Description: Fix for not allowing a malicious cpio file to extract to an arbitrary directory.
Origin: http://lwn.net/Articles/143418/
	http://www.xs4all.nl/~hanb/software/crux/han/cpio/cpio.patch
Upstream status: Unknown (2005-07-21)

diff -Nru cpio-2.6/configure.ac cpio-2.6-new/configure.ac
--- cpio-2.6/configure.ac	2004-12-20 11:46:30.000000000 +0100
+++ cpio-2.6-new/configure.ac	2005-07-21 16:07:42.000000000 +0200
@@ -95,7 +95,7 @@
 AC_CHECK_FUNCS(lchown endpwent endgrent)
 AC_FUNC_VPRINTF
 AC_FUNC_ALLOCA
-AC_CHECK_LIB(nsl, gethostname, [LIBS="$LIBS -lnsl"])
+dnl AC_CHECK_LIB(nsl, gethostname, [LIBS="$LIBS -lnsl"])
 AC_CHECK_LIB(socket, setsockopt, [LIBS="$LIBS -lsocket"])
 
 # Gettext.
diff -Nru cpio-2.6/src/copyout.c cpio-2.6-new/src/copyout.c
--- cpio-2.6/src/copyout.c	2004-10-14 11:14:03.000000000 +0200
+++ cpio-2.6-new/src/copyout.c	2005-07-21 16:07:42.000000000 +0200
@@ -305,7 +305,7 @@
       else
 	magic_string = "070701";
       sprintf (ascii_header,
-	       "%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
+	       "%6s%08lx%08lx%08lx%08lx%08lx%08x%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
 	       magic_string,
 	       file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
 	       file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,
diff -Nru cpio-2.6/src/extern.h cpio-2.6-new/src/extern.h
--- cpio-2.6/src/extern.h	2004-09-08 12:49:57.000000000 +0200
+++ cpio-2.6-new/src/extern.h	2005-07-21 16:07:42.000000000 +0200
@@ -91,6 +91,7 @@
 extern char input_is_seekable;
 extern char output_is_seekable;
 extern char *program_name;
+extern mode_t sys_umask;
 extern int (*xstat) ();
 extern void (*copy_function) ();
 
diff -Nru cpio-2.6/src/global.c cpio-2.6-new/src/global.c
--- cpio-2.6/src/global.c	2004-09-08 12:23:44.000000000 +0200
+++ cpio-2.6-new/src/global.c	2005-07-21 16:07:42.000000000 +0200
@@ -195,6 +195,9 @@
 /* The name this program was run with.  */
 char *program_name;
 
+/* Debian hack to make the -d option honor the umask.  */
+mode_t sys_umask;
+
 /* A pointer to either lstat or stat, depending on whether
    dereferencing of symlinks is done for input files.  */
 int (*xstat) ();
diff -Nru cpio-2.6/src/main.c cpio-2.6-new/src/main.c
--- cpio-2.6/src/main.c	2004-11-23 01:42:18.000000000 +0100
+++ cpio-2.6-new/src/main.c	2005-07-21 16:07:42.000000000 +0200
@@ -740,7 +740,6 @@
   textdomain (PACKAGE);
 
   program_name = argv[0];
-  umask (0);
 
 #ifdef __TURBOC__
   _fmode = O_BINARY;		/* Put stdin and stdout in binary mode.  */
@@ -751,6 +750,7 @@
 #endif
 
   process_args (argc, argv);
+  sys_umask = umask (0);
 
   initialize_buffers ();