#
# spec file for package cpio
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: cpio
Version: 2.13
Release: 2.5
Summary: A Backup and Archiving Utility
License: GPL-3.0-only
Group: Productivity/Archiving/Backup
URL: https://www.gnu.org/software/cpio/cpio.html
Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2
Source1: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2.sig
Source2: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=%{name}&download=1#/%{name}.keyring
Patch2: cpio-use_new_ascii_format.patch
Patch4: cpio-use_sbin_rmt.patch
#PATCH-FIX-UPSTREAM cpio-2.12 cpio-open_nonblock.patch bnc#94449,
#https://savannah.gnu.org/patch/?9263 -- open device with O_NONBLOCK option
Patch5: cpio-open_nonblock.patch
Patch15: cpio-eof_tape_handling.patch
# make posibble to have device nodes with major number > 127
# Red Hat Bugzilla #450109
Patch17: cpio-dev_number.patch
Patch18: cpio-default_tape_dev.patch
#PATCH-FIX-UPSTREAM cpio-2.10-close_files_after_copy.patch
Patch20: cpio-close_files_after_copy.patch
Patch21: cpio-pattern-file-sigsegv.patch
Patch23: paxutils-rtapelib_mtget.patch
# see https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
Patch24: cpio-revert-CVE-2015-1197-fix.patch
Patch25: cpio-fix_truncation_check.patch
BuildRequires: autoconf
BuildRequires: automake
#Requires(post): %{xinstall_info_prereq}
#Requires(preun): %{xinstall_info_prereq}
Recommends: %{name}-mt = %{version}
Recommends: rmt
%description
GNU cpio is a program to manage archives of files. Cpio copies files
into or out of a cpio or tar archive. An archive is a file that contains
other files plus information about them, such as their pathname, owner,
time stamps, and access permissions. The archive can be another file on
the disk, a magnetic tape, or a pipe.
%package mt
Summary: Tape drive control utility
Group: Productivity/Archiving/Backup
Requires: %{name} = %{version}
Requires(post): update-alternatives
Requires(postun): update-alternatives
Provides: mt
%description mt
This package includes the 'mt', a local tape drive control program.
%lang_package
%prep
%setup -q
%patch2
%patch4
%patch5
%patch15
%patch17
%patch18
%patch20
###
%patch21 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%build
gettextize -f --no-changelog
autoreconf -fiv
export CFLAGS="%{optflags} -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fcommon"
%configure \
--with-rmt="%{_bindir}/rmt" \
--enable-mt \
--disable-silent-rules \
--program-transform-name='s/^mt$/gnumt/'
make %{?_smp_mflags}
%install
mkdir -p %{buildroot}/{usr/bin,bin}
%make_install
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -sf %{_sysconfdir}/alternatives/mt %{buildroot}%{_bindir}/mt
ln -sf %{_sysconfdir}/alternatives/mt.1%{ext_man} %{buildroot}%{_mandir}/man1/mt.1%{ext_man}
%if !0%{?usrmerged}
ln -sf %{_bindir}/cpio %{buildroot}/bin
%endif
%find_lang %{name}
%check
make %{?_smp_mflags} check
%post mt
%{_sbindir}/update-alternatives --force \
--install %{_bindir}/mt mt %{_bindir}/gnumt 10 \
--slave %{_mandir}/man1/mt.1%{ext_man} mt.1%{ext_man} %{_mandir}/man1/gnumt.1%{ext_man}
%post
%install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info}
%preun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info}
%postun mt
if [ ! -f %{_bindir}/gnumt ] ; then
"%{_sbindir}/update-alternatives" --remove mt %{_bindir}/gnumt
fi
%files
%license COPYING
%doc NEWS ChangeLog
%if !0%{?usrmerged}
/bin/cpio
%endif
%{_bindir}/cpio
%{_infodir}/cpio.info%{?ext_info}
%{_mandir}/man1/cpio.1%{?ext_man}
%files mt
%ghost %{_bindir}/mt
%{_bindir}/gnumt
%ghost %{_mandir}/man1/mt.1%{ext_man}
%{_mandir}/man1/gnumt.1%{?ext_man}
%ghost %{_sysconfdir}/alternatives/mt
%ghost %{_sysconfdir}/alternatives/mt.1%{ext_man}
%files lang -f %{name}.lang
%changelog
* Fri Oct 16 2020 Ludwig Nussel <lnussel@suse.de>
- prepare usrmerge (boo#1029961)
* Fri Sep 11 2020 Dirk Mueller <dmueller@suse.com>
- add cpio-revert-CVE-2015-1197-fix.patch as recommended by upstream
to fix https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
* Sat Aug 15 2020 Dirk Mueller <dmueller@suse.com>
- update to 2.13:
* CVE-2015-1197, CVE-2016-2037, CVE-2019-14866
- remove patches (upstream):
cpio-2.12-out_of_bounds_write.patch, cpio-2.12-CVE-2019-14866.patch,
cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch,
cpio-check_for_symlinks.patch
* Sun Mar 29 2020 Kristyna Streitova <kstreitova@suse.com>
- starting with GCC 10, the default of '-fcommon' option will
change to '-fno-common'. Because cpio build fails with
'fno-common', add '-fcommon' option to optflags as a temporary
workaround for this problem till it's properly fixed [bsc#1160870]
* Mon Nov 4 2019 Kristyna Streitova <kstreitova@suse.com>
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
cpio does not properly validate the values written in the header
of a TAR file through the to_oct() function [bsc#1155199]
[CVE-2019-14866]
* Thu Sep 19 2019 Ludwig Nussel <lnussel@suse.de>
- Do not recommend lang package. The lang package already has a
supplements.
* Wed Sep 26 2018 Bernhard Wiedemann <bwiedemann@suse.com>
- Use gettextize --no-changelog to drop build date
to make package build reproducible (boo#1047218)
* Fri Sep 14 2018 Martin Pluskal <mpluskal@suse.com>
- Use URL to fetch keyring
- Do not force building with PIE, it is default now anyways
- Use https for URLs
- Install license
* Tue Apr 11 2017 kstreitova@suse.com
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
causing cpio to crash for tar and ustar archive types
[bsc#1028410]
* Mon Mar 27 2017 mpluskal@suse.com
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
* Fri Mar 24 2017 svalx@svalx.net
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
* Thu Mar 23 2017 kstreitova@suse.com
- cleanup with spec-cleaner
* Sat Mar 5 2016 mpluskal@suse.com
- Recommend mt_st as it is not hard dependency
* Thu Mar 3 2016 kstreitova@suse.com
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
'mt' binary
* Thu Mar 3 2016 svalx@svalx.net
- Disable mt building: this binary from mt_st package offers
advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
* Fri Feb 19 2016 kstreitova@suse.com
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
write in a way cpio parses certain cpio files [bsc#963448],
[CVE-2016-2037]
* Thu Oct 8 2015 kstreitova@suse.com
- update to 2.12
* Improved documentation
* Manpages are installed by make install
* New options for copy-out mode: --ignore-devno,
- -renumber-inodes, --device-independent, --reproducible
* update
* cpio-use_new_ascii_format.patch
* cpio-mt.patch
* cpio-eof_tape_handling.patch
* cpio-pattern-file-sigsegv.patch
* cpio-check_for_symlinks.patch
* remove (no longer needed)
* cpio-stdio.in.patch
* 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
* add
* cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
* Mon Mar 16 2015 mpluskal@suse.com
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
* Thu Jan 1 2015 meissner@suse.com
- build with PIE
* Mon Dec 1 2014 vcizek@suse.com
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
* added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
* Fri Aug 29 2014 jengelh@inai.de
- Improve on RPM group classification (cpio does not compress
on its own per se)
- Remove redundant %%clean section
* Thu Aug 21 2014 vcizek@suse.com
- drop cpio-dir_perm.patch
* no longer needed since 2.11
* it was dropped from Fedora too and only caused problems (bnc#889138)
* Tue Jul 29 2014 vcizek@suse.com
- fix a truncation check in mt
* added cpio-fix_truncation_check.patch
* Thu Jul 17 2014 vcizek@suse.com
- prevent cpio from extracting over a symlink (bnc#658010)
* added cpio-check_for_symlinks.patch
* Tue Jul 23 2013 vcizek@suse.com
- add a missing fix from SLE for bnc#830779 (original bug bnc#658031)
added paxutils-rtapelib_mtget.patch
* Thu Mar 21 2013 mmeister@suse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
* Wed Jul 18 2012 aj@suse.de
- Fix build with missing gets declaration (glibc 2.16)
* Thu Feb 2 2012 rschweikert@suse.com
- leave binary in /usr (UsrMerge project), link to binary from /bin
* Mon Jan 2 2012 vcizek@suse.cz
- added autoconf to BuildRequires
* Thu Dec 1 2011 coolo@suse.com
- add automake as buildrequire to avoid implicit dependency
* Sun Sep 18 2011 andrea.turrini@gmail.com
- fix typos in spec file
* Tue Nov 9 2010 puzel@novell.com
- disable-silent-rules
* Tue Aug 31 2010 aj@suse.de
- Recommend instead of require lang package since it's not mandatory.
* Tue Aug 10 2010 puzel@novell.com
- add cpio-pattern-file-sigsegv.patch (bnc#629860)
* Mon Jun 28 2010 jengelh@medozas.de
- use %%_smp_mflags
* Fri Mar 12 2010 mseben@novell.com
- updated to 2.11
* Fix mt build.
* In copy-in mode, if directory attributes do not permit writing to it,
setting them is delayed until the end of run. This allows to
correctly extract files in such directories.
* In copy-in mode, permissions of a directory are restored if it
appears in the file list after files in it (e.g. in listings
produced by find . -depth). This fixes debian bug #458079.
* Fix possible memory overflow in the rmt client code (CVE-2010-0624).
- deprecated heap_overflow_in_rtapelib.patch,chmodRaceC.patch and
include_fatal_c.patch
* Wed Mar 3 2010 mseben@novell.com
- added heap_overflow_in_rtapelib.patch fix possible heap overflow in
rtapelib.c (bnc#579475)
* Sat Dec 26 2009 jengelh@medozas.de
- enable parallel build
* Tue Nov 3 2009 coolo@novell.com
- updated patches to apply with fuzz=0
* Fri Oct 16 2009 rschweikert@novell.com
- close files after copy (bnc#543132)
(cpio-2.10-close_files_after_copy.patch)
* Mon Aug 10 2009 mseben@novell.com
- merged DAT160.patch with mt.patch
- added other tape density definitions from mt_st package (bnc#523357)
* Fri Jul 17 2009 rguenther@suse.de
- Drop rmt BuildRequires again
* Fri Jul 17 2009 mseben@suse.cz
- fix identification of the density code for DAT160 bnc#415166
* Mon Jun 22 2009 mseben@suse.cz
- updated to version 2.10
* Ensure record headers are properly packed (fix builds on ARM).
* Fix exit codes to reliably indicate success or failure of the operation.
* Fix large file support.
* Support MinGW builds.
* Minor bugfixes.
- deprecated : lfs_correction.patch,paxlib-owl-alloca.patch,
gcc4_3.patch,segfault_in_copyin.patch,doc_typo.patch,
m4_macro.patch,gnulib.patch, no_rmt.patch
- added include_fatal_c.patch : fix undefined ref in mt build
- configure stage : removed useless DEFAULT_RMT_DIR=/sbin, added
- -with-rmt="%%{_sysconfdir}/rmt" and --enable-mt
* Mon Aug 4 2008 lmichnovic@suse.cz
- changed default tape device for 'mt' command to /dev/nst0
/dev/tape is not symlink any more but directory handled by udev
(*default_tape_dev.patch) [bnc#355241]
* Fri Aug 1 2008 cthiel@suse.de
- specfile cleanup
* Fri Jul 18 2008 lmichnovic@suse.cz
- make possible device nodes with major number > 127 [rhb#450109]
(*dev_number.patch)
* Fri Jun 27 2008 schwab@suse.de
- Fix gnulib macro.
* Fri Apr 11 2008 lmichnovic@suse.cz
- adjusted eof-handling.patch to check for 'end-of-file' and
'end-of-data' marker when detecting reel change. [bnc#371077]
* Fri Apr 4 2008 lmichnovic@suse.cz
- adjusted cpio-2.9-dir_perm.patch acording Red Hat patch to fix
correct dir permissions after extraction in pass-through mode.
- fix for two tapes handling (eof_tape_handling.patch) [bnc#371077]
* Thu Mar 13 2008 lmichnovic@suse.cz
- lang subpackage split off
* Thu Mar 13 2008 lmichnovic@suse.cz
- applying upstream patch cpio-2.9-dir_perm.patch which fixes
incorrect directory permissions after archive extraction
* Thu Nov 29 2007 lmichnovic@suse.cz
- removed unused m4 macro gl_LONG_LONG (*m4_macro.patch)
* Wed Nov 7 2007 lmichnovic@suse.cz
- upstream fix of typo in documantation (*doc_typo.patch)
* Tue Oct 23 2007 lmichnovic@suse.cz
- rewrote code which uses overflow to copy string in structure and
gcc was complaining about it (*avoid_overflow_warning.patch)
* Mon Oct 1 2007 lmichnovic@suse.cz
- Fixed typo in copin.c causing segfault [#329744]
(*segfault_in_copyin.patch)
* Tue Sep 25 2007 lmichnovic@suse.cz
- fix for compiling with new gcc 4.3 (*gcc4_3.patch)
* Mon Aug 20 2007 lmichnovic@suse.cz
- fixed typo in paxlib-owl-alloca.patch [#301416]
* Fri Aug 17 2007 lmichnovic@suse.cz
- upstream fix: use of alloca can cause stack overflow
(paxlib-owl-alloca.patch)
* Tue Aug 14 2007 lmichnovic@suse.cz
- CAN-2005-1111 is not fixed completely in 2.9 (chmodRaceC.patch)
based on fedora patch
* Wed Jul 25 2007 lmichnovic@suse.cz
- fixed types of variables for LFS support (*lfs_correction.patch)
* Tue Jul 24 2007 lmichnovic@suse.cz
- adjusted *mt.patch to fix compression handling [#223494]
* Fri Jul 20 2007 lmichnovic@suse.cz
- update to version 2.9
- obsoletes *lstat.patch
* Licensed under the GPLv3.
* Bugfixes: Honor umask when creating intermediate directories,
not specified in the archive (debian bug #430053). (This bug
is only in version 2.8)
* 2.8:
* Option --owner can be used in copy-out mode, allowing
to uniformly override the ownership of the files being added
to the archive.
* Bugfixes:
- Symlinks were handled incorrectly in copy-out mode. (This
bug was only in version 2.7)
- Fix handling of large files. {obsoletes lfs.patch}
o Fix setting the file permissions in copy-out mode.
o Fix CAN-2005-1111 {obsoletes chmodRaceC.patch}
* 2.7:
* Improved error checking and diagnostics
* Fixed CAN-1999-1572 {obsoletes writeOutHeaderBufferOverflow.patch}
* Allow to use --sparse in both copy-in and copy-pass.
* Fix bug that eventually caused copying out the same
hard-linked file several times to archive.
* Fix several LFS-related issues. {obsoletes lfs.patch}
* Fix Debian bug #335580.
- obsoletes *dirTraversal.patch implemented with option
- -no-absolute-pathnames; option --absolute-pathnames is still possible
- obsoletes *checksum.patch, fix_umask.patch, sparse.patch
- using lang macro
* Thu Sep 21 2006 lmichnovic@suse.cz
- fixed typo in cpio-2.6.dif; renamed to *-mt.patch
- united suffix of patches
* Tue Sep 19 2006 schwab@suse.de
- Fix missing newline after mt status.
* Mon Jul 24 2006 rguenther@suse.de
- remove useless build-dependency on rsh.
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Dec 6 2005 fehr@suse.de
- add cpio-2.6-chmodRaceC.patch and cpio-2.6-dirTraversal.patch to
fix bug #80226
- add cpio-2.6-writeOutHeaderBufferOverflow.patch to fix #133454
- add cpio-2.6-checksum.patch fix wrong checksum on 64bit archs
- add cpio-2.6-lfs.patch to support large files on 32bit archs
* Wed Aug 10 2005 fehr@suse.de
- fix call to setlocale to make multibyte characters work (#98902)
* Thu Jun 30 2005 fehr@suse.de
- open with O_NONBLOCK option (#94449)
* Wed May 4 2005 ro@suse.de
- properly detect lstat in configure
* Wed Apr 27 2005 snwint@suse.de
- fix '--sparse' option check
* Mon Apr 25 2005 fehr@suse.de
- update to cpio 2.6
* Mon Jan 24 2005 fehr@suse.de
- fix problem with cpio not respecting umask (#50054)
* Mon Jan 19 2004 ro@suse.de
- fix build as user
* Sun Jan 11 2004 adrian@suse.de
- add %%defattr
* Thu Apr 24 2003 ro@suse.de
- fix install_info --delete call and move from preun to postun
* Tue Apr 15 2003 coolo@suse.de
- use BuildRoot
* Fri Feb 7 2003 fehr@suse.de
- Use %%install_info macro
* Tue Sep 17 2002 ro@suse.de
- removed bogus self-provides
* Tue Aug 13 2002 mfabian@suse.de
- add cpio-2.5-i18n-0.1.patch received from
"Mitsuru Chinen" <CHINEN@jp.ibm.com>
The patch just adds a setlocale (LC_ALL, "").
* Sun Jul 28 2002 kukuk@suse.de
- remove unused tetex from neededforbuild
* Fri Jul 5 2002 fehr@suse.de
- update to new version 2.5
* Mon Dec 3 2001 fehr@suse.de
- make the -c switch comatible to SVR4 (and compatible to RedHat)
- fix the man page accordingly
- add rsh to #needfobuild to allow remote file access again (#12543)
* Sun Dec 3 2000 schwab@suse.de
- Fix a few bugs and typos.
* Tue Nov 28 2000 fehr@suse.de
- add compile options for LFS
* Mon Apr 17 2000 fehr@suse.de
- move cpio binary to /bin for compatibility with RedHat
* Fri Feb 25 2000 kukuk@suse.de
- remove Makefile.Linux
- use _infodir/_mandir
* Mon Sep 13 1999 bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Thu Sep 2 1999 fehr@suse.de
- Fix patch for broken header (cast to short instead of int)
* Wed Aug 4 1999 kukuk@suse.de
- Add patch for broken header in oldascii format
* Tue Sep 22 1998 ro@suse.de
- define _GNU_SOURCE for glibc where including getopt
* Tue Sep 1 1998 ro@suse.de
- fixed strdup-macro problem
* Thu Jun 5 1997 florian@suse.de
- go through the list of regex in a more suitable way (from ma@suse.de)
* Sun Apr 13 1997 florian@suse.de
- update to new version 2.4.2
- add Linux patches from RedHat
- add patches from gnu.utils.bugs