From f79804de6297450e101d97411e7f74f06d22d787 Mon Sep 17 00:00:00 2001 From: Patrick McLean Date: Fri, 28 Oct 2016 10:56:30 -0700 Subject: app-arch/tar: Revision bump to 1.29-r1 to add patch for CVE-2016-6321 Gentoo-Bug: 598334 Package-Manager: portage-2.3.2 --- .../files/tar-1.29-extract-pathname-bypass.patch | 27 ++++++++ app-arch/tar/tar-1.29-r1.ebuild | 81 ++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch create mode 100644 app-arch/tar/tar-1.29-r1.ebuild (limited to 'app-arch') diff --git a/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch new file mode 100644 index 000000000000..6470fe082bda --- /dev/null +++ b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch @@ -0,0 +1,27 @@ +--- a/lib/paxnames.c 2016-04-06 00:04:47.314860045 +0300 ++++ b/lib/paxnames.c 2016-04-06 02:08:44.962297881 +0300 +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + + /* Hash tables of strings. */ +@@ -114,7 +115,15 @@ + for (p = file_name + prefix_len; *p; ) + { + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) +- prefix_len = p + 2 - file_name; ++ { ++ static char const *const diagnostic[] = ++ { ++ N_("%s: Member name contains '..'"), ++ N_("%s: Hard link target contains '..'") ++ }; ++ ERROR ((0, 0, _(diagnostic[link_target]), ++ quotearg_colon (file_name))); ++ } + + do + { diff --git a/app-arch/tar/tar-1.29-r1.ebuild b/app-arch/tar/tar-1.29-r1.ebuild new file mode 100644 index 000000000000..138eccbe0fca --- /dev/null +++ b/app-arch/tar/tar-1.29-r1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit flag-o-matic eutils + +DESCRIPTION="Use this to make tarballs :)" +HOMEPAGE="https://www.gnu.org/software/tar/" +SRC_URI="mirror://gnu/tar/${P}.tar.bz2 + mirror://gnu-alpha/tar/${P}.tar.bz2" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr" + +RDEPEND="acl? ( virtual/acl ) + selinux? ( sys-libs/libselinux )" +DEPEND="${RDEPEND} + nls? ( >=sys-devel/gettext-0.10.35 ) + xattr? ( elibc_glibc? ( sys-apps/attr ) )" + +PATCHES=( + "${FILESDIR}/${P}-extract-pathname-bypass.patch" +) + +src_prepare() { + epatch "${PATCHES[@]}" + epatch_user + + if ! use userland_GNU ; then + sed -i \ + -e 's:/backup\.sh:/gbackup.sh:' \ + scripts/{backup,dump-remind,restore}.in \ + || die "sed non-GNU" + fi +} + +src_configure() { + use static && append-ldflags -static + FORCE_UNSAFE_CONFIGURE=1 \ + econf \ + --enable-backup-scripts \ + --bindir="${EPREFIX}"/bin \ + --libexecdir="${EPREFIX}"/usr/sbin \ + $(usex userland_GNU "" "--program-prefix=g") \ + $(use_with acl posix-acls) \ + $(use_enable nls) \ + $(use_with selinux) \ + $(use_with xattr xattrs) +} + +src_install() { + default + + local p=$(usex userland_GNU "" "g") + if [[ -z ${p} ]] ; then + # a nasty yet required piece of baggage + exeinto /etc + doexe "${FILESDIR}"/rmt + fi + + # autoconf looks for gtar before tar (in configure scripts), hence + # in Prefix it is important that it is there, otherwise, a gtar from + # the host system (FreeBSD, Solaris, Darwin) will be found instead + # of the Prefix provided (GNU) tar + if use prefix ; then + dosym tar /bin/gtar + fi + + mv "${ED}"/usr/sbin/${p}backup{,-tar} || die + mv "${ED}"/usr/sbin/${p}restore{,-tar} || die + + if use minimal ; then + find "${ED}"/etc "${ED}"/*bin/ "${ED}"/usr/*bin/ \ + -type f -a '!' '(' -name tar -o -name ${p}tar ')' \ + -delete || die + fi +} -- cgit v1.2.3-65-gdbad