Glibc built with GCC 4.5 will notice a buffer overflow in the handling of OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil Karlson to avoid this happening; closes bug #317139.

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64
author: Tony Vroon <chainsaw@gentoo.org> 2010-04-25 16:44:23 +0000
committer: Tony Vroon <chainsaw@gentoo.org> 2010-04-25 16:44:23 +0000
commit: 824a6994800e84959b1372c04095e54c4435ca2e (patch)
tree: c0458f082ab34208575454ac427861b724c276d5 /app-arch/tar
parent: Drop ruby19 and jruby so that this version can be stabilized. (diff)
download: historical-824a6994800e84959b1372c04095e54c4435ca2e.tar.gz
historical-824a6994800e84959b1372c04095e54c4435ca2e.tar.bz2
historical-824a6994800e84959b1372c04095e54c4435ca2e.zip
4 files changed, 118 insertions, 7 deletions
diff --git a/app-arch/tar/ChangeLog b/app-arch/tar/ChangeLog
index 18d82f212691..629a855a6e46 100644
--- a/app-arch/tar/ChangeLog
+++ b/app-arch/tar/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-arch/tar
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.142 2010/03/10 13:55:50 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.143 2010/04/25 16:44:23 chainsaw Exp $
+
+*tar-1.23-r1 (25 Apr 2010)
+
+  25 Apr 2010; <chainsaw@gentoo.org> +tar-1.23-r1.ebuild,
+  +files/tar-1.23-strncpy.patch:
+  Glibc built with GCC 4.5 will notice a buffer overflow in the handling of
+  OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil
+  Karlson to avoid this happening; closes bug #317139.
 
 *tar-1.23 (10 Mar 2010)
 
diff --git a/app-arch/tar/Manifest b/app-arch/tar/Manifest
index f8f54fa82bc4..6e5d5166d85b 100644
--- a/app-arch/tar/Manifest
+++ b/app-arch/tar/Manifest
@@ -1,9 +1,10 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
+Hash: SHA1
 
 AUX rmt 273 RMD160 18f5fac369cc3372af7bd83384bb437a67baaa44 SHA1 971081167d145e45288a173d74ca19aa24c0c05e SHA256 8de946561fc5fe3603627c78c9777dc1f7bad7926171822f3a25958a6cd3be55
 AUX tar-1.21-revert-pipe.patch 3701 RMD160 c780024f65b271261f3d02cd9d12c08ccb65f183 SHA1 534b429111dccf6c58d3adafda529c70452ee39b SHA256 26eecb1da171102d3fdc64c66559a41615ca8247ffe3ab4d87b4040873ca8dfd
 AUX tar-1.21-testsuite.patch 3929 RMD160 b37d7633e31a5312b8cac4be90e3810d2ff493ba SHA1 c17909c43bd72c23752ca6b08fcd160c30b2e885 SHA256 21bc687af7390f91bed813858f7ba097a59303fa353e017c309024925caa0211
+AUX tar-1.23-strncpy.patch 1249 RMD160 1e0f8fcc6152ec3cc4208a5efebdb4d97b928113 SHA1 9a4c94827703fae8572246c6380d55821db15196 SHA256 d88ba0b9d3b5dc9a8d6b70e4e71c376ff8dcd3412cb8ffceca3a722a17dbaa85
 AUX tar.1 16821 RMD160 f58bc7cfeeee0cc811a6c2b5dd1dffe8b197231e SHA1 b354f0803c03cd59fe24f93d532f27f6f0136316 SHA256 f3558b444ab9427c06bc92838c29194051ed64edd0a909163cfa715cc7e6dcdd
 DIST tar-1.20.tar.bz2 1912591 RMD160 cb5a708e847489e5370b83a433f3e847ce359e56 SHA1 4d4cda2ce857b5ea77b39dc718260ab09c145335 SHA256 be8bf33afb5adc2377e45d94693ffd46b75f267f9b808df0c7006e51211f9deb
 DIST tar-1.21.tar.bz2 2071237 RMD160 316e3148f0a392b66423fd73f7dae17cd2f03b90 SHA1 4563bc828e7d285eb466a9587af88e7e1556cf88 SHA256 dc6c70d2071ca4a928460b6d68ab500a32e67d50255261a0d17765a307aeb350
@@ -12,13 +13,14 @@ DIST tar-1.23.tar.bz2 2189324 RMD160 e79062b7f69d80b734445306f69fb8b96801e909 SH
 EBUILD tar-1.20.ebuild 1654 RMD160 b7bb0fc7bdcfbf33d00fc8a337e8c15c9a801147 SHA1 d80c6ea3d8e71e2a3c8eed9f652ac88babd17dec SHA256 1ba966014de965854cbd2a98aebb899392e889512492a5b5507c57fe59dba496
 EBUILD tar-1.21-r1.ebuild 1782 RMD160 b720a7bd217875e8c03b0b41b460a35a28bcf49c SHA1 489f1d5205b3587d44d8b44c628c7da5525b519b SHA256 c6cc9ba591d974f1911b67e058fdc39fb5b598f031d9e717363ed30cea96e7b9
 EBUILD tar-1.22.ebuild 1729 RMD160 0f54056f5863afc1cdb87ace86712a36933b3e29 SHA1 58b1d09e17c7c0157d5a0a52a43e2493c80b3066 SHA256 51f382602aad242486d56fcd715a855ef80e5a3db0729d5b2f2438913577fff4
+EBUILD tar-1.23-r1.ebuild 1718 RMD160 ff1571a774e125fcad74d5f1bad2e977f4786953 SHA1 ffc3192881ff573d35c3b581c8881764cf48d302 SHA256 ab5f9599221a0159706943f800b349827a478ddf52b69f8d68ff1188ffe1925c
 EBUILD tar-1.23.ebuild 1663 RMD160 f54f04ef4da24ed97afe7a26aa6e775e5563fe1d SHA1 9c22cb430e703495be53a8d9b91dfc31ec5844fc SHA256 910f5402d7ec00820439cfeb4136f3ccf94cb22653479c9a5375b8fac120cea2
-MISC ChangeLog 20985 RMD160 09b05f494ad416f6cbda6f00c75350e08d7b13f8 SHA1 3d73dd3980ed3a12f05c7d8b7dad49f7086ab334 SHA256 a3a46d0b8510c67bd42cd00f26b536ea776d05c7e4753985dfe26da6dc6732b9
+MISC ChangeLog 21312 RMD160 53b7535dca723d51c0ff41c45836932f39c17639 SHA1 c719ecad21d42ac93a66b383db5d0e507417622a SHA256 b22b33272c83fb167be016eb576b223a8585a58c393d8a064bd953b61702497d
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
+Version: GnuPG v2.0.15 (GNU/Linux)
 
-iF4EAREIAAYFAkuXpQ8ACgkQTwhj9JtAlp5NlQD/b3LWHN+hkW81xkxcH3JdB2Jr
-AWfIODIU/diBt31KYnwA/1pa1Hl+/wcT9YjvnSgvp1Y83vfU2WQHfKBn9sDS1knu
-=N1DE
+iEYEARECAAYFAkvUcagACgkQp5vW4rUFj5pbRwCglFgyX2khGuUsDfk+F/vlDWs3
+dkQAnjeX7eiCgpK8tcYGoZdzQMiPgPF2
+=1V0J
 -----END PGP SIGNATURE-----
diff --git a/app-arch/tar/files/tar-1.23-strncpy.patch b/app-arch/tar/files/tar-1.23-strncpy.patch
new file mode 100644
index 000000000000..c4939268c219
--- /dev/null
+++ b/app-arch/tar/files/tar-1.23-strncpy.patch
@@ -0,0 +1,32 @@
+diff -uNr tar-1.23.ORIG//src/create.c tar-1.23/src/create.c
+--- tar-1.23.ORIG//src/create.c	2010-04-25 17:36:03.553606076 +0100
++++ tar-1.23/src/create.c	2010-04-25 17:36:16.294605862 +0100
+@@ -575,7 +575,10 @@
+   GNAME_TO_CHARS (tmpname, header->header.gname);
+   free (tmpname);
+ 
+-  strcpy (header->header.magic, OLDGNU_MAGIC);
++  /* OLDGNU_MAGIC is string with 7 chars + NULL */
++  strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
++  strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
++           sizeof(header->header.version));
+   header->header.typeflag = type;
+   finish_header (st, header, -1);
+ 
+@@ -910,9 +913,13 @@
+       break;
+ 
+     case OLDGNU_FORMAT:
+-    case GNU_FORMAT:   /*FIXME?*/
+-      /* Overwrite header->header.magic and header.version in one blow.  */
+-      strcpy (header->header.magic, OLDGNU_MAGIC);
++    case GNU_FORMAT:
++      /* OLDGNU_MAGIC is string with 7 chars + NULL */
++      strncpy (header->header.magic, OLDGNU_MAGIC,
++               sizeof(header->header.magic));
++      strncpy (header->header.version,
++               OLDGNU_MAGIC+sizeof(header->header.magic),
++               sizeof(header->header.version));
+       break;
+ 
+     case POSIX_FORMAT:
diff --git a/app-arch/tar/tar-1.23-r1.ebuild b/app-arch/tar/tar-1.23-r1.ebuild
new file mode 100644
index 000000000000..03bac74a9a0a
--- /dev/null
+++ b/app-arch/tar/tar-1.23-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.23-r1.ebuild,v 1.1 2010/04/25 16:44:23 chainsaw Exp $
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="http://www.gnu.org/software/tar/"
+SRC_URI="http://ftp.gnu.org/gnu/tar/${P}.tar.bz2
+	ftp://alpha.gnu.org/gnu/tar/${P}.tar.bz2
+	mirror://gnu/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="nls static userland_GNU"
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+	nls? ( >=sys-devel/gettext-0.10.35 )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${P}-strncpy.patch #317139
+
+	if ! use userland_GNU ; then
+		sed -i \
+			-e 's:/backup\.sh:/gbackup.sh:' \
+			scripts/{backup,dump-remind,restore}.in \
+			|| die "sed non-GNU"
+	fi
+}
+
+src_compile() {
+	local myconf
+	use static && append-ldflags -static
+	use userland_GNU || myconf="--program-prefix=g"
+	# Work around bug in sandbox #67051
+	gl_cv_func_chown_follows_symlink=yes \
+	econf \
+		--enable-backup-scripts \
+		--bindir=/bin \
+		--libexecdir=/usr/sbin \
+		$(use_enable nls) \
+		${myconf} || die
+	emake || die "emake failed"
+}
+
+src_install() {
+	local p=""
+	use userland_GNU || p=g
+
+	emake DESTDIR="${D}" install || die "make install failed"
+
+	if [[ -z ${p} ]] ; then
+		# a nasty yet required piece of baggage
+		exeinto /etc
+		doexe "${FILESDIR}"/rmt || die
+	fi
+
+	dodoc AUTHORS ChangeLog* NEWS README* THANKS
+	newman "${FILESDIR}"/tar.1 ${p}tar.1
+	mv "${D}"/usr/sbin/${p}backup{,-tar}
+	mv "${D}"/usr/sbin/${p}restore{,-tar}
+
+	rm -f "${D}"/usr/$(get_libdir)/charset.alias
+}
author	Tony Vroon <chainsaw@gentoo.org>	2010-04-25 16:44:23 +0000
committer	Tony Vroon <chainsaw@gentoo.org>	2010-04-25 16:44:23 +0000
commit	824a6994800e84959b1372c04095e54c4435ca2e (patch)
tree	c0458f082ab34208575454ac427861b724c276d5 /app-arch/tar
parent	Drop ruby19 and jruby so that this version can be stabilized. (diff)
download	historical-824a6994800e84959b1372c04095e54c4435ca2e.tar.gz historical-824a6994800e84959b1372c04095e54c4435ca2e.tar.bz2 historical-824a6994800e84959b1372c04095e54c4435ca2e.zip