ELBA-2025-6338

ELBA-2025-6338 - cpio bug fix and enhancement update

Type:BUG
Impact:NA
Release Date:2025-06-09

Description


[2.15-3]
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018

[2.15-2]
- Bump release for June 2024 mass rebuild

[2.15-1]
- Rebase to version 2.15

[2.14-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[2.14-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

[2.14-5]
- Backport upstream patch for C99 compatibility issue

[2.14-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

[2.14-3]
- gpg verify source tarball

[2.14-2]
- Release bump

[2.14-1]
- Rebase to version 2.14
- Resolves #1188590 CVE-2015-1197

[2.13-14]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

[2.13-13]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

[2.13-12]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[2.13-11]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[2.13-10]
- Properly drop priviledges for remote command

[2.13-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2.13-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[2.13-7]
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro

[2.13-6]
- Extract: retain times for symlinks (#1486364)

[2.13-5.1]
- Release bump due to testing of gating

[2.13-4]
- Revert fix for CVE-2015-1197 as it causes shutdown issues (#1797163)

[2.13-3]
- Fix multiple definition of program_name

[2.13-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

[2.13-1]
- new upstream release, per release notes
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html

[2.12-12]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[2.12-11]
- admit that we bundle paxutils project

[2.12-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[2.12-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[2.12-8]
- spring spec cleanup

[2.12-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[2.12-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[2.12-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[2.12-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[2.12-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[2.12-2]
- (re)generate manual page for new options

[2.12-1]
- rebase, per release notes
http://lists.gnu.org/archive/html/bug-cpio/2015-09/msg00004.html

[2.11-36]
- in 2015, file name in CVE-2014-9112 shows in a bit different timestamp
format (fix FTBFS, #1239416)

[2.11-35]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[2.11-34]
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code

[2.11-33]
- the stored archive in testsuite has little endian headers, expect also
'reversed byte-order' warning on big-endian

[2.11-32]
- adjust the testsuite fix for CVE-2014-9112 (#1167573)
- put the testsuite.log to standard output if make check fails

[2.11-31]
- fix for CVE-2014-9112 (#1167573)

[2.11-30]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[2.11-29]
- fix license handling

[2.11-28]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[2.11-27]
- better fix for bad read() error checking (#996150)

[2.11-26]
- fix manual page to warn users about inode truncation (#952313)
- fix for RU translation (#1075510)

[2.11-25]
- fix build for ppc64le (#1029540)

[2.11-24]
- properly trim 'crc' checksum to 32 bits (#1001965)
- remove unneeded patch for config.gues/config.sub (#951442)
- allow treat read() errors (#996150)

[2.11-21]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

[2.11-20]
- fix another bogus date in changelog
- update config.guess/config.sub for aarm64 build (#925189)
- run autoreconf instead of autoheader

[2.11-19]
- revert the fix for memory leak (at least for now) #921725

[2.11-18]
- explicitly provide /bin/cpio for packages that are dependant on this file

[2.11-17]
- fix small memory leak in copyin.c (#919454)
- remove %defattr and install 'cpio' to real %{_bindir}
- CovScan: add %{?_rawbuild}

[2.11-16]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[2.11-15]
- disable the temporary O_SYNC fix (glibc is fixed - #872366)

[2.11-14]
- fix bad changelog entries
- allow to build in Fedora Rawhide (temporarily because of #872336) (the value
is guessed from from /usr/include/asm-generic/fcntl.h)

[2.11-13]
- move RH-only manual page cpio.1 from look-aside cache into dist-git repository

[2.11-12]
- fix for bad file name splitting while creating ustar archive (#866467)

[2.11-11]
- add missing options to manpage (#852765)

[2.11-10]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[2.11-9]
- fix build failure in rawhide build system (gets undefined)

[2.11-8]
- drop unnecessary patches: cpio-2.9-dir_perm.patch and
cpio-2.9-sys_umask.patch - reported by M.Castellini

[2.11-7]
- add virtual provides for bundled(gnulib) copylib (#821749)

[2.11-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[2.11-5]
- update manpage to reflect new option, polish the style (#746209)

[2.11-4]
- fix several typos and manpage syntax(Ville Skytta, #682470)

[2.11-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[2.11-2]
- built with fno-strict-aliasing(#596153)

[2.11-1]
- new upstream release 2.11
- removed applied patches, run test suite

[2.10-6]
- CVE-2010-0624 fix heap-based buffer overflow by expanding
a specially-crafted archive(#572150)
- comment patches

[2.10-5]
- remove redundant setLocale patch
- fix segfault with nonexisting file with patternnames
(#567022)

[2.10-4]
- do not fail with new POSIX 2008 utimens() glibc call
(#552320)

[2.10-3]
- do process install-info only without --excludedocs(#515924)

[2.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[2.10-1]
- new upstream release 2.10

[2.9.90-5]
- define default remote shell as /usr/bin/ssh(#452904)
- use /etc/rmt as default rmt command

[2.9.90-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[2.9.90-3]
- make -d honor system umask(#484997)

[2.9.90-2]
- Support major/minor device numbers over 127 (bz#450109)

[2.9.90-1]
- new upstream alpha version 2.9.90 + removed applied patches

[2.9-7]
- fix -dir_perm patch to restore permissions correctly even
in passthrough mode -- revert affected code to cpio 2.8 state
(bz#430835)

[2.9-6]
- when extracting archive created with 'find -depth',
restore the permissions of directories properly (bz#430835)
- fix for GCC 4.3

[2.9-5]
- upstream patch for CVE-2007-4476 (stack crashing in safer_name_suffix)

[2.9-4]
- Updated license tag

[2.9-3]
- Rebuild for selinux ppc32 issue.

[2.9-1.1]
- fix spec, rebuild

[2.9-1]
- update to 2.9, GPLv3

[2.6-27]
- fix typo in changelog

[2.6-26]
- Preserve timestamps when installing files

[2.6-25]
- set cpio bindir properly

[2.6-24]
- fix spec file to meet Fedora standards (#225656)

[2.6-23]
- fix non-failsafe install-info use in scriptlets (#223682)

[2.6-22]
- fix rpmlint issue in spec file

[2.6-21]
- fix setlocale (#200478)

[2.6-20]
- cpio man page provided by RedHat

[2.6-19]
- fix cpio --help output (#197597)

[2.6-18.1]
- rebuild

[2.6-18]
- autoconf was added to BuildRequires, because autoheader is
used in prep phase (#194737)

[2.6-17]
- rebuild

[2.6-15]
- fix (#186339) on ppc and s390

[2.6-14]
- init struct file_hdr (#186339)

[2.6-13]
- merge toAsciiError.patch with writeOutHeaderBufferOverflow.patch
- merge largeFileGrew.patch with lfs.patch
- fix large file support, cpio is able to store files<8GB
in 'old ascii' format (-H odc option)
- adjust warnings.patch

[2.6-12]
- fix warn_if_file_changed() and set exit code to #1 when
cpio fails to store file > 4GB (#183224)

[2.6-11.2.1]
- bump again for double-long bug on ppc(64)

[2.6-11.2]
- rebuilt for new gcc4.1 snapshot and glibc changes

* Fri Dec 09 2005 Jesse Keating
- rebuilt

[2.6-11]
- fix previous patch(writeOutHeaderBufferOverflow)

[2.6-10]
- write_out_header rewritten to fix buffer overflow(#172669)

[2.6-9]
- fix checksum error on 64-bit machines (#171649)

[2.6-8]
- fix large file support, archive >4GiB, archive members <4GiB (#160056)
- fix race condition holes, use mode 0700 for dir creation

[2.6-7]
- fix #156314 (CAN-2005-1229) cpio directory traversal issue
- fix some gcc warnings

[2.6-6]
- fix race condition (#155749)
- use find_lang macro

* Thu Mar 17 2005 Peter Vrabec
- rebuild 2.6-5

* Mon Jan 24 2005 Peter Vrabec
- insecure file creation (#145721)

* Mon Jan 17 2005 Peter Vrabec
- fix symlinks pack (#145225)

* Fri Jan 14 2005 Peter Vrabec
- new fixed version of lfs patch (#144688)

* Thu Jan 13 2005 Peter Vrabec
- upgrade to cpio-2.6

* Tue Nov 09 2004 Peter Vrabec
- fixed 'cpio -oH ustar (or tar) saves bad mtime date after Jan 10 2004' (#114580)

* Mon Nov 01 2004 Peter Vrabec
- support large files > 2GB (#105617)

* Thu Oct 21 2004 Peter Vrabec
- fix dependencies in spec

* Tue Jun 15 2004 Elliot Lee
- rebuilt

* Fri Feb 13 2004 Elliot Lee
- rebuilt

* Tue Sep 23 2003 Florian La Roche
- do not link against -lnsl

* Wed Jun 04 2003 Elliot Lee
- rebuilt

[2.5-3]
- setlocale for i18n compliance (#79136).

* Wed Jan 22 2003 Tim Powers
- rebuilt

[2.5-1]
- update 2.5, restack and consolidate patches.
- don't apply (but include for now) freebsd and #56346 patches.
- add url (#54598).

[2.4.2-30]
- rebuild from CVS.

* Fri Jun 21 2002 Tim Powers
- automated rebuild

* Thu May 23 2002 Tim Powers
- automated rebuild

* Wed Jan 09 2002 Tim Powers
- automated rebuild

[2.4.2-25]
- Fix up extraction of multiply linked files when the first link is
excluded (Bug #56346)

[2.4.2-24]
- Merge and adapt patches from FreeBSD, this should fix FIFO handling

* Tue Jun 26 2001 Bernhard Rosenkraenzer
- Add and adapt Debian patch (pl36), fixes #45285 and a couple of other issues

* Sun Jun 24 2001 Elliot Lee
- Bump release + rebuild.

* Tue Aug 08 2000 Jeff Johnson
- update man page with decription of -c behavior (#10581).

* Wed Jul 12 2000 Prospector
- automatic rebuild

* Thu Jun 29 2000 Preston Brown
- patch from HJ Lu for better error codes upon exit

* Mon Jun 05 2000 Jeff Johnson
- FHS packaging.

* Wed Feb 09 2000 Jeff Johnson
- missing defattr.

* Mon Feb 07 2000 Bill Nottingham
- handle compressed manpages

* Fri Dec 17 1999 Jeff Johnson
- revert the stdout patch (#3358), restoring original GNU cpio behavior
(#6376, #7538), the patch was dumb.

* Tue Aug 31 1999 Jeff Johnson
- fix infinite loop unpacking empty files with hard links (#4208).
- stdout should contain progress information (#3358).

* Sun Mar 21 1999 Crstian Gafton
- auto rebuild in the new build environment (release 12)

* Sat Dec 05 1998 Jeff Johnson
- longlong dev wrong with '-o -H odc' headers (formerly '-oc').

* Thu Dec 03 1998 Cristian Gafton
- patch to compile on glibc 2.1, where strdup is a macro

* Tue Jul 14 1998 Jeff Johnson
- Fiddle bindir/libexecdir to get RH install correct.
- Don't include /sbin/rmt -- use the rmt from dump package.
- Don't include /bin/mt -- use the mt from mt-st package.
- Add prereq's

* Tue Jun 30 1998 Jeff Johnson
- fix '-c' to duplicate svr4 behavior (problem #438)
- install support programs & info pages

* Mon Apr 27 1998 Prospector System
- translations modified for de, fr, tr

* Fri Oct 17 1997 Donnie Barnes
- added BuildRoot
- removed '(used by RPM)' comment in Summary

* Thu Jun 19 1997 Erik Troan
- built against glibc
- no longer statically linked as RPM doesn't use cpio for unpacking packages




Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete