From 9616efdbb807c06ba9be6bea3087ef6e39f75c83 Mon Sep 17 00:00:00 2001
From: Eric Hameleers <alien@slackware.com>
Date: Wed, 20 Nov 2019 23:21:44 +0100
Subject: Remove '--no-absolute-filenames' from cpio invocations

Since cpio 2.13, this option strips '/' and '../' from symbolic and
hard links during extraction of a cpio archive like our initramfs.
This is implemented as a fix for CVE-2015-1197 but breaks the initrd.
And leaving out this option does not have the adverse effect
I always thought it would have... archive extraction is still done
into the current directory and not in the filesystem root.
---
 make_slackware_live.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'make_slackware_live.sh')

diff --git a/make_slackware_live.sh b/make_slackware_live.sh
index ce0e7dd..a4c133d 100755
--- a/make_slackware_live.sh
+++ b/make_slackware_live.sh
@@ -1587,7 +1587,7 @@ if ls ${LIVE_ROOTDIR}/boot/vmlinuz-huge-* 1>/dev/null 2>/dev/null; then
   # and move them to a single directory in the ISO:
   mkdir -p  ${LIVE_ROOTDIR}/usr/share/${LIVEMAIN}
   cd  ${LIVE_ROOTDIR}/usr/share/${LIVEMAIN}
-    uncompressfs ${DEF_SL_PKGROOT}/../isolinux/initrd.img | cpio -i -d -H newc --no-absolute-filenames usr/lib/setup/* sbin/probe sbin/fixdate
+    uncompressfs ${DEF_SL_PKGROOT}/../isolinux/initrd.img | cpio -i -d -m -H newc usr/lib/setup/* sbin/probe sbin/fixdate
     mv -i usr/lib/setup/* sbin/probe sbin/fixdate .
     rm -r usr sbin
     rm -f setup
-- 
cgit v1.2.3