app-arch/tar: Revision bump to 1.29-r1 to add patch for CVE-2016-6321

Gentoo-Bug: 598334

Package-Manager: portage-2.3.2

2 files changed, 108 insertions, 0 deletions

diff --git a/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
new file mode 100644
index 000000000000..6470fe082bda
--- /dev/null
+++ b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
@@ -0,0 +1,27 @@
+--- a/lib/paxnames.c	2016-04-06 00:04:47.314860045 +0300
++++ b/lib/paxnames.c	2016-04-06 02:08:44.962297881 +0300
+@@ -18,6 +18,7 @@
+ #include <system.h>
+ #include <hash.h>
+ #include <paxlib.h>
++#include <quotearg.h>
+ 
+ 
+ /* Hash tables of strings.  */
+@@ -114,7 +115,15 @@
+       for (p = file_name + prefix_len; *p; )
+ 	{
+           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+-	    prefix_len = p + 2 - file_name;
++            {
++	      static char const *const diagnostic[] =
++	      {
++		N_("%s: Member name contains '..'"),
++		N_("%s: Hard link target contains '..'")
++	      };
++	      ERROR ((0, 0, _(diagnostic[link_target]),
++	              quotearg_colon (file_name)));
++	    }
+ 
+ 	  do
+ 	    {
diff --git a/app-arch/tar/tar-1.29-r1.ebuild b/app-arch/tar/tar-1.29-r1.ebuild
new file mode 100644
index 000000000000..138eccbe0fca
--- /dev/null
+++ b/app-arch/tar/tar-1.29-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="https://www.gnu.org/software/tar/"
+SRC_URI="mirror://gnu/tar/${P}.tar.bz2
+	mirror://gnu-alpha/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr"
+
+RDEPEND="acl? ( virtual/acl )
+	selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+	nls? ( >=sys-devel/gettext-0.10.35 )
+	xattr? ( elibc_glibc? ( sys-apps/attr ) )"
+
+PATCHES=(
+	"${FILESDIR}/${P}-extract-pathname-bypass.patch"
+)
+
+src_prepare() {
+	epatch "${PATCHES[@]}"
+	epatch_user
+
+	if ! use userland_GNU ; then
+		sed -i \
+			-e 's:/backup\.sh:/gbackup.sh:' \
+			scripts/{backup,dump-remind,restore}.in \
+			|| die "sed non-GNU"
+	fi
+}
+
+src_configure() {
+	use static && append-ldflags -static
+	FORCE_UNSAFE_CONFIGURE=1 \
+	econf \
+		--enable-backup-scripts \
+		--bindir="${EPREFIX}"/bin \
+		--libexecdir="${EPREFIX}"/usr/sbin \
+		$(usex userland_GNU "" "--program-prefix=g") \
+		$(use_with acl posix-acls) \
+		$(use_enable nls) \
+		$(use_with selinux) \
+		$(use_with xattr xattrs)
+}
+
+src_install() {
+	default
+
+	local p=$(usex userland_GNU "" "g")
+	if [[ -z ${p} ]] ; then
+		# a nasty yet required piece of baggage
+		exeinto /etc
+		doexe "${FILESDIR}"/rmt
+	fi
+
+	# autoconf looks for gtar before tar (in configure scripts), hence
+	# in Prefix it is important that it is there, otherwise, a gtar from
+	# the host system (FreeBSD, Solaris, Darwin) will be found instead
+	# of the Prefix provided (GNU) tar
+	if use prefix ; then
+		dosym tar /bin/gtar
+	fi
+
+	mv "${ED}"/usr/sbin/${p}backup{,-tar} || die
+	mv "${ED}"/usr/sbin/${p}restore{,-tar} || die
+
+	if use minimal ; then
+		find "${ED}"/etc "${ED}"/*bin/ "${ED}"/usr/*bin/ \
+			-type f -a '!' '(' -name tar -o -name ${p}tar ')' \
+			-delete || die
+	fi
+}