webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of git://git.ipfire.org/ipfire-2.x

Browse Source
This commit is contained in:
Christian Schmidt
2010-07-23 09:40:33 +02:00
parent 31e0e08a59 9254944067
commit 8e7778a8fc
15 changed files with 70 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/common/configroot
View File

@@ -22,6 +22,7 @@ var/ipfire/ddns
var/ipfire/dhcp
#var/ipfire/dhcp/advoptions
#var/ipfire/dhcp/advoptions-list
#var/ipfire/dhcp/dhcpd.conf.local
#var/ipfire/dhcp/fixleases
#var/ipfire/dhcp/settings
var/ipfire/dhcpc

8
config/syslinux/syslinux.cfg
View File

@@ -4,16 +4,16 @@ PROMPT 1
F1 boot.msg
F2 options.msg
DEFAULT vmlinuz
APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro
APPEND ide=nodma initrd=instroot vga=791 splash=silent ro
LABEL novga
KERNEL vmlinuz
APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 ro
APPEND ide=nodma initrd=instroot ro
LABEL dma
KERNEL vmlinuz
APPEND initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro
APPEND initrd=instroot vga=791 splash=silent ro
LABEL unattended
KERNEL vmlinuz
APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent unattended ro
APPEND ide=nodma initrd=instroot vga=791 splash=silent unattended ro
LABEL memtest
KERNEL memtest
APPEND -

14
doc/packages-list.txt
View File

@@ -71,6 +71,7 @@
* compat-wireless-2.6.34.1-kmod-2.6.32.15-ipfire
* compat-wireless-2.6.34.1-kmod-2.6.32.15-ipfire-xen
* coreutils-5.96
* cpio-2.11
* cpio-2.6
* cpufrequtils-007
* cryptodev-20091126-kmod-2.6.32.15-ipfire
@@ -90,6 +91,8 @@
* diffutils-2.8.1
* dnsmasq-2.45
* dosfstools-3.0.9
* dracut-006
* dracut-006.save
* e1000-8.0.19-kmod-2.6.32.15-ipfire
* e1000-8.0.19-kmod-2.6.32.15-ipfire-xen
* e1000e-1.1.19-kmod-2.6.32.15-ipfire
@@ -150,6 +153,7 @@
* iftop-0.17
* igmpproxy-0.1
* inetutils-1.4.2
* initrd_off
* ipaddr-1.2
* iperf-2.0.4
* ipfireseeder-1.00
@@ -165,6 +169,7 @@
* klibc-1.5.14
* kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire
* kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire-xen
* kqemu-1.4.0pre1-kmod-2.6.32.16-ipfire
* kudzu-1.2.64
* kvm-kmod-2.6.33.1-kmod-2.6.32.15-ipfire
* l7-protocols-2009-05-10
@@ -186,6 +191,7 @@
* libogg-1.1.4
* liboping-1.3.4
* libpcap-1.0.0
* libpng-1.2.12
* libpng-1.2.44
* libpri-1.4.10.2
* libsafe_2.0-16
@@ -220,6 +226,7 @@
* man-db-2.4.3
* man-pages-2.34
* mbr-1.1.8
* mc-4.7.0
* mc-4.7.3
* mdadm-3.1.1
* mechanize-0.1.8
@@ -251,6 +258,7 @@
* netcat-0.7.1
* netpbm-10.26.46
* newt-0.51.6
* nfs-utils-1.1.1
* nfs-utils-1.2.2
* nmap-5.20
* noip_updater_v1.6
@@ -259,6 +267,7 @@
* nut-2.4.3
* ocaml-3.09.2
* oinkmaster-2.0
* open-vm-tools-2009.05.22-167859
* open-vm-tools-8.4.2-261024
* openldap-2.3.20
* openmailadmin-1.0.0
@@ -279,6 +288,7 @@
* popt-1.10.4
* portmap_6.0
* postfix-2.6.5
* ppp-2.4.4
* ppp-2.4.5
* pptp-1.7.2
* procps-3.2.6
@@ -294,6 +304,7 @@
* readline-5.1
* reiser4progs-1.0.6
* reiserfsprogs-3.6.21
* rp-pppoe-3.8
* rrdtool-1.2.30
* rssdler-0.4.0a
* rsync-3.0.7
@@ -334,6 +345,7 @@
* teamspeak-2.0.24.1
* texinfo-4.8
* tftp-hpa-0.48
* tiff-3.8.2
* tiff-3.9.4
* traceroute-2.0.12
* tripwire-2.4.1.2
@@ -348,6 +360,7 @@
* v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire
* v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire-xen
* vdr-1.6.0
* vdradmin-am-3.6.5
* vdradmin-am-3.6.7
* vim-7.0
* vlan.1.9
@@ -356,6 +369,7 @@
* vnstati-beta3
* vsftpd-2.1.2
* w_scan-20080105
* watchdog-5.6
* watchdog-5.9
* wget-1.10.2
* whatmask-1.2

1
html/cgi-bin/dhcp.cgi
View File

@@ -1199,6 +1199,7 @@ sub buildconf {
$key++;
}
}
print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n";
close FILE;
if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';}
else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';}

28
html/cgi-bin/time.cgi
View File

@@ -236,6 +236,10 @@ print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
&Header::openbox('100%', 'left', $Lang::tr{'network time'});
print <<END
<table width='100%'>
<tr>
<td colspan='2'><strong>$Lang::tr{'ntp common settings'}</strong></td>
</tr>
<tr>
<td><input type='checkbox' name='ENABLENTP' $checked{'ENABLENTP'}{'on'} /></td>
<td width='100%' colspan='4' class='base'>$Lang::tr{'network time from'}</td>
@@ -272,22 +276,19 @@ print <<END
<td>&nbsp;</td>
<td class='base' colspan='4'><input type='checkbox' name='ENABLECLNTP' $checked{'ENABLECLNTP'}{'on'} /> $Lang::tr{'clenabled'}</td>
</tr>
<tr>
<td>&nbsp;</td>
<td class='base' colspan='4'><input type='checkbox' name='ENABLESETONBOOT' $checked{'ENABLESETONBOOT'}{'on'} /> $Lang::tr{'Set time on boot'}</td>
</tr>
</table>
<table width='100%'>
<tr>
<td colspan='4'><hr /><b>$Lang::tr{'update time'}</b></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class='base' colspan='3'>$Lang::tr{'set time now help'}</td>
</tr>
<tr>
<td class='base' colspan='4'><input type='checkbox' name='ENABLESETONBOOT' $checked{'ENABLESETONBOOT'}{'on'} /> $Lang::tr{'Set time on boot'}</td>
<td colspan='4'><hr /><strong>$Lang::tr{'ntp sync'}</strong></td>
</tr>
<tr>
<td class='base'><input type='radio' name='UPDATE_METHOD' value='periodically' $checked{'UPDATE_METHOD'}{'periodically'} /></td>
<td width='15%'>$Lang::tr{'every'}: </td>
<td width='35%'><input type='text' name='UPDATE_VALUE' size='3' maxlength='3' value='$timesettings{'UPDATE_VALUE'}' />
<td width='10%'>$Lang::tr{'every'}</td>
<td width='45%'><input type='text' name='UPDATE_VALUE' size='3' maxlength='3' value='$timesettings{'UPDATE_VALUE'}' />
<select name='UPDATE_PERIOD'>
<option value='hourly' $selected{'UPDATE_PERIOD'}{'hourly'}>$Lang::tr{'hours'}</option>
<option value='daily' $selected{'UPDATE_PERIOD'}{'daily'}>$Lang::tr{'days'}</option>
@@ -300,6 +301,13 @@ print <<END
<td class='base'><input type='radio' name='UPDATE_METHOD' value='manually' $checked{'UPDATE_METHOD'}{'manually'} /></td>
<td colspan='2'>$Lang::tr{'manually'}</td>
</tr>
<tr>
<td colspan='4'><hr /><strong>$Lang::tr{'update time'}</strong></td>
</tr>
<tr>
<td>&nbsp;</td>
<td class='base' colspan='3'>$Lang::tr{'set time now help'}</td>
</tr>
END
;

6
langs/de/cgi-bin/de.pl
View File

@@ -761,7 +761,7 @@
'esp integrity' => 'ESP Integrität:',
'esp keylife' => 'Lebensdauer des ESP Schlüssels:',
'esp keylife should be between 1 and 24 hours' => 'ESP Schlüssel-Lebensdauer sollte zwischen 1 und 24 Stunden betragen.',
'every' => 'Jeden',
'every' => 'Alle',
'exampel' => 'Beispiel',
'exclude logfiles' => 'ohne Logdateien',
'excluding buffers and cache' => '-/+ Puffer/Zwischenspeicher',
@@ -1227,6 +1227,8 @@
'not running' => 'nicht gestartet',
'not set' => 'nicht gesetzt',
'november' => 'November',
'ntp common settings' => 'Allgemeine Einstellungen',
'ntp sync' => 'Synchronisation',
'ntp configuration' => 'NTP-Konfiguration',
'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muß NTP vorher aktiviert sein.',
'ntp server' => 'NTP-Server',
@@ -1705,7 +1707,7 @@
'unknown' => 'Unbekannt',
'unnamed' => 'Unbenannt',
'update' => 'Aktualisieren',
'update accelerator' => 'Update-Booster',
'update accelerator' => 'Update-Accelerator',
'update time' => 'Aktualisiere die Uhrzeit:',
'update transcript' => 'Aktualisieren',
'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen',

4
langs/en/cgi-bin/en.pl
View File

@@ -1256,6 +1256,8 @@
'not set' => 'not set',
'notes' => 'Notes',
'november' => 'November',
'ntp common settings' => 'Common settings',
'ntp sync' => 'Synchronization',
'ntp configuration' => 'NTP configuration',
'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.',
'ntp server' => 'NTP Server',
@@ -1738,7 +1740,7 @@
'unknown' => 'UNKNOWN',
'unnamed' => 'Unnamed',
'update' => 'Update',
'update accelerator' => 'Update Booster',
'update accelerator' => 'Update Accelerator',
'update time' => 'Update the time:',
'update transcript' => 'Update transcript',
'updatedatabase' => 'Update Database with last report',

2
langs/es/cgi-bin/es.pl
View File

@@ -1254,6 +1254,8 @@
'not set' => 'no configurado',
'notes' => 'Notas',
'november' => 'Noviembre',
'ntp common settings' => 'Configuraciones comunes',
'ntp sync' => 'Sincronización',
'ntp configuration' => 'Configuración NTP',
'ntp must be enabled to have clients' => 'NTP debe estar configurado para tener clientes',
'ntp server' => 'Servidor NTP',

4
langs/fr/cgi-bin/fr.pl
View File

@@ -1256,6 +1256,8 @@
'not set' => 'not set',
'notes' => 'Notes',
'november' => 'November',
'ntp common settings' => 'Common settings',
'ntp sync' => 'Synchronization',
'ntp configuration' => 'NTP configuration',
'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.',
'ntp server' => 'NTP Server',
@@ -1738,7 +1740,7 @@
'unknown' => 'UNKNOWN',
'unnamed' => 'Unnamed',
'update' => 'Update',
'update accelerator' => 'Update Booster',
'update accelerator' => 'Update Accelerator',
'update time' => 'Update the time:',
'update transcript' => 'Update transcript',
'updatedatabase' => 'Update Database with last report',

2
lfs/configroot
View File

@@ -63,7 +63,7 @@ $(TARGET) :
# Touch empty files
for i in auth/users backup/include.user backup/exclude.user \
certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \
dhcp/fixleases dhcp/advoptions dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \
isdn/settings mac/settings main/disable_nf_sip main/hosts main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \
pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \

7
lfs/cpio
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.6
VER = 2.11
THISAPP = cpio-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 76b4145f33df088a5bade3bf4373d17d
$(DL_FILE)_MD5 = 1112bb6c45863468b5496ba128792f6c
install : $(TARGET)
@@ -70,12 +70,9 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && sed -i "s/invalid_arg/argmatch_invalid/" src/mt.c
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-security_fixes-1.patch
cd $(DIR_APP) && ./configure CPIO_MT_PROG=mt --prefix=/usr \
--bindir=/bin --libexecdir=/tmp \
--with-rmt=/usr/sbin/rmt
cd $(DIR_APP) && echo "#define HAVE_LSTAT 1" >> config.h
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)

9
lfs/initrd
View File

@@ -89,8 +89,13 @@ $(TARGET) :
# Remove binary depmod files
rm -rf /install/initrd/lib/modules/$(KVER)-ipfire/modules.*.bin
mksquashfs /install/initrd /install/images/initrd
cd /install/initrd && strip --strip-all {,usr/}{,s}bin/* || true
cd /install/initrd && strip --strip-debug {,usr/}lib/* || true
cd /install/initrd && ln -svf sbin/init init
cd /install/initrd && find . | cpio -o -H newc | lzma > /install/images/initrd
cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log
@$(POSTBUILD)

4
lfs/mkinitcpio
View File

@@ -73,8 +73,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./install.sh ""
cp $(DIR_SRC)/config/mkinitcpio/virtio /lib/initcpio/install/
sed -i 's|^FILELIST=.*|FILELIST="$$(mktemp)"|g' /sbin/mkinitcpio
sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio filesystems"|g' /etc/mkinitcpio.conf
sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ehci_hcd"|g' /etc/mkinitcpio.conf
sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio"|g' /etc/mkinitcpio.conf
sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ext2 ehci_hcd"|g' /etc/mkinitcpio.conf
sed -i 's|ide-cd|ide-cd ide-generic|g' /lib/initcpio/install/ide
sed -i 's| gzip -9 | lzma |g' /sbin/mkinitcpio
@rm -rf $(DIR_APP)

10
src/initscripts/init.d/functions
View File

@@ -438,7 +438,7 @@ loadproc()
{
local pidfile=""
local forcestart=""
local nicelevel="10"
local nicelevel=""
# This will ensure compatibility with previous LFS Bootscripts
if [ -n "${PIDFILE}" ]; then
@@ -500,7 +500,13 @@ loadproc()
esac
fi
nice -n "${nicelevel}" "${@}"
local cmd="${@}"
if [ -n "${nicelevel}" ]; then
cmd="nice -n "${nicelevel}" ${cmd}"
fi
${cmd}
evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts
return 0
}

370
src/patches/cpio-2.6-security_fixes-1.patch
View File

@@ -1,370 +0,0 @@
Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
Date: 2005-07-29
Initial Package Version: 2.6
Upstream Status: Unknown
Origin: from Mandrake
Description: Vulnerability fixes, rediffed so that they all apply with
-p1 and consolidated to single patch. Also applicable to earlier versions.
(1.) CAN-1999-1572 (still seems to apply to 2.6) cpio uses a 0 umask when
creating files with -O or -F options, which creates the files with mode 0666
and allows local users to overwrite them. Fix originally fom debian.
(2.) CAN-2005-1111 Race condition in 2.6 and earlier allows local users to
modify permissions of arbitrary files via a hard-link attack. Fix
originally from fedora.
(3.) CAN-2005-1229 Directory traversal vulnerability allows remote
attackers to write to arbitrary directories via a dot dot in a cpio file.
Fix by Peter Vrabec at RedHat.
diff -Naur cpio-2.6.vanilla/doc/cpio.1 cpio-2.6/doc/cpio.1
--- cpio-2.6.vanilla/doc/cpio.1 2004-08-30 17:21:48.000000000 +0100
+++ cpio-2.6/doc/cpio.1 2005-07-29 13:46:42.000000000 +0100
@@ -20,7 +20,7 @@
[\-\-unconditional] [\-\-verbose] [\-\-block-size=blocks] [\-\-swap-halfwords]
[\-\-io-size=bytes] [\-\-pattern-file=file] [\-\-format=format]
[\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message]
-[\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse]
+[\-\-force\-local] [\-\-absolute\-filenames] [\-\-sparse]
[\-\-only\-verify\-crc] [\-\-quiet] [\-\-rsh-command=command] [\-\-help]
[\-\-version] [pattern...] [< archive]
diff -Naur cpio-2.6.vanilla/doc/cpio.info cpio-2.6/doc/cpio.info
--- cpio-2.6.vanilla/doc/cpio.info 2004-02-27 12:42:01.000000000 +0000
+++ cpio-2.6/doc/cpio.info 2005-07-29 13:46:42.000000000 +0100
@@ -203,7 +203,7 @@
[--swap-halfwords] [--io-size=bytes] [--pattern-file=file]
[--format=format] [--owner=[user][:.][group]]
[--no-preserve-owner] [--message=message] [--help] [--version]
- [-no-absolute-filenames] [--sparse] [-only-verify-crc] [-quiet]
+ [--absolute-filenames] [--sparse] [-only-verify-crc] [-quiet]
[--rsh-command=command] [pattern...] [< archive]

@@ -358,9 +358,9 @@
Show numeric UID and GID instead of translating them into names
when using the `--verbose option'.
-`--no-absolute-filenames'
- Create all files relative to the current directory in copy-in
- mode, even if they have an absolute file name in the archive.
+`--absolute-filenames'
+ Do not strip leading file name components that contain ".."
+ and leading slashes from file names in copy-in mode
`--no-preserve-owner'
Do not change the ownership of the files; leave them owned by the
diff -Naur cpio-2.6.vanilla/src/copyin.c cpio-2.6/src/copyin.c
--- cpio-2.6.vanilla/src/copyin.c 2004-09-08 12:10:02.000000000 +0100
+++ cpio-2.6/src/copyin.c 2005-07-29 13:46:42.000000000 +0100
@@ -25,6 +25,7 @@
#include "dstring.h"
#include "extern.h"
#include "defer.h"
+#include "dirname.h"
#include <rmt.h>
#ifndef FNM_PATHNAME
#include <fnmatch.h>
@@ -389,19 +390,26 @@
continue;
}
- if (close (out_file_des) < 0)
- error (0, errno, "%s", d->header.c_name);
-
+ /*
+ * Avoid race condition.
+ * Set chown and chmod before closing the file desc.
+ * pvrabec@redhat.com
+ */
+
/* File is now copied; set attributes. */
if (!no_chown_flag)
- if ((chown (d->header.c_name,
+ if ((fchown (out_file_des,
set_owner_flag ? set_owner : d->header.c_uid,
set_group_flag ? set_group : d->header.c_gid) < 0)
&& errno != EPERM)
error (0, errno, "%s", d->header.c_name);
/* chown may have turned off some permissions we wanted. */
- if (chmod (d->header.c_name, (int) d->header.c_mode) < 0)
+ if (fchmod (out_file_des, (int) d->header.c_mode) < 0)
error (0, errno, "%s", d->header.c_name);
+
+ if (close (out_file_des) < 0)
+ error (0, errno, "%s", d->header.c_name);
+
if (retain_time_flag)
{
times.actime = times.modtime = d->header.c_mtime;
@@ -557,6 +565,25 @@
write (out_file_des, "", 1);
delayed_seek_count = 0;
}
+
+ /*
+ * Avoid race condition.
+ * Set chown and chmod before closing the file desc.
+ * pvrabec@redhat.com
+ */
+
+ /* File is now copied; set attributes. */
+ if (!no_chown_flag)
+ if ((fchown (out_file_des,
+ set_owner_flag ? set_owner : file_hdr->c_uid,
+ set_group_flag ? set_group : file_hdr->c_gid) < 0)
+ && errno != EPERM)
+ error (0, errno, "%s", file_hdr->c_name);
+
+ /* chown may have turned off some permissions we wanted. */
+ if (fchmod (out_file_des, (int) file_hdr->c_mode) < 0)
+ error (0, errno, "%s", file_hdr->c_name);
+
if (close (out_file_des) < 0)
error (0, errno, "%s", file_hdr->c_name);
@@ -567,18 +594,6 @@
file_hdr->c_name, crc, file_hdr->c_chksum);
}
- /* File is now copied; set attributes. */
- if (!no_chown_flag)
- if ((chown (file_hdr->c_name,
- set_owner_flag ? set_owner : file_hdr->c_uid,
- set_group_flag ? set_group : file_hdr->c_gid) < 0)
- && errno != EPERM)
- error (0, errno, "%s", file_hdr->c_name);
-
- /* chown may have turned off some permissions we wanted. */
- if (chmod (file_hdr->c_name, (int) file_hdr->c_mode) < 0)
- error (0, errno, "%s", file_hdr->c_name);
-
if (retain_time_flag)
{
struct utimbuf times; /* For setting file times. */
@@ -589,7 +604,7 @@
if (utime (file_hdr->c_name, &times) < 0)
error (0, errno, "%s", file_hdr->c_name);
}
-
+
tape_skip_padding (in_file_des, file_hdr->c_filesize);
if (file_hdr->c_nlink > 1
&& (archive_format == arf_newascii || archive_format == arf_crcascii) )
@@ -1335,6 +1350,53 @@
}
}
+/* Return a safer suffix of FILE_NAME, or "." if it has no safer
+ suffix. Check for fully specified file names and other atrocities. */
+
+static const char *
+safer_name_suffix (char const *file_name)
+{
+ char const *p;
+
+ /* Skip file system prefixes, leading file name components that contain
+ "..", and leading slashes. */
+
+ size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name);
+
+ for (p = file_name + prefix_len; *p;)
+ {
+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ prefix_len = p + 2 - file_name;
+
+ do
+ {
+ char c = *p++;
+ if (ISSLASH (c))
+ break;
+ }
+ while (*p);
+ }
+
+ for (p = file_name + prefix_len; ISSLASH (*p); p++)
+ continue;
+ prefix_len = p - file_name;
+
+ if (prefix_len)
+ {
+ char *prefix = alloca (prefix_len + 1);
+ memcpy (prefix, file_name, prefix_len);
+ prefix[prefix_len] = '\0';
+
+
+ error (0, 0, _("Removing leading `%s' from member names"), prefix);
+ }
+
+ if (!*p)
+ p = ".";
+
+ return p;
+}
+
/* Read the collection from standard input and create files
in the file system. */
@@ -1445,18 +1507,11 @@
/* Do we have to ignore absolute paths, and if so, does the filename
have an absolute path? */
- if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/')
+ if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0])
{
- char *p;
+ const char *p = safer_name_suffix (file_hdr.c_name);
- p = file_hdr.c_name;
- while (*p == '/')
- ++p;
- if (*p == '\0')
- {
- strcpy (file_hdr.c_name, ".");
- }
- else
+ if (p != file_hdr.c_name)
{
/* Debian hack: file_hrd.c_name is sometimes set to
point to static memory by code in tar.c. This
diff -Naur cpio-2.6.vanilla/src/copypass.c cpio-2.6/src/copypass.c
--- cpio-2.6.vanilla/src/copypass.c 2004-09-06 13:09:04.000000000 +0100
+++ cpio-2.6/src/copypass.c 2005-07-29 13:46:07.000000000 +0100
@@ -181,19 +181,25 @@
}
if (close (in_file_des) < 0)
error (0, errno, "%s", input_name.ds_string);
- if (close (out_file_des) < 0)
- error (0, errno, "%s", output_name.ds_string);
-
+ /*
+ * Avoid race condition.
+ * Set chown and chmod before closing the file desc.
+ * pvrabec@redhat.com
+ */
/* Set the attributes of the new file. */
if (!no_chown_flag)
- if ((chown (output_name.ds_string,
+ if ((fchown (out_file_des,
set_owner_flag ? set_owner : in_file_stat.st_uid,
set_group_flag ? set_group : in_file_stat.st_gid) < 0)
&& errno != EPERM)
error (0, errno, "%s", output_name.ds_string);
/* chown may have turned off some permissions we wanted. */
- if (chmod (output_name.ds_string, in_file_stat.st_mode) < 0)
+ if (fchmod (out_file_des, in_file_stat.st_mode) < 0)
+ error (0, errno, "%s", output_name.ds_string);
+
+ if (close (out_file_des) < 0)
error (0, errno, "%s", output_name.ds_string);
+
if (reset_time_flag)
{
times.actime = in_file_stat.st_atime;
diff -Naur cpio-2.6.vanilla/src/extern.h cpio-2.6/src/extern.h
--- cpio-2.6.vanilla/src/extern.h 2004-09-08 11:49:57.000000000 +0100
+++ cpio-2.6/src/extern.h 2005-07-29 13:47:34.000000000 +0100
@@ -46,7 +46,7 @@
extern int sparse_flag;
extern int quiet_flag;
extern int only_verify_crc_flag;
-extern int no_abs_paths_flag;
+extern int abs_paths_flag;
extern unsigned int warn_option;
/* Values for warn_option */
@@ -91,6 +91,7 @@
extern char input_is_seekable;
extern char output_is_seekable;
extern char *program_name;
+extern mode_t sys_umask;
extern int (*xstat) ();
extern void (*copy_function) ();
diff -Naur cpio-2.6.vanilla/src/global.c cpio-2.6/src/global.c
--- cpio-2.6.vanilla/src/global.c 2004-09-08 11:23:44.000000000 +0100
+++ cpio-2.6/src/global.c 2005-07-29 13:47:34.000000000 +0100
@@ -100,7 +100,7 @@
int only_verify_crc_flag = false;
/* If true, don't use any absolute paths, prefix them by `./'. */
-int no_abs_paths_flag = false;
+int abs_paths_flag = false;
#ifdef DEBUG_CPIO
/* If true, print debugging information. */
@@ -195,6 +195,9 @@
/* The name this program was run with. */
char *program_name;
+/* Debian hack to make the -d option honor the umask. */
+mode_t sys_umask;
+
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();
diff -Naur cpio-2.6.vanilla/src/main.c cpio-2.6/src/main.c
--- cpio-2.6.vanilla/src/main.c 2004-11-23 00:42:18.000000000 +0000
+++ cpio-2.6/src/main.c 2005-07-29 13:47:34.000000000 +0100
@@ -41,6 +41,7 @@
enum cpio_options {
NO_ABSOLUTE_FILENAMES_OPTION=256,
+ ABSOLUTE_FILENAMES_OPTION,
NO_PRESERVE_OWNER_OPTION,
ONLY_VERIFY_CRC_OPTION,
RENAME_BATCH_FILE_OPTION,
@@ -134,6 +135,8 @@
N_("In copy-in mode, read additional patterns specifying filenames to extract or list from FILE"), 210},
{"no-absolute-filenames", NO_ABSOLUTE_FILENAMES_OPTION, 0, 0,
N_("Create all files relative to the current directory"), 210},
+ {"absolute-filenames", ABSOLUTE_FILENAMES_OPTION, 0, 0,
+ N_("do not strip leading file name components that contain \"..\" and leading slashes from file names"), 210},
{"only-verify-crc", ONLY_VERIFY_CRC_OPTION, 0, 0,
N_("When reading a CRC format archive in copy-in mode, only verify the CRC's of each file in the archive, don't actually extract the files"), 210},
{"rename", 'r', 0, 0,
@@ -392,7 +395,11 @@
break;
case NO_ABSOLUTE_FILENAMES_OPTION: /* --no-absolute-filenames */
- no_abs_paths_flag = true;
+ abs_paths_flag = false;
+ break;
+
+ case ABSOLUTE_FILENAMES_OPTION: /* --absolute-filenames */
+ abs_paths_flag = true;
break;
case NO_PRESERVE_OWNER_OPTION: /* --no-preserve-owner */
@@ -631,7 +638,7 @@
_("--append is used but no archive file name is given (use -F or -O options")));
CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--create");
- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames", "--create");
+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames", "--create");
CHECK_USAGE(input_archive_name, "-I", "--create");
if (archive_name && output_archive_name)
USAGE_ERROR ((0, 0, _("Both -O and -F are used in copy-out mode")));
@@ -658,7 +665,7 @@
CHECK_USAGE(rename_flag, "--rename", "--pass-through");
CHECK_USAGE(append_flag, "--append", "--pass-through");
CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--pass-through");
- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames",
+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames",
"--pass-through");
CHECK_USAGE(to_stdout_option, "--to-stdout", "--pass-through");
@@ -740,7 +747,6 @@
textdomain (PACKAGE);
program_name = argv[0];
- umask (0);
#ifdef __TURBOC__
_fmode = O_BINARY; /* Put stdin and stdout in binary mode. */
@@ -751,6 +757,7 @@
#endif
process_args (argc, argv);
+ sys_umask = umask (0);
initialize_buffers ();