commit 3aa57bc9dd26a760c70618cda07e63d029145ce4 Author: zyppe <210hcl@gmail.com> Date: Sun Feb 4 22:08:11 2024 +0800 Initialize for cpio diff --git a/.cpio.metadata b/.cpio.metadata new file mode 100644 index 0000000..95a744a --- /dev/null +++ b/.cpio.metadata @@ -0,0 +1 @@ +5d5d55d2165a02c3d79b949daef64d6593d944451c5e7d2da64192df4c01943c cpio-2.13.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..76c8f1a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +cpio-2.13.tar.bz2 diff --git a/cpio-2.13.tar.bz2.sig b/cpio-2.13.tar.bz2.sig new file mode 100644 index 0000000..b619ea6 --- /dev/null +++ b/cpio-2.13.tar.bz2.sig @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.15 (GNU/Linux) + +iEYEABECAAYFAl3CgW4ACgkQNgKwf1XQxzInuACdFx2CwRnphQ5Zka2zFicnNNCX +3z4AoIQeYZNDDyJoOzIYvKuNrFePJ4hG +=InYG +-----END PGP SIGNATURE----- diff --git a/cpio-close_files_after_copy.patch b/cpio-close_files_after_copy.patch new file mode 100644 index 0000000..4df7386 --- /dev/null +++ b/cpio-close_files_after_copy.patch @@ -0,0 +1,24 @@ +Index: src/copyin.c +=================================================================== +--- src/copyin.c.orig ++++ src/copyin.c +@@ -1420,6 +1420,19 @@ process_copy_in () + + cpio_file_stat_free (&file_hdr); + ++ if (tty_in) ++ { ++ fclose(tty_in); ++ } ++ if (tty_out) ++ { ++ fclose(tty_out); ++ } ++ if (rename_in) ++ { ++ fclose(rename_in); ++ } ++ + if (append_flag) + return; + diff --git a/cpio-default_tape_dev.patch b/cpio-default_tape_dev.patch new file mode 100644 index 0000000..7cdc5cc --- /dev/null +++ b/cpio-default_tape_dev.patch @@ -0,0 +1,28 @@ +Index: src/mt.c +=================================================================== +--- src/mt.c.orig ++++ src/mt.c +@@ -225,11 +225,18 @@ parse_opt (int key, char *arg, struct ar + { + tapedev = getenv ("TAPE"); + if (tapedev == NULL) +-#ifdef DEFTAPE /* From sys/mtio.h. */ +- tapedev = DEFTAPE; +-#else +- error (MT_EXIT_INVOP, 0, _("no tape device specified")); +-#endif ++ ++/* Suse doesn't have /dev/tape as link to /dev/nst0 any more. ++Instead it uses udev and creates different names in /dev/tape/by-id/ directory. ++If it is SCSI tape storage then it creates /dev/tape/by-id/scsi--nst ++If it is USB device then it creates something not predictibable: ++/dev/tape/by-id/scsi-*HP_blabla*{VENDOR_SPECIFIC}*-nst ++So let's use old behave which was /dev/nst0. ++bnc#355241 ++*/ ++/* #ifdef DEFTAPE * From sys/mtio.h. * */ ++# define DEFSUSETAPE "/dev/nst0" ++ tapedev = DEFSUSETAPE; + } + break; + diff --git a/cpio-dev_number.patch b/cpio-dev_number.patch new file mode 100644 index 0000000..685bba8 --- /dev/null +++ b/cpio-dev_number.patch @@ -0,0 +1,24 @@ +Index: src/copyin.c +=================================================================== +--- src/copyin.c.orig ++++ src/copyin.c +@@ -1123,15 +1123,15 @@ read_in_binary (struct cpio_file_stat *f + swab_array ((char *) short_hdr, 13); + } + +- file_hdr->c_dev_maj = major (short_hdr->c_dev); +- file_hdr->c_dev_min = minor (short_hdr->c_dev); ++ file_hdr->c_dev_maj = major ((unsigned short)short_hdr->c_dev); ++ file_hdr->c_dev_min = minor ((unsigned short)short_hdr->c_dev); + file_hdr->c_ino = short_hdr->c_ino; + file_hdr->c_mode = short_hdr->c_mode; + file_hdr->c_uid = short_hdr->c_uid; + file_hdr->c_gid = short_hdr->c_gid; + file_hdr->c_nlink = short_hdr->c_nlink; +- file_hdr->c_rdev_maj = major (short_hdr->c_rdev); +- file_hdr->c_rdev_min = minor (short_hdr->c_rdev); ++ file_hdr->c_rdev_maj = major ((unsigned short)short_hdr->c_rdev); ++ file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); + file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 + | short_hdr->c_mtimes[1]; + file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 diff --git a/cpio-eof_tape_handling.patch b/cpio-eof_tape_handling.patch new file mode 100644 index 0000000..916fa9c --- /dev/null +++ b/cpio-eof_tape_handling.patch @@ -0,0 +1,79 @@ +Index: src/util.c +=================================================================== +--- src/util.c.orig ++++ src/util.c +@@ -203,8 +203,15 @@ tape_fill_input_buffer (int in_des, int + input_size = rmtread (in_des, input_buffer, num_bytes); + if (input_size == 0 && input_is_special) + { +- get_next_reel (in_des); ++ if (!tape_eof (in_des)) ++ get_next_reel (in_des); + input_size = rmtread (in_des, input_buffer, num_bytes); ++ if (input_size == 0) ++ { ++ if (tape_eod (in_des)) ++ get_next_reel (in_des); ++ input_size = rmtread (in_des, input_buffer, num_bytes); ++ } + } + if (input_size == SAFE_READ_ERROR) + error (PAXEXIT_FAILURE, errno, _("read error")); +@@ -366,8 +373,15 @@ tape_buffered_peek (char *peek_buf, int + { + if (input_is_special) + { +- get_next_reel (in_des); ++ if (!tape_eof (in_des)) ++ get_next_reel (in_des); + tmp_input_size = rmtread (in_des, append_buf, io_block_size); ++ if (tmp_input_size == 0) ++ { ++ if (tape_eod (in_des)) ++ get_next_reel (in_des); ++ tmp_input_size = rmtread (in_des, append_buf, io_block_size); ++ } + } + else + break; +@@ -829,6 +843,40 @@ tape_offline (int tape_des) + #endif + } + ++int ++tape_eof( int tape_des) ++{ ++ struct mtget status; ++ ++ if (rmtioctl (tape_des, MTIOCGET, (char*)&status) == -1) { ++ error (1, errno, "Cannot get tape status"); ++ return 0; ++ } ++ ++ if (GMT_EOF(status.mt_gstat)) { ++ return 1; ++ } ++ ++ return 0; ++} ++ ++int ++tape_eod( int tape_des) ++{ ++ struct mtget status; ++ ++ if (rmtioctl (tape_des, MTIOCGET, (char*)&status) == -1) { ++ error (1, errno, "Cannot get tape status"); ++ return 1; ++ } ++ ++ if (GMT_EOD(status.mt_gstat)) { ++ return 1; ++ } ++ ++ return 0; ++} ++ + /* The file on file descriptor TAPE_DES is assumed to be magnetic tape + (or floppy disk or other device) and the end of the medium + has been reached. Ask the user for to mount a new "tape" to continue diff --git a/cpio-fix_truncation_check.patch b/cpio-fix_truncation_check.patch new file mode 100644 index 0000000..5e30f1a --- /dev/null +++ b/cpio-fix_truncation_check.patch @@ -0,0 +1,13 @@ +Index: cpio-2.13/src/mt.c +=================================================================== +--- cpio-2.13.orig/src/mt.c ++++ cpio-2.13/src/mt.c +@@ -208,7 +208,7 @@ parse_opt (int key, char *arg, struct ar + { + char *p; + long val = strtol (arg, &p, 0); +- if (*p || (count = val) != count) ++ if (*p || (count = val) != val) + error (MT_EXIT_INVOP, 0, _("invalid count value")); + } + break; diff --git a/cpio-open_nonblock.patch b/cpio-open_nonblock.patch new file mode 100644 index 0000000..228f329 --- /dev/null +++ b/cpio-open_nonblock.patch @@ -0,0 +1,68 @@ +From: Alexey Svistunov +Date: 2017-02-17 16:07:00 +0300 +Subject: open device with O_NONBLOCK option +References: https://savannah.gnu.org/patch/?9263, bnc#94449 +Upstream: submitted + +When running the 2.6 kernel, "mt -f /dev/nst0 status" blocks if there is +no media in the drive. The same occurs for other commands. + +When running the 2.4.24 kernel, "mt -f /dev/nst0 status" does not block +when there is no tape in the drive. + +This behavior change is documented for the 2.6 kernel (see +kernel-source-2.6.3/Documentation/scsi/st.txt for the full doc): + +If the open option O_NONBLOCK is used, open succeeds even if the +drive is not ready. If O_NONBLOCK is not used, the driver waits for +the drive to become ready. If this does not happen in ST_BLOCK_SECONDS +seconds, open fails with the errno value EIO. With O_NONBLOCK the +device can be opened for writing even if there is a write protected +tape in the drive (commands trying to write something return error if +attempted). + +It appears that the use of O_NONBLOCK is safe with pre-2.6 kernels. +Suggest adding the use of O_NONBLOCK when opening the device. As it is, +for long-running commands such as "fsf", one cannot tell if the command is +progressing or if it's blocking waiting for media. + +Index: src/mt.c +=================================================================== +--- src/mt.c.orig ++++ src/mt.c +@@ -333,11 +333,11 @@ main (int argc, char **argv) + #ifdef MTERASE + case MTERASE: + #endif +- tapedesc = rmtopen (tapedev, O_WRONLY, 0, rsh_command_option); ++ tapedesc = rmtopen (tapedev, O_WRONLY | O_NONBLOCK, 0, rsh_command_option); + break; + + default: +- tapedesc = rmtopen (tapedev, O_RDONLY, 0, rsh_command_option); ++ tapedesc = rmtopen (tapedev, O_RDONLY | O_NONBLOCK, 0, rsh_command_option); + } + + if (tapedesc == -1) +Index: src/util.c +=================================================================== +--- src/util.c.orig ++++ src/util.c +@@ -801,14 +801,14 @@ open_archive (char *file) + copy_in = process_copy_in; + + if (copy_function == copy_in) +- fd = rmtopen (file, O_RDONLY | O_BINARY, MODE_RW, rsh_command_option); ++ fd = rmtopen (file, O_RDONLY | O_BINARY | O_NONBLOCK, MODE_RW, rsh_command_option); + else + { + if (!append_flag) +- fd = rmtopen (file, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, MODE_RW, ++ fd = rmtopen (file, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_NONBLOCK, MODE_RW, + rsh_command_option); + else +- fd = rmtopen (file, O_RDWR | O_BINARY, MODE_RW, rsh_command_option); ++ fd = rmtopen (file, O_RDWR | O_BINARY | O_NONBLOCK, MODE_RW, rsh_command_option); + } + + return fd; diff --git a/cpio-pattern-file-sigsegv.patch b/cpio-pattern-file-sigsegv.patch new file mode 100644 index 0000000..d88728d --- /dev/null +++ b/cpio-pattern-file-sigsegv.patch @@ -0,0 +1,21 @@ +Index: cpio-2.13/src/copyin.c +=================================================================== +--- cpio-2.13.orig/src/copyin.c ++++ cpio-2.13/src/copyin.c +@@ -798,6 +798,8 @@ read_pattern_file () + pattern_fp = fopen (pattern_file_name, "r"); + if (pattern_fp == NULL) + open_fatal (pattern_file_name); ++ else ++ { + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + { + if (new_num_patterns >= max_new_patterns) +@@ -812,6 +814,7 @@ read_pattern_file () + } + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); ++ } + + for (i = 0; i < num_patterns; ++i) + new_save_patterns[i] = save_patterns[i]; diff --git a/cpio-revert-CVE-2015-1197-fix.patch b/cpio-revert-CVE-2015-1197-fix.patch new file mode 100644 index 0000000..1106ac7 --- /dev/null +++ b/cpio-revert-CVE-2015-1197-fix.patch @@ -0,0 +1,91 @@ +revert fix for CVE-2015-1197 as it causes shutdown issues + +revert suggested as a workaround by upstream: +https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html + +--- b/src/copyin.c ++++ a/src/copyin.c +@@ -645,14 +645,13 @@ + link_name = xstrdup (file_hdr->c_tar_linkname); + } + +- cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false); +- + res = UMASKED_SYMLINK (link_name, file_hdr->c_name, + file_hdr->c_mode); + if (res < 0 && create_dir_flag) + { + create_all_directories (file_hdr->c_name); ++ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, ++ file_hdr->c_mode); +- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); + } + if (res < 0) + { +--- b/tests/CVE-2015-1197.at ++++ /dev/null +@@ -1,43 +0,0 @@ +-# Process this file with autom4te to create testsuite. -*- Autotest -*- +-# Copyright (C) 2009-2019 Free Software Foundation, Inc. +-# +-# This program is free software; you can redistribute it and/or modify +-# it under the terms of the GNU General Public License as published by +-# the Free Software Foundation; either version 3, or (at your option) +-# any later version. +-# +-# This program is distributed in the hope that it will be useful, +-# but WITHOUT ANY WARRANTY; without even the implied warranty of +-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-# GNU General Public License for more details. +-# +-# You should have received a copy of the GNU General Public License +-# along with this program. If not, see . +- +-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)]) +-AT_CHECK([ +-tempdir=$(pwd)/tmp +-mkdir $tempdir +-touch $tempdir/file +-ln -s $tempdir dir +-AT_DATA([filelist], +-[dir +-dir/file +-]) +-ln -s /tmp dir +-touch /tmp/file +-cpio -o < filelist > test.cpio +-rm dir /tmp/file +-cpio --no-absolute-filenames -iv < test.cpio +-], +-[2], +-[], +-[1 block +-cpio: Removing leading `/' from hard link targets +-dir +-cpio: dir/file: Cannot open: No such file or directory +-dir/file +-1 block +-]) +-AT_CLEANUP +- +--- b/tests/Makefile.am ++++ a/tests/Makefile.am +@@ -56,9 +56,8 @@ + symlink-long.at\ + symlink-to-stdout.at\ + version.at\ + big-block-size.at\ +- CVE-2015-1197.at\ + CVE-2019-14866.at + + TESTSUITE = $(srcdir)/testsuite + +--- b/tests/testsuite.at ++++ a/tests/testsuite.at +@@ -43,6 +43,5 @@ + m4_include([setstat04.at]) + m4_include([setstat05.at]) + m4_include([big-block-size.at]) + +-m4_include([CVE-2015-1197.at]) + m4_include([CVE-2019-14866.at]) diff --git a/cpio-use_new_ascii_format.patch b/cpio-use_new_ascii_format.patch new file mode 100644 index 0000000..7484a62 --- /dev/null +++ b/cpio-use_new_ascii_format.patch @@ -0,0 +1,56 @@ +Index: doc/cpio.info +=================================================================== +--- doc/cpio.info.orig ++++ doc/cpio.info +@@ -226,7 +226,8 @@ option, e.g.: + '-B' + Set the I/O block size to 5120 bytes. + '-c' +- Use the old portable (ASCII) archive format. ++ Identical to "-H newc", use the new (SVR4) portable format. ++ If you wish the old portable (ASCII) archive format, use "-H odc" instead. + '-C NUMBER' + '--io-size=NUMBER' + Set the I/O block size to the given NUMBER of bytes. +@@ -307,7 +308,8 @@ option. + '-B' + Set the I/O block size to 5120 bytes. + '-c' +- Use the old portable (ASCII) archive format. ++ Identical to "-H newc", use the new (SVR4) portable format. ++ If you wish the old portable (ASCII) archive format, use "-H odc" instead. + '-C NUMBER' + '--io-size=NUMBER' + Set the I/O block size to the given NUMBER of bytes. +@@ -417,7 +419,8 @@ option. + '-B' + Set the I/O block size to 5120 bytes. + '-c' +- Use the old portable (ASCII) archive format. ++ Identical to "-H newc", use the new (SVR4) portable format. ++ If you wish the old portable (ASCII) archive format, use "-H odc" instead. + '-C NUMBER' + '--io-size=NUMBER' + Set the I/O block size to the given NUMBER of bytes. +@@ -565,7 +568,8 @@ option is valid. + + '-c' + [*note copy-in::,*note copy-out::,*note copy-pass::] +- Use the old portable (ASCII) archive format. ++ Identical to "-H newc", use the new (SVR4) portable format. ++ If you wish the old portable (ASCII) archive format, use "-H odc" instead. + + '-C IO-SIZE' + '--io-size=IO-SIZE' +Index: src/main.c +=================================================================== +--- src/main.c.orig ++++ src/main.c +@@ -328,6 +328,7 @@ parse_opt (int key, char *arg, struct ar + case 'c': /* Use the old portable ASCII format. */ + if (archive_format != arf_unknown) + USAGE_ERROR ((0, 0, _("Archive format multiply defined"))); ++#define SVR4_COMPAT + #ifdef SVR4_COMPAT + archive_format = arf_newascii; /* -H newc. */ + #else diff --git a/cpio-use_sbin_rmt.patch b/cpio-use_sbin_rmt.patch new file mode 100644 index 0000000..7908375 --- /dev/null +++ b/cpio-use_sbin_rmt.patch @@ -0,0 +1,22 @@ +Index: lib/rtapelib.c +=================================================================== +--- lib/rtapelib.c.orig ++++ lib/rtapelib.c +@@ -17,7 +17,7 @@ + along with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +-/* The man page rmt(8) for /etc/rmt documents the remote mag tape protocol ++/* The man page rmt(8) for /sbin/rmt documents the remote mag tape protocol + which rdump and rrestore use. Unfortunately, the man page is *WRONG*. + The author of the routines I'm including originally wrote his code just + based on the man page, and it didn't work, so he went to the rdump source +@@ -267,7 +267,7 @@ get_status_off (int handle) + + #if WITH_REXEC + +-/* Execute /etc/rmt as user USER on remote system HOST using rexec. ++/* Execute /sbin/rmt as user USER on remote system HOST using rexec. + Return a file descriptor of a bidirectional socket for stdin and + stdout. If USER is zero, use the current username. + diff --git a/cpio.changes b/cpio.changes new file mode 100644 index 0000000..23911ef --- /dev/null +++ b/cpio.changes @@ -0,0 +1,343 @@ +* Mon Jan 29 2024 danilo.spinella@suse.com +- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238 + * fix-bsc1219238.patch +* Fri Jan 12 2024 danilo.spinella@suse.com +- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571) + * fix-CVE-2023-7207.patch +* Thu Oct 28 2021 danilo.spinella@suse.com +- Update keyring +* Wed Aug 18 2021 danilo.spinella@suse.com +- Fix regression in last update (bsc#1189465) + * fix-CVE-2021-38185_2.patch + * fix-CVE-2021-38185_3.patch +* Mon Aug 9 2021 danilo.spinella@suse.com +- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr + (CVE-2021-38185, bsc#1189206) + * fix-CVE-2021-38185.patch +* Fri Oct 16 2020 lnussel@suse.de +- prepare usrmerge (boo#1029961) +* Fri Sep 11 2020 dmueller@suse.com +- add cpio-revert-CVE-2015-1197-fix.patch as recommended by upstream + to fix https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html +* Sat Aug 15 2020 dmueller@suse.com +- update to 2.13: + * CVE-2015-1197, CVE-2016-2037, CVE-2019-14866 +- remove patches (upstream): + cpio-2.12-out_of_bounds_write.patch, cpio-2.12-CVE-2019-14866.patch, + cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch, + cpio-check_for_symlinks.patch +* Sun Mar 29 2020 kstreitova@suse.com +- starting with GCC 10, the default of '-fcommon' option will + change to '-fno-common'. Because cpio build fails with + 'fno-common', add '-fcommon' option to optflags as a temporary + workaround for this problem till it's properly fixed [bsc#1160870] +* Mon Nov 4 2019 kstreitova@suse.com +- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where + cpio does not properly validate the values written in the header + of a TAR file through the to_oct() function [bsc#1155199] + [CVE-2019-14866] +* Thu Sep 19 2019 lnussel@suse.de +- Do not recommend lang package. The lang package already has a + supplements. +* Wed Sep 26 2018 bwiedemann@suse.com +- Use gettextize --no-changelog to drop build date + to make package build reproducible (boo#1047218) +* Fri Sep 14 2018 mpluskal@suse.com +- Use URL to fetch keyring +- Do not force building with PIE, it is default now anyways +- Use https for URLs +- Install license +* Tue Apr 11 2017 kstreitova@suse.com +- modify cpio-2.12-out_of_bounds_write.patch to fix a regression + causing cpio to crash for tar and ustar archive types + [bsc#1028410] +* Mon Mar 27 2017 mpluskal@suse.com +- Use macro for configure and make install +- Use update-alternatives according to current documentation +- Enable testsuite +* Fri Mar 24 2017 svalx@svalx.net +- Enable mt building +- Separated cpio-mt subpackge +- Change recommend to own mt subpackge +- Remove cpio-mt.patch - those features available in original mt-st package +- Switch to use alternatives system for mt +- Disable rmt building: this binary fully identical to rmt from tar +- Change default rmt dir to /usr/bin +* Thu Mar 23 2017 kstreitova@suse.com +- cleanup with spec-cleaner +* Sat Mar 5 2016 mpluskal@suse.com +- Recommend mt_st as it is not hard dependency +* Thu Mar 3 2016 kstreitova@suse.com +- fix typos in the description +- add 'Require: mt_st' in order not to surprise users by the missing + 'mt' binary +* Thu Mar 3 2016 svalx@svalx.net +- Disable mt building: this binary from mt_st package offers + advanced capabilities with the same functionality. +- Enable rmt building: 'dump' package no longer include it, besides + cpio code base for rmt is more fresh. +- Reflect those changes in the package description. +* Fri Feb 19 2016 kstreitova@suse.com +- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds + write in a way cpio parses certain cpio files [bsc#963448], + [CVE-2016-2037] +* Thu Oct 8 2015 kstreitova@suse.com +- update to 2.12 + * Improved documentation + * Manpages are installed by make install + * New options for copy-out mode: --ignore-devno, + - -renumber-inodes, --device-independent, --reproducible + * update + * cpio-use_new_ascii_format.patch + * cpio-mt.patch + * cpio-eof_tape_handling.patch + * cpio-pattern-file-sigsegv.patch + * cpio-check_for_symlinks.patch + * remove (no longer needed) + * cpio-stdio.in.patch + * 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch + * add + * cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing + return to the nonvoid get_inode_and_dev() function +- use spec-cleaner +* Mon Mar 16 2015 mpluskal@suse.com +- Add gpg signature +- Correct info scriplet dependencies +- Cleanup spec file with spec-cleaner +* Thu Jan 1 2015 meissner@suse.com +- build with PIE +* Mon Dec 1 2014 vcizek@suse.com +- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112) + * added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch +* Fri Aug 29 2014 jengelh@inai.de +- Improve on RPM group classification (cpio does not compress + on its own per se) +- Remove redundant %%clean section +* Thu Aug 21 2014 vcizek@suse.com +- drop cpio-dir_perm.patch + * no longer needed since 2.11 + * it was dropped from Fedora too and only caused problems (bnc#889138) +* Tue Jul 29 2014 vcizek@suse.com +- fix a truncation check in mt + * added cpio-fix_truncation_check.patch +* Thu Jul 17 2014 vcizek@suse.com +- prevent cpio from extracting over a symlink (bnc#658010) + * added cpio-check_for_symlinks.patch +* Tue Jul 23 2013 vcizek@suse.com +- add a missing fix from SLE for bnc#830779 (original bug bnc#658031) + added paxutils-rtapelib_mtget.patch +* Thu Mar 21 2013 mmeister@suse.com +- Added url as source. + Please see http://en.opensuse.org/SourceUrls +* Wed Jul 18 2012 aj@suse.de +- Fix build with missing gets declaration (glibc 2.16) +* Thu Feb 2 2012 rschweikert@suse.com +- leave binary in /usr (UsrMerge project), link to binary from /bin +* Mon Jan 2 2012 vcizek@suse.cz +- added autoconf to BuildRequires +* Thu Dec 1 2011 coolo@suse.com +- add automake as buildrequire to avoid implicit dependency +* Sun Sep 18 2011 andrea.turrini@gmail.com +- fix typos in spec file +* Tue Nov 9 2010 puzel@novell.com +- disable-silent-rules +* Tue Aug 31 2010 aj@suse.de +- Recommend instead of require lang package since it's not mandatory. +* Tue Aug 10 2010 puzel@novell.com +- add cpio-pattern-file-sigsegv.patch (bnc#629860) +* Mon Jun 28 2010 jengelh@medozas.de +- use %%_smp_mflags +* Fri Mar 12 2010 mseben@novell.com +- updated to 2.11 + * Fix mt build. + * In copy-in mode, if directory attributes do not permit writing to it, + setting them is delayed until the end of run. This allows to + correctly extract files in such directories. + * In copy-in mode, permissions of a directory are restored if it + appears in the file list after files in it (e.g. in listings + produced by find . -depth). This fixes debian bug #458079. + * Fix possible memory overflow in the rmt client code (CVE-2010-0624). +- deprecated heap_overflow_in_rtapelib.patch,chmodRaceC.patch and + include_fatal_c.patch +* Wed Mar 3 2010 mseben@novell.com +- added heap_overflow_in_rtapelib.patch fix possible heap overflow in + rtapelib.c (bnc#579475) +* Sat Dec 26 2009 jengelh@medozas.de +- enable parallel build +* Tue Nov 3 2009 coolo@novell.com +- updated patches to apply with fuzz=0 +* Fri Oct 16 2009 rschweikert@novell.com +- close files after copy (bnc#543132) + (cpio-2.10-close_files_after_copy.patch) +* Mon Aug 10 2009 mseben@novell.com +- merged DAT160.patch with mt.patch +- added other tape density definitions from mt_st package (bnc#523357) +* Fri Jul 17 2009 rguenther@suse.de +- Drop rmt BuildRequires again +* Fri Jul 17 2009 mseben@suse.cz +- fix identification of the density code for DAT160 bnc#415166 +* Mon Jun 22 2009 mseben@suse.cz +- updated to version 2.10 + * Ensure record headers are properly packed (fix builds on ARM). + * Fix exit codes to reliably indicate success or failure of the operation. + * Fix large file support. + * Support MinGW builds. + * Minor bugfixes. +- deprecated : lfs_correction.patch,paxlib-owl-alloca.patch, + gcc4_3.patch,segfault_in_copyin.patch,doc_typo.patch, + m4_macro.patch,gnulib.patch, no_rmt.patch +- added include_fatal_c.patch : fix undefined ref in mt build +- configure stage : removed useless DEFAULT_RMT_DIR=/sbin, added + - -with-rmt="%%{_sysconfdir}/rmt" and --enable-mt +* Mon Aug 4 2008 lmichnovic@suse.cz +- changed default tape device for 'mt' command to /dev/nst0 + /dev/tape is not symlink any more but directory handled by udev + (*default_tape_dev.patch) [bnc#355241] +* Fri Aug 1 2008 cthiel@suse.de +- specfile cleanup +* Fri Jul 18 2008 lmichnovic@suse.cz +- make possible device nodes with major number > 127 [rhb#450109] + (*dev_number.patch) +* Fri Jun 27 2008 schwab@suse.de +- Fix gnulib macro. +* Fri Apr 11 2008 lmichnovic@suse.cz +- adjusted eof-handling.patch to check for 'end-of-file' and + 'end-of-data' marker when detecting reel change. [bnc#371077] +* Fri Apr 4 2008 lmichnovic@suse.cz +- adjusted cpio-2.9-dir_perm.patch acording Red Hat patch to fix + correct dir permissions after extraction in pass-through mode. +- fix for two tapes handling (eof_tape_handling.patch) [bnc#371077] +* Thu Mar 13 2008 lmichnovic@suse.cz +- lang subpackage split off +* Thu Mar 13 2008 lmichnovic@suse.cz +- applying upstream patch cpio-2.9-dir_perm.patch which fixes + incorrect directory permissions after archive extraction +* Thu Nov 29 2007 lmichnovic@suse.cz +- removed unused m4 macro gl_LONG_LONG (*m4_macro.patch) +* Wed Nov 7 2007 lmichnovic@suse.cz +- upstream fix of typo in documantation (*doc_typo.patch) +* Tue Oct 23 2007 lmichnovic@suse.cz +- rewrote code which uses overflow to copy string in structure and + gcc was complaining about it (*avoid_overflow_warning.patch) +* Mon Oct 1 2007 lmichnovic@suse.cz +- Fixed typo in copin.c causing segfault [#329744] + (*segfault_in_copyin.patch) +* Tue Sep 25 2007 lmichnovic@suse.cz +- fix for compiling with new gcc 4.3 (*gcc4_3.patch) +* Mon Aug 20 2007 lmichnovic@suse.cz +- fixed typo in paxlib-owl-alloca.patch [#301416] +* Fri Aug 17 2007 lmichnovic@suse.cz +- upstream fix: use of alloca can cause stack overflow + (paxlib-owl-alloca.patch) +* Tue Aug 14 2007 lmichnovic@suse.cz +- CAN-2005-1111 is not fixed completely in 2.9 (chmodRaceC.patch) + based on fedora patch +* Wed Jul 25 2007 lmichnovic@suse.cz +- fixed types of variables for LFS support (*lfs_correction.patch) +* Tue Jul 24 2007 lmichnovic@suse.cz +- adjusted *mt.patch to fix compression handling [#223494] +* Fri Jul 20 2007 lmichnovic@suse.cz +- update to version 2.9 +- obsoletes *lstat.patch + * Licensed under the GPLv3. + * Bugfixes: Honor umask when creating intermediate directories, + not specified in the archive (debian bug #430053). (This bug + is only in version 2.8) + * 2.8: + * Option --owner can be used in copy-out mode, allowing + to uniformly override the ownership of the files being added + to the archive. + * Bugfixes: + - Symlinks were handled incorrectly in copy-out mode. (This + bug was only in version 2.7) + - Fix handling of large files. {obsoletes lfs.patch} + o Fix setting the file permissions in copy-out mode. + o Fix CAN-2005-1111 {obsoletes chmodRaceC.patch} + * 2.7: + * Improved error checking and diagnostics + * Fixed CAN-1999-1572 {obsoletes writeOutHeaderBufferOverflow.patch} + * Allow to use --sparse in both copy-in and copy-pass. + * Fix bug that eventually caused copying out the same + hard-linked file several times to archive. + * Fix several LFS-related issues. {obsoletes lfs.patch} + * Fix Debian bug #335580. + - obsoletes *dirTraversal.patch implemented with option + - -no-absolute-pathnames; option --absolute-pathnames is still possible + - obsoletes *checksum.patch, fix_umask.patch, sparse.patch +- using lang macro +* Thu Sep 21 2006 lmichnovic@suse.cz +- fixed typo in cpio-2.6.dif; renamed to *-mt.patch +- united suffix of patches +* Tue Sep 19 2006 schwab@suse.de +- Fix missing newline after mt status. +* Mon Jul 24 2006 rguenther@suse.de +- remove useless build-dependency on rsh. +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Tue Dec 6 2005 fehr@suse.de +- add cpio-2.6-chmodRaceC.patch and cpio-2.6-dirTraversal.patch to + fix bug #80226 +- add cpio-2.6-writeOutHeaderBufferOverflow.patch to fix #133454 +- add cpio-2.6-checksum.patch fix wrong checksum on 64bit archs +- add cpio-2.6-lfs.patch to support large files on 32bit archs +* Wed Aug 10 2005 fehr@suse.de +- fix call to setlocale to make multibyte characters work (#98902) +* Thu Jun 30 2005 fehr@suse.de +- open with O_NONBLOCK option (#94449) +* Wed May 4 2005 ro@suse.de +- properly detect lstat in configure +* Wed Apr 27 2005 snwint@suse.de +- fix '--sparse' option check +* Mon Apr 25 2005 fehr@suse.de +- update to cpio 2.6 +* Mon Jan 24 2005 fehr@suse.de +- fix problem with cpio not respecting umask (#50054) +* Mon Jan 19 2004 ro@suse.de +- fix build as user +* Sun Jan 11 2004 adrian@suse.de +- add %%defattr +* Thu Apr 24 2003 ro@suse.de +- fix install_info --delete call and move from preun to postun +* Tue Apr 15 2003 coolo@suse.de +- use BuildRoot +* Fri Feb 7 2003 fehr@suse.de +- Use %%install_info macro +* Tue Sep 17 2002 ro@suse.de +- removed bogus self-provides +* Tue Aug 13 2002 mfabian@suse.de +- add cpio-2.5-i18n-0.1.patch received from + "Mitsuru Chinen" + The patch just adds a setlocale (LC_ALL, ""). +* Sun Jul 28 2002 kukuk@suse.de +- remove unused tetex from neededforbuild +* Fri Jul 5 2002 fehr@suse.de +- update to new version 2.5 +* Mon Dec 3 2001 fehr@suse.de +- make the -c switch comatible to SVR4 (and compatible to RedHat) +- fix the man page accordingly +- add rsh to #needfobuild to allow remote file access again (#12543) +* Sun Dec 3 2000 schwab@suse.de +- Fix a few bugs and typos. +* Tue Nov 28 2000 fehr@suse.de +- add compile options for LFS +* Mon Apr 17 2000 fehr@suse.de +- move cpio binary to /bin for compatibility with RedHat +* Fri Feb 25 2000 kukuk@suse.de +- remove Makefile.Linux +- use _infodir/_mandir +* Mon Sep 13 1999 bs@suse.de +- ran old prepare_spec on spec file to switch to new prepare_spec. +* Thu Sep 2 1999 fehr@suse.de +- Fix patch for broken header (cast to short instead of int) +* Wed Aug 4 1999 kukuk@suse.de +- Add patch for broken header in oldascii format +* Tue Sep 22 1998 ro@suse.de +- define _GNU_SOURCE for glibc where including getopt +* Tue Sep 1 1998 ro@suse.de +- fixed strdup-macro problem +* Thu Jun 5 1997 florian@suse.de +- go through the list of regex in a more suitable way (from ma@suse.de) +* Sun Apr 13 1997 florian@suse.de +- update to new version 2.4.2 +- add Linux patches from RedHat +- add patches from gnu.utils.bugs diff --git a/cpio.keyring b/cpio.keyring new file mode 100644 index 0000000..a54533d --- /dev/null +++ b/cpio.keyring @@ -0,0 +1,37 @@ +Member GPG keyring of cpio group. + +Note that this keyring is not intended for checking releases of that group. +Use Group Release Keyring instead. + +GPG keys of Sergey Poznyakoff +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.7 (GNU/Linux) + +mQGiBDxhQHkRBACyhJxCLQvLs70IUZSlYVKAm+u1Oa4RyUo5/ctCcMm2KOcjui3z +xs+yUwlglo1n/de9NNJY98PJNLHniMVi5sPba8OKwYx9bilwuAWLgTsgfpX8UuuY +TANQmTybmrxjzxrGqN7eyjBT3utgbK3ACKDo/JUCgZMkdFu2c2i7186sDwCgo9pQ +ygxOOWEWBm70Rymdfvkon6EEAKY5h9nL1qYw46vM1+QY+vhyX2lHTD/E9QyFQv4L +driY3CerLAZ07yk5p8I6T31d7HEUt9DZcl0ZD99Y9IH84wWvms1xtnCuoLlP4ntw +FQ5ZUZtMY0AIVRtFbgkTDDLZsdanscqMu/LqnO2/QWjCQhaO/tcaIdPVgBIbCr28 +fuBJA/9KA5vbQBd4WnNFLVJsr47irnJBYdR+OqPQAUFUcQPO1metR76UZ7+7LwtO +ldAjPN3RDJtRB8/JooHDNq+VCEzjs02JaBpQ+BCOzzqELnkoBPl26yHR56r4WbC5 ++FH/QxEaicjVGxIF/Z9crzG/XUMXwieTNcM6HoGCnMboGqCM4bQjU2VyZ2V5IFBv +em55YWtvZmYgPGdyYXlAZ251Lm9yZy51YT6IXgQTEQIAHgUCQ/CVdwIbAwYLCQgH +AwIDFQIDAxYCAQIeAQIXgAAKCRA2ArB/VdDHMubqAJ9tq+C7VtEMexpRAq9jzcKo +5fZFywCeKtqljjB7nsCIKvZNOV1D4fn7HDm0MlNlcmdleSBQb3pueWFrb2ZmIChH +cmF5KSA8Z3JheUBtaXJkZGluLmZhcmxlcC5uZXQ+iFcEExECABcFAjxhQHkFCwcK +AwQDFQMCAxYCAQIXgAAKCRA2ArB/VdDHMg3iAKCVtLVewNzCDfjui1wTWmz73IcU +aQCcDjK4771A6G/z6qX5bDuK1yL/YeSIRgQSEQIABgUCP1tgaAAKCRCjCdZ5GaIl +R3GsAJ9IHf/Rl/2+eR03mdAe+AeSTaBfagCfUsLc7/wp+fb7Xo6lKQezvJzGBqu0 +IFNlcmdleSBQb3pueWFrb2ZmIDxncmF5QGdudS5vcmc+iF4EExECAB4FAkPwlbUC +GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQNgKwf1XQxzJFSgCeNYJSs7nalOVI +MTJB3Ui6NvKL/nAAni1KxoLZr/+jG5iAnhuuL+ijq54GuQENBDxhQHwQBAD3qEph +UOWRg9C8hSJpZ9Zo8F+hXnF6mvMWuy76R+yHqg4H5CPWSH116lOKl5xpGeXdOOzM +5OxGgdEChb+jLoszM9rc3HQfcKAQmFMd03Iay4/5jMAS+vNgCfDV98nj6gU0Y3ku +UdTkyMPDObQWv1ginAnkoOVXb7nAVW/X5n8izwADBQP8CPuRROj2FC+w2tTXDgaJ +am9PEm1coHRJAoHef1nBZfOAOZLjRD10wBg2m8q2EUJ4/mr/1D0whTINThJkvmZk +RGVkuNILeC3X5dMQ1AX4fIOOnVObWVrlg5etH8ichIOYOUOqCx/cuV9F6Apg9PE6 +vcFqmh4BoOlb0qOaIdzN1sWIRgQYEQIABgUCPGFAfAAKCRA2ArB/VdDHMlPgAKCM +9FxutfWWvZqNKW5up6GnB4y6WwCeN5k4mxck975PULOk8jq/ZqLGvnQ= +=5lxD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/cpio.spec b/cpio.spec new file mode 100644 index 0000000..94d2b86 --- /dev/null +++ b/cpio.spec @@ -0,0 +1,155 @@ +# +# spec file for package cpio +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +Name: cpio +Version: 2.13 +Release: 150400.3.6.1 +Summary: A Backup and Archiving Utility +License: GPL-3.0-only +Group: Productivity/Archiving/Backup +URL: https://www.gnu.org/software/cpio/cpio.html +Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2 +Source1: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2.sig +Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=%{name}&download=1#/%{name}.keyring +Patch2: cpio-use_new_ascii_format.patch +Patch4: cpio-use_sbin_rmt.patch +#PATCH-FIX-UPSTREAM cpio-2.12 cpio-open_nonblock.patch bnc#94449, +#https://savannah.gnu.org/patch/?9263 -- open device with O_NONBLOCK option +Patch5: cpio-open_nonblock.patch +Patch15: cpio-eof_tape_handling.patch +# make posibble to have device nodes with major number > 127 +# Red Hat Bugzilla #450109 +Patch17: cpio-dev_number.patch +Patch18: cpio-default_tape_dev.patch +#PATCH-FIX-UPSTREAM cpio-2.10-close_files_after_copy.patch +Patch20: cpio-close_files_after_copy.patch +Patch21: cpio-pattern-file-sigsegv.patch +Patch23: paxutils-rtapelib_mtget.patch +# see https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html +Patch24: cpio-revert-CVE-2015-1197-fix.patch +Patch25: cpio-fix_truncation_check.patch +# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1189206 +# Remote code execution caused by an integer overflow in ds_fgetstr +Patch26: fix-CVE-2021-38185.patch +Patch27: fix-CVE-2021-38185_2.patch +Patch28: fix-CVE-2021-38185_3.patch +# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1218571 +# Path traversal vulnerability +Patch29: fix-CVE-2023-7207.patch +# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1219238 +# Fix cpio not working anymore +Patch30: fix-bsc1219238.patch +BuildRequires: autoconf +BuildRequires: automake +#Requires(post): %{xinstall_info_prereq} +#Requires(preun): %{xinstall_info_prereq} +Recommends: %{name}-mt = %{version} +Recommends: rmt + +%description +GNU cpio is a program to manage archives of files. Cpio copies files +into or out of a cpio or tar archive. An archive is a file that contains +other files plus information about them, such as their pathname, owner, +time stamps, and access permissions. The archive can be another file on +the disk, a magnetic tape, or a pipe. + +%package mt +Summary: Tape drive control utility +Group: Productivity/Archiving/Backup +Requires: %{name} = %{version} +Requires(post): update-alternatives +Requires(postun):update-alternatives +Provides: mt + +%description mt +This package includes the 'mt', a local tape drive control program. + +%lang_package + +%prep +%setup -q +%patch2 +%patch4 +%patch5 +%patch15 +%patch17 +%patch18 +%patch20 +### +%patch21 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 + +%build +gettextize -f --no-changelog +autoreconf -fiv +export CFLAGS="%{optflags} -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fcommon" +%configure \ + --with-rmt="%{_bindir}/rmt" \ + --enable-mt \ + --disable-silent-rules \ + --program-transform-name='s/^mt$/gnumt/' +make %{?_smp_mflags} + +%install +mkdir -p %{buildroot}/{usr/bin,bin} +%make_install +mkdir -p %{buildroot}%{_sysconfdir}/alternatives +ln -sf %{_sysconfdir}/alternatives/mt %{buildroot}%{_bindir}/mt +ln -sf %{_sysconfdir}/alternatives/mt.1%{ext_man} %{buildroot}%{_mandir}/man1/mt.1%{ext_man} +%if !0%{?usrmerged} +ln -sf %{_bindir}/cpio %{buildroot}/bin +%endif + +%find_lang %{name} + +%check +make %{?_smp_mflags} check + +%post mt +%{_sbindir}/update-alternatives --force \ + --install %{_bindir}/mt mt %{_bindir}/gnumt 10 \ + --slave %{_mandir}/man1/mt.1%{ext_man} mt.1%{ext_man} %{_mandir}/man1/gnumt.1%{ext_man} + +%post +%install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info} + +%preun +%install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info} + +%postun mt +if [ ! -f %{_bindir}/gnumt ] ; then + "%{_sbindir}/update-alternatives" --remove mt %{_bindir}/gnumt +fi + +%files +%license COPYING +%doc NEWS ChangeLog +%if !0%{?usrmerged} +/bin/cpio +%endif +%{_bindir}/cpio +%{_infodir}/cpio.info%{?ext_info} +%{_mandir}/man1/cpio.1%{?ext_man} + +%files mt +%ghost %{_bindir}/mt +%{_bindir}/gnumt +%ghost %{_mandir}/man1/mt.1%{ext_man} +%{_mandir}/man1/gnumt.1%{?ext_man} +%ghost %{_sysconfdir}/alternatives/mt +%ghost %{_sysconfdir}/alternatives/mt.1%{ext_man} + +%files lang -f %{name}.lang + +%changelog diff --git a/fix-CVE-2021-38185.patch b/fix-CVE-2021-38185.patch new file mode 100644 index 0000000..1c3b16a --- /dev/null +++ b/fix-CVE-2021-38185.patch @@ -0,0 +1,446 @@ +From dd96882877721703e19272fe25034560b794061b Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Sat, 7 Aug 2021 12:52:21 +0300 +Subject: Rewrite dynamic string support. + +* src/dstring.c (ds_init): Take a single argument. +(ds_free): New function. +(ds_resize): Take a single argument. Use x2nrealloc to expand +the storage. +(ds_reset,ds_append,ds_concat,ds_endswith): New function. +(ds_fgetstr): Rewrite. In particular, this fixes integer overflow. +* src/dstring.h (dynamic_string): Keep both the allocated length +(ds_size) and index of the next free byte in the string (ds_idx). +(ds_init,ds_resize): Change signature. +(ds_len): New macro. +(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. +* src/copyin.c: Use new ds_ functions. +* src/copyout.c: Likewise. +* src/copypass.c: Likewise. +* src/util.c: Likewise. +--- + src/copyin.c | 40 +++++++++++++------------- + src/copyout.c | 16 ++++------- + src/copypass.c | 34 +++++++++++------------ + src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++++++++---------------- + src/dstring.h | 31 ++++++++++----------- + src/util.c | 6 ++-- + 6 files changed, 123 insertions(+), 92 deletions(-) + +Index: cpio-2.13/src/copyin.c +=================================================================== +--- cpio-2.13.orig/src/copyin.c ++++ cpio-2.13/src/copyin.c +@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file + char *str_res; /* Result for string function. */ + static dynamic_string new_name; /* New file name for rename option. */ + static int initialized_new_name = false; ++ + if (!initialized_new_name) +- { +- ds_init (&new_name, 128); +- initialized_new_name = true; +- } ++ { ++ ds_init (&new_name); ++ initialized_new_name = true; ++ } + + if (rename_flag) + { +@@ -778,21 +779,20 @@ long_format (struct cpio_file_stat *file + already in `save_patterns' (from the command line) are preserved. */ + + static void +-read_pattern_file () ++read_pattern_file (void) + { +- int max_new_patterns; +- char **new_save_patterns; +- int new_num_patterns; ++ char **new_save_patterns = NULL; ++ size_t max_new_patterns; ++ size_t new_num_patterns; + int i; +- dynamic_string pattern_name; ++ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; + FILE *pattern_fp; + + if (num_patterns < 0) + num_patterns = 0; +- max_new_patterns = 1 + num_patterns; +- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); + new_num_patterns = num_patterns; +- ds_init (&pattern_name, 128); ++ max_new_patterns = num_patterns; ++ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); + + pattern_fp = fopen (pattern_file_name, "r"); + if (pattern_fp == NULL) +@@ -801,16 +801,16 @@ read_pattern_file () + { + while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) + { +- if (new_num_patterns >= max_new_patterns) +- { +- max_new_patterns += 1; +- new_save_patterns = (char **) +- xrealloc ((char *) new_save_patterns, +- max_new_patterns * sizeof (char *)); +- } ++ if (new_num_patterns == max_new_patterns) ++ new_save_patterns = x2nrealloc (new_save_patterns, ++ &max_new_patterns, ++ sizeof (new_save_patterns[0])); + new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); + ++new_num_patterns; + } ++ ++ ds_free (&pattern_name); ++ + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) + close_error (pattern_file_name); + } +Index: cpio-2.13/src/copyout.c +=================================================================== +--- cpio-2.13.orig/src/copyout.c ++++ cpio-2.13/src/copyout.c +@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value) + The format of the header depends on the compatibility (-c) flag. */ + + void +-process_copy_out () ++process_copy_out (void) + { +- dynamic_string input_name; /* Name of file read from stdin. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file read from stdin. */ + struct stat file_stat; /* Stat record for file. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ +@@ -605,7 +606,6 @@ process_copy_out () + char *orig_file_name = NULL; + + /* Initialize the copy out. */ +- ds_init (&input_name, 128); + file_hdr.c_magic = 070707; + + /* Check whether the output file might be a tape. */ +@@ -657,14 +657,9 @@ process_copy_out () + { + if (file_hdr.c_mode & CP_IFDIR) + { +- int len = strlen (input_name.ds_string); + /* Make sure the name ends with a slash */ +- if (input_name.ds_string[len-1] != '/') +- { +- ds_resize (&input_name, len + 2); +- input_name.ds_string[len] = '/'; +- input_name.ds_string[len+1] = 0; +- } ++ if (!ds_endswith (&input_name, '/')) ++ ds_append (&input_name, '/'); + } + } + +@@ -875,6 +870,7 @@ process_copy_out () + (unsigned long) blocks), (unsigned long) blocks); + } + cpio_file_stat_free (&file_hdr); ++ ds_free (&input_name); + } + + +Index: cpio-2.13/src/copypass.c +=================================================================== +--- cpio-2.13.orig/src/copypass.c ++++ cpio-2.13/src/copypass.c +@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char * + If `link_flag', link instead of copying. */ + + void +-process_copy_pass () ++process_copy_pass (void) + { +- dynamic_string input_name; /* Name of file from stdin. */ +- dynamic_string output_name; /* Name of new file. */ ++ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of file from stdin. */ ++ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; ++ /* Name of new file. */ + size_t dirname_len; /* Length of `directory_name'. */ + int res; /* Result of functions. */ + char *slash; /* For moving past slashes in input name. */ +@@ -65,25 +67,18 @@ process_copy_pass () + created files */ + + /* Initialize the copy pass. */ +- ds_init (&input_name, 128); + + dirname_len = strlen (directory_name); + if (change_directory_option && !ISSLASH (directory_name[0])) + { + char *pwd = xgetcwd (); +- +- dirname_len += strlen (pwd) + 1; +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, pwd); +- strcat (output_name.ds_string, "/"); +- strcat (output_name.ds_string, directory_name); +- } +- else +- { +- ds_init (&output_name, dirname_len + 2); +- strcpy (output_name.ds_string, directory_name); ++ ++ ds_concat (&output_name, pwd); ++ ds_append (&output_name, '/'); + } +- output_name.ds_string[dirname_len] = '/'; ++ ds_concat (&output_name, directory_name); ++ ds_append (&output_name, '/'); ++ dirname_len = ds_len (&output_name); + output_is_seekable = true; + + change_dir (); +@@ -116,8 +111,8 @@ process_copy_pass () + /* Make the name of the new file. */ + for (slash = input_name.ds_string; *slash == '/'; ++slash) + ; +- ds_resize (&output_name, dirname_len + strlen (slash) + 2); +- strcpy (output_name.ds_string + dirname_len + 1, slash); ++ ds_reset (&output_name, dirname_len); ++ ds_concat (&output_name, slash); + + existing_dir = false; + if (lstat (output_name.ds_string, &out_file_stat) == 0) +@@ -333,6 +328,9 @@ process_copy_pass () + (unsigned long) blocks), + (unsigned long) blocks); + } ++ ++ ds_free (&input_name); ++ ds_free (&output_name); + } + + /* Try and create a hard link from FILE_NAME to another file +Index: cpio-2.13/src/dstring.c +=================================================================== +--- cpio-2.13.orig/src/dstring.c ++++ cpio-2.13/src/dstring.c +@@ -20,8 +20,8 @@ + #if defined(HAVE_CONFIG_H) + # include + #endif +- + #include ++#include + #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) + #include + #else +@@ -33,24 +33,41 @@ + /* Initialiaze dynamic string STRING with space for SIZE characters. */ + + void +-ds_init (dynamic_string *string, int size) ++ds_init (dynamic_string *string) ++{ ++ memset (string, 0, sizeof *string); ++} ++ ++/* Free the dynamic string storage. */ ++ ++void ++ds_free (dynamic_string *string) + { +- string->ds_length = size; +- string->ds_string = (char *) xmalloc (size); ++ free (string->ds_string); + } + +-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ ++/* Expand dynamic string STRING, if necessary. */ + + void +-ds_resize (dynamic_string *string, int size) ++ds_resize (dynamic_string *string) + { +- if (size > string->ds_length) ++ if (string->ds_idx == string->ds_size) + { +- string->ds_length = size; +- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); ++ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, ++ 1); + } + } + ++/* Reset the index of the dynamic string S to LEN. */ ++ ++void ++ds_reset (dynamic_string *s, size_t len) ++{ ++ while (len > s->ds_size) ++ ds_resize (s); ++ s->ds_idx = len; ++} ++ + /* Dynamic string S gets a string terminated by the EOS character + (which is removed) from file F. S will increase + in size during the function if the string from F is longer than +@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int s + char * + ds_fgetstr (FILE *f, dynamic_string *s, char eos) + { +- int insize; /* Amount needed for line. */ +- int strsize; /* Amount allocated for S. */ + int next_ch; + + /* Initialize. */ +- insize = 0; +- strsize = s->ds_length; ++ s->ds_idx = 0; + + /* Read the input string. */ +- next_ch = getc (f); +- while (next_ch != eos && next_ch != EOF) ++ while ((next_ch = getc (f)) != eos && next_ch != EOF) + { +- if (insize >= strsize - 1) +- { +- ds_resize (s, strsize * 2 + 2); +- strsize = s->ds_length; +- } +- s->ds_string[insize++] = next_ch; +- next_ch = getc (f); ++ ds_resize (s); ++ s->ds_string[s->ds_idx++] = next_ch; + } +- s->ds_string[insize++] = '\0'; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = '\0'; + +- if (insize == 1 && next_ch == EOF) ++ if (s->ds_idx == 0 && next_ch == EOF) + return NULL; + else + return s->ds_string; + } + ++void ++ds_append (dynamic_string *s, int c) ++{ ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = c; ++ if (c) ++ { ++ s->ds_idx++; ++ ds_resize (s); ++ s->ds_string[s->ds_idx] = 0; ++ } ++} ++ ++void ++ds_concat (dynamic_string *s, char const *str) ++{ ++ size_t len = strlen (str); ++ while (len + 1 > s->ds_size) ++ ds_resize (s); ++ memcpy (s->ds_string + s->ds_idx, str, len); ++ s->ds_idx += len; ++ s->ds_string[s->ds_idx] = 0; ++} ++ + char * + ds_fgets (FILE *f, dynamic_string *s) + { +@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s) + { + return ds_fgetstr (f, s, '\0'); + } ++ ++/* Return true if the dynamic string S ends with character C. */ ++int ++ds_endswith (dynamic_string *s, int c) ++{ ++ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); ++} +Index: cpio-2.13/src/dstring.h +=================================================================== +--- cpio-2.13.orig/src/dstring.h ++++ cpio-2.13/src/dstring.h +@@ -17,10 +17,6 @@ + Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301 USA. */ + +-#ifndef NULL +-#define NULL 0 +-#endif +- + /* A dynamic string consists of record that records the size of an + allocated string and the pointer to that string. The actual string + is a normal zero byte terminated string that can be used with the +@@ -30,22 +26,25 @@ + + typedef struct + { +- int ds_length; /* Actual amount of storage allocated. */ +- char *ds_string; /* String. */ ++ size_t ds_size; /* Actual amount of storage allocated. */ ++ size_t ds_idx; /* Index of the next free byte in the string. */ ++ char *ds_string; /* String storage. */ + } dynamic_string; + ++#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } + +-/* Macros that look similar to the original string functions. +- WARNING: These macros work only on pointers to dynamic string records. +- If used with a real record, an "&" must be used to get the pointer. */ +-#define ds_strlen(s) strlen ((s)->ds_string) +-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) +-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) +-#define ds_index(s, c) index ((s)->ds_string, c) +-#define ds_rindex(s, c) rindex ((s)->ds_string, c) ++void ds_init (dynamic_string *string); ++void ds_free (dynamic_string *string); ++void ds_reset (dynamic_string *s, size_t len); + +-void ds_init (dynamic_string *string, int size); +-void ds_resize (dynamic_string *string, int size); ++/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ + char *ds_fgetname (FILE *f, dynamic_string *s); + char *ds_fgets (FILE *f, dynamic_string *s); + char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); ++void ds_append (dynamic_string *s, int c); ++void ds_concat (dynamic_string *s, char const *str); ++ ++#define ds_len(s) ((s)->ds_idx) ++ ++int ds_endswith (dynamic_string *s, int c); ++ +Index: cpio-2.13/src/util.c +=================================================================== +--- cpio-2.13.orig/src/util.c ++++ cpio-2.13/src/util.c +@@ -894,11 +894,9 @@ get_next_reel (int tape_des) + FILE *tty_out; /* File for interacting with user. */ + int old_tape_des; + char *next_archive_name; +- dynamic_string new_name; ++ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; + char *str_res; + +- ds_init (&new_name, 128); +- + /* Open files for interactive communication. */ + tty_in = fopen (TTY_NAME, "r"); + if (tty_in == NULL) +@@ -973,7 +971,7 @@ get_next_reel (int tape_des) + error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), + old_tape_des, tape_des); + +- free (new_name.ds_string); ++ ds_free (&new_name); + fclose (tty_in); + fclose (tty_out); + } diff --git a/fix-CVE-2021-38185_2.patch b/fix-CVE-2021-38185_2.patch new file mode 100644 index 0000000..3ea1c42 --- /dev/null +++ b/fix-CVE-2021-38185_2.patch @@ -0,0 +1,36 @@ +From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Wed, 11 Aug 2021 18:10:38 +0300 +Subject: Fix previous commit + +* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a +loop. +--- + src/dstring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/dstring.c b/src/dstring.c +index 692d3e7..b7e0bb5 100644 +--- a/src/dstring.c ++++ b/src/dstring.c +@@ -64,7 +64,7 @@ void + ds_reset (dynamic_string *s, size_t len) + { + while (len > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + s->ds_idx = len; + } + +@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); + while (len + 1 > s->ds_size) +- ds_resize (s); ++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +-- +cgit v1.2.1 + diff --git a/fix-CVE-2021-38185_3.patch b/fix-CVE-2021-38185_3.patch new file mode 100644 index 0000000..35312fe --- /dev/null +++ b/fix-CVE-2021-38185_3.patch @@ -0,0 +1,13 @@ +Index: cpio-2.13/src/dstring.c +=================================================================== +--- cpio-2.13.orig/src/dstring.c ++++ cpio-2.13/src/dstring.c +@@ -115,7 +115,7 @@ void + ds_concat (dynamic_string *s, char const *str) + { + size_t len = strlen (str); +- while (len + 1 > s->ds_size) ++ while (len + s->ds_idx + 1 > s->ds_size) + s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; diff --git a/fix-CVE-2023-7207.patch b/fix-CVE-2023-7207.patch new file mode 100644 index 0000000..66fdc74 --- /dev/null +++ b/fix-CVE-2023-7207.patch @@ -0,0 +1,223 @@ +From 376d663340a9dc91c91a5849e5713f07571c1628 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Thu, 27 Apr 2023 15:14:23 +0300 +Subject: Fix 45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca. + +The commit in question brought in more problems than solutions. To +properly fix the issue, use symlink placeholders, modelled after +delayed symlinks in tar. + +* src/copyin.c (symlink_placeholder) +(replace_symlink_placeholders): New functions. +(copyin_link): Create symlink placeholder if --no-absolute-filenames +was given. +(process_copy_in): Replace placeholders after extraction. +* tests/CVE-2015-1197.at: Update. Don't use /tmp. +--- + src/copyin.c | 173 ++++++++++++++++++++++++++++++++++++++++++------- + tests/CVE-2015-1197.at | 7 +- + 2 files changed, 153 insertions(+), 27 deletions(-) + +Index: cpio-2.13/src/copyin.c +=================================================================== +--- cpio-2.13.orig/src/copyin.c ++++ cpio-2.13/src/copyin.c +@@ -31,6 +31,7 @@ + #ifndef FNM_PATHNAME + # include + #endif ++#include + + #ifndef HAVE_LCHOWN + # define lchown(f,u,g) 0 +@@ -621,6 +622,136 @@ copyin_device (struct cpio_file_stat* fi + file_hdr->c_mtime); + } + ++struct delayed_link ++ { ++ /* The device and inode number of the placeholder. */ ++ dev_t dev; ++ ino_t ino; ++ ++ /* The desired link metadata. */ ++ mode_t mode; ++ uid_t uid; ++ gid_t gid; ++ time_t mtime; ++ ++ /* Link source and target names. */ ++ char *source; ++ char target[1]; ++ }; ++ ++static Hash_table *delayed_link_table; ++ ++static size_t ++dl_hash (void const *entry, size_t table_size) ++{ ++ struct delayed_link const *dl = entry; ++ uintmax_t n = dl->dev; ++ int nshift = (sizeof (n) - sizeof (dl->dev)) * CHAR_BIT; ++ if (0 < nshift) ++ n <<= nshift; ++ n ^= dl->ino; ++ return n % table_size; ++} ++ ++static bool ++dl_compare (void const *a, void const *b) ++{ ++ struct delayed_link const *da = a, *db = b; ++ return (da->dev == db->dev) & (da->ino == db->ino); ++} ++ ++static int ++symlink_placeholder (char *oldpath, char *newpath, struct cpio_file_stat *file_stat) ++{ ++ int fd = open (newpath, O_WRONLY | O_CREAT | O_EXCL, 0); ++ struct stat st; ++ struct delayed_link *p; ++ size_t newlen = strlen (newpath); ++ ++ if (fd < 0) ++ { ++ open_error (newpath); ++ return -1; ++ } ++ ++ if (fstat (fd, &st) != 0) ++ { ++ stat_error (newpath); ++ close (fd); ++ return -1; ++ } ++ ++ close (fd); ++ ++ p = xmalloc (sizeof (*p) + strlen (oldpath) + newlen + 1); ++ p->dev = st.st_dev; ++ p->ino = st.st_ino; ++ ++ p->mode = file_stat->c_mode; ++ p->uid = file_stat->c_uid; ++ p->gid = file_stat->c_gid; ++ p->mtime = file_stat->c_mtime; ++ ++ strcpy (p->target, newpath); ++ p->source = p->target + newlen + 1; ++ strcpy (p->source, oldpath); ++ ++ if (!((delayed_link_table ++ || (delayed_link_table = hash_initialize (0, 0, dl_hash, ++ dl_compare, free))) ++ && hash_insert (delayed_link_table, p))) ++ xalloc_die (); ++ ++ return 0; ++} ++ ++static void ++replace_symlink_placeholders (void) ++{ ++ struct delayed_link *dl; ++ ++ if (!delayed_link_table) ++ return; ++ for (dl = hash_get_first (delayed_link_table); ++ dl; ++ dl = hash_get_next (delayed_link_table, dl)) ++ { ++ struct stat st; ++ ++ /* Make sure the placeholder file is still there. If not, ++ don't create a link, as the placeholder was probably ++ removed by a later extraction. */ ++ if (lstat (dl->target, &st) == 0 ++ && st.st_dev == dl->dev ++ && st.st_ino == dl->ino) ++ { ++ if (unlink (dl->target)) ++ unlink_error (dl->target); ++ else ++ { ++ int res = UMASKED_SYMLINK (dl->source, dl->target, dl->mode); ++ if (res < 0 && create_dir_flag) ++ { ++ create_all_directories (dl->target); ++ res = UMASKED_SYMLINK (dl->source, dl->target, dl->mode); ++ } ++ if (res < 0) ++ symlink_error (dl->source, dl->target); ++ else if (!no_chown_flag) ++ { ++ uid_t uid = set_owner_flag ? set_owner : dl->uid; ++ gid_t gid = set_group_flag ? set_group : dl->gid; ++ if (lchown (dl->target, uid, gid) < 0 && errno != EPERM) ++ chown_error_details (dl->target, uid, gid); ++ } ++ } ++ } ++ } ++ ++ hash_free (delayed_link_table); ++ delayed_link_table = NULL; ++} ++ + static void + copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) + { +@@ -646,28 +777,26 @@ copyin_link (struct cpio_file_stat *file + link_name = xstrdup (file_hdr->c_tar_linkname); + } + +- res = UMASKED_SYMLINK (link_name, file_hdr->c_name, +- file_hdr->c_mode); +- if (res < 0 && create_dir_flag) ++ if (no_abs_paths_flag) ++ symlink_placeholder (link_name, file_hdr->c_name, file_hdr); ++ else + { +- create_all_directories (file_hdr->c_name); + res = UMASKED_SYMLINK (link_name, file_hdr->c_name, + file_hdr->c_mode); +- } +- if (res < 0) +- { +- error (0, errno, _("%s: Cannot symlink to %s"), +- quotearg_colon (link_name), quote_n (1, file_hdr->c_name)); +- free (link_name); +- return; +- } +- if (!no_chown_flag) +- { +- uid_t uid = set_owner_flag ? set_owner : file_hdr->c_uid; +- gid_t gid = set_group_flag ? set_group : file_hdr->c_gid; +- if ((lchown (file_hdr->c_name, uid, gid) < 0) +- && errno != EPERM) +- chown_error_details (file_hdr->c_name, uid, gid); ++ if (res < 0 && create_dir_flag) ++ { ++ create_all_directories (file_hdr->c_name); ++ res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode); ++ } ++ if (res < 0) ++ symlink_error (link_name, file_hdr->c_name); ++ else if (!no_chown_flag) ++ { ++ uid_t uid = set_owner_flag ? set_owner : file_hdr->c_uid; ++ gid_t gid = set_group_flag ? set_group : file_hdr->c_gid; ++ if (lchown (file_hdr->c_name, uid, gid) < 0 && errno != EPERM) ++ chown_error_details (file_hdr->c_name, uid, gid); ++ } + } + free (link_name); + } +@@ -1418,6 +1547,7 @@ process_copy_in () + if (dot_flag) + fputc ('\n', stderr); + ++ replace_symlink_placeholders (); + apply_delayed_set_stat (); + + cpio_file_stat_free (&file_hdr); diff --git a/fix-bsc1219238.patch b/fix-bsc1219238.patch new file mode 100644 index 0000000..2d17a76 --- /dev/null +++ b/fix-bsc1219238.patch @@ -0,0 +1,30 @@ +From e3cc782c610729de7622a274e532817c18262a9d Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Thu, 18 May 2023 09:00:12 +0300 +Subject: Fix operation of --no-absolute-filenames --make-directories + +* src/copyin.c (symlink_placeholder): Try to create leading +directories if unable to create placeholder. +--- + src/copyin.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: cpio-2.13/src/copyin.c +=================================================================== +--- cpio-2.13.orig/src/copyin.c ++++ cpio-2.13/src/copyin.c +@@ -667,7 +667,13 @@ symlink_placeholder (char *oldpath, char + struct stat st; + struct delayed_link *p; + size_t newlen = strlen (newpath); +- ++ ++ if (fd < 0 && create_dir_flag) ++ { ++ create_all_directories (newpath); ++ fd = open (newpath, O_WRONLY | O_CREAT | O_EXCL, 0); ++ } ++ + if (fd < 0) + { + open_error (newpath); diff --git a/paxutils-rtapelib_mtget.patch b/paxutils-rtapelib_mtget.patch new file mode 100644 index 0000000..032de88 --- /dev/null +++ b/paxutils-rtapelib_mtget.patch @@ -0,0 +1,13 @@ +Index: cpio-2.13/lib/rtapelib.c +=================================================================== +--- cpio-2.13.orig/lib/rtapelib.c ++++ cpio-2.13/lib/rtapelib.c +@@ -711,7 +711,7 @@ rmt_ioctl__ (int handle, int operation, + || (status = get_status (handle), status == -1)) + return -1; + +- if (status > sizeof (struct mtop)) ++ if (status > sizeof (struct mtget)) + { + errno = EOVERFLOW; + return -1;