summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNed Ludd <solar@gentoo.org>2006-03-07 19:51:33 +0000
committerNed Ludd <solar@gentoo.org>2006-03-07 19:51:33 +0000
commit3549af16729e2fa9c72abe719f4bff74f5c2801f (patch)
tree64f4c3be12fad62e30873eeb64574bf6252d9530 /app-arch
parentForgot to fix the Makefile for PPC (for the --without-java fix) (diff)
downloadgentoo-2-3549af16729e2fa9c72abe719f4bff74f5c2801f.tar.gz
gentoo-2-3549af16729e2fa9c72abe719f4bff74f5c2801f.tar.bz2
gentoo-2-3549af16729e2fa9c72abe719f4bff74f5c2801f.zip
- security bump. numerous bugs in xheader.c ; CVE-2006-0300 ; bug 123038
(Portage version: 2.1_pre4-r1)
Diffstat (limited to 'app-arch')
-rw-r--r--app-arch/tar/ChangeLog10
-rw-r--r--app-arch/tar/Manifest47
-rw-r--r--app-arch/tar/files/digest-tar-1.15.1-r13
-rw-r--r--app-arch/tar/files/tar-CVE-2006-0300.patch121
-rw-r--r--app-arch/tar/tar-1.15.1-r1.ebuild77
5 files changed, 245 insertions, 13 deletions
diff --git a/app-arch/tar/ChangeLog b/app-arch/tar/ChangeLog
index e69e15d19d85..2670c498bdc3 100644
--- a/app-arch/tar/ChangeLog
+++ b/app-arch/tar/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-arch/tar
-# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.52 2005/08/12 08:39:38 flameeyes Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.53 2006/03/07 19:51:33 solar Exp $
+
+*tar-1.15.1-r1 (07 Mar 2006)
+
+ 07 Mar 2006; <solar@gentoo.org> +files/tar-CVE-2006-0300.patch,
+ +tar-1.15.1-r1.ebuild:
+ - security bump. numerous bugs in xheader.c ; CVE-2006-0300 ; bug 123038
12 Aug 2005; Diego Pettenò <flameeyes@gentoo.org> tar-1.15.1.ebuild:
Remove the charset.alias file (created on non-GNU systems, useless here).
diff --git a/app-arch/tar/Manifest b/app-arch/tar/Manifest
index f4aad89fb1a1..d6f6d315aa23 100644
--- a/app-arch/tar/Manifest
+++ b/app-arch/tar/Manifest
@@ -1,23 +1,48 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 9f329eaebb848a7d0232c5127b9d2773 ChangeLog 10668
+MD5 c9c64f2e5629802f4f728f67a212cbb5 ChangeLog 10865
+RMD160 11976edfea8960a8bdd18dc2a8b12f87db3bfdf3 ChangeLog 10865
+SHA256 39cbd6e3625cd749a3b1bb9a86040d4eedc2d2cbed1321742da1ff150c7fcdca ChangeLog 10865
MD5 a1433bcc25f8f63d8ee96bddbf877962 files/1.15.1-flex-arg.patch 519
+RMD160 7859cef187a2bb7a85ee74d310d8d9f9e25e411b files/1.15.1-flex-arg.patch 519
+SHA256 c594e45633cf45306060c6fa2649a1033b8955e8d86bca349dadbd686c505f93 files/1.15.1-flex-arg.patch 519
MD5 9873b609521d574ae1f98d1c092c80e4 files/append.at 1065
+RMD160 2c4875d13e7fe7f324fceaa5de8f7f9778cb7e07 files/append.at 1065
+SHA256 4cfab61e61427e091b4409d39cfc41cd24db7b1948134a9fe49916711ab45d6f files/append.at 1065
MD5 e7c9ac5824e453f73a56032123c46f97 files/digest-tar-1.14 62
+RMD160 d2936a138d8c8fe281af93627228a5ac49db4d29 files/digest-tar-1.14 62
+SHA256 bbcbb622679d81a979d5f122ffd634b67926510d169c0372c4d1b029c7e397c9 files/digest-tar-1.14 62
MD5 1ce0c7df0ad9ec0c279340132692d7d4 files/digest-tar-1.15.1 64
+RMD160 32d50b7ec775afe42658cd9c8259ff47388c975d files/digest-tar-1.15.1 64
+SHA256 fc1114fb23b853b92ed91903c0a26e482b84194414732a74ccba050a17121a9b files/digest-tar-1.15.1 64
+MD5 f7a21f9f5928613f14747b9af765414f files/digest-tar-1.15.1-r1 238
+RMD160 f3ddee28290c332c2f47deb49c798a117bcbcb60 files/digest-tar-1.15.1-r1 238
+SHA256 eea23c8236851bf6a88f8c709db6bd7a4ba13c77bb454702bee6d9d494c5c8e6 files/digest-tar-1.15.1-r1 238
MD5 6c645ac1da5d382a9f7ca85729b7e9e9 files/tar-1.15.1-dont-abort-long-names.patch 1586
+RMD160 3c13978030c20830996fd56ddeb3f95024c23530 files/tar-1.15.1-dont-abort-long-names.patch 1586
+SHA256 049132675793b924a581fcf025c449bff03b29b754f1eda85cbf30a0b962daa7 files/tar-1.15.1-dont-abort-long-names.patch 1586
MD5 971970980dc4f15a093acfe810dae560 files/tar-1.15.1-gcc4-test.patch 637
+RMD160 d68855cb453cf5372c127976348725e4f948ab52 files/tar-1.15.1-gcc4-test.patch 637
+SHA256 5934d530e51e17c9f7ee8d82149f8a5ec56f3ba45a68a4434360a23c750eb5bf files/tar-1.15.1-gcc4-test.patch 637
MD5 71aa7eea494a25b07f4ea14a7f8a7a99 files/tar-1.15.1-less-verbose-newer.patch 770
+RMD160 a133fef0ae9fedc44e79f9c44ebf47a8e53b58e6 files/tar-1.15.1-less-verbose-newer.patch 770
+SHA256 2247c879862ced954d20b77adca5bfd18519da0bee67ea946fe3a047c28b167e files/tar-1.15.1-less-verbose-newer.patch 770
MD5 c6222f8e6644e897361b0426c753fc8d files/tar-1.15.1-lseek.patch 5270
+RMD160 5f9b369b4c6bb0160c6cc4fe37af83d9cc1e016f files/tar-1.15.1-lseek.patch 5270
+SHA256 a633c41829595a7f31d25cd0711d473bb79c3bf552a6fd6f13f8758d3342b8ba files/tar-1.15.1-lseek.patch 5270
+MD5 2e0f6c79abe0ead888d78dfeca151ff0 files/tar-CVE-2006-0300.patch 3677
+RMD160 924b5e6aa64df7cb6ba3314ae114b12e26db3210 files/tar-CVE-2006-0300.patch 3677
+SHA256 1eb197a54ef561c2e5589663bf7cc75dbb641907dec295210003bfe990699e90 files/tar-CVE-2006-0300.patch 3677
MD5 faf9e0ee102b11c24ce1645ec3847643 files/tar.1 12886
+RMD160 cf5d4b864a562a11725811c6378840aa2d9bcfd5 files/tar.1 12886
+SHA256 e283a0a341baae4a5ed7b5149aa2bb13111ccea2184fb3fe968a82f6fd5c4f95 files/tar.1 12886
MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
+RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
+SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92 metadata.xml 164
MD5 d4f800ee8a2c5ddd00931249e680def8 tar-1.14.ebuild 1329
+RMD160 9d88370eb3cf5cabf303d5a6d17fb9bc40c5db13 tar-1.14.ebuild 1329
+SHA256 1c5fe7d0433f9bfb5a3f874a1e3fd7dd74aae5a24908e893ba450c0e9537c2d8 tar-1.14.ebuild 1329
+MD5 6c4edb8f77a763a5c5616a899a6b77c2 tar-1.15.1-r1.ebuild 2108
+RMD160 94643dc27daaa261dce13a75f5ed101441e2e420 tar-1.15.1-r1.ebuild 2108
+SHA256 d6a7f4e24a3a312a85919073d7dd0e0d12d4ec30ddf6ddbf80b660dee75f55c8 tar-1.15.1-r1.ebuild 2108
MD5 e9fe7de46eb4b1aa489fc8a619e1f042 tar-1.15.1.ebuild 2046
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2 (GNU/Linux)
-
-iD8DBQFDhWG2gIKl8Uu19MoRAsZ9AJ9XpYnum84eZd6owo/l2yACFijj0gCfcARl
-s+GuDqzm8pc2acQFDnij4Sk=
-=6IQL
------END PGP SIGNATURE-----
+RMD160 e346fdab686eed6297d588eaa6da5985719961db tar-1.15.1.ebuild 2046
+SHA256 84970c0f467e30f4fa034c923e570a59441927909c0bb4c198bf3ea5b7580e99 tar-1.15.1.ebuild 2046
diff --git a/app-arch/tar/files/digest-tar-1.15.1-r1 b/app-arch/tar/files/digest-tar-1.15.1-r1
new file mode 100644
index 000000000000..e268145cd501
--- /dev/null
+++ b/app-arch/tar/files/digest-tar-1.15.1-r1
@@ -0,0 +1,3 @@
+MD5 57da3c38f8e06589699548a34d5a5d07 tar-1.15.1.tar.bz2 1611489
+RMD160 8de6b53b67294a942faec7638fb2cb2b4cccdac1 tar-1.15.1.tar.bz2 1611489
+SHA256 cc9a67d0bcdd6fd9f454893537799f98a4fd96e49e693e5b75b0604b9e3d2267 tar-1.15.1.tar.bz2 1611489
diff --git a/app-arch/tar/files/tar-CVE-2006-0300.patch b/app-arch/tar/files/tar-CVE-2006-0300.patch
new file mode 100644
index 000000000000..679f81898540
--- /dev/null
+++ b/app-arch/tar/files/tar-CVE-2006-0300.patch
@@ -0,0 +1,121 @@
+--- src/xheader.c.orig 2004-09-06 06:31:14.000000000 -0500
++++ src/xheader.c 2006-02-08 16:59:46.000000000 -0500
+@@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k
+ xheader_print (xhdr, keyword, sbuf);
+ }
+
++static bool
++decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
++ char const *keyword)
++{
++ uintmax_t u;
++ char *arg_lim;
++
++ if (! (ISDIGIT (*arg)
++ && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
++ {
++ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
++ keyword, arg));
++ return false;
++ }
++
++ if (! (u <= maxval && errno != ERANGE))
++ {
++ ERROR ((0, 0, _("Extended header %s=%s is out of range"),
++ keyword, arg));
++ return false;
++ }
++
++ *num = u;
++ return true;
++}
++
+ static void
+ dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
+ char const *keyword __attribute__ ((unused)),
+@@ -821,7 +847,7 @@ static void
+ gid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
+ st->stat.st_gid = u;
+ }
+
+@@ -903,7 +929,7 @@ static void
+ size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
+ st->archive_file_size = st->stat.st_size = u;
+ }
+
+@@ -918,7 +944,7 @@ static void
+ uid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
+ st->stat.st_uid = u;
+ }
+
+@@ -946,7 +972,7 @@ static void
+ sparse_size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
+ st->stat.st_size = u;
+ }
+
+@@ -962,10 +988,10 @@ static void
+ sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
+ {
+ st->sparse_map_size = u;
+- st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
++ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
+ st->sparse_map_avail = 0;
+ }
+ }
+@@ -982,8 +1008,14 @@ static void
+ sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
++ {
++ if (st->sparse_map_avail < st->sparse_map_size)
+ st->sparse_map[st->sparse_map_avail].offset = u;
++ else
++ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
++ "GNU.sparse.offset", arg));
++ }
+ }
+
+ static void
+@@ -998,15 +1030,13 @@ static void
+ sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
+ {
+ if (st->sparse_map_avail == st->sparse_map_size)
+- {
+- st->sparse_map_size *= 2;
+- st->sparse_map = xrealloc (st->sparse_map,
+- st->sparse_map_size
+- * sizeof st->sparse_map[0]);
+- }
++ st->sparse_map = x2nrealloc (st->sparse_map,
++ &st->sparse_map_size,
++ sizeof st->sparse_map[0]);
++
+ st->sparse_map[st->sparse_map_avail++].numbytes = u;
+ }
+ }
diff --git a/app-arch/tar/tar-1.15.1-r1.ebuild b/app-arch/tar/tar-1.15.1-r1.ebuild
new file mode 100644
index 000000000000..66eaadf6f026
--- /dev/null
+++ b/app-arch/tar/tar-1.15.1-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.15.1-r1.ebuild,v 1.1 2006/03/07 19:51:33 solar Exp $
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="http://www.gnu.org/software/tar/"
+SRC_URI="http://ftp.gnu.org/gnu/tar/${P}.tar.bz2
+ http://alpha.gnu.org/gnu/tar/${P}.tar.bz2
+ mirror://gnu/tar/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="nls static build bzip2"
+
+RDEPEND="app-arch/gzip
+ bzip2? ( app-arch/bzip2 )"
+DEPEND="${RDEPEND}
+ nls? ( >=sys-devel/gettext-0.10.35 )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/${PV}-flex-arg.patch
+ epatch "${FILESDIR}"/${P}-gcc4-test.patch #88214
+ epatch "${FILESDIR}"/${P}-dont-abort-long-names.patch #87540
+ epatch "${FILESDIR}"/${P}-less-verbose-newer.patch #86467
+ epatch "${FILESDIR}"/${P}-lseek.patch
+ epatch "${FILESDIR}"/${PN}-CVE-2006-0300.patch
+
+ cp "${FILESDIR}"/append.at tests/
+
+ if ! use userland_GNU ; then
+ sed -i \
+ -e 's:/backup\.sh:/gbackup.sh:' \
+ scripts/{backup,dump-remind,restore}.in \
+ || die "sed non-GNU"
+ fi
+}
+
+src_compile() {
+ local myconf
+ use static && append-ldflags -static
+ use userland_GNU || myconf="--program-prefix=g"
+ # Work around bug in sandbox #67051
+ gl_cv_func_chown_follows_symlink=yes \
+ econf \
+ --enable-backup-scripts \
+ --bindir=/bin \
+ --libexecdir=/usr/sbin \
+ $(use_enable nls) \
+ ${myconf} || die
+ emake || die "emake failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+ # a nasty yet required symlink
+ local p=""
+ use userland_GNU || p=g
+ dodir /etc
+ dosym /usr/sbin/${p}rmt /etc/${p}rmt
+ if use build ; then
+ rm -r "${D}"/usr
+ else
+ dodir /usr/bin
+ dosym /bin/${p}tar /usr/bin/${p}tar
+ dodoc AUTHORS ChangeLog* NEWS README* PORTS THANKS
+ newman "${FILESDIR}"/tar.1 ${p}tar.1
+ mv "${D}"/usr/sbin/${p}backup{,-tar}
+ mv "${D}"/usr/sbin/${p}restore{,-tar}
+ fi
+
+ rm -f ${D}/usr/$(get_libdir)/charset.alias
+}