svn commit: r517758 - in branches/2019Q4/archivers/gcpio: . files
Christian Weisgerber
naddy at FreeBSD.org
Sat Nov 16 16:19:55 UTC 2019
Author: naddy
Date: Sat Nov 16 16:19:53 2019
New Revision: 517758
URL: https://svnweb.freebsd.org/changeset/ports/517758
Log:
MFH: r517705
Security update to 2.13:
* Fix CVE-2015-1197
* Fix CVE-2016-2037
* Fix CVE-2019-14866
* Remove --extract-over-symlinks option again, which was part of an earlier
third-party fix for CVE-2015-1197.
Security: f59af308-07f3-11ea-8c56-f8b156b6dcc8
Approved by: ports-secteam (joneum)
Added:
branches/2019Q4/archivers/gcpio/files/patch-src_util.c
- copied unchanged from r517705, head/archivers/gcpio/files/patch-src_util.c
branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at
- copied unchanged from r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at
Deleted:
branches/2019Q4/archivers/gcpio/files/patch-po_Makefile.in.in
branches/2019Q4/archivers/gcpio/files/patch-src_copyin.c
branches/2019Q4/archivers/gcpio/files/patch-src_extern.h
branches/2019Q4/archivers/gcpio/files/patch-src_global.c
branches/2019Q4/archivers/gcpio/files/patch-src_main.c
branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-long.at
Modified:
branches/2019Q4/archivers/gcpio/Makefile
branches/2019Q4/archivers/gcpio/distinfo
branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1
branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in
branches/2019Q4/archivers/gcpio/pkg-plist
Directory Properties:
branches/2019Q4/ (props changed)
Modified: branches/2019Q4/archivers/gcpio/Makefile
==============================================================================
--- branches/2019Q4/archivers/gcpio/Makefile Sat Nov 16 16:04:26 2019 (r517757)
+++ branches/2019Q4/archivers/gcpio/Makefile Sat Nov 16 16:19:53 2019 (r517758)
@@ -1,8 +1,7 @@
# $FreeBSD$
PORTNAME= cpio
-PORTVERSION= 2.12
-PORTREVISION= 1
+PORTVERSION= 2.13
CATEGORIES= archivers
MASTER_SITES= GNU
PKGNAMEPREFIX= g
@@ -11,6 +10,8 @@ MAINTAINER= naddy at FreeBSD.org
COMMENT= GNU cpio copies files to and from archives
LICENSE= GPLv3
+
+TEST_DEPENDS= autom4te:devel/autoconf
USES= cpe tar:bzip2
Modified: branches/2019Q4/archivers/gcpio/distinfo
==============================================================================
--- branches/2019Q4/archivers/gcpio/distinfo Sat Nov 16 16:04:26 2019 (r517757)
+++ branches/2019Q4/archivers/gcpio/distinfo Sat Nov 16 16:19:53 2019 (r517758)
@@ -1,2 +1,3 @@
-SHA256 (cpio-2.12.tar.bz2) = 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e
-SIZE (cpio-2.12.tar.bz2) = 1258605
+TIMESTAMP = 1573685109
+SHA256 (cpio-2.13.tar.bz2) = eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d
+SIZE (cpio-2.13.tar.bz2) = 1354559
Modified: branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1
==============================================================================
--- branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 Sat Nov 16 16:04:26 2019 (r517757)
+++ branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 Sat Nov 16 16:19:53 2019 (r517758)
@@ -1,8 +1,8 @@
---- doc/cpio.1.orig 2015-09-12 10:57:30 UTC
+--- doc/cpio.1.orig 2018-06-21 07:12:05 UTC
+++ doc/cpio.1
@@ -15,9 +15,9 @@
.\" along with GNU cpio. If not, see <http://www.gnu.org/licenses/>.
- .TH CPIO 1 "December 1, 2014" "CPIO" "GNU CPIO"
+ .TH CPIO 1 "June 21, 2018" "CPIO" "GNU CPIO"
.SH NAME
-cpio \- copy files to and from archives
+gcpio \- copy files to and from archives
@@ -21,11 +21,8 @@
{\fB\-i\fR|\fB\-\-extract\fR} [\fB\-bcdfmnrtsuvBSV\fR] [\fB\-C\fR \fIBYTES\fR]
[\fB\-E\fR \fIFILE\fR] [\fB\-H\fR \fIFORMAT\fR]
[\fB\-M\fR \fIMESSAGE\fR] [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]]
-@@ -50,9 +50,10 @@ cpio \- copy files to and from archives
- [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR]
- [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR]
+@@ -52,7 +52,7 @@ cpio \- copy files to and from archives
[\fB\-\-rsh\-command=\fICOMMAND\fR]
-+[\fB\-\-extract\-over\-symlinks\fR]
[\fIpattern\fR...] [\fB<\fR \fIarchive\fR]
-.B cpio
@@ -33,7 +30,7 @@
{\fB\-p\fR|\fB\-\-pass\-through\fR} [\fB\-0adlmuvLV\fR]
[\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]]
[\fB\-\-null\fR] [\fB\-\-reset\-access\-time\fR]
-@@ -63,7 +64,7 @@ cpio \- copy files to and from archives
+@@ -63,7 +63,7 @@ cpio \- copy files to and from archives
[\fB\-\-no\-preserve\-owner\fR] [\fB\-\-sparse\fR]
\fIdestination-directory\fR \fB<\fR \fIname-list\fR
Modified: branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in
==============================================================================
--- branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in Sat Nov 16 16:04:26 2019 (r517757)
+++ branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in Sat Nov 16 16:19:53 2019 (r517758)
@@ -1,6 +1,6 @@
---- gnu/Makefile.in.orig 2015-09-12 11:11:14 UTC
+--- gnu/Makefile.in.orig 2019-11-06 07:29:32 UTC
+++ gnu/Makefile.in
-@@ -2077,7 +2077,7 @@ inttypes.h: inttypes.in.h $(top_builddir
+@@ -2129,7 +2129,7 @@ inttypes.h: inttypes.in.h $(top_builddir)/config.statu
# avoid installing it.
all-local: charset.alias ref-add.sed ref-del.sed
Copied: branches/2019Q4/archivers/gcpio/files/patch-src_util.c (from r517705, head/archivers/gcpio/files/patch-src_util.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2019Q4/archivers/gcpio/files/patch-src_util.c Sat Nov 16 16:19:53 2019 (r517758, copy of r517705, head/archivers/gcpio/files/patch-src_util.c)
@@ -0,0 +1,23 @@
+https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=df55fb19be545e22d023950263ed5d0756edf81e
+
+--- src/util.c.orig 2019-11-03 15:07:23 UTC
++++ src/util.c
+@@ -1140,8 +1140,16 @@ stat_to_cpio (struct cpio_file_stat *hdr, struct stat
+ hdr->c_nlink = st->st_nlink;
+ hdr->c_uid = CPIO_UID (st->st_uid);
+ hdr->c_gid = CPIO_GID (st->st_gid);
+- hdr->c_rdev_maj = major (st->st_rdev);
+- hdr->c_rdev_min = minor (st->st_rdev);
++ if (S_ISBLK (st->st_mode) || S_ISCHR (st->st_mode))
++ {
++ hdr->c_rdev_maj = major (st->st_rdev);
++ hdr->c_rdev_min = minor (st->st_rdev);
++ }
++ else
++ {
++ hdr->c_rdev_maj = 0;
++ hdr->c_rdev_min = 0;
++ }
+ hdr->c_mtime = st->st_mtime;
+ hdr->c_filesize = st->st_size;
+ hdr->c_chksum = 0;
Copied: branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at (from r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at Sat Nov 16 16:19:53 2019 (r517758, copy of r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at)
@@ -0,0 +1,11 @@
+--- tests/symlink-bad-length.at.orig 2019-11-13 23:07:23 UTC
++++ tests/symlink-bad-length.at
+@@ -44,7 +44,7 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+ # but that could hurt backward compatibility.
+
+ AT_CHECK([
+-base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
++b64decode -r ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST
+ TZ=UTC cpio -ntv < ARCHIVE 2>stderr
+ cat stderr | grep -v \
+ -e 'stored filename length is out of range' \
Modified: branches/2019Q4/archivers/gcpio/pkg-plist
==============================================================================
--- branches/2019Q4/archivers/gcpio/pkg-plist Sat Nov 16 16:04:26 2019 (r517757)
+++ branches/2019Q4/archivers/gcpio/pkg-plist Sat Nov 16 16:19:53 2019 (r517758)
@@ -15,6 +15,7 @@ man/man1/gcpio.1.gz
%%NLS%%share/locale/ko/LC_MESSAGES/cpio.mo
%%NLS%%share/locale/nl/LC_MESSAGES/cpio.mo
%%NLS%%share/locale/pl/LC_MESSAGES/cpio.mo
+%%NLS%%share/locale/pt/LC_MESSAGES/cpio.mo
%%NLS%%share/locale/pt_BR/LC_MESSAGES/cpio.mo
%%NLS%%share/locale/ro/LC_MESSAGES/cpio.mo
%%NLS%%share/locale/ru/LC_MESSAGES/cpio.mo
More information about the svn-ports-branches
mailing list