cpio: added patch for CVE-2017-7516. Closes FS#1573

Report and patch from Lee (thanks!)

cpio/.md5sum

@@ -1 +1,2 @@
+c45d7e0ab5109dc26c8bca7d593e2624  CVE-2017-7516.patch
 93eea9f07c0058c097891c73e4955456  cpio-2.12.tar.bz2

cpio/.signature

@@ -1,5 +1,6 @@
 untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqsrY8VOofGawyitEznnklayOnTQil4r0n4a5rZW8mp6gJDxk9F9RmjsBcsUXxgEcrJaRoIxSDLHgT3E2FpZpOwA=
-SHA256 (Pkgfile) = b2951e2caa40ccef2923f69c90b1c119ae06cd92bf40df48d98676c46b234080
+RWRJc1FUaeVeqkRVNaDIKJMoDe/Jh69kKy4ow1rZErb45aghcXR7jJADvsDsZS3ZAnPH5jxAEdEOSOWRILmgkU+Aed5jDL/iZAo=
+SHA256 (Pkgfile) = ee5f0427d665184287623c2cdbc55f3e83cccb9e55695a57c38f50c82ce8a136
 SHA256 (.footprint) = 26cfb1dd44c5356afcdba7aa054685d535b15b4ab96897ad7bd24a6c9a14b9fe
 SHA256 (cpio-2.12.tar.bz2) = 70998c5816ace8407c8b101c9ba1ffd3ebbecba1f5031046893307580ec1296e
+SHA256 (CVE-2017-7516.patch) = 8f65ddc3cd60b1bef5032b1a4bc53f17f1c01f1b2d11c4809f3fd29dd9f3a3fa

cpio/CVE-2017-7516.patch

@@ -0,0 +1,12 @@
+diff --git a/src/copyin.c b/src/copyin.c
+index ba887ae..38ca70e 100644
+--- a/src/copyin.c
++++ b/src/copyin.c
+@@ -645,6 +645,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
+       link_name = xstrdup (file_hdr->c_tar_linkname);
+     }
+ 
++  cpio_safer_name_suffix (link_name, false, !no_abs_paths_flag, false);
+   res = UMASKED_SYMLINK (link_name, file_hdr->c_name,
+ 			 file_hdr->c_mode);
+   if (res < 0 && create_dir_flag)

cpio/Pkgfile

@@ -4,11 +4,13 @@
 
 name=cpio
 version=2.12
-release=1
-source=(http://ftpmirror.gnu.org/gnu/$name/$name-$version.tar.bz2)
+release=2
+source=(http://ftpmirror.gnu.org/gnu/$name/$name-$version.tar.bz2 \
+	CVE-2017-7516.patch)
 
 build() {
     cd $name-$version
+    patch -p1 -i $SRC/CVE-2017-7516.patch
     ./configure --prefix=/usr \
                 --disable-nls
     make