summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/cpio
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/cpio')
-rw-r--r--meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch58
-rw-r--r--meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch312
-rw-r--r--meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch581
-rw-r--r--meta/recipes-extended/cpio/cpio_2.13.bb6
4 files changed, 957 insertions, 0 deletions
diff --git a/meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch b/meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
new file mode 100644
index 0000000000..2dfd348d7c
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.13/0003-Fix-calculation-of-CRC-in-copy-out-mode.patch
@@ -0,0 +1,58 @@
1From d257e47a6c6b41ba727b196ac96c05ab91bd9d65 Mon Sep 17 00:00:00 2001
2From: Sergey Poznyakoff <gray@gnu.org>
3Date: Fri, 7 Apr 2023 11:23:37 +0300
4Subject: [PATCH 3/4] Fix calculation of CRC in copy-out mode.
5
6* src/copyout.c (read_for_checksum): Fix type of the file_size argument.
7Rewrite the reading loop.
8
9Original patch by Stefano Babic <sbabic@denx.de>
10
11Upstream-Status: Backport [a1b2f7871c3ae5113e0102b870b15ea06a8f0e3d]
12Signed-off-by: Marek Vasut <marex@denx.de>
13---
14 src/copyout.c | 16 +++++++---------
15 1 file changed, 7 insertions(+), 9 deletions(-)
16
17diff --git a/src/copyout.c b/src/copyout.c
18index 8b0beb6..f1ff351 100644
19--- a/src/copyout.c
20+++ b/src/copyout.c
21@@ -34,27 +34,25 @@
22 compute and return a checksum for them. */
23
24 static uint32_t
25-read_for_checksum (int in_file_des, int file_size, char *file_name)
26+read_for_checksum (int in_file_des, off_t file_size, char *file_name)
27 {
28 uint32_t crc;
29- char buf[BUFSIZ];
30- int bytes_left;
31- int bytes_read;
32- int i;
33+ unsigned char buf[BUFSIZ];
34+ ssize_t bytes_read;
35+ ssize_t i;
36
37 crc = 0;
38
39- for (bytes_left = file_size; bytes_left > 0; bytes_left -= bytes_read)
40+ while (file_size > 0)
41 {
42 bytes_read = read (in_file_des, buf, BUFSIZ);
43 if (bytes_read < 0)
44 error (PAXEXIT_FAILURE, errno, _("cannot read checksum for %s"), file_name);
45 if (bytes_read == 0)
46 break;
47- if (bytes_left < bytes_read)
48- bytes_read = bytes_left;
49- for (i = 0; i < bytes_read; ++i)
50+ for (i = 0; i < bytes_read; i++)
51 crc += buf[i] & 0xff;
52+ file_size -= bytes_read;
53 }
54 if (lseek (in_file_des, 0L, SEEK_SET))
55 error (PAXEXIT_FAILURE, errno, _("cannot read checksum for %s"), file_name);
56--
572.39.2
58
diff --git a/meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch b/meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
new file mode 100644
index 0000000000..c212bddf7d
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.13/0004-Fix-appending-to-archives-bigger-than-2G.patch
@@ -0,0 +1,312 @@
1From 8513495ab5cfb63eb7c4c933fdf0b78c6196cd27 Mon Sep 17 00:00:00 2001
2From: Sergey Poznyakoff <gray@gnu.org>
3Date: Fri, 28 Apr 2023 15:23:46 +0300
4Subject: [PATCH 4/4] Fix appending to archives bigger than 2G
5
6* src/extern.h (last_header_start): Change type to off_t.
7* src/global.c: Likewise.
8* src/util.c (prepare_append): Use off_t for file offsets.
9
10Upstream-Status: Backport [0987d63384f0419b4b14aecdc6a61729b75ce86a]
11Signed-off-by: Marek Vasut <marex@denx.de>
12---
13 src/extern.h | 11 ++++-----
14 src/global.c | 2 +-
15 src/util.c | 66 ++++++++++++++++++++++++++--------------------------
16 3 files changed, 39 insertions(+), 40 deletions(-)
17
18diff --git a/src/extern.h b/src/extern.h
19index 11ac6bf..12f14a9 100644
20--- a/src/extern.h
21+++ b/src/extern.h
22@@ -67,7 +67,7 @@ extern int ignore_devno_option;
23
24 extern bool to_stdout_option;
25
26-extern int last_header_start;
27+extern off_t last_header_start;
28 extern int copy_matching_files;
29 extern int numeric_uid;
30 extern char *pattern_file_name;
31@@ -123,7 +123,7 @@ void field_width_error (const char *filename, const char *fieldname,
32
33 /* copypass.c */
34 void process_copy_pass (void);
35-int link_to_maj_min_ino (char *file_name, int st_dev_maj,
36+int link_to_maj_min_ino (char *file_name, int st_dev_maj,
37 int st_dev_min, ino_t st_ino);
38 int link_to_name (char const *link_name, char const *link_target);
39
40@@ -171,7 +171,7 @@ void copy_files_tape_to_disk (int in_des, int out_des, off_t num_bytes);
41 void copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, char *filename);
42 void copy_files_disk_to_disk (int in_des, int out_des, off_t num_bytes, char *filename);
43 void warn_if_file_changed (char *file_name, off_t old_file_size,
44- time_t old_file_mtime);
45+ time_t old_file_mtime);
46 void create_all_directories (char const *name);
47 void prepare_append (int out_file_des);
48 char *find_inode_file (ino_t node_num,
49@@ -185,7 +185,7 @@ void set_new_media_message (char *message);
50 #ifdef HPUX_CDF
51 char *add_cdf_double_slashes (char *filename);
52 #endif
53-void write_nuls_to_file (off_t num_bytes, int out_des,
54+void write_nuls_to_file (off_t num_bytes, int out_des,
55 void (*writer) (char *in_buf,
56 int out_des, off_t num_bytes));
57 #define DISK_IO_BLOCK_SIZE 512
58@@ -229,6 +229,5 @@ void delay_set_stat (char const *file_name, struct stat *st,
59 mode_t invert_permissions);
60 int repair_delayed_set_stat (struct cpio_file_stat *file_hdr);
61 void apply_delayed_set_stat (void);
62-
63-int arf_stores_inode_p (enum archive_format arf);
64
65+int arf_stores_inode_p (enum archive_format arf);
66diff --git a/src/global.c b/src/global.c
67index fb3abe9..5c9fc05 100644
68--- a/src/global.c
69+++ b/src/global.c
70@@ -114,7 +114,7 @@ int debug_flag = false;
71
72 /* File position of last header read. Only used during -A to determine
73 where the old TRAILER!!! record started. */
74-int last_header_start = 0;
75+off_t last_header_start = 0;
76
77 /* With -i; if true, copy only files that match any of the given patterns;
78 if false, copy only files that do not match any of the patterns. (-f) */
79diff --git a/src/util.c b/src/util.c
80index 4421b20..3be89a4 100644
81--- a/src/util.c
82+++ b/src/util.c
83@@ -60,8 +60,8 @@ tape_empty_output_buffer (int out_des)
84 static long output_bytes_before_lseek = 0;
85
86 /* Some tape drivers seem to have a signed internal seek pointer and
87- they lose if it overflows and becomes negative (e.g. when writing
88- tapes > 2Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
89+ they lose if it overflows and becomes negative (e.g. when writing
90+ tapes > 2Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
91 seek pointer and prevent it from overflowing. */
92 if (output_is_special
93 && ( (output_bytes_before_lseek += output_size) >= 1073741824L) )
94@@ -106,7 +106,7 @@ static ssize_t sparse_write (int fildes, char *buf, size_t nbyte, bool flush);
95 descriptor OUT_DES and reset `output_size' and `out_buff'.
96 If `swapping_halfwords' or `swapping_bytes' is set,
97 do the appropriate swapping first. Our callers have
98- to make sure to only set these flags if `output_size'
99+ to make sure to only set these flags if `output_size'
100 is appropriate (a multiple of 4 for `swapping_halfwords',
101 2 for `swapping_bytes'). The fact that DISK_IO_BLOCK_SIZE
102 must always be a multiple of 4 helps us (and our callers)
103@@ -188,8 +188,8 @@ tape_fill_input_buffer (int in_des, int num_bytes)
104 {
105 #ifdef BROKEN_LONG_TAPE_DRIVER
106 /* Some tape drivers seem to have a signed internal seek pointer and
107- they lose if it overflows and becomes negative (e.g. when writing
108- tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
109+ they lose if it overflows and becomes negative (e.g. when writing
110+ tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
111 seek pointer and prevent it from overflowing. */
112 if (input_is_special
113 && ( (input_bytes_before_lseek += num_bytes) >= 1073741824L) )
114@@ -332,8 +332,8 @@ tape_buffered_peek (char *peek_buf, int in_des, int num_bytes)
115
116 #ifdef BROKEN_LONG_TAPE_DRIVER
117 /* Some tape drivers seem to have a signed internal seek pointer and
118- they lose if it overflows and becomes negative (e.g. when writing
119- tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
120+ they lose if it overflows and becomes negative (e.g. when writing
121+ tapes > 4Gb). Doing an lseek (des, 0, SEEK_SET) seems to reset the
122 seek pointer and prevent it from overflowing. */
123 if (input_is_special
124 && ( (input_bytes_before_lseek += num_bytes) >= 1073741824L) )
125@@ -404,7 +404,7 @@ tape_toss_input (int in_des, off_t num_bytes)
126
127 if (crc_i_flag && only_verify_crc_flag)
128 {
129- int k;
130+ int k;
131 for (k = 0; k < space_left; ++k)
132 crc += in_buff[k] & 0xff;
133 }
134@@ -416,14 +416,14 @@ tape_toss_input (int in_des, off_t num_bytes)
135 }
136
137 void
138-write_nuls_to_file (off_t num_bytes, int out_des,
139- void (*writer) (char *in_buf, int out_des, off_t num_bytes))
140+write_nuls_to_file (off_t num_bytes, int out_des,
141+ void (*writer) (char *in_buf, int out_des, off_t num_bytes))
142 {
143 off_t blocks;
144 off_t extra_bytes;
145 off_t i;
146 static char zeros_512[512];
147-
148+
149 blocks = num_bytes / sizeof zeros_512;
150 extra_bytes = num_bytes % sizeof zeros_512;
151 for (i = 0; i < blocks; ++i)
152@@ -603,7 +603,7 @@ create_all_directories (char const *name)
153 char *dir;
154
155 dir = dir_name (name);
156-
157+
158 if (dir == NULL)
159 error (PAXEXIT_FAILURE, 0, _("virtual memory exhausted"));
160
161@@ -637,9 +637,9 @@ create_all_directories (char const *name)
162 void
163 prepare_append (int out_file_des)
164 {
165- int start_of_header;
166- int start_of_block;
167- int useful_bytes_in_block;
168+ off_t start_of_header;
169+ off_t start_of_block;
170+ size_t useful_bytes_in_block;
171 char *tmp_buf;
172
173 start_of_header = last_header_start;
174@@ -697,8 +697,8 @@ inode_val_compare (const void *val1, const void *val2)
175 const struct inode_val *ival1 = val1;
176 const struct inode_val *ival2 = val2;
177 return ival1->inode == ival2->inode
178- && ival1->major_num == ival2->major_num
179- && ival1->minor_num == ival2->minor_num;
180+ && ival1->major_num == ival2->major_num
181+ && ival1->minor_num == ival2->minor_num;
182 }
183
184 static struct inode_val *
185@@ -706,10 +706,10 @@ find_inode_val (ino_t node_num, unsigned long major_num,
186 unsigned long minor_num)
187 {
188 struct inode_val sample;
189-
190+
191 if (!hash_table)
192 return NULL;
193-
194+
195 sample.inode = node_num;
196 sample.major_num = major_num;
197 sample.minor_num = minor_num;
198@@ -734,7 +734,7 @@ add_inode (ino_t node_num, char *file_name, unsigned long major_num,
199 {
200 struct inode_val *temp;
201 struct inode_val *e = NULL;
202-
203+
204 /* Create new inode record. */
205 temp = (struct inode_val *) xmalloc (sizeof (struct inode_val));
206 temp->inode = node_num;
207@@ -1007,7 +1007,7 @@ buf_all_zeros (char *buf, int bufsize)
208
209 /* Write NBYTE bytes from BUF to file descriptor FILDES, trying to
210 create holes instead of writing blockfuls of zeros.
211-
212+
213 Return the number of bytes written (including bytes in zero
214 regions) on success, -1 on error.
215
216@@ -1027,7 +1027,7 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush)
217
218 enum { begin, in_zeros, not_in_zeros } state =
219 delayed_seek_count ? in_zeros : begin;
220-
221+
222 while (nbytes)
223 {
224 size_t rest = nbytes;
225@@ -1042,7 +1042,7 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush)
226 if (state == not_in_zeros)
227 {
228 ssize_t bytes = buf - start_ptr + rest;
229-
230+
231 n = write (fildes, start_ptr, bytes);
232 if (n == -1)
233 return -1;
234@@ -1091,8 +1091,8 @@ sparse_write (int fildes, char *buf, size_t nbytes, bool flush)
235 if (n != 1)
236 return n;
237 delayed_seek_count = 0;
238- }
239-
240+ }
241+
242 return nwritten + seek_count;
243 }
244
245@@ -1222,7 +1222,7 @@ set_perms (int fd, struct cpio_file_stat *header)
246 if (!no_chown_flag)
247 {
248 uid_t uid = CPIO_UID (header->c_uid);
249- gid_t gid = CPIO_GID (header->c_gid);
250+ gid_t gid = CPIO_GID (header->c_gid);
251 if ((fchown_or_chown (fd, header->c_name, uid, gid) < 0)
252 && errno != EPERM)
253 chown_error_details (header->c_name, uid, gid);
254@@ -1239,13 +1239,13 @@ set_file_times (int fd,
255 const char *name, unsigned long atime, unsigned long mtime)
256 {
257 struct timespec ts[2];
258-
259+
260 memset (&ts, 0, sizeof ts);
261
262 ts[0].tv_sec = atime;
263 ts[1].tv_sec = mtime;
264
265- /* Silently ignore EROFS because reading the file won't have upset its
266+ /* Silently ignore EROFS because reading the file won't have upset its
267 timestamp if it's on a read-only filesystem. */
268 if (fdutimens (fd, name, ts) < 0 && errno != EROFS)
269 utime_error (name);
270@@ -1297,7 +1297,7 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
271
272 /* This is a simplified form of delayed set_stat used by GNU tar.
273 With the time, both forms will merge and pass to paxutils
274-
275+
276 List of directories whose statuses we need to extract after we've
277 finished extracting their subsidiary files. If you consider each
278 contiguous subsequence of elements of the form [D]?[^D]*, where [D]
279@@ -1415,7 +1415,7 @@ cpio_mkdir (struct cpio_file_stat *file_hdr, int *setstat_delayed)
280 {
281 int rc;
282 mode_t mode = file_hdr->c_mode;
283-
284+
285 if (!(file_hdr->c_mode & S_IWUSR))
286 {
287 rc = mkdir (file_hdr->c_name, mode | S_IWUSR);
288@@ -1438,10 +1438,10 @@ cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir)
289 {
290 int res; /* Result of various function calls. */
291 int setstat_delayed = 0;
292-
293+
294 if (to_stdout_option)
295 return 0;
296-
297+
298 /* Strip any trailing `/'s off the filename; tar puts
299 them on. We might as well do it here in case anybody
300 else does too, since they cause strange things to happen. */
301@@ -1530,7 +1530,7 @@ arf_stores_inode_p (enum archive_format arf)
302 }
303 return 1;
304 }
305-
306+
307 void
308 cpio_file_stat_init (struct cpio_file_stat *file_hdr)
309 {
310--
3112.39.2
312
diff --git a/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch b/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
new file mode 100644
index 0000000000..6ceafeee49
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.13/CVE-2021-38185.patch
@@ -0,0 +1,581 @@
1GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted
2pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers
3an out-of-bounds heap write.
4
5CVE: CVE-2021-38185
6Upstream-Status: Backport
7Signed-off-by: Ross Burton <ross.burton@arm.com>
8
9From e494c68a3a0951b1eaba77e2db93f71a890e15d8 Mon Sep 17 00:00:00 2001
10From: Sergey Poznyakoff <gray@gnu.org>
11Date: Sat, 7 Aug 2021 12:52:21 +0300
12Subject: [PATCH 1/3] Rewrite dynamic string support.
13
14* src/dstring.c (ds_init): Take a single argument.
15(ds_free): New function.
16(ds_resize): Take a single argument. Use x2nrealloc to expand
17the storage.
18(ds_reset,ds_append,ds_concat,ds_endswith): New function.
19(ds_fgetstr): Rewrite. In particular, this fixes integer overflow.
20* src/dstring.h (dynamic_string): Keep both the allocated length
21(ds_size) and index of the next free byte in the string (ds_idx).
22(ds_init,ds_resize): Change signature.
23(ds_len): New macro.
24(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos.
25* src/copyin.c: Use new ds_ functions.
26* src/copyout.c: Likewise.
27* src/copypass.c: Likewise.
28* src/util.c: Likewise.
29---
30 src/copyin.c | 40 +++++++++++------------
31 src/copyout.c | 16 ++++-----
32 src/copypass.c | 34 +++++++++----------
33 src/dstring.c | 88 ++++++++++++++++++++++++++++++++++++--------------
34 src/dstring.h | 31 +++++++++---------
35 src/util.c | 6 ++--
36 6 files changed, 123 insertions(+), 92 deletions(-)
37
38diff --git a/src/copyin.c b/src/copyin.c
39index b29f348..37e503a 100644
40--- a/src/copyin.c
41+++ b/src/copyin.c
42@@ -55,11 +55,12 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
43 char *str_res; /* Result for string function. */
44 static dynamic_string new_name; /* New file name for rename option. */
45 static int initialized_new_name = false;
46+
47 if (!initialized_new_name)
48- {
49- ds_init (&new_name, 128);
50- initialized_new_name = true;
51- }
52+ {
53+ ds_init (&new_name);
54+ initialized_new_name = true;
55+ }
56
57 if (rename_flag)
58 {
59@@ -779,37 +780,36 @@ long_format (struct cpio_file_stat *file_hdr, char const *link_name)
60 already in `save_patterns' (from the command line) are preserved. */
61
62 static void
63-read_pattern_file ()
64+read_pattern_file (void)
65 {
66- int max_new_patterns;
67- char **new_save_patterns;
68- int new_num_patterns;
69+ char **new_save_patterns = NULL;
70+ size_t max_new_patterns;
71+ size_t new_num_patterns;
72 int i;
73- dynamic_string pattern_name;
74+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER;
75 FILE *pattern_fp;
76
77 if (num_patterns < 0)
78 num_patterns = 0;
79- max_new_patterns = 1 + num_patterns;
80- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *));
81 new_num_patterns = num_patterns;
82- ds_init (&pattern_name, 128);
83+ max_new_patterns = num_patterns;
84+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0]));
85
86 pattern_fp = fopen (pattern_file_name, "r");
87 if (pattern_fp == NULL)
88 open_fatal (pattern_file_name);
89 while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
90 {
91- if (new_num_patterns >= max_new_patterns)
92- {
93- max_new_patterns += 1;
94- new_save_patterns = (char **)
95- xrealloc ((char *) new_save_patterns,
96- max_new_patterns * sizeof (char *));
97- }
98+ if (new_num_patterns == max_new_patterns)
99+ new_save_patterns = x2nrealloc (new_save_patterns,
100+ &max_new_patterns,
101+ sizeof (new_save_patterns[0]));
102 new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
103 ++new_num_patterns;
104 }
105+
106+ ds_free (&pattern_name);
107+
108 if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
109 close_error (pattern_file_name);
110
111@@ -1196,7 +1196,7 @@ swab_array (char *ptr, int count)
112 in the file system. */
113
114 void
115-process_copy_in ()
116+process_copy_in (void)
117 {
118 char done = false; /* True if trailer reached. */
119 FILE *tty_in = NULL; /* Interactive file for rename option. */
120diff --git a/src/copyout.c b/src/copyout.c
121index 8b0beb6..26e3dda 100644
122--- a/src/copyout.c
123+++ b/src/copyout.c
124@@ -594,9 +594,10 @@ assign_string (char **pvar, char *value)
125 The format of the header depends on the compatibility (-c) flag. */
126
127 void
128-process_copy_out ()
129+process_copy_out (void)
130 {
131- dynamic_string input_name; /* Name of file read from stdin. */
132+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
133+ /* Name of file read from stdin. */
134 struct stat file_stat; /* Stat record for file. */
135 struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;
136 /* Output header information. */
137@@ -605,7 +606,6 @@ process_copy_out ()
138 char *orig_file_name = NULL;
139
140 /* Initialize the copy out. */
141- ds_init (&input_name, 128);
142 file_hdr.c_magic = 070707;
143
144 /* Check whether the output file might be a tape. */
145@@ -657,14 +657,9 @@ process_copy_out ()
146 {
147 if (file_hdr.c_mode & CP_IFDIR)
148 {
149- int len = strlen (input_name.ds_string);
150 /* Make sure the name ends with a slash */
151- if (input_name.ds_string[len-1] != '/')
152- {
153- ds_resize (&input_name, len + 2);
154- input_name.ds_string[len] = '/';
155- input_name.ds_string[len+1] = 0;
156- }
157+ if (!ds_endswith (&input_name, '/'))
158+ ds_append (&input_name, '/');
159 }
160 }
161
162@@ -875,6 +870,7 @@ process_copy_out ()
163 (unsigned long) blocks), (unsigned long) blocks);
164 }
165 cpio_file_stat_free (&file_hdr);
166+ ds_free (&input_name);
167 }
168
169
170diff --git a/src/copypass.c b/src/copypass.c
171index dc13b5b..62f31c6 100644
172--- a/src/copypass.c
173+++ b/src/copypass.c
174@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st)
175 If `link_flag', link instead of copying. */
176
177 void
178-process_copy_pass ()
179+process_copy_pass (void)
180 {
181- dynamic_string input_name; /* Name of file from stdin. */
182- dynamic_string output_name; /* Name of new file. */
183+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
184+ /* Name of file from stdin. */
185+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER;
186+ /* Name of new file. */
187 size_t dirname_len; /* Length of `directory_name'. */
188 int res; /* Result of functions. */
189 char *slash; /* For moving past slashes in input name. */
190@@ -65,25 +67,18 @@ process_copy_pass ()
191 created files */
192
193 /* Initialize the copy pass. */
194- ds_init (&input_name, 128);
195
196 dirname_len = strlen (directory_name);
197 if (change_directory_option && !ISSLASH (directory_name[0]))
198 {
199 char *pwd = xgetcwd ();
200-
201- dirname_len += strlen (pwd) + 1;
202- ds_init (&output_name, dirname_len + 2);
203- strcpy (output_name.ds_string, pwd);
204- strcat (output_name.ds_string, "/");
205- strcat (output_name.ds_string, directory_name);
206+
207+ ds_concat (&output_name, pwd);
208+ ds_append (&output_name, '/');
209 }
210- else
211- {
212- ds_init (&output_name, dirname_len + 2);
213- strcpy (output_name.ds_string, directory_name);
214- }
215- output_name.ds_string[dirname_len] = '/';
216+ ds_concat (&output_name, directory_name);
217+ ds_append (&output_name, '/');
218+ dirname_len = ds_len (&output_name);
219 output_is_seekable = true;
220
221 change_dir ();
222@@ -116,8 +111,8 @@ process_copy_pass ()
223 /* Make the name of the new file. */
224 for (slash = input_name.ds_string; *slash == '/'; ++slash)
225 ;
226- ds_resize (&output_name, dirname_len + strlen (slash) + 2);
227- strcpy (output_name.ds_string + dirname_len + 1, slash);
228+ ds_reset (&output_name, dirname_len);
229+ ds_concat (&output_name, slash);
230
231 existing_dir = false;
232 if (lstat (output_name.ds_string, &out_file_stat) == 0)
233@@ -333,6 +328,9 @@ process_copy_pass ()
234 (unsigned long) blocks),
235 (unsigned long) blocks);
236 }
237+
238+ ds_free (&input_name);
239+ ds_free (&output_name);
240 }
241
242 /* Try and create a hard link from FILE_NAME to another file
243diff --git a/src/dstring.c b/src/dstring.c
244index e9c063f..358f356 100644
245--- a/src/dstring.c
246+++ b/src/dstring.c
247@@ -20,8 +20,8 @@
248 #if defined(HAVE_CONFIG_H)
249 # include <config.h>
250 #endif
251-
252 #include <stdio.h>
253+#include <stdlib.h>
254 #if defined(HAVE_STRING_H) || defined(STDC_HEADERS)
255 #include <string.h>
256 #else
257@@ -33,24 +33,41 @@
258 /* Initialiaze dynamic string STRING with space for SIZE characters. */
259
260 void
261-ds_init (dynamic_string *string, int size)
262+ds_init (dynamic_string *string)
263+{
264+ memset (string, 0, sizeof *string);
265+}
266+
267+/* Free the dynamic string storage. */
268+
269+void
270+ds_free (dynamic_string *string)
271 {
272- string->ds_length = size;
273- string->ds_string = (char *) xmalloc (size);
274+ free (string->ds_string);
275 }
276
277-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */
278+/* Expand dynamic string STRING, if necessary. */
279
280 void
281-ds_resize (dynamic_string *string, int size)
282+ds_resize (dynamic_string *string)
283 {
284- if (size > string->ds_length)
285+ if (string->ds_idx == string->ds_size)
286 {
287- string->ds_length = size;
288- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size);
289+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
290+ 1);
291 }
292 }
293
294+/* Reset the index of the dynamic string S to LEN. */
295+
296+void
297+ds_reset (dynamic_string *s, size_t len)
298+{
299+ while (len > s->ds_size)
300+ ds_resize (s);
301+ s->ds_idx = len;
302+}
303+
304 /* Dynamic string S gets a string terminated by the EOS character
305 (which is removed) from file F. S will increase
306 in size during the function if the string from F is longer than
307@@ -61,34 +78,50 @@ ds_resize (dynamic_string *string, int size)
308 char *
309 ds_fgetstr (FILE *f, dynamic_string *s, char eos)
310 {
311- int insize; /* Amount needed for line. */
312- int strsize; /* Amount allocated for S. */
313 int next_ch;
314
315 /* Initialize. */
316- insize = 0;
317- strsize = s->ds_length;
318+ s->ds_idx = 0;
319
320 /* Read the input string. */
321- next_ch = getc (f);
322- while (next_ch != eos && next_ch != EOF)
323+ while ((next_ch = getc (f)) != eos && next_ch != EOF)
324 {
325- if (insize >= strsize - 1)
326- {
327- ds_resize (s, strsize * 2 + 2);
328- strsize = s->ds_length;
329- }
330- s->ds_string[insize++] = next_ch;
331- next_ch = getc (f);
332+ ds_resize (s);
333+ s->ds_string[s->ds_idx++] = next_ch;
334 }
335- s->ds_string[insize++] = '\0';
336+ ds_resize (s);
337+ s->ds_string[s->ds_idx] = '\0';
338
339- if (insize == 1 && next_ch == EOF)
340+ if (s->ds_idx == 0 && next_ch == EOF)
341 return NULL;
342 else
343 return s->ds_string;
344 }
345
346+void
347+ds_append (dynamic_string *s, int c)
348+{
349+ ds_resize (s);
350+ s->ds_string[s->ds_idx] = c;
351+ if (c)
352+ {
353+ s->ds_idx++;
354+ ds_resize (s);
355+ s->ds_string[s->ds_idx] = 0;
356+ }
357+}
358+
359+void
360+ds_concat (dynamic_string *s, char const *str)
361+{
362+ size_t len = strlen (str);
363+ while (len + 1 > s->ds_size)
364+ ds_resize (s);
365+ memcpy (s->ds_string + s->ds_idx, str, len);
366+ s->ds_idx += len;
367+ s->ds_string[s->ds_idx] = 0;
368+}
369+
370 char *
371 ds_fgets (FILE *f, dynamic_string *s)
372 {
373@@ -100,3 +133,10 @@ ds_fgetname (FILE *f, dynamic_string *s)
374 {
375 return ds_fgetstr (f, s, '\0');
376 }
377+
378+/* Return true if the dynamic string S ends with character C. */
379+int
380+ds_endswith (dynamic_string *s, int c)
381+{
382+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c);
383+}
384diff --git a/src/dstring.h b/src/dstring.h
385index b5135fe..f5b04ef 100644
386--- a/src/dstring.h
387+++ b/src/dstring.h
388@@ -17,10 +17,6 @@
389 Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
390 Boston, MA 02110-1301 USA. */
391
392-#ifndef NULL
393-#define NULL 0
394-#endif
395-
396 /* A dynamic string consists of record that records the size of an
397 allocated string and the pointer to that string. The actual string
398 is a normal zero byte terminated string that can be used with the
399@@ -30,22 +26,25 @@
400
401 typedef struct
402 {
403- int ds_length; /* Actual amount of storage allocated. */
404- char *ds_string; /* String. */
405+ size_t ds_size; /* Actual amount of storage allocated. */
406+ size_t ds_idx; /* Index of the next free byte in the string. */
407+ char *ds_string; /* String storage. */
408 } dynamic_string;
409
410+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL }
411
412-/* Macros that look similar to the original string functions.
413- WARNING: These macros work only on pointers to dynamic string records.
414- If used with a real record, an "&" must be used to get the pointer. */
415-#define ds_strlen(s) strlen ((s)->ds_string)
416-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string)
417-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n)
418-#define ds_index(s, c) index ((s)->ds_string, c)
419-#define ds_rindex(s, c) rindex ((s)->ds_string, c)
420+void ds_init (dynamic_string *string);
421+void ds_free (dynamic_string *string);
422+void ds_reset (dynamic_string *s, size_t len);
423
424-void ds_init (dynamic_string *string, int size);
425-void ds_resize (dynamic_string *string, int size);
426+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */
427 char *ds_fgetname (FILE *f, dynamic_string *s);
428 char *ds_fgets (FILE *f, dynamic_string *s);
429 char *ds_fgetstr (FILE *f, dynamic_string *s, char eos);
430+void ds_append (dynamic_string *s, int c);
431+void ds_concat (dynamic_string *s, char const *str);
432+
433+#define ds_len(s) ((s)->ds_idx)
434+
435+int ds_endswith (dynamic_string *s, int c);
436+
437diff --git a/src/util.c b/src/util.c
438index 4421b20..6d6bbaa 100644
439--- a/src/util.c
440+++ b/src/util.c
441@@ -846,11 +846,9 @@ get_next_reel (int tape_des)
442 FILE *tty_out; /* File for interacting with user. */
443 int old_tape_des;
444 char *next_archive_name;
445- dynamic_string new_name;
446+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER;
447 char *str_res;
448
449- ds_init (&new_name, 128);
450-
451 /* Open files for interactive communication. */
452 tty_in = fopen (TTY_NAME, "r");
453 if (tty_in == NULL)
454@@ -925,7 +923,7 @@ get_next_reel (int tape_des)
455 error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"),
456 old_tape_des, tape_des);
457
458- free (new_name.ds_string);
459+ ds_free (&new_name);
460 fclose (tty_in);
461 fclose (tty_out);
462 }
463--
4642.25.1
465
466
467From fb7a51bf85b8e6f045cacb4fb783db4a414741bf Mon Sep 17 00:00:00 2001
468From: Sergey Poznyakoff <gray@gnu.org>
469Date: Wed, 11 Aug 2021 18:10:38 +0300
470Subject: [PATCH 2/3] Fix previous commit
471
472* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a
473loop.
474---
475 src/dstring.c | 4 ++--
476 1 file changed, 2 insertions(+), 2 deletions(-)
477
478diff --git a/src/dstring.c b/src/dstring.c
479index 358f356..90c691c 100644
480--- a/src/dstring.c
481+++ b/src/dstring.c
482@@ -64,7 +64,7 @@ void
483 ds_reset (dynamic_string *s, size_t len)
484 {
485 while (len > s->ds_size)
486- ds_resize (s);
487+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
488 s->ds_idx = len;
489 }
490
491@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str)
492 {
493 size_t len = strlen (str);
494 while (len + 1 > s->ds_size)
495- ds_resize (s);
496+ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
497 memcpy (s->ds_string + s->ds_idx, str, len);
498 s->ds_idx += len;
499 s->ds_string[s->ds_idx] = 0;
500--
5012.25.1
502
503
504From 86b37d74b15f9bb5fe62fd1642cc126d3ace0189 Mon Sep 17 00:00:00 2001
505From: Sergey Poznyakoff <gray@gnu.org>
506Date: Wed, 18 Aug 2021 09:41:39 +0300
507Subject: [PATCH 3/3] Fix dynamic string reallocations
508
509* src/dstring.c (ds_resize): Take additional argument: number of
510bytes to leave available after ds_idx. All uses changed.
511---
512 src/dstring.c | 18 ++++++++----------
513 1 file changed, 8 insertions(+), 10 deletions(-)
514
515diff --git a/src/dstring.c b/src/dstring.c
516index 90c691c..0f597cc 100644
517--- a/src/dstring.c
518+++ b/src/dstring.c
519@@ -49,9 +49,9 @@ ds_free (dynamic_string *string)
520 /* Expand dynamic string STRING, if necessary. */
521
522 void
523-ds_resize (dynamic_string *string)
524+ds_resize (dynamic_string *string, size_t len)
525 {
526- if (string->ds_idx == string->ds_size)
527+ while (len + string->ds_idx >= string->ds_size)
528 {
529 string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
530 1);
531@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string)
532 void
533 ds_reset (dynamic_string *s, size_t len)
534 {
535- while (len > s->ds_size)
536- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
537+ ds_resize (s, len);
538 s->ds_idx = len;
539 }
540
541@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos)
542 /* Read the input string. */
543 while ((next_ch = getc (f)) != eos && next_ch != EOF)
544 {
545- ds_resize (s);
546+ ds_resize (s, 0);
547 s->ds_string[s->ds_idx++] = next_ch;
548 }
549- ds_resize (s);
550+ ds_resize (s, 0);
551 s->ds_string[s->ds_idx] = '\0';
552
553 if (s->ds_idx == 0 && next_ch == EOF)
554@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos)
555 void
556 ds_append (dynamic_string *s, int c)
557 {
558- ds_resize (s);
559+ ds_resize (s, 0);
560 s->ds_string[s->ds_idx] = c;
561 if (c)
562 {
563 s->ds_idx++;
564- ds_resize (s);
565+ ds_resize (s, 0);
566 s->ds_string[s->ds_idx] = 0;
567 }
568 }
569@@ -115,8 +114,7 @@ void
570 ds_concat (dynamic_string *s, char const *str)
571 {
572 size_t len = strlen (str);
573- while (len + 1 > s->ds_size)
574- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
575+ ds_resize (s, len);
576 memcpy (s->ds_string + s->ds_idx, str, len);
577 s->ds_idx += len;
578 s->ds_string[s->ds_idx] = 0;
579--
5802.25.1
581
diff --git a/meta/recipes-extended/cpio/cpio_2.13.bb b/meta/recipes-extended/cpio/cpio_2.13.bb
index 9e35a80f8b..5ab567f360 100644
--- a/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -9,6 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949"
9SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \ 9SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
10 file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ 10 file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
11 file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \ 11 file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
12 file://CVE-2021-38185.patch \
13 file://0003-Fix-calculation-of-CRC-in-copy-out-mode.patch \
14 file://0004-Fix-appending-to-archives-bigger-than-2G.patch \
12 " 15 "
13 16
14SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810" 17SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
@@ -16,6 +19,9 @@ SRC_URI[sha256sum] = "e87470d9c984317f658567c03bfefb6b0c829ff17dbf6b0de48d71a4c8
16 19
17inherit autotools gettext texinfo 20inherit autotools gettext texinfo
18 21
22# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us
23CVE_CHECK_WHITELIST += "CVE-2010-4226"
24
19EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" 25EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
20 26
21do_install () { 27do_install () {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-24 21:54:36 +0000