Bug 1318084
| Summary: | cpio 2.11 fails to extract archive (upstream fix available, backport request) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Hilberath <hilbe> | ||||
| Component: | cpio | Assignee: | Pavel Raiskup <praiskup> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Vaclav Danek <vdanek> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.2 | CC: | acaringi, atodorov, vdanek, wpoely86 | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | cpio-2.11-27.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-04-10 10:07:29 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Jan Hilberath
2016-03-16 02:22:20 UTC
Created attachment 1136807 [details]
Patch file for upstream version 2.11
Thanks for the report, upstream discussion: http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00007.html -- Thank you for taking the time to enter a bug report with us. We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit https://www.redhat.com/support/process/production/#howto (In reply to Jan Hilberath from comment #0) > $ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz > ... BTW: This command says this on my RHEL7 box ... unxz: (stdin): Unexpected end of input > $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz > cpio: premature end of file ... which might be the reason for cpio failure. Pavel, that's unrelated. Just copying cpio from Debian (which has the fix) makes it work fine. Thanks for quick update, Ward. It is however (without any other context) really suspicious archive (there's unclear what archive is behind: binary?, ustar?, odc?, newc? .., and what partitioning (chunks) is used). Unless we find this is really important issue, I'd like to close this bug and possibly find a reproducer for RHEL. So better reproducer is welcome. To be honest, this bug has now really low priority (and unlikely to be fixed), because there is no support ticket assigned to this bug (see the comment #3). I (engineering guy) am not allowed to fix this issue and if nothing changes, I won't be. Hi Pavel, This archive is the firmware needed to use the facetimehd webcam on recent Macbooks. There is an out-of-tree kernel module for it: https://github.com/patjak/bcwc_pcie And it needs the Apple firmware to work: https://github.com/patjak/bcwc_pcie/wiki/Get-Started#firmware-extraction But this is all unrelated. It's just a bug in cpio that is already fixed upstream. It would be nice if you could backport it but I understand that it is not exactly high priority. Ah, I see the issue now (and again) :) so to not forget before next reiteration, I'll rather be more verbose. The original issue fixed upstream [1] was that we wanted to "extract" cpio archive with (some) broken member headers. Fixed very soon after CVE-2014-9112 fix. In this bug, however, we so far talked about extracting arbitrarily cut part of a _compressed_ cpio archive. And that causes troubles for both decompresser and then cpio. That's not guaranteed in general. > But this is all unrelated. It's just a bug in cpio that is already fixed > upstream. The fix you try to have is related to different cpio header damages, at least I think because I haven't carefully analyzed your case. You seem to be lucky that cpio recovers in this case, and that's not a good reason to update cpio. The main issue I see here is that there is potential NULL dereference which leads to cpio segfaults (and that's why I'll keep this open). > It would be nice if you could backport it but I understand that it is > not exactly high priority. Thanks for understanding, I'll keep this open, but unless we'll have support requests it is unlikely to be fixed. <the right fix for your case> I would recommend downloading the whole archive (all chunks) and unxz it as a solid piece of data (then you'll have valid cpio archive, too). The other option is to play with curl's option '--range', but you'll just have a valid compressed chunk. So what you probably want is to download the chunk and copy _only_ the valid part of archive out with /bin/dd (you need to know offsets). This is the only reliable way how to extract what you want in general. </the fix> [1] http://www.mail-archive.com/bug-cpio@gnu.org/msg00509.html Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0693 |