Date: Sat, 16 Nov 2019 16:19:53 +0000 (UTC) From: Christian Weisgerber <naddy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r517758 - in branches/2019Q4/archivers/gcpio: . files Message-ID: <201911161619.xAGGJrxh064571@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: naddy Date: Sat Nov 16 16:19:53 2019 New Revision: 517758 URL: https://svnweb.freebsd.org/changeset/ports/517758 Log: MFH: r517705 Security update to 2.13: * Fix CVE-2015-1197 * Fix CVE-2016-2037 * Fix CVE-2019-14866 * Remove --extract-over-symlinks option again, which was part of an earlier third-party fix for CVE-2015-1197. Security: f59af308-07f3-11ea-8c56-f8b156b6dcc8 Approved by: ports-secteam (joneum) Added: branches/2019Q4/archivers/gcpio/files/patch-src_util.c - copied unchanged from r517705, head/archivers/gcpio/files/patch-src_util.c branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at - copied unchanged from r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at Deleted: branches/2019Q4/archivers/gcpio/files/patch-po_Makefile.in.in branches/2019Q4/archivers/gcpio/files/patch-src_copyin.c branches/2019Q4/archivers/gcpio/files/patch-src_extern.h branches/2019Q4/archivers/gcpio/files/patch-src_global.c branches/2019Q4/archivers/gcpio/files/patch-src_main.c branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-long.at Modified: branches/2019Q4/archivers/gcpio/Makefile branches/2019Q4/archivers/gcpio/distinfo branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in branches/2019Q4/archivers/gcpio/pkg-plist Directory Properties: branches/2019Q4/ (props changed) Modified: branches/2019Q4/archivers/gcpio/Makefile ============================================================================== --- branches/2019Q4/archivers/gcpio/Makefile Sat Nov 16 16:04:26 2019 (r517757) +++ branches/2019Q4/archivers/gcpio/Makefile Sat Nov 16 16:19:53 2019 (r517758) @@ -1,8 +1,7 @@ # $FreeBSD$ PORTNAME= cpio -PORTVERSION= 2.12 -PORTREVISION= 1 +PORTVERSION= 2.13 CATEGORIES= archivers MASTER_SITES= GNU PKGNAMEPREFIX= g @@ -11,6 +10,8 @@ MAINTAINER= naddy@FreeBSD.org COMMENT= GNU cpio copies files to and from archives LICENSE= GPLv3 + +TEST_DEPENDS= autom4te:devel/autoconf USES= cpe tar:bzip2 Modified: branches/2019Q4/archivers/gcpio/distinfo ============================================================================== --- branches/2019Q4/archivers/gcpio/distinfo Sat Nov 16 16:04:26 2019 (r517757) +++ branches/2019Q4/archivers/gcpio/distinfo Sat Nov 16 16:19:53 2019 (r517758) @@ -1,2 +1,3 @@ -SHA256 (cpio-2.12.tar.bz2) = 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e -SIZE (cpio-2.12.tar.bz2) = 1258605 +TIMESTAMP = 1573685109 +SHA256 (cpio-2.13.tar.bz2) = eab5bdc5ae1df285c59f2a4f140a98fc33678a0bf61bdba67d9436ae26b46f6d +SIZE (cpio-2.13.tar.bz2) = 1354559 Modified: branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 ============================================================================== --- branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 Sat Nov 16 16:04:26 2019 (r517757) +++ branches/2019Q4/archivers/gcpio/files/patch-doc_cpio.1 Sat Nov 16 16:19:53 2019 (r517758) @@ -1,8 +1,8 @@ ---- doc/cpio.1.orig 2015-09-12 10:57:30 UTC +--- doc/cpio.1.orig 2018-06-21 07:12:05 UTC +++ doc/cpio.1 @@ -15,9 +15,9 @@ .\" along with GNU cpio. If not, see <http://www.gnu.org/licenses/>. - .TH CPIO 1 "December 1, 2014" "CPIO" "GNU CPIO" + .TH CPIO 1 "June 21, 2018" "CPIO" "GNU CPIO" .SH NAME -cpio \- copy files to and from archives +gcpio \- copy files to and from archives @@ -21,11 +21,8 @@ {\fB\-i\fR|\fB\-\-extract\fR} [\fB\-bcdfmnrtsuvBSV\fR] [\fB\-C\fR \fIBYTES\fR] [\fB\-E\fR \fIFILE\fR] [\fB\-H\fR \fIFORMAT\fR] [\fB\-M\fR \fIMESSAGE\fR] [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]] -@@ -50,9 +50,10 @@ cpio \- copy files to and from archives - [\fB\-\-force\-local\fR] [\fB\-\-no\-absolute\-filenames\fR] [\fB\-\-sparse\fR] - [\fB\-\-only\-verify\-crc\fR] [\fB\-\-to\-stdout\fR] [\fB\-\-quiet\fR] +@@ -52,7 +52,7 @@ cpio \- copy files to and from archives [\fB\-\-rsh\-command=\fICOMMAND\fR] -+[\fB\-\-extract\-over\-symlinks\fR] [\fIpattern\fR...] [\fB<\fR \fIarchive\fR] -.B cpio @@ -33,7 +30,7 @@ {\fB\-p\fR|\fB\-\-pass\-through\fR} [\fB\-0adlmuvLV\fR] [\fB\-R\fR [\fIUSER\fR][\fB:.\fR][\fIGROUP\fR]] [\fB\-\-null\fR] [\fB\-\-reset\-access\-time\fR] -@@ -63,7 +64,7 @@ cpio \- copy files to and from archives +@@ -63,7 +63,7 @@ cpio \- copy files to and from archives [\fB\-\-no\-preserve\-owner\fR] [\fB\-\-sparse\fR] \fIdestination-directory\fR \fB<\fR \fIname-list\fR Modified: branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in ============================================================================== --- branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in Sat Nov 16 16:04:26 2019 (r517757) +++ branches/2019Q4/archivers/gcpio/files/patch-gnu_Makefile.in Sat Nov 16 16:19:53 2019 (r517758) @@ -1,6 +1,6 @@ ---- gnu/Makefile.in.orig 2015-09-12 11:11:14 UTC +--- gnu/Makefile.in.orig 2019-11-06 07:29:32 UTC +++ gnu/Makefile.in -@@ -2077,7 +2077,7 @@ inttypes.h: inttypes.in.h $(top_builddir +@@ -2129,7 +2129,7 @@ inttypes.h: inttypes.in.h $(top_builddir)/config.statu # avoid installing it. all-local: charset.alias ref-add.sed ref-del.sed Copied: branches/2019Q4/archivers/gcpio/files/patch-src_util.c (from r517705, head/archivers/gcpio/files/patch-src_util.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q4/archivers/gcpio/files/patch-src_util.c Sat Nov 16 16:19:53 2019 (r517758, copy of r517705, head/archivers/gcpio/files/patch-src_util.c) @@ -0,0 +1,23 @@ +https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=df55fb19be545e22d023950263ed5d0756edf81e + +--- src/util.c.orig 2019-11-03 15:07:23 UTC ++++ src/util.c +@@ -1140,8 +1140,16 @@ stat_to_cpio (struct cpio_file_stat *hdr, struct stat + hdr->c_nlink = st->st_nlink; + hdr->c_uid = CPIO_UID (st->st_uid); + hdr->c_gid = CPIO_GID (st->st_gid); +- hdr->c_rdev_maj = major (st->st_rdev); +- hdr->c_rdev_min = minor (st->st_rdev); ++ if (S_ISBLK (st->st_mode) || S_ISCHR (st->st_mode)) ++ { ++ hdr->c_rdev_maj = major (st->st_rdev); ++ hdr->c_rdev_min = minor (st->st_rdev); ++ } ++ else ++ { ++ hdr->c_rdev_maj = 0; ++ hdr->c_rdev_min = 0; ++ } + hdr->c_mtime = st->st_mtime; + hdr->c_filesize = st->st_size; + hdr->c_chksum = 0; Copied: branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at (from r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q4/archivers/gcpio/files/patch-tests_symlink-bad-length.at Sat Nov 16 16:19:53 2019 (r517758, copy of r517705, head/archivers/gcpio/files/patch-tests_symlink-bad-length.at) @@ -0,0 +1,11 @@ +--- tests/symlink-bad-length.at.orig 2019-11-13 23:07:23 UTC ++++ tests/symlink-bad-length.at +@@ -44,7 +44,7 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + # but that could hurt backward compatibility. + + AT_CHECK([ +-base64 -d ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST ++b64decode -r ARCHIVE.base64 > ARCHIVE || AT_SKIP_TEST + TZ=UTC cpio -ntv < ARCHIVE 2>stderr + cat stderr | grep -v \ + -e 'stored filename length is out of range' \ Modified: branches/2019Q4/archivers/gcpio/pkg-plist ============================================================================== --- branches/2019Q4/archivers/gcpio/pkg-plist Sat Nov 16 16:04:26 2019 (r517757) +++ branches/2019Q4/archivers/gcpio/pkg-plist Sat Nov 16 16:19:53 2019 (r517758) @@ -15,6 +15,7 @@ man/man1/gcpio.1.gz %%NLS%%share/locale/ko/LC_MESSAGES/cpio.mo %%NLS%%share/locale/nl/LC_MESSAGES/cpio.mo %%NLS%%share/locale/pl/LC_MESSAGES/cpio.mo +%%NLS%%share/locale/pt/LC_MESSAGES/cpio.mo %%NLS%%share/locale/pt_BR/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ro/LC_MESSAGES/cpio.mo %%NLS%%share/locale/ru/LC_MESSAGES/cpio.mo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911161619.xAGGJrxh064571>