From 730d3ea742358a7ffbb6ad5e024c33dc7a77a11c Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Sat, 29 Jan 2022 06:17:05 +0000 Subject: Sat Jan 29 06:17:05 UTC 2022 a/rpm2tgz-1.2.2-x86_64-5.txz: Rebuilt. rpm2targz: when extracting the cpio archive from inside the RPM, use --no-absolute-filenames to protect against a poorly made RPM scribbling all over system files/directories. Thanks to Sl4ck3ver. Support -i option to ignore non-zero exit value from rpm2cpio. This allows repackaging some malformed RPMs. Thanks to ricky_cardo for the sample malformed RPM. --- source/a/plzip/plzip.SlackBuild | 2 +- ...010-no-absolute-filenames-extracting-cpio.patch | 11 ++++++ .../patches/0011-ignore-rpm2cpio-error-code.patch | 44 ++++++++++++++++++++++ source/a/rpm2tgz/rpm2targz | 2 +- source/a/rpm2tgz/rpm2tgz.SlackBuild | 11 +++++- 5 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 source/a/rpm2tgz/patches/0010-no-absolute-filenames-extracting-cpio.patch create mode 100644 source/a/rpm2tgz/patches/0011-ignore-rpm2cpio-error-code.patch (limited to 'source/a') diff --git a/source/a/plzip/plzip.SlackBuild b/source/a/plzip/plzip.SlackBuild index aefb12048..035d8d1de 100755 --- a/source/a/plzip/plzip.SlackBuild +++ b/source/a/plzip/plzip.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=plzip VERSION=${VERSION:-$(echo $PKGNAM-*.tar.lz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/a/rpm2tgz/patches/0010-no-absolute-filenames-extracting-cpio.patch b/source/a/rpm2tgz/patches/0010-no-absolute-filenames-extracting-cpio.patch new file mode 100644 index 000000000..779012238 --- /dev/null +++ b/source/a/rpm2tgz/patches/0010-no-absolute-filenames-extracting-cpio.patch @@ -0,0 +1,11 @@ +--- ./rpm2targz.orig 2022-01-28 23:26:57.686681986 -0600 ++++ ./rpm2targz 2022-01-28 23:28:18.872683802 -0600 +@@ -175,7 +175,7 @@ + fi + mkdir -p $DEST + ( cd $DEST +- cpio -i -m -d < $ofn 1> /dev/null 2> /dev/null ++ cpio -i -m -d --no-absolute-filenames < $ofn 1> /dev/null 2> /dev/null + rm -f $ofn + find . -type d -perm 700 -exec chmod 755 {} \; + ) diff --git a/source/a/rpm2tgz/patches/0011-ignore-rpm2cpio-error-code.patch b/source/a/rpm2tgz/patches/0011-ignore-rpm2cpio-error-code.patch new file mode 100644 index 000000000..61f5a04ba --- /dev/null +++ b/source/a/rpm2tgz/patches/0011-ignore-rpm2cpio-error-code.patch @@ -0,0 +1,44 @@ +--- ./rpm2targz.orig 2022-01-28 23:51:56.398715512 -0600 ++++ ./rpm2targz 2022-01-28 23:53:21.350717413 -0600 +@@ -50,6 +50,7 @@ + echo " as documention to /usr/doc/\$PRGNAM-\$VERSION/" + echo " -d attempt a wellformed slack-desc from the rpm meta data" + echo " -c reset all directory permissions to 755 and ownership to root:root." ++ echo " -i continue to repackage even if rpm2cpio reports an error" + echo + else + echo "Usage: $0 " +@@ -99,7 +100,7 @@ + usage + fi + +-ARGS=$(getopt "hsSndrc" $* ) ++ARGS=$(getopt "hisSndrc" $* ) + set -- ${ARGS} + for i; do + case "$1" in +@@ -127,6 +128,10 @@ + CHOWN="true" + shift + ;; ++ -i) ++ IGNOREERROR="true" ++ shift ++ ;; + --) + shift + break +@@ -160,8 +165,11 @@ + ofn=$TMPDIR/$(basename $i .rpm).cpio + if which rpm2cpio 1> /dev/null 2> /dev/null ; then + rpm2cpio $i > $ofn 2> /dev/null +- if [ ! $? = 0 ]; then +- echo "ERROR: rpm2cpio failed. (maybe $i is not an RPM?)" ++ ERRORCODE=$? ++ if [ ! $ERRORCODE = 0 -a ! "$IGNOREERROR" = "true" ]; then ++ echo "ERROR: rpm2cpio failed (returned error code $ERRORCODE). Maybe $i is not an RPM?" ++ echo "If you wish to try again, you may ignore the error code and force $0 to try to" ++ echo "create a package by adding this option: -i" + rm -rf $TMPDIR + continue + fi diff --git a/source/a/rpm2tgz/rpm2targz b/source/a/rpm2tgz/rpm2targz index 5c91c64a4..3778cdc2c 100644 --- a/source/a/rpm2tgz/rpm2targz +++ b/source/a/rpm2tgz/rpm2targz @@ -1,7 +1,7 @@ #!/bin/sh # Copyright 1997, 1998 Patrick Volkerding, Moorhead, MN USA # Copyright 2002, 2004 Slackware Linux, Inc., Concord, CA USA -# Copyright 2006, 2009 Patrick Volkerding, Sebeka, MN USA +# Copyright 2006, 2009, 2022 Patrick Volkerding, Sebeka, MN USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is diff --git a/source/a/rpm2tgz/rpm2tgz.SlackBuild b/source/a/rpm2tgz/rpm2tgz.SlackBuild index 1bb9ec115..00ebb5bcb 100755 --- a/source/a/rpm2tgz/rpm2tgz.SlackBuild +++ b/source/a/rpm2tgz/rpm2tgz.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2008, 2009, 2010, 2018, 2022 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=rpm2tgz VERSION=1.2.2 -BUILD=${BUILD:-4} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -78,6 +78,13 @@ cat $CWD/rpm2targz > $PKG/usr/bin/rpm2targz zcat $CWD/patches/0007-Add-support-for-.txz-packages-and-rpm2txz-symlink.patch.gz | patch -p1 || exit 1 zcat $CWD/patches/0008-Avoid-none-values-in-slack-desc.patch.gz | patch -p1 || exit 1 zcat $CWD/patches/0009-Add-c-option-just-as-makepkg-c-y.patch.gz | patch -p1 || exit 1 + # Make sure that if someone created an RPM with absolute filenames that we + # don't allow it to write all over the / directory when we're just trying + # to extract it to make the .tgz: + zcat $CWD/patches/0010-no-absolute-filenames-extracting-cpio.patch.gz | patch -p1 || exit 1 + # Allow ignoring rpm2cpio error code. Some RPMs can be extracted, but + # throw an error anyway. + zcat $CWD/patches/0011-ignore-rpm2cpio-error-code.patch.gz | patch -p1 || exit 1 ) || exit 1 ( cd $PKG/usr/bin ; ln -sf rpm2targz rpm2tgz ) -- cgit v1.2.3-65-gdbad