source: projects/specs/branches/6/c/cpio/cpio-vl.spec @ 10037

Revision 10037, 8.6 KB checked in by iwamoto, 8 years ago (diff)

cpio: fix CVE-2016-2037

Line 
1%ifos linux
2%define _bindir         /bin
3%define _libexecdir     /sbin
4%endif
5
6Summary: A GNU archiving program.
7Summary(ja): GNU アーカイブプログラム
8Name: cpio
9Version: 2.11
10Release: 3%{?_dist_release}
11
12License: GPLv3
13Group: Applications/Archiving
14URL: ftp://ftp.gnu.org/pub/gnu/cpio/
15
16Source: ftp://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2
17Source1: cpio.1
18Patch1: cpio-2.6-setLocale.patch
19Patch2: cpio-2.9-rh.patch
20Patch3: cpio-2.9-chmodRaceC.patch
21Patch4: cpio-2.9-exitCode.patch
22Patch5: cpio-2.9-dir_perm.patch
23Patch6: cpio-2.9-dev_number.patch
24#security
25Patch100: cpio-2.11-CVE-2014-9112.patch
26Patch110: cpio-2.11-CVE-2016-2037.patch
27
28%ifnos linux
29Requires(post): /sbin/rmt
30%endif
31Requires(post): /sbin/install-info
32Requires(preun): /sbin/install-info
33BuildRequires: texinfo autoconf gettext
34Buildroot: %{_tmppath}/%{name}-%{version}-root
35
36Vendor: Project Vine
37Distribution: Vine Linux
38
39%description
40GNU cpio copies files into or out of a cpio or tar archive.  Archives
41are files which contain a collection of other files plus information
42about them, such as their file name, owner, timestamps, and access
43permissions.  The archive can be another file on the disk, a magnetic
44tape, or a pipe.  GNU cpio supports the following archive formats:  binary,
45old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
46tar.  By default, cpio creates binary format archives, so that they are
47compatible with older cpio programs.  When it is extracting files from
48archives, cpio automatically recognizes which kind of archive it is reading
49and can read archives created on machines with a different byte-order.
50
51Install cpio if you need a program to manage file archives.
52
53
54%description -l ja
55GNU cpio は cpio アーカイブ或いは tar アーカイブにファイルをコピーしたり
56取り出したりするプログラムです.アーカイブというのは,(1つ以上の)ファイルと
57その情報(ファイル名,オーナー,更新日付,パーミッション等)がまとめられた
581つのファイルのことです.アーカイブはディスク上のファイル,磁気テープ,
59或いはパイプであっても構いません.
60GNU cpio がサポートしているアーカイブ形式は以下の通りです:
61    バイナリ, old ASCII, new ASCII, crc, HPUX バイナリ, HPUX old ASCII,
62    old tar, POSIX.1 tar
63デフォルトでは cpio はバイナリ形式のアーカイブを作成します.
64これは古いバージョンの cpio との互換性の為です.
65アーカイブを展開する場合は,cpio はアーカイブの形式を自動認識しますし,
66バイトオーダの異なる機械で作成されたアーカイブを読むことも可能です.
67
68ファイルアーカイブを扱うプログラムが必要なら,cpio をインストールして下さい.
69
70
71%prep
72%setup -q
73%patch1  -p1 -b .setLocale
74%patch2  -p1 -b .rh
75#patch3  -p1 -b .chmodRaceC
76%patch4  -p1 -b .exitCode
77#patch5  -p1 -b .dir_perm
78%patch6  -p1 -b .dev_number
79# security
80%patch100 -p1 -b .CVE-2014-9112
81%patch110 -p1 -b .CVE-2016-2037
82
83autoheader
84
85%build
86
87CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -pedantic -Wall" %configure
88make %{?_smp_mflags}
89
90%install
91rm -rf $RPM_BUILD_ROOT
92
93make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
94
95{ cd $RPM_BUILD_ROOT
96
97%ifos linux
98# XXX these from mt-st
99  rm -f .%{_bindir}/mt .%{_mandir}/man1/mt.1
100%endif
101}
102
103rm -f $RPM_BUILD_ROOT%{_infodir}/dir
104rm -f $RPM_BUILD_ROOT/sbin/rmt
105rm -f $RPM_BUILD_ROOT%{_mandir}/man1/*.1*
106install -c -p -m 0644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_mandir}/man1
107
108%clean
109rm -rf $RPM_BUILD_ROOT
110
111%post
112/sbin/install-info %{_infodir}/cpio.info.gz %{_infodir}/dir
113
114%preun
115if [ $1 = 0 ]; then
116    /sbin/install-info --delete %{_infodir}/cpio.info.gz %{_infodir}/dir
117fi
118
119
120%files
121%defattr(-,root,root)
122%doc AUTHORS ChangeLog NEWS README THANKS TODO
123%ifnos linux
124%{_libexecdir}/*
125%endif
126%{_bindir}/*
127%{_mandir}/man*/*
128%{_infodir}/*.info*
129%{_datadir}/locale/*
130
131%changelog
132* Fri Feb 19 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.11-3
133- add patch110 for fix CVE-2016-2037 (out-of-bounds write)
134
135* Tue Dec 23 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.11-2
136- add patch100 for fix CVE-2014-9112 (cpio's list_file())
137  this patch is from fc21, thanks.
138- add Vendor/Distri tags
139
140* Sat Apr 16 2011 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.11-1
141- new upstream release
142- rebuilt with current VineSeed
143
144* Fri Jan  1 2010 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.10-1
145- new upstream release
146
147* Sun Sep 21 2008 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.9.90-1vl5
148- new upstream from alpha version
149- applied new versioning policy
150- spec in UTF-8
151- added Patch5 and 6 from FC
152  * Fri Jul 18 2008 Kamil Dudka <kdudka@redhat.com> 2.9.90-2
153  - Support major/minor device numbers over 127 (bz#450109)
154  * Mon Mar 03 2008 Radek Brich <rbrich@redhat.com> 2.9-7
155  - fix -dir_perm patch to restore permissions correctly even
156    in passthrough mode -- revert affected code to cpio 2.8 state
157    (bz#430835)
158
159* Sat Aug 25 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.9-1vl1
160- new upstream release
161
162* Sat Apr 16 2005 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.6-5vl1
163- based on Fedora development 2.6-5
164  * Mon Jan 24 2005 Peter Vrabec <pvrabec@redhat.com>
165  - insecure file creation (#145721)
166  * Mon Jan 17 2005 Peter Vrabec <pvrabec@redhat.com>
167  - fix symlinks pack (#145225)
168  * Fri Jan 14 2005 Peter Vrabec <pvrabec@redhat.com>
169  - new fixed version of lfs patch (#144688)
170  * Tue Nov 09 2004 Peter Vrabec <pvrabec@redhat.com>
171  - fixed "cpio -oH ustar (or tar) saves bad mtime date after Jan 10 2004" (#114580)
172  * Mon Nov 01 2004 Peter Vrabec <pvrabec@redhat.com>
173  - support large files > 2GB (#105617)
174
175* Wed Dec 04 2002 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 2.5-1vl1
176- based on 2.5-1 from rawhide and built for Vine Linux
177- added Japanese summary and description
178
179* Mon Nov 18 2002 Jeff Johnson <jbj@redhat.com> 2.5-1
180- update 2.5, restack and consolidate patches.
181- don't apply (but include for now) freebsd and #56346 patches.
182- add url (#54598).
183
184* Thu Nov  7 2002 Jeff Johnson <jbj@redhat.com> 2.4.2-30
185- rebuild from CVS.
186
187* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
188- automated rebuild
189
190* Thu May 23 2002 Tim Powers <timp@redhat.com>
191- automated rebuild
192
193* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
194- automated rebuild
195
196* Thu Nov 22 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.4.2-25
197- Fix up extraction of multiply linked files when the first link is
198  excluded (Bug #56346)
199
200* Mon Oct  1 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.4.2-24
201- Merge and adapt patches from FreeBSD, this should fix FIFO handling
202
203* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com>
204- Add and adapt Debian patch (pl36), fixes #45285 and a couple of other issues
205
206* Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
207- Bump release + rebuild.
208
209* Tue Aug  8 2000 Jeff Johnson <jbj@redhat.com>
210- update man page with decription of -c behavior (#10581).
211
212* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
213- automatic rebuild
214
215* Thu Jun 29 2000 Preston Brown <pbrown@redhat.com>
216- patch from HJ Lu for better error codes upon exit
217
218* Mon Jun  5 2000 Jeff Johnson <jbj@redhat.com>
219- FHS packaging.
220
221* Wed Feb  9 2000 Jeff Johnson <jbj@redhat.com>
222- missing defattr.
223
224* Mon Feb  7 2000 Bill Nottingham <notting@redhat.com>
225- handle compressed manpages
226
227* Fri Dec 17 1999 Jeff Johnson <jbj@redhat.com>
228- revert the stdout patch (#3358), restoring original GNU cpio behavior
229  (#6376, #7538), the patch was dumb.
230
231* Tue Aug 31 1999 Jeff Johnson <jbj@redhat.com>
232- fix infinite loop unpacking empty files with hard links (#4208).
233- stdout should contain progress information (#3358).
234
235* Sun Mar 21 1999 Crstian Gafton <gafton@redhat.com>
236- auto rebuild in the new build environment (release 12)
237
238* Sat Dec  5 1998 Jeff Johnson <jbj@redhat.com>
239- longlong dev wrong with "-o -H odc" headers (formerly "-oc").
240
241* Thu Dec 03 1998 Cristian Gafton <gafton@redhat.com>
242- patch to compile on glibc 2.1, where strdup is a macro
243
244* Tue Jul 14 1998 Jeff Johnson <jbj@redhat.com>
245- Fiddle bindir/libexecdir to get RH install correct.
246- Don't include /sbin/rmt -- use the rmt from dump package.
247- Don't include /bin/mt -- use the mt from mt-st package.
248- Add prereq's
249
250* Tue Jun 30 1998 Jeff Johnson <jbj@redhat.com>
251- fix '-c' to duplicate svr4 behavior (problem #438)
252- install support programs & info pages
253
254* Mon Apr 27 1998 Prospector System <bugs@redhat.com>
255- translations modified for de, fr, tr
256
257* Fri Oct 17 1997 Donnie Barnes <djb@redhat.com>
258- added BuildRoot
259- removed "(used by RPM)" comment in Summary
260
261* Thu Jun 19 1997 Erik Troan <ewt@redhat.com>
262- built against glibc
263- no longer statically linked as RPM doesn't use cpio for unpacking packages
Note: See TracBrowser for help on using the repository browser.