Changelog for
cpio-lang-2.15-lp155.147.5.noarch.rpm :
* Fri Apr 05 2024 Danilo Spinella
- Fix build with gcc14, bsc#1221712
* fix-gcc14.patch
* Mon Feb 26 2024 Danilo Spinella - Use %autopatch instead of deprecated %patchN.
* Mon Feb 05 2024 Danilo Spinella - Update to 2.15:
* Fix the operation of --no-absolute-filenames --make-directories.
* Restore access and modification times of symlinks in copy-in and copy-pass modes.- Remove fix-operation-no-absolute-filenames.patch
* Mon Jul 10 2023 Danilo Spinella - Backport upstream fix for --no-absolute-filenames --make-directories
* fix-operation-no-absolute-filenames.patch
* Fri Jun 23 2023 Danilo Spinella - Update to 2.14:
* New option --ignore-dirnlink Valid in copy-out mode, it instructs cpio to ignore the actual number of links reported for each directory member and always store 2 instead.
* Changes in --reproducible option The --reproducible option implies --ignore-dirlink. In other words, it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.
* Use GNU ls algorithm for deciding timestamp format in -tv mode
* Fix cpio header verification.
* Fix handling of device numbers on copy out.
* Fix calculation of CRC in copy-out mode.
* Rewrite the fix for CVE-2015-1197
* Fix combination of --create --append --directory.
* Fix appending to archives bigger than 2G.- Refresh patches:
* cpio-open_nonblock.patch
* cpio-dev_number.patch
* cpio-default_tape_dev.patch
* cpio-pattern-file-sigsegv.patch- Remove patches:
* cpio-revert-CVE-2015-1197-fix.patch
* fix-CVE-2021-38185.patch
* fix-CVE-2021-38185_2.patch
* fix-CVE-2021-38185_3.patch- Fix CVE-2023-7207, path traversal vulnerability, bsc#1218571
* Tue Dec 27 2022 Ludwig Nussel - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Thu Oct 28 2021 Danilo Spinella - Update keyring
* Wed Aug 18 2021 Danilo Spinella - Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
* fix-CVE-2021-38185_3.patch
* Mon Aug 09 2021 Danilo Spinella - Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr (CVE-2021-38185, bsc#1189206)
* fix-CVE-2021-38185.patch
* Fri Oct 16 2020 Ludwig Nussel - prepare usrmerge (boo#1029961)
* Fri Sep 11 2020 Dirk Mueller - add cpio-revert-CVE-2015-1197-fix.patch as recommended by upstream to fix https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
* Sat Aug 15 2020 Dirk Mueller - update to 2.13:
* CVE-2015-1197, CVE-2016-2037, CVE-2019-14866- remove patches (upstream): cpio-2.12-out_of_bounds_write.patch, cpio-2.12-CVE-2019-14866.patch, cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch, cpio-check_for_symlinks.patch
* Sun Mar 29 2020 Kristyna Streitova - starting with GCC 10, the default of \'-fcommon\' option will change to \'-fno-common\'. Because cpio build fails with \'fno-common\', add \'-fcommon\' option to optflags as a temporary workaround for this problem till it\'s properly fixed [bsc#1160870]
* Mon Nov 04 2019 Kristyna Streitova - add cpio-2.12-CVE-2019-14866.patch to fix a security issue where cpio does not properly validate the values written in the header of a TAR file through the to_oct() function [bsc#1155199] [CVE-2019-14866]
* Thu Sep 19 2019 Ludwig Nussel - Do not recommend lang package. The lang package already has a supplements.
* Wed Sep 26 2018 Bernhard Wiedemann - Use gettextize --no-changelog to drop build date to make package build reproducible (boo#1047218)
* Fri Sep 14 2018 Martin Pluskal - Use URL to fetch keyring- Do not force building with PIE, it is default now anyways- Use https for URLs- Install license
* Tue Apr 11 2017 kstreitovaAATTsuse.com- modify cpio-2.12-out_of_bounds_write.patch to fix a regression causing cpio to crash for tar and ustar archive types [bsc#1028410]
* Mon Mar 27 2017 mpluskalAATTsuse.com- Use macro for configure and make install- Use update-alternatives according to current documentation- Enable testsuite
* Fri Mar 24 2017 svalxAATTsvalx.net- Enable mt building- Separated cpio-mt subpackge- Change recommend to own mt subpackge- Remove cpio-mt.patch - those features available in original mt-st package- Switch to use alternatives system for mt- Disable rmt building: this binary fully identical to rmt from tar- Change default rmt dir to /usr/bin
* Thu Mar 23 2017 kstreitovaAATTsuse.com- cleanup with spec-cleaner
* Sat Mar 05 2016 mpluskalAATTsuse.com- Recommend mt_st as it is not hard dependency
* Thu Mar 03 2016 kstreitovaAATTsuse.com- fix typos in the description- add \'Require: mt_st\' in order not to surprise users by the missing \'mt\' binary
* Thu Mar 03 2016 svalxAATTsvalx.net- Disable mt building: this binary from mt_st package offers advanced capabilities with the same functionality.- Enable rmt building: \'dump\' package no longer include it, besides cpio code base for rmt is more fresh.- Reflect those changes in the package description.
* Fri Feb 19 2016 kstreitovaAATTsuse.com- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds write in a way cpio parses certain cpio files [bsc#963448], [CVE-2016-2037]
* Thu Oct 08 2015 kstreitovaAATTsuse.com- update to 2.12
* Improved documentation
* Manpages are installed by make install
* New options for copy-out mode: --ignore-devno, - -renumber-inodes, --device-independent, --reproducible
* update
* cpio-use_new_ascii_format.patch
* cpio-mt.patch
* cpio-eof_tape_handling.patch
* cpio-pattern-file-sigsegv.patch
* cpio-check_for_symlinks.patch
* remove (no longer needed)
* cpio-stdio.in.patch
* 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
* add
* cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing return to the nonvoid get_inode_and_dev() function- use spec-cleaner
* Mon Mar 16 2015 mpluskalAATTsuse.com- Add gpg signature- Correct info scriplet dependencies- Cleanup spec file with spec-cleaner
* Thu Jan 01 2015 meissnerAATTsuse.com- build with PIE
* Mon Dec 01 2014 vcizekAATTsuse.com- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
* added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch