ b/cpio.spec
@@ -8,21 +8,19 @@ Summary(ru.UTF-8):    Архивная программа GNU
 Summary(tr.UTF-8):     GNU cpio arşivleme programı
 Summary(uk.UTF-8):     Архівна програма GNU
 Name:          cpio
-Version:       2.13
-Release:       4
+Version:       2.14
+Release:       1
 License:       GPL v3+
 Group:         Applications/Archiving
 Source0:       https://ftp.gnu.org/gnu/cpio/%{name}-%{version}.tar.bz2
-# Source0-md5: f3438e672e3fa273a7dc26339dd1eed6
+# Source0-md5: b153e1843561841d37190e48b891188d
 Source1:       http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5: 027552f4053477462a09fadc162a5e65
 Patch0:                %{name}-info.patch
 Patch1:                %{name}-ifdef.patch
-Patch2:                revert-CVE-2015-1197-fix.patch
-Patch3:                gcc10.patch
 URL:           http://www.gnu.org/software/cpio/
-BuildRequires: autoconf >= 2.63
-BuildRequires: automake >= 1:1.11.1
+BuildRequires: autoconf >= 2.71
+BuildRequires: automake >= 1:1.16.5
 BuildRequires: gettext-tools >= 0.19
 BuildRequires: texinfo
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -106,8 +104,6 @@ cpio копіює файли в або з архіву cpio або tar, який
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
 %{__gettextize}

diff --git a/gcc10.patch b/gcc10.patch
deleted file mode 100644 (file)
index 9c7d7ed..0000000
--- a/gcc10.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Mon, 20 Jan 2020 07:45:39 +0200
-Subject: Minor fix * src/global.c: Remove superfluous declaration of
- program_name
-
----
- src/global.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/global.c b/src/global.c
-index fb3abe9..acf92bc 100644
---- a/src/global.c
-+++ b/src/global.c
-@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
- /* Extract to standard output? */
- bool to_stdout_option = false;
- 
--/* The name this program was run with.  */
--char *program_name;
--
- /* A pointer to either lstat or stat, depending on whether
-    dereferencing of symlinks is done for input files.  */
- int (*xstat) ();
--- 
-cgit v1.2.1
-

diff --git a/revert-CVE-2015-1197-fix.patch b/revert-CVE-2015-1197-fix.patch
deleted file mode 100644 (file)
index 1106ac7..0000000
--- a/revert-CVE-2015-1197-fix.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-revert fix for CVE-2015-1197 as it causes shutdown issues
-
-revert suggested as a workaround by upstream:
-https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
-
---- b/src/copyin.c
-+++ a/src/copyin.c
-@@ -645,14 +645,13 @@
-       link_name = xstrdup (file_hdr->c_tar_linkname);
-     }
- 
--  cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
--  
-   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
-                        file_hdr->c_mode);
-   if (res < 0 && create_dir_flag)
-     {
-       create_all_directories (file_hdr->c_name);
-+      res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
-+                           file_hdr->c_mode);
--      res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
-     }
-   if (res < 0)
-     {
---- b/tests/CVE-2015-1197.at
-+++ /dev/null
-@@ -1,43 +0,0 @@
--# Process this file with autom4te to create testsuite.  -*- Autotest -*-
--# Copyright (C) 2009-2019 Free Software Foundation, Inc.
--#
--# This program is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 3, or (at your option)
--# any later version.
--#
--# This program is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with this program.  If not, see <http://www.gnu.org/licenses/>.
--
--AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
--AT_CHECK([
--tempdir=$(pwd)/tmp
--mkdir $tempdir
--touch $tempdir/file
--ln -s $tempdir dir
--AT_DATA([filelist],
--[dir
--dir/file
--])
--ln -s /tmp dir
--touch /tmp/file
--cpio -o < filelist > test.cpio
--rm dir /tmp/file
--cpio --no-absolute-filenames -iv < test.cpio
--],
--[2],
--[],
--[1 block
--cpio: Removing leading `/' from hard link targets
--dir
--cpio: dir/file: Cannot open: No such file or directory
--dir/file
--1 block
--])
--AT_CLEANUP
--
---- b/tests/Makefile.am
-+++ a/tests/Makefile.am
-@@ -56,9 +56,8 @@
-  symlink-long.at\
-  symlink-to-stdout.at\
-  version.at\
-  big-block-size.at\
-- CVE-2015-1197.at\
-  CVE-2019-14866.at
- 
- TESTSUITE = $(srcdir)/testsuite
-
---- b/tests/testsuite.at
-+++ a/tests/testsuite.at
-@@ -43,6 +43,5 @@
- m4_include([setstat04.at])
- m4_include([setstat05.at])
- m4_include([big-block-size.at])
-
--m4_include([CVE-2015-1197.at])
- m4_include([CVE-2019-14866.at])