commit: f79804de6297450e101d97411e7f74f06d22d787
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 17:56:30 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 17:56:30 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f79804de
app-arch/tar: Revision bump to 1.29-r1 to add patch for CVE-2016-6321
Gentoo-Bug: 598334
Package-Manager: portage-2.3.2
.../files/tar-1.29-extract-pathname-bypass.patch | 27 ++++++++
app-arch/tar/tar-1.29-r1.ebuild | 81 ++++++++++++++++++++++
2 files changed, 108 insertions(+)
diff --git a/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
new file mode 100644
index 00000000..6470fe0
--- /dev/null
+++ b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
@@ -0,0 +1,27 @@
+--- a/lib/paxnames.c 2016-04-06 00:04:47.314860045 +0300
++++ b/lib/paxnames.c 2016-04-06 02:08:44.962297881 +0300
+@@ -18,6 +18,7 @@
+ #include <system.h>
+ #include <hash.h>
+ #include <paxlib.h>
++#include <quotearg.h>
+
+ �
+ /* Hash tables of strings. */
+@@ -114,7 +115,15 @@
+ for (p = file_name + prefix_len; *p; )
+ {
+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+- prefix_len = p + 2 - file_name;
++ {
++ static char const *const diagnostic[] =
++ {
++ N_("%s: Member name contains '..'"),
++ N_("%s: Hard link target contains '..'")
++ };
++ ERROR ((0, 0, _(diagnostic[link_target]),
++ quotearg_colon (file_name)));
++ }
+
+ do
+ {
diff --git a/app-arch/tar/tar-1.29-r1.ebuild b/app-arch/tar/tar-1.29-r1.ebuild
new file mode 100644
index 00000000..138eccb
--- /dev/null
+++ b/app-arch/tar/tar-1.29-r1.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="https://www.gnu.org/software/tar/";
+SRC_URI="mirror://gnu/tar/${P}.tar.bz2
+ mirror://gnu-alpha/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd
~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris
~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr"
+
+RDEPEND="acl? ( virtual/acl )
+ selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+ nls? ( >=sys-devel/gettext-0.10.35 )
+ xattr? ( elibc_glibc? ( sys-apps/attr ) )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-extract-pathname-bypass.patch"
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+ epatch_user
+
+ if ! use userland_GNU ; then
+ sed -i \
+ -e 's:/backup\.sh:/gbackup.sh:' \
+ scripts/{backup,dump-remind,restore}.in \
+ || die "sed non-GNU"
+ fi
+}
+
+src_configure() {
+ use static && append-ldflags -static
+ FORCE_UNSAFE_CONFIGURE=1 \
+ econf \
+ --enable-backup-scripts \
+ --bindir="${EPREFIX}"/bin \
+ --libexecdir="${EPREFIX}"/usr/sbin \
+ $(usex userland_GNU "" "--program-prefix=g") \
+ $(use_with acl posix-acls) \
+ $(use_enable nls) \
+ $(use_with selinux) \
+ $(use_with xattr xattrs)
+}
+
+src_install() {
+ default
+
+ local p=$(usex userland_GNU "" "g")
+ if [[ -z ${p} ]] ; then
+ # a nasty yet required piece of baggage
+ exeinto /etc
+ doexe "${FILESDIR}"/rmt
+ fi
+
+ # autoconf looks for gtar before tar (in configure scripts), hence
+ # in Prefix it is important that it is there, otherwise, a gtar from
+ # the host system (FreeBSD, Solaris, Darwin) will be found instead
+ # of the Prefix provided (GNU) tar
+ if use prefix ; then
+ dosym tar /bin/gtar
+ fi
+
+ mv "${ED}"/usr/sbin/${p}backup{,-tar} || die
+ mv "${ED}"/usr/sbin/${p}restore{,-tar} || die
+
+ if use minimal ; then
+ find "${ED}"/etc "${ED}"/*bin/ "${ED}"/usr/*bin/ \
+ -type f -a '!' '(' -name tar -o -name ${p}tar ')' \
+ -delete || die
+ fi
+}
