From: Christian Schmidt Date: Fri, 23 Jul 2010 07:40:33 +0000 (+0200) Subject: Merge branch 'master' of git://git.ipfire.org/ipfire-2.x X-Git-Tag: v2.9-beta1~150 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=8e7778a8fca173fede71bde64c06eb48690d8a1f;hp=31e0e08a59b58622a6ad0b803a589427d01c0f30 Merge branch 'master' of git://git.ipfire.org/ipfire-2.x --- diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 12d3ddd617..d0471048b3 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -22,6 +22,7 @@ var/ipfire/ddns var/ipfire/dhcp #var/ipfire/dhcp/advoptions #var/ipfire/dhcp/advoptions-list +#var/ipfire/dhcp/dhcpd.conf.local #var/ipfire/dhcp/fixleases #var/ipfire/dhcp/settings var/ipfire/dhcpc diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg index 15af66e4ac..361a3168e8 100644 --- a/config/syslinux/syslinux.cfg +++ b/config/syslinux/syslinux.cfg @@ -4,16 +4,16 @@ PROMPT 1 F1 boot.msg F2 options.msg DEFAULT vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro + APPEND ide=nodma initrd=instroot vga=791 splash=silent ro LABEL novga KERNEL vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 ro + APPEND ide=nodma initrd=instroot ro LABEL dma KERNEL vmlinuz - APPEND initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro + APPEND initrd=instroot vga=791 splash=silent ro LABEL unattended KERNEL vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent unattended ro + APPEND ide=nodma initrd=instroot vga=791 splash=silent unattended ro LABEL memtest KERNEL memtest APPEND - diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 447ffcdc0a..b88f4e3fac 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -71,6 +71,7 @@ * compat-wireless-2.6.34.1-kmod-2.6.32.15-ipfire * compat-wireless-2.6.34.1-kmod-2.6.32.15-ipfire-xen * coreutils-5.96 +* cpio-2.11 * cpio-2.6 * cpufrequtils-007 * cryptodev-20091126-kmod-2.6.32.15-ipfire @@ -90,6 +91,8 @@ * diffutils-2.8.1 * dnsmasq-2.45 * dosfstools-3.0.9 +* dracut-006 +* dracut-006.save * e1000-8.0.19-kmod-2.6.32.15-ipfire * e1000-8.0.19-kmod-2.6.32.15-ipfire-xen * e1000e-1.1.19-kmod-2.6.32.15-ipfire @@ -150,6 +153,7 @@ * iftop-0.17 * igmpproxy-0.1 * inetutils-1.4.2 +* initrd_off * ipaddr-1.2 * iperf-2.0.4 * ipfireseeder-1.00 @@ -165,6 +169,7 @@ * klibc-1.5.14 * kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire * kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire-xen +* kqemu-1.4.0pre1-kmod-2.6.32.16-ipfire * kudzu-1.2.64 * kvm-kmod-2.6.33.1-kmod-2.6.32.15-ipfire * l7-protocols-2009-05-10 @@ -186,6 +191,7 @@ * libogg-1.1.4 * liboping-1.3.4 * libpcap-1.0.0 +* libpng-1.2.12 * libpng-1.2.44 * libpri-1.4.10.2 * libsafe_2.0-16 @@ -220,6 +226,7 @@ * man-db-2.4.3 * man-pages-2.34 * mbr-1.1.8 +* mc-4.7.0 * mc-4.7.3 * mdadm-3.1.1 * mechanize-0.1.8 @@ -251,6 +258,7 @@ * netcat-0.7.1 * netpbm-10.26.46 * newt-0.51.6 +* nfs-utils-1.1.1 * nfs-utils-1.2.2 * nmap-5.20 * noip_updater_v1.6 @@ -259,6 +267,7 @@ * nut-2.4.3 * ocaml-3.09.2 * oinkmaster-2.0 +* open-vm-tools-2009.05.22-167859 * open-vm-tools-8.4.2-261024 * openldap-2.3.20 * openmailadmin-1.0.0 @@ -279,6 +288,7 @@ * popt-1.10.4 * portmap_6.0 * postfix-2.6.5 +* ppp-2.4.4 * ppp-2.4.5 * pptp-1.7.2 * procps-3.2.6 @@ -294,6 +304,7 @@ * readline-5.1 * reiser4progs-1.0.6 * reiserfsprogs-3.6.21 +* rp-pppoe-3.8 * rrdtool-1.2.30 * rssdler-0.4.0a * rsync-3.0.7 @@ -334,6 +345,7 @@ * teamspeak-2.0.24.1 * texinfo-4.8 * tftp-hpa-0.48 +* tiff-3.8.2 * tiff-3.9.4 * traceroute-2.0.12 * tripwire-2.4.1.2 @@ -348,6 +360,7 @@ * v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire * v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire-xen * vdr-1.6.0 +* vdradmin-am-3.6.5 * vdradmin-am-3.6.7 * vim-7.0 * vlan.1.9 @@ -356,6 +369,7 @@ * vnstati-beta3 * vsftpd-2.1.2 * w_scan-20080105 +* watchdog-5.6 * watchdog-5.9 * wget-1.10.2 * whatmask-1.2 diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 29f1a28067..cde6065f57 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -1199,6 +1199,7 @@ sub buildconf { $key++; } } + print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n"; close FILE; if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';} else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';} diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi index fb69aa39e4..c68eb999fd 100644 --- a/html/cgi-bin/time.cgi +++ b/html/cgi-bin/time.cgi @@ -236,6 +236,10 @@ print "
\n"; &Header::openbox('100%', 'left', $Lang::tr{'network time'}); print < + + $Lang::tr{'ntp common settings'} + + $Lang::tr{'network time from'} @@ -272,22 +276,19 @@ print <  $Lang::tr{'clenabled'} - - - - - - + +
$Lang::tr{'update time'}
 $Lang::tr{'set time now help'} $Lang::tr{'Set time on boot'}
+ - + - - + + + + + + + + END ; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 1cdd90489b..0394315e4a 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -761,7 +761,7 @@ 'esp integrity' => 'ESP Integrität:', 'esp keylife' => 'Lebensdauer des ESP Schlüssels:', 'esp keylife should be between 1 and 24 hours' => 'ESP Schlüssel-Lebensdauer sollte zwischen 1 und 24 Stunden betragen.', -'every' => 'Jeden', +'every' => 'Alle', 'exampel' => 'Beispiel', 'exclude logfiles' => 'ohne Logdateien', 'excluding buffers and cache' => '-/+ Puffer/Zwischenspeicher', @@ -1227,6 +1227,8 @@ 'not running' => 'nicht gestartet', 'not set' => 'nicht gesetzt', 'november' => 'November', +'ntp common settings' => 'Allgemeine Einstellungen', +'ntp sync' => 'Synchronisation', 'ntp configuration' => 'NTP-Konfiguration', 'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muß NTP vorher aktiviert sein.', 'ntp server' => 'NTP-Server', @@ -1705,7 +1707,7 @@ 'unknown' => 'Unbekannt', 'unnamed' => 'Unbenannt', 'update' => 'Aktualisieren', -'update accelerator' => 'Update-Booster', +'update accelerator' => 'Update-Accelerator', 'update time' => 'Aktualisiere die Uhrzeit:', 'update transcript' => 'Aktualisieren', 'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 4ca14d4861..55d24c4884 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1256,6 +1256,8 @@ 'not set' => 'not set', 'notes' => 'Notes', 'november' => 'November', +'ntp common settings' => 'Common settings', +'ntp sync' => 'Synchronization', 'ntp configuration' => 'NTP configuration', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', @@ -1738,7 +1740,7 @@ 'unknown' => 'UNKNOWN', 'unnamed' => 'Unnamed', 'update' => 'Update', -'update accelerator' => 'Update Booster', +'update accelerator' => 'Update Accelerator', 'update time' => 'Update the time:', 'update transcript' => 'Update transcript', 'updatedatabase' => 'Update Database with last report', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 3477053797..5edbade56a 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -1254,6 +1254,8 @@ 'not set' => 'no configurado', 'notes' => 'Notas', 'november' => 'Noviembre', +'ntp common settings' => 'Configuraciones comunes', +'ntp sync' => 'Sincronización', 'ntp configuration' => 'Configuración NTP', 'ntp must be enabled to have clients' => 'NTP debe estar configurado para tener clientes', 'ntp server' => 'Servidor NTP', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 4011723959..2924cb7f61 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -1256,6 +1256,8 @@ 'not set' => 'not set', 'notes' => 'Notes', 'november' => 'November', +'ntp common settings' => 'Common settings', +'ntp sync' => 'Synchronization', 'ntp configuration' => 'NTP configuration', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', @@ -1738,7 +1740,7 @@ 'unknown' => 'UNKNOWN', 'unnamed' => 'Unnamed', 'update' => 'Update', -'update accelerator' => 'Update Booster', +'update accelerator' => 'Update Accelerator', 'update time' => 'Update the time:', 'update transcript' => 'Update transcript', 'updatedatabase' => 'Update Database with last report', diff --git a/lfs/configroot b/lfs/configroot index c337ab0a7e..544bb25811 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -63,7 +63,7 @@ $(TARGET) : # Touch empty files for i in auth/users backup/include.user backup/exclude.user \ certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ - dhcp/fixleases dhcp/advoptions dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ + dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \ isdn/settings mac/settings main/disable_nf_sip main/hosts main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \ pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ diff --git a/lfs/cpio b/lfs/cpio index b2186fd819..48a4393e61 100644 --- a/lfs/cpio +++ b/lfs/cpio @@ -24,7 +24,7 @@ include Config -VER = 2.6 +VER = 2.11 THISAPP = cpio-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 76b4145f33df088a5bade3bf4373d17d +$(DL_FILE)_MD5 = 1112bb6c45863468b5496ba128792f6c install : $(TARGET) @@ -70,12 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && sed -i "s/invalid_arg/argmatch_invalid/" src/mt.c - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-security_fixes-1.patch cd $(DIR_APP) && ./configure CPIO_MT_PROG=mt --prefix=/usr \ --bindir=/bin --libexecdir=/tmp \ --with-rmt=/usr/sbin/rmt - cd $(DIR_APP) && echo "#define HAVE_LSTAT 1" >> config.h cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/initrd b/lfs/initrd index ad8b135a63..cf4f280850 100644 --- a/lfs/initrd +++ b/lfs/initrd @@ -89,8 +89,13 @@ $(TARGET) : # Remove binary depmod files rm -rf /install/initrd/lib/modules/$(KVER)-ipfire/modules.*.bin - - mksquashfs /install/initrd /install/images/initrd + + cd /install/initrd && strip --strip-all {,usr/}{,s}bin/* || true + cd /install/initrd && strip --strip-debug {,usr/}lib/* || true + + cd /install/initrd && ln -svf sbin/init init + + cd /install/initrd && find . | cpio -o -H newc | lzma > /install/images/initrd cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log @$(POSTBUILD) diff --git a/lfs/mkinitcpio b/lfs/mkinitcpio index 47de3ea68a..bce7db0524 100644 --- a/lfs/mkinitcpio +++ b/lfs/mkinitcpio @@ -73,8 +73,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./install.sh "" cp $(DIR_SRC)/config/mkinitcpio/virtio /lib/initcpio/install/ sed -i 's|^FILELIST=.*|FILELIST="$$(mktemp)"|g' /sbin/mkinitcpio - sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio filesystems"|g' /etc/mkinitcpio.conf - sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ehci_hcd"|g' /etc/mkinitcpio.conf + sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio"|g' /etc/mkinitcpio.conf + sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ext2 ehci_hcd"|g' /etc/mkinitcpio.conf sed -i 's|ide-cd|ide-cd ide-generic|g' /lib/initcpio/install/ide sed -i 's| gzip -9 | lzma |g' /sbin/mkinitcpio @rm -rf $(DIR_APP) diff --git a/src/initscripts/init.d/functions b/src/initscripts/init.d/functions index ea840d1a56..00cd6fa2a1 100644 --- a/src/initscripts/init.d/functions +++ b/src/initscripts/init.d/functions @@ -438,7 +438,7 @@ loadproc() { local pidfile="" local forcestart="" - local nicelevel="10" + local nicelevel="" # This will ensure compatibility with previous LFS Bootscripts if [ -n "${PIDFILE}" ]; then @@ -500,7 +500,13 @@ loadproc() esac fi - nice -n "${nicelevel}" "${@}" + local cmd="${@}" + + if [ -n "${nicelevel}" ]; then + cmd="nice -n "${nicelevel}" ${cmd}" + fi + + ${cmd} evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts return 0 } diff --git a/src/patches/cpio-2.6-security_fixes-1.patch b/src/patches/cpio-2.6-security_fixes-1.patch deleted file mode 100644 index 083c7858d4..0000000000 --- a/src/patches/cpio-2.6-security_fixes-1.patch +++ /dev/null @@ -1,370 +0,0 @@ -Submitted By: Ken Moffat -Date: 2005-07-29 -Initial Package Version: 2.6 -Upstream Status: Unknown -Origin: from Mandrake -Description: Vulnerability fixes, rediffed so that they all apply with - -p1 and consolidated to single patch. Also applicable to earlier versions. -(1.) CAN-1999-1572 (still seems to apply to 2.6) cpio uses a 0 umask when -creating files with -O or -F options, which creates the files with mode 0666 -and allows local users to overwrite them. Fix originally fom debian. -(2.) CAN-2005-1111 Race condition in 2.6 and earlier allows local users to -modify permissions of arbitrary files via a hard-link attack. Fix -originally from fedora. -(3.) CAN-2005-1229 Directory traversal vulnerability allows remote -attackers to write to arbitrary directories via a dot dot in a cpio file. -Fix by Peter Vrabec at RedHat. - -diff -Naur cpio-2.6.vanilla/doc/cpio.1 cpio-2.6/doc/cpio.1 ---- cpio-2.6.vanilla/doc/cpio.1 2004-08-30 17:21:48.000000000 +0100 -+++ cpio-2.6/doc/cpio.1 2005-07-29 13:46:42.000000000 +0100 -@@ -20,7 +20,7 @@ - [\-\-unconditional] [\-\-verbose] [\-\-block-size=blocks] [\-\-swap-halfwords] - [\-\-io-size=bytes] [\-\-pattern-file=file] [\-\-format=format] - [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message] --[\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse] -+[\-\-force\-local] [\-\-absolute\-filenames] [\-\-sparse] - [\-\-only\-verify\-crc] [\-\-quiet] [\-\-rsh-command=command] [\-\-help] - [\-\-version] [pattern...] [< archive] - -diff -Naur cpio-2.6.vanilla/doc/cpio.info cpio-2.6/doc/cpio.info ---- cpio-2.6.vanilla/doc/cpio.info 2004-02-27 12:42:01.000000000 +0000 -+++ cpio-2.6/doc/cpio.info 2005-07-29 13:46:42.000000000 +0100 -@@ -203,7 +203,7 @@ - [--swap-halfwords] [--io-size=bytes] [--pattern-file=file] - [--format=format] [--owner=[user][:.][group]] - [--no-preserve-owner] [--message=message] [--help] [--version] -- [-no-absolute-filenames] [--sparse] [-only-verify-crc] [-quiet] -+ [--absolute-filenames] [--sparse] [-only-verify-crc] [-quiet] - [--rsh-command=command] [pattern...] [< archive] - -  -@@ -358,9 +358,9 @@ - Show numeric UID and GID instead of translating them into names - when using the `--verbose option'. - --`--no-absolute-filenames' -- Create all files relative to the current directory in copy-in -- mode, even if they have an absolute file name in the archive. -+`--absolute-filenames' -+ Do not strip leading file name components that contain ".." -+ and leading slashes from file names in copy-in mode - - `--no-preserve-owner' - Do not change the ownership of the files; leave them owned by the -diff -Naur cpio-2.6.vanilla/src/copyin.c cpio-2.6/src/copyin.c ---- cpio-2.6.vanilla/src/copyin.c 2004-09-08 12:10:02.000000000 +0100 -+++ cpio-2.6/src/copyin.c 2005-07-29 13:46:42.000000000 +0100 -@@ -25,6 +25,7 @@ - #include "dstring.h" - #include "extern.h" - #include "defer.h" -+#include "dirname.h" - #include - #ifndef FNM_PATHNAME - #include -@@ -389,19 +390,26 @@ - continue; - } - -- if (close (out_file_des) < 0) -- error (0, errno, "%s", d->header.c_name); -- -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ -+ - /* File is now copied; set attributes. */ - if (!no_chown_flag) -- if ((chown (d->header.c_name, -+ if ((fchown (out_file_des, - set_owner_flag ? set_owner : d->header.c_uid, - set_group_flag ? set_group : d->header.c_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", d->header.c_name); - /* chown may have turned off some permissions we wanted. */ -- if (chmod (d->header.c_name, (int) d->header.c_mode) < 0) -+ if (fchmod (out_file_des, (int) d->header.c_mode) < 0) - error (0, errno, "%s", d->header.c_name); -+ -+ if (close (out_file_des) < 0) -+ error (0, errno, "%s", d->header.c_name); -+ - if (retain_time_flag) - { - times.actime = times.modtime = d->header.c_mtime; -@@ -557,6 +565,25 @@ - write (out_file_des, "", 1); - delayed_seek_count = 0; - } -+ -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ -+ -+ /* File is now copied; set attributes. */ -+ if (!no_chown_flag) -+ if ((fchown (out_file_des, -+ set_owner_flag ? set_owner : file_hdr->c_uid, -+ set_group_flag ? set_group : file_hdr->c_gid) < 0) -+ && errno != EPERM) -+ error (0, errno, "%s", file_hdr->c_name); -+ -+ /* chown may have turned off some permissions we wanted. */ -+ if (fchmod (out_file_des, (int) file_hdr->c_mode) < 0) -+ error (0, errno, "%s", file_hdr->c_name); -+ - if (close (out_file_des) < 0) - error (0, errno, "%s", file_hdr->c_name); - -@@ -567,18 +594,6 @@ - file_hdr->c_name, crc, file_hdr->c_chksum); - } - -- /* File is now copied; set attributes. */ -- if (!no_chown_flag) -- if ((chown (file_hdr->c_name, -- set_owner_flag ? set_owner : file_hdr->c_uid, -- set_group_flag ? set_group : file_hdr->c_gid) < 0) -- && errno != EPERM) -- error (0, errno, "%s", file_hdr->c_name); -- -- /* chown may have turned off some permissions we wanted. */ -- if (chmod (file_hdr->c_name, (int) file_hdr->c_mode) < 0) -- error (0, errno, "%s", file_hdr->c_name); -- - if (retain_time_flag) - { - struct utimbuf times; /* For setting file times. */ -@@ -589,7 +604,7 @@ - if (utime (file_hdr->c_name, ×) < 0) - error (0, errno, "%s", file_hdr->c_name); - } -- -+ - tape_skip_padding (in_file_des, file_hdr->c_filesize); - if (file_hdr->c_nlink > 1 - && (archive_format == arf_newascii || archive_format == arf_crcascii) ) -@@ -1335,6 +1350,53 @@ - } - } - -+/* Return a safer suffix of FILE_NAME, or "." if it has no safer -+ suffix. Check for fully specified file names and other atrocities. */ -+ -+static const char * -+safer_name_suffix (char const *file_name) -+{ -+ char const *p; -+ -+ /* Skip file system prefixes, leading file name components that contain -+ "..", and leading slashes. */ -+ -+ size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name); -+ -+ for (p = file_name + prefix_len; *p;) -+ { -+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) -+ prefix_len = p + 2 - file_name; -+ -+ do -+ { -+ char c = *p++; -+ if (ISSLASH (c)) -+ break; -+ } -+ while (*p); -+ } -+ -+ for (p = file_name + prefix_len; ISSLASH (*p); p++) -+ continue; -+ prefix_len = p - file_name; -+ -+ if (prefix_len) -+ { -+ char *prefix = alloca (prefix_len + 1); -+ memcpy (prefix, file_name, prefix_len); -+ prefix[prefix_len] = '\0'; -+ -+ -+ error (0, 0, _("Removing leading `%s' from member names"), prefix); -+ } -+ -+ if (!*p) -+ p = "."; -+ -+ return p; -+} -+ - /* Read the collection from standard input and create files - in the file system. */ - -@@ -1445,18 +1507,11 @@ - - /* Do we have to ignore absolute paths, and if so, does the filename - have an absolute path? */ -- if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/') -+ if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0]) - { -- char *p; -+ const char *p = safer_name_suffix (file_hdr.c_name); - -- p = file_hdr.c_name; -- while (*p == '/') -- ++p; -- if (*p == '\0') -- { -- strcpy (file_hdr.c_name, "."); -- } -- else -+ if (p != file_hdr.c_name) - { - /* Debian hack: file_hrd.c_name is sometimes set to - point to static memory by code in tar.c. This -diff -Naur cpio-2.6.vanilla/src/copypass.c cpio-2.6/src/copypass.c ---- cpio-2.6.vanilla/src/copypass.c 2004-09-06 13:09:04.000000000 +0100 -+++ cpio-2.6/src/copypass.c 2005-07-29 13:46:07.000000000 +0100 -@@ -181,19 +181,25 @@ - } - if (close (in_file_des) < 0) - error (0, errno, "%s", input_name.ds_string); -- if (close (out_file_des) < 0) -- error (0, errno, "%s", output_name.ds_string); -- -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ - /* Set the attributes of the new file. */ - if (!no_chown_flag) -- if ((chown (output_name.ds_string, -+ if ((fchown (out_file_des, - set_owner_flag ? set_owner : in_file_stat.st_uid, - set_group_flag ? set_group : in_file_stat.st_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", output_name.ds_string); - /* chown may have turned off some permissions we wanted. */ -- if (chmod (output_name.ds_string, in_file_stat.st_mode) < 0) -+ if (fchmod (out_file_des, in_file_stat.st_mode) < 0) -+ error (0, errno, "%s", output_name.ds_string); -+ -+ if (close (out_file_des) < 0) - error (0, errno, "%s", output_name.ds_string); -+ - if (reset_time_flag) - { - times.actime = in_file_stat.st_atime; -diff -Naur cpio-2.6.vanilla/src/extern.h cpio-2.6/src/extern.h ---- cpio-2.6.vanilla/src/extern.h 2004-09-08 11:49:57.000000000 +0100 -+++ cpio-2.6/src/extern.h 2005-07-29 13:47:34.000000000 +0100 -@@ -46,7 +46,7 @@ - extern int sparse_flag; - extern int quiet_flag; - extern int only_verify_crc_flag; --extern int no_abs_paths_flag; -+extern int abs_paths_flag; - extern unsigned int warn_option; - - /* Values for warn_option */ -@@ -91,6 +91,7 @@ - extern char input_is_seekable; - extern char output_is_seekable; - extern char *program_name; -+extern mode_t sys_umask; - extern int (*xstat) (); - extern void (*copy_function) (); - -diff -Naur cpio-2.6.vanilla/src/global.c cpio-2.6/src/global.c ---- cpio-2.6.vanilla/src/global.c 2004-09-08 11:23:44.000000000 +0100 -+++ cpio-2.6/src/global.c 2005-07-29 13:47:34.000000000 +0100 -@@ -100,7 +100,7 @@ - int only_verify_crc_flag = false; - - /* If true, don't use any absolute paths, prefix them by `./'. */ --int no_abs_paths_flag = false; -+int abs_paths_flag = false; - - #ifdef DEBUG_CPIO - /* If true, print debugging information. */ -@@ -195,6 +195,9 @@ - /* The name this program was run with. */ - char *program_name; - -+/* Debian hack to make the -d option honor the umask. */ -+mode_t sys_umask; -+ - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); -diff -Naur cpio-2.6.vanilla/src/main.c cpio-2.6/src/main.c ---- cpio-2.6.vanilla/src/main.c 2004-11-23 00:42:18.000000000 +0000 -+++ cpio-2.6/src/main.c 2005-07-29 13:47:34.000000000 +0100 -@@ -41,6 +41,7 @@ - - enum cpio_options { - NO_ABSOLUTE_FILENAMES_OPTION=256, -+ ABSOLUTE_FILENAMES_OPTION, - NO_PRESERVE_OWNER_OPTION, - ONLY_VERIFY_CRC_OPTION, - RENAME_BATCH_FILE_OPTION, -@@ -134,6 +135,8 @@ - N_("In copy-in mode, read additional patterns specifying filenames to extract or list from FILE"), 210}, - {"no-absolute-filenames", NO_ABSOLUTE_FILENAMES_OPTION, 0, 0, - N_("Create all files relative to the current directory"), 210}, -+ {"absolute-filenames", ABSOLUTE_FILENAMES_OPTION, 0, 0, -+ N_("do not strip leading file name components that contain \"..\" and leading slashes from file names"), 210}, - {"only-verify-crc", ONLY_VERIFY_CRC_OPTION, 0, 0, - N_("When reading a CRC format archive in copy-in mode, only verify the CRC's of each file in the archive, don't actually extract the files"), 210}, - {"rename", 'r', 0, 0, -@@ -392,7 +395,11 @@ - break; - - case NO_ABSOLUTE_FILENAMES_OPTION: /* --no-absolute-filenames */ -- no_abs_paths_flag = true; -+ abs_paths_flag = false; -+ break; -+ -+ case ABSOLUTE_FILENAMES_OPTION: /* --absolute-filenames */ -+ abs_paths_flag = true; - break; - - case NO_PRESERVE_OWNER_OPTION: /* --no-preserve-owner */ -@@ -631,7 +638,7 @@ - _("--append is used but no archive file name is given (use -F or -O options"))); - - CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--create"); -- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames", "--create"); -+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames", "--create"); - CHECK_USAGE(input_archive_name, "-I", "--create"); - if (archive_name && output_archive_name) - USAGE_ERROR ((0, 0, _("Both -O and -F are used in copy-out mode"))); -@@ -658,7 +665,7 @@ - CHECK_USAGE(rename_flag, "--rename", "--pass-through"); - CHECK_USAGE(append_flag, "--append", "--pass-through"); - CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--pass-through"); -- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames", -+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames", - "--pass-through"); - CHECK_USAGE(to_stdout_option, "--to-stdout", "--pass-through"); - -@@ -740,7 +747,6 @@ - textdomain (PACKAGE); - - program_name = argv[0]; -- umask (0); - - #ifdef __TURBOC__ - _fmode = O_BINARY; /* Put stdin and stdout in binary mode. */ -@@ -751,6 +757,7 @@ - #endif - - process_args (argc, argv); -+ sys_umask = umask (0); - - initialize_buffers (); -
$Lang::tr{'Set time on boot'}
$Lang::tr{'ntp sync'}
$Lang::tr{'every'}: + $Lang::tr{'every'} $Lang::tr{'manually'}
$Lang::tr{'update time'}
 $Lang::tr{'set time now help'}