cpio/revert-CVE-2015-1197.patch

From 250cae97153b438f5644e5d96814a7f5cb8c80e5 Mon Sep 17 00:00:00 2001
From: Liquor <lirui130@huawei.com>
Date: Thu, 26 Nov 2020 19:13:13 +0800
Subject: [PATCH] revert "CVE-2015-1197"

reason:
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00016.html
https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00013.html

---
 src/copyin.c           |  5 ++---
 tests/CVE-2015-1197.at | 40 ----------------------------------------
 tests/Makefile.am      |  1 -
 tests/testsuite.at     |  1 -
 4 files changed, 2 insertions(+), 45 deletions(-)
 delete mode 100644 tests/CVE-2015-1197.at

diff --git a/src/copyin.c b/src/copyin.c
index 2316feb..3960769 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -646,14 +646,13 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
       link_name = xstrdup (file_hdr->c_tar_linkname);
     }
 
-  cpio_safer_name_suffix (link_name, true, !no_abs_paths_flag, false);
-  
   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
 			 file_hdr->c_mode);
   if (res < 0 && create_dir_flag)
     {
       create_all_directories (file_hdr->c_name);
-      res = UMASKED_SYMLINK (link_name, file_hdr->c_name, file_hdr->c_mode);
+      res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+			     file_hdr->c_mode);
     }
   if (res < 0)
     {
diff --git a/tests/CVE-2015-1197.at b/tests/CVE-2015-1197.at
deleted file mode 100644
index 74591b1..0000000
--- a/tests/CVE-2015-1197.at
+++ /dev/null
@@ -1,40 +0,0 @@
-# Process this file with autom4te to create testsuite.  -*- Autotest -*-
-# Copyright (C) 2009-2023 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-AT_SETUP([CVE-2015-1197 (--no-absolute-filenames for symlinks)])
-AT_CHECK([
-tempdir=$(pwd)/tmp
-mkdir $tempdir
-touch $tempdir/file
-ln -s $tempdir dir
-AT_DATA([filelist],
-[dir
-dir/file
-])
-cpio -o < filelist > test.cpio
-rm -rf dir $tempdir
-cpio --no-absolute-filenames -iv < test.cpio
-],
-[2],
-[],
-[1 block
-dir
-cpio: dir/file: Cannot open: Not a directory
-dir/file
-1 block
-])
-AT_CLEANUP
-
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 52503c9..022a856 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -56,7 +56,6 @@ TESTSUITE_AT = \
  symlink-to-stdout.at\
  version.at\
  big-block-size.at\
- CVE-2015-1197.at\
  CVE-2019-14866.at
 
 TESTSUITE = $(srcdir)/testsuite
diff --git a/tests/testsuite.at b/tests/testsuite.at
index c58cbb7..da3ba75 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -43,5 +43,4 @@ m4_include([setstat04.at])
 m4_include([setstat05.at])
 m4_include([big-block-size.at])
 
-m4_include([CVE-2015-1197.at])
 m4_include([CVE-2019-14866.at])
-- 
2.27.0