app-arch/cpio: Uprev to 2.15
Fixes CVE-2021-38185.
BUG=b:268217467
TEST=sudo emerge =app-arch/cpio-2.15
Change-Id: I845ac7491140893bb9b7028fcee2596b0317d9d8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/5459211
Commit-Queue: Raul Rangel <rrangel@chromium.org>
Commit-Queue: Tim Bain <tbain@google.com>
Auto-Submit: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Tim Bain <tbain@google.com>
Tested-by: Raul Rangel <rrangel@chromium.org>
diff --git a/app-arch/cpio/Manifest b/app-arch/cpio/Manifest
index c9fcf3f..62db76d 100644
--- a/app-arch/cpio/Manifest
+++ b/app-arch/cpio/Manifest
@@ -1,3 +1 @@
-DIST cpio-2.12.tar.bz2 1258605 BLAKE2B 4b6d42a1d8aaeaa980cab5894b2e264451e96a108f2c3aa89d3e6fde0bff338e026ee233ebd7c8cf41f3c926d42d38b866778244db774055736ca8792889e160 SHA512 0cd4da5f2fbca179ab4e666a5f878414c086a5f98bce4c76273f21d9b2a6fe422d901b5d453826c5f81bbe363aa015047a1e99779ad1a451c8feca6205c63120
-DIST cpio-2.13-CVE-2021-38185.patch.xz 7844 BLAKE2B e338950e03c3eed3b4288435c9c75af8f0c3497b43680be4ee347e628db7cfac616b437a848094bf82cfc2c7f29d59b388bf0f6368b3b99770022e3f9533be11 SHA512 4d2cafefcd1ae9d86cb5171de2896799713490dfd9ed27d3dce0886fa4588c8df2b16ad8508a5dbb9155c9de6e40b6d1083bdb4774d967193a270a1dcbe37a33
-DIST cpio-2.13.tar.bz2 1354559 BLAKE2B 45d77723acb55f15c8574ab5a2fdff6fb1767629d177dd3416b0268e9f82ee6bdd11b4fa591ef020efccbdc3f4918cf77263169da1a0f6422dfe1a9712295778 SHA512 459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3
+DIST cpio-2.15.tar.bz2 1651320 BLAKE2B ca2aae6a00239be7aff5558a2e62b4fb4b43c2ed7f4d7a23699c958ae10b348c4ebf39233f0dd0242cba895fdac4d0ff3b4e56fefa0b1afe3db41eb6916e0b23 SHA512 e3c3d0344d13d540887198ee5d6209a9254ed34b87c3b3cabe6dc3ce22ef94d3f380bb60d3395eee44e4b0ec8460b957032c6251f101b4a9fbc5951a701aadff
diff --git a/app-arch/cpio/cpio-2.13-r2.ebuild b/app-arch/cpio/cpio-2.13-r2.ebuild
deleted file mode 100644
index dfa991e..0000000
--- a/app-arch/cpio/cpio-2.13-r2.ebuild
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools
-
-DESCRIPTION="A file archival tool which can also read and write tar files"
-HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
-SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
-SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${P}-CVE-2021-38185.patch.xz"
-
-LICENSE="GPL-3+"
-SLOT="0"
-KEYWORDS="*"
-IUSE="nls"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch #275295
- "${WORKDIR}"/${P}-CVE-2021-38185.patch
- "${FILESDIR}"/${PN}-2.13-sysmacros-glibc-2.26.patch
- "${FILESDIR}"/${PN}-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
-)
-
-src_prepare() {
- default
-
- # Drop after 2.13 (only here for CVE patch)
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- $(use_enable nls)
- --bindir="${EPREFIX}"/bin
- --with-rmt="${EPREFIX}"/usr/sbin/rmt
- )
-
- econf "${myeconfargs[@]}"
-}
\ No newline at end of file
diff --git a/app-arch/cpio/cpio-2.15.ebuild b/app-arch/cpio/cpio-2.15.ebuild
new file mode 100644
index 0000000..f1bc295
--- /dev/null
+++ b/app-arch/cpio/cpio-2.15.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multiprocessing
+
+DESCRIPTION="File archival tool which can also read and write tar files"
+HOMEPAGE="https://www.gnu.org/software/cpio/cpio.html"
+SRC_URI="mirror://gnu/cpio/${P}.tar.bz2"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="*"
+IUSE="nls"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.12-non-gnu-compilers.patch # bug #275295
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+ unreachable
+ MIN
+ alignof
+ static_assert
+)
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable nls)
+ --bindir="${EPREFIX}"/bin
+ --with-rmt="${EPREFIX}"/usr/sbin/rmt
+ # install as gcpio for better compatibility with non-GNU userland
+ --program-prefix=g
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ emake check TESTSUITEFLAGS="--jobs=$(get_makeopts_jobs)"
+}
+
+pkg_postinst() {
+ # Ensure to preserve the symlink before app-alternatives/cpio
+ # is installed
+ if [[ ! -h ${EROOT}/bin/cpio ]]; then
+ ln -s gcpio "${EROOT}/bin/cpio" || die
+ fi
+}
diff --git a/app-arch/cpio/files/cpio-2.12-gcc-10.patch b/app-arch/cpio/files/cpio-2.12-gcc-10.patch
deleted file mode 100644
index 0b1ceaf..0000000
--- a/app-arch/cpio/files/cpio-2.12-gcc-10.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Mon, 20 Jan 2020 07:45:39 +0200
-Subject: Minor fix * src/global.c: Remove superfluous declaration of
- program_name
-
----
- src/global.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/global.c b/src/global.c
-index fb3abe9..acf92bc 100644
---- a/src/global.c
-+++ b/src/global.c
-@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
- /* Extract to standard output? */
- bool to_stdout_option = false;
-
--/* The name this program was run with. */
--char *program_name;
--
- /* A pointer to either lstat or stat, depending on whether
- dereferencing of symlinks is done for input files. */
- int (*xstat) ();
---
-cgit v1.2.1
diff --git a/app-arch/cpio/files/cpio-2.12-name-overflow.patch b/app-arch/cpio/files/cpio-2.12-name-overflow.patch
deleted file mode 100644
index f852468..0000000
--- a/app-arch/cpio/files/cpio-2.12-name-overflow.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-https://bugs.gentoo.org/572428
-https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00002.html
-http://seclists.org/oss-sec/2016/q1/136
-
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -1385,6 +1385,8 @@
- break;
- }
-
-+ if (file_hdr.c_namesize <= 1)
-+ file_hdr.c_name = xrealloc (file_hdr.c_name, 2);
- cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
- false);
-
diff --git a/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch b/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
deleted file mode 100644
index 326489a..0000000
--- a/app-arch/cpio/files/cpio-2.13-fix-no-absolute-filenames-revert-CVE-2015-1197-handling.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-https://sources.debian.org/patches/cpio/2.13%2Bdfsg-7.1/revert-CVE-2015-1197-handling.patch/
-https://bugs.gentoo.org/700020
-
-From: Chris Lamb <lamby@debian.org>
-Date: Sat, 1 Feb 2020 13:36:37 +0100
-Subject: Fix a regression in handling of CVE-2015-1197 &
- --no-absolute-filenames.
-
-See:
-
- * https://bugs.debian.org/946267
- * https://bugs.debian.org/946469
-
-This reverts (most of): https://git.savannah.gnu.org/cgit/cpio.git/diff/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca&id2=3177d660a4c62a6acb538b0f7c54ba423698889a
---- a/src/copyin.c
-+++ b/src/copyin.c
-@@ -646,8 +646,6 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
- link_name = xstrdup (file_hdr->c_tar_linkname);
- }
-
-- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
--
- res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
- file_hdr->c_mode);
- if (res < 0 && create_dir_flag)
---- a/tests/testsuite
-+++ b/tests/testsuite
-@@ -2787,7 +2787,7 @@ read at_status <"$at_status_file"
- #AT_START_14
- at_fn_group_banner 14 'CVE-2015-1197.at:17' \
- "CVE-2015-1197 (--no-absolute-filenames for symlinks)" ""
--at_xfail=no
-+at_xfail=yes
- (
- $as_echo "14. $at_setup_line: testing $at_desc ..."
- $at_traceon
-
---- a/tests/CVE-2015-1197.at
-+++ b/tests/CVE-2015-1197.at
-@@ -15,6 +15,7 @@
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
-
- AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
-+AT_XFAIL_IF([true])
- AT_CHECK([
- tempdir=$(pwd)/tmp
- mkdir $tempdir
diff --git a/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch b/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch
deleted file mode 100644
index 90e7bc7..0000000
--- a/app-arch/cpio/files/cpio-2.13-sysmacros-glibc-2.26.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- a/am/ax_compile_check_rettype.m4
-+++ b/am/ax_compile_check_rettype.m4
-@@ -70,6 +70,9 @@ AC_CACHE_VAL(AC_CV_NAME,
- [for ac_type in char short int long "long long" $4
- do
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-+#ifdef HAVE_SYS_SYSMACROS_H
-+#include <sys/sysmacros.h>
-+#endif
- #include <sys/types.h>
- $3
- ]], [[switch (0) case 0: case (sizeof ($1($2)) == sizeof ($ac_type)):;]])], [AC_CV_NAME=$ac_type])
---- a/configure.ac
-+++ b/configure.ac
-@@ -39,14 +39,11 @@ AC_C_PROTOTYPES
- AC_SYS_LARGEFILE
-
- AC_TYPE_SIGNAL
--AC_HEADER_MAJOR
- AC_C_CONST
- AC_TYPE_UID_T
- AC_CHECK_TYPE(gid_t, int)
- AC_HEADER_STDC
- AC_HEADER_DIRENT
--AC_COMPILE_CHECK_RETTYPE([major], [0])
--AC_COMPILE_CHECK_RETTYPE([minor], [0])
-
- AC_CHECK_FUNCS([fchmod fchown])
- # This is needed for mingw build
-@@ -67,7 +64,11 @@ AC_ARG_ENABLE(mt,
-
- AM_CONDITIONAL([CPIO_MT_COND], [test "$enable_mt" = yes])
-
--AC_CHECK_HEADERS([unistd.h stdlib.h string.h fcntl.h pwd.h grp.h sys/io/trioctl.h utmp.h getopt.h locale.h libintl.h sys/wait.h utime.h locale.h process.h sys/ioctl.h])
-+AC_CHECK_HEADERS([unistd.h stdlib.h string.h fcntl.h pwd.h grp.h sys/io/trioctl.h utmp.h getopt.h locale.h libintl.h sys/wait.h utime.h locale.h process.h sys/ioctl.h sys/sysmacros.h])
-+
-+AC_HEADER_MAJOR
-+AC_COMPILE_CHECK_RETTYPE([major], [0])
-+AC_COMPILE_CHECK_RETTYPE([minor], [0])
-
- AC_CHECK_DECLS([errno, getpwnam, getgrnam, getgrgid, strdup, strerror, getenv, atoi, exit], , , [
- #include <stdio.h>
