Package: cpio / 2.11+dfsg-4.1+deb8u1

Metadata

Package Version Patches format
cpio 2.11+dfsg-4.1+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix.better.handle.device.nodes.cramfs.565474.patch | (download)

src/copyout.c | 13 8 + 5 - 0 !
1 file changed, 8 insertions(+), 5 deletions(-)

 better handle device nodes from cramfs.
fix.fatal.exits.mt.576637.patch | (download)

src/Makefile.am | 2 2 + 0 - 0 !
src/mt.c | 4 3 + 1 - 0 !
2 files changed, 5 insertions(+), 1 deletion(-)

 return mt_exit_failure instead of mt_exit_invop for fatal exits from mt.


fix.other.bugs.patch | (download)

lib/rtapelib.c | 2 2 + 0 - 0 !
lib/sysdep.c | 10 9 + 1 - 0 !
lib/sysdep.h | 4 3 + 1 - 0 !
po/Makefile.in.in | 2 0 + 2 - 0 !
src/filetypes.h | 3 3 + 0 - 0 !
src/main.c | 2 2 + 0 - 0 !
6 files changed, 19 insertions(+), 4 deletions(-)

 fix other bugs


fix.section.manpages.patch | (download)

doc/cpio.1 | 2 1 + 1 - 0 !
doc/mt.1 | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 change the section of manpages cpio.1 and mt.1 from 1l to 1.
fix.win32.out pass.mode.579533.patch | (download)

gnu/fcntl.in.h | 5 4 + 1 - 0 !
lib/system.h | 5 0 + 5 - 0 !
2 files changed, 4 insertions(+), 6 deletions(-)

 fix corrupted output in -win32 build
218086 reporting bugs.patch | (download)

doc/cpio.1 | 8 8 + 0 - 0 !
doc/mt.1 | 9 9 + 0 - 0 !
2 files changed, 17 insertions(+)

---
588020 manpages see also.patch | (download)

doc/cpio.1 | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---
627444 invalid redefinition of stat.patch | (download)

src/filetypes.h | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

---
695717 no cpio.info.patch | (download)

doc/Makefile.in | 1 0 + 1 - 0 !
doc/cpio.1 | 5 0 + 5 - 0 !
2 files changed, 6 deletions(-)

 do not build cpio.info anymore
glibc 2.16 gnulib nogets.patch | (download)

gnu/stdio.in.h | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 allow package to build with glibc-2.16
 'gets' has been removed from glibc-2.16 but gnulib still refers to it
 causing build failures.
 The simple fix for now is just to put a check around the reference in
 lib/stdio.in.h
 A new release made with a new gnulib is a better fix.
 .
fix.win32.undef.stat.patch | (download)

gnu/sys_stat.in.h | 13 0 + 13 - 0 !
1 file changed, 13 deletions(-)

 prevent undefinition of stat
746f3ff6.patch | (download)

src/copyin.c | 50 31 + 19 - 0 !
tests/Makefile.am | 2 2 + 0 - 0 !
tests/symlink-bad-length.at | 49 49 + 0 - 0 !
tests/symlink-long.at | 46 46 + 0 - 0 !
tests/testsuite.at | 2 2 + 0 - 0 !
5 files changed, 130 insertions(+), 19 deletions(-)

 fix memory overrun on reading improperly created link records.

See http://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html

* src/copyin.c (get_link_name): New function.
(list_file, copyin_link): use get_link_name

* tests/symlink-bad-length.at: New file.
* tests/symlink-long.at: New file.
* tests/Makefile.am: Add new files.
* tests/testsuite.at: Likewise.

54d1c42a.patch | (download)

src/copyin.c | 8 4 + 4 - 0 !
tests/symlink-bad-length.at | 2 1 + 1 - 0 !
2 files changed, 5 insertions(+), 5 deletions(-)

 bugfix

* src/copyin.c (get_link_name): Fix range checking.
* tests/symlink-bad-length.at: Change expected error message.

58df4f1b.patch | (download)

src/copyin.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo


fd262d11.patch | (download)

src/copyin.c | 10 6 + 4 - 0 !
tests/symlink-bad-length.at | 28 19 + 9 - 0 !
2 files changed, 25 insertions(+), 13 deletions(-)

 fix error recovery in copy-in mode

* src/copyin.c (copyin_link): Fix null dereference.
(read_in_header): Fix error recovery (bug introduced by
27e0ae55).
* tests/symlink-bad-length.at: Test error recovery.
Catch various architecture-dependent error messages (suggested
by Pavel Raiskup).

f6a8a2cb.patch | (download)

src/util.c | 5 1 + 4 - 0 !
tests/symlink-bad-length.at | 29 17 + 12 - 0 !
2 files changed, 18 insertions(+), 16 deletions(-)

 fix symlink-bad-length test for 64-bit architectures.

* src/util.c: Return non-zero exit code if EOF is hit prematurely.
* tests/symlink-bad-length.at: Revert to original archive: there's
no use testing for recovery, because that depends on the host
architecture.  Don't test for exit code as well (same reason).
Account for eventual warning messages.

CVE 2015 1197.patch | (download)

doc/cpio.1 | 1 1 + 0 - 0 !
src/copyin.c | 62 62 + 0 - 0 !
src/extern.h | 1 1 + 0 - 0 !
src/global.c | 3 3 + 0 - 0 !
src/main.c | 9 8 + 1 - 0 !
5 files changed, 75 insertions(+), 1 deletion(-)

 cve-2015-1197
 Apply patch by Vitezslav Cizek of SuSE to fix CVE-2015-1197.
 Upstream is dormant or no longer existing. To restore the old
 behaviour use --extract-over-symlinks (Closes: #774669)
 This issue has been discovered by Alexander Cherepanov.
CVE 2016 2037.patch | (download)

src/copyin.c | 2 2 + 0 - 0 !
src/util.c | 5 4 + 1 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

 fix 1-byte out-of-bounds write (cve-2016-2037)
 Other calls to cpio_safer_name_suffix seem to be safe.
 .
 * src/copyin.c (process_copy_in):  Make sure that file_hdr.c_name
 has at least two bytes allocated.
 * src/util.c (cpio_safer_name_suffix): Document that use of this
 function requires to be careful.