Ubuntu
cpio package

cpio 2.13+dfsg-2ubuntu0.4 breaks zfs build (alien command fails)

Bug #2066157 reported by James Dingwall
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cpio (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I'm not sure where the true fault is but the problem only happens after updating the cpio package from 2.13+dfsg-2ubuntu0.3 to 2.13+dfsg-2ubuntu0.4. The zfs build creates .rpms which are then converted to .debs. The failure message is:

```
name=zfs; \
version=2.1.15-1; \
arch=`rpm -qp ${name}-kmod-${version}.src.rpm --qf %{arch} | tail -1`; \
debarch=`dpkg --print-architecture`; \
pkg1=kmod-${name}*${version}.${arch}.rpm; \
fakeroot alien --bump=0 --scripts --to-deb --target=$debarch $pkg1 || exit 1; \
rm -f $pkg1
kmod-zfs-5.15.0-107-generic_2.1.15-1_amd64.deb generated
kmod-zfs-devel_2.1.15-1_amd64.deb generated
Unpacking of 'kmod-zfs-devel-5.15.0-107-generic-2.1.15-1.x86_64.rpm' failed at /usr/share/perl5/Alien/Package/Rpm.pm line 168, <GETPERMS> line 315.
```

Looking at the alien source the command that fails is:

```
        $this->do("rpm2cpio '".$this->filename."' | (cd $workdir; $decomp cpio --extract --make-directories --no-absolute-filenames --preserve-modification-time) 2>&1")
                or die "Unpacking of '".$this->filename."' failed";
```

Examining the content of the .rpm:

```
# rpm -qlv kmod-zfs-devel-5.4.0-174-lowlatency-2.1.15-1.x86_64.rpm
lrwxrwxrwx 1 root root 34 May 20 09:14 /usr/src/spl-2.1.15/5.4.0-174-lowlatency -> ../zfs-2.1.15/5.4.0-174-lowlatency
drwxr-xr-x 2 root root 0 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency
-rw-r--r-- 1 root root 164782 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency/Module.symvers
lrwxrwxrwx 1 root root 11 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl.release -> zfs.release
lrwxrwxrwx 1 root root 12 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl_config.h -> zfs_config.h
-rw-r--r-- 1 root root 9 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs.release
-rw-r--r-- 1 root root 28937 May 20 09:14 /usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs_config.h
```

Changing the command being executed for testing purposes:

```
# apt-cache policy cpio; rm -rf /tmp/x; mkdir /tmp/x ; rpm2cpio kmod-zfs-devel-5.4.0-174-lowlatency-2.1.15-1.x86_64.rpm | (cd /tmp/x; cpio -v --extract --make-directories --no-absolute-filenames --preserve-modification-time) ; echo $?
cpio:
  Installed: 2.13+dfsg-2ubuntu0.3
  Candidate: 2.13+dfsg-2ubuntu0.4
  Version table:
     2.13+dfsg-2ubuntu0.4 500
        500 https://apt-mirror-00.example.com/apt/2024-05-19/archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 https://apt-mirror-00.example.com/apt/2024-05-19/security.ubuntu.com/ubuntu focal-security/main amd64 Packages
 *** 2.13+dfsg-2ubuntu0.3 100
        100 /var/lib/dpkg/status
     2.13+dfsg-2 500
        500 https://apt-mirror-00.example.com/apt/2024-05-19/archive.ubuntu.com/ubuntu focal/main amd64 Packages
./usr/src/spl-2.1.15/5.4.0-174-lowlatency
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/Module.symvers
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl.release
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl_config.h
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs.release
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs_config.h
381 blocks
0
```

vs

```
# apt-cache policy cpio; rm -rf /tmp/x; mkdir /tmp/x ; rpm2cpio kmod-zfs-devel-5.4.0-174-lowlatency-2.1.15-1.x86_64.rpm | (cd /tmp/x; cpio -v --extract --make-directories --no-absolute-filenames --preserve-modification-time) ; echo $?
cpio:
  Installed: 2.13+dfsg-2ubuntu0.4
  Candidate: 2.13+dfsg-2ubuntu0.4
  Version table:
 *** 2.13+dfsg-2ubuntu0.4 500
        500 https://apt-mirror-00.example.com/apt/2024-05-19/archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 https://apt-mirror-00.example.com/apt/2024-05-19/security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.13+dfsg-2 500
        500 https://apt-mirror-00.example.com/apt/2024-05-19/archive.ubuntu.com/ubuntu focal/main amd64 Packages
cpio: ./usr/src/spl-2.1.15/5.4.0-174-lowlatency: Cannot open: No such file or directory
./usr/src/spl-2.1.15/5.4.0-174-lowlatency
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/Module.symvers
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl.release
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/spl_config.h
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs.release
./usr/src/zfs-2.1.15/5.4.0-174-lowlatency/zfs_config.h
381 blocks
2
```

See original description

CVE References

Revision history for this message
James Dingwall (a-james-launchpad) wrote :

This same issue has been observed trying to build in a jammy system with cpio=2.13+dfsg-7ubuntu0.1.

James Dingwall (a-james-launchpad)
description: updated
description: updated
description: updated
Revision history for this message
James Dingwall (a-james-launchpad) wrote :

I have confirmed that downgrading cpio to 2.13+dfsg-7 also resolves the build error in that environment.

Revision history for this message
paulcd2000 (paulcd2000) wrote :

I can confirm this issue, I have a cpio archive generated by extracting the rpm from the ZFS build that errors on a system with 2.13+dfsg-2ubuntu0.4, and work on a system with 2.13+dfsg-2ubuntu0.3.

Given that the difference beteeen both 2ubuntu0.3 and 2ubuntu0.4 AND 7ubuntu and 7ubuntu0.1 is the fix for CVE-2023-7207, my guess is that that fix is broken in some way.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cpio (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.