Red Hat Bugzilla – Bug 1318084
cpio 2.11 fails to extract archive (upstream fix available, backport request)
Last modified: 2018-04-10 06:07:50 EDT
Description of problem: The cpio version delivered with RHEL 7 is not able to extract files from a certain archive (see below for details on how to get that archive). Version-Release number of selected component (if applicable): Name : cpio Arch : x86_64 Version : 2.11 Release : 24.el7 Steps to Reproduce: The archive in question is part of the Mac OS X 10.11.3 update and can be obtained as follows: $ curl -s -L -r "187085540-191012220" "https://support.apple.com/downloads/DL1858/en_US/osxupd10.11.3.dmg" > osxupd10.11.3.dmg.chunk $ file osxupd10.11.3.dmg.chunk osxupd10.11.3.dmg.chunk: XZ compressed data $ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz Actual results: Files cannot be listed or extracted. $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz cpio: premature end of file Expected results: Files can be listed or extracted. $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz cpio: warning: skipped 448149 bytes of junk ./System/Library/Extensions/AMDShared.bundle/Contents/_CodeSignature ... [list of further files contained in the archive] ... ./System/Library/Extensions/AppleCameraInterface.kext/Contents/MacOS/AppleCameraInterface cpio: premature end of file Additional info: It's a bug in cpio 2.11 that has been fixed in 2.12. The commit that introduced the bug is: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=27e0ae559068c65a54299b5540f8154deb641f7c The commit that fixed the bug is: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d116c4564c1796be9be2799619cf7785d07 It works when building the upstream 2.11 sources with this patch applied: https://gist.github.com/yantarou/ecf0931d13203fb8bbde
Created attachment 1136807 [details] Patch file for upstream version 2.11
Thanks for the report, upstream discussion: http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00007.html -- Thank you for taking the time to enter a bug report with us. We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit https://www.redhat.com/support/process/production/#howto
(In reply to Jan Hilberath from comment #0) > $ unxz < osxupd10.11.3.dmg.chunk > osxupd10.11.3.dmg.chunk.unxz > ... BTW: This command says this on my RHEL7 box ... unxz: (stdin): Unexpected end of input > $ cpio --format odc -t < osxupd10.11.3.dmg.chunk.unxz > cpio: premature end of file ... which might be the reason for cpio failure.
Pavel, that's unrelated. Just copying cpio from Debian (which has the fix) makes it work fine.
Thanks for quick update, Ward. It is however (without any other context) really suspicious archive (there's unclear what archive is behind: binary?, ustar?, odc?, newc? .., and what partitioning (chunks) is used). Unless we find this is really important issue, I'd like to close this bug and possibly find a reproducer for RHEL. So better reproducer is welcome. To be honest, this bug has now really low priority (and unlikely to be fixed), because there is no support ticket assigned to this bug (see the comment #3). I (engineering guy) am not allowed to fix this issue and if nothing changes, I won't be.
Hi Pavel, This archive is the firmware needed to use the facetimehd webcam on recent Macbooks. There is an out-of-tree kernel module for it: https://github.com/patjak/bcwc_pcie And it needs the Apple firmware to work: https://github.com/patjak/bcwc_pcie/wiki/Get-Started#firmware-extraction But this is all unrelated. It's just a bug in cpio that is already fixed upstream. It would be nice if you could backport it but I understand that it is not exactly high priority.
Ah, I see the issue now (and again) :) so to not forget before next reiteration, I'll rather be more verbose. The original issue fixed upstream [1] was that we wanted to "extract" cpio archive with (some) broken member headers. Fixed very soon after CVE-2014-9112 fix. In this bug, however, we so far talked about extracting arbitrarily cut part of a _compressed_ cpio archive. And that causes troubles for both decompresser and then cpio. That's not guaranteed in general. > But this is all unrelated. It's just a bug in cpio that is already fixed > upstream. The fix you try to have is related to different cpio header damages, at least I think because I haven't carefully analyzed your case. You seem to be lucky that cpio recovers in this case, and that's not a good reason to update cpio. The main issue I see here is that there is potential NULL dereference which leads to cpio segfaults (and that's why I'll keep this open). > It would be nice if you could backport it but I understand that it is > not exactly high priority. Thanks for understanding, I'll keep this open, but unless we'll have support requests it is unlikely to be fixed. <the right fix for your case> I would recommend downloading the whole archive (all chunks) and unxz it as a solid piece of data (then you'll have valid cpio archive, too). The other option is to play with curl's option '--range', but you'll just have a valid compressed chunk. So what you probably want is to download the chunk and copy _only_ the valid part of archive out with /bin/dd (you need to know offsets). This is the only reliable way how to extract what you want in general. </the fix> [1] http://www.mail-archive.com/bug-cpio@gnu.org/msg00509.html
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0693