$OpenBSD: patch-src_main_c,v 1.4 2015/09/17 20:16:49 naddy Exp $

CVE-2015-1197: cpio directory traversal

--- src/main.c.orig	Sat Sep 12 12:57:30 2015
+++ src/main.c	Wed Sep 16 23:22:21 2015
@@ -61,7 +61,8 @@ enum cpio_options {
   TO_STDOUT_OPTION,
   RENUMBER_INODES_OPTION,
   IGNORE_DEVNO_OPTION,
-  DEVICE_INDEPENDENT_OPTION
+  DEVICE_INDEPENDENT_OPTION,
+  EXTRACT_OVER_SYMLINKS
 };
 
 const char *program_authors[] =
@@ -243,6 +244,8 @@ static struct argp_option options[] = {
    N_("Create leading directories where needed"), GRID+1 },
   {"no-preserve-owner", NO_PRESERVE_OWNER_OPTION, 0, 0,
    N_("Do not change the ownership of the files"), GRID+1 },
+  {"extract-over-symlinks", EXTRACT_OVER_SYMLINKS, 0, 0,
+   N_("Force writing over symbolic links"), GRID+1 },
   {"unconditional", 'u', NULL, 0,
    N_("Replace all files unconditionally"), GRID+1 },
   {"sparse", SPARSE_OPTION, NULL, 0,
@@ -430,6 +433,10 @@ crc newc odc bin ustar tar (all-caps also recognized)"
 	USAGE_ERROR ((0, 0,  
 		      _("--no-preserve-owner cannot be used with --owner")));
       no_chown_flag = true;
+      break;
+
+    case EXTRACT_OVER_SYMLINKS:		        /* --extract-over-symlinks */
+      extract_over_symlinks = true;
       break;
 
     case 'o':		/* Copy-out mode.  */
