Glibc built with GCC 4.5 will notice a buffer overflow in the handling of OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil Karlson to avoid this happening; closes bug #317139.

Package-Manager: portage-2.2_rc67/cvs/Linux x86_64
author: Tony Vroon <chainsaw@gentoo.org> 2010-04-25 18:53:46 +0000
committer: Tony Vroon <chainsaw@gentoo.org> 2010-04-25 18:53:46 +0000
commit: 5872a1fc666809c409052e0e505ccc62cccb7e8b (patch)
tree: 037140b310d3f60b3e9718811e66d0b82d8c2434
parent: Delete calls to deprecated python_version(). (diff)
download: historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.tar.gz
historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.tar.bz2
historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.zip
4 files changed, 117 insertions, 5 deletions
diff --git a/app-arch/tar/ChangeLog b/app-arch/tar/ChangeLog
index 629a855a6e46..e9db26d76b07 100644
--- a/app-arch/tar/ChangeLog
+++ b/app-arch/tar/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-arch/tar
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.143 2010/04/25 16:44:23 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.144 2010/04/25 18:53:46 chainsaw Exp $
+
+*tar-1.22-r1 (25 Apr 2010)
+
+  25 Apr 2010; <chainsaw@gentoo.org> +tar-1.22-r1.ebuild,
+  +files/tar-1.22-strncpy.patch:
+  Glibc built with GCC 4.5 will notice a buffer overflow in the handling of
+  OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil
+  Karlson to avoid this happening; closes bug #317139.
 
 *tar-1.23-r1 (25 Apr 2010)
 
diff --git a/app-arch/tar/Manifest b/app-arch/tar/Manifest
index 6e5d5166d85b..9b37d563bf9b 100644
--- a/app-arch/tar/Manifest
+++ b/app-arch/tar/Manifest
@@ -4,6 +4,7 @@ Hash: SHA1
 AUX rmt 273 RMD160 18f5fac369cc3372af7bd83384bb437a67baaa44 SHA1 971081167d145e45288a173d74ca19aa24c0c05e SHA256 8de946561fc5fe3603627c78c9777dc1f7bad7926171822f3a25958a6cd3be55
 AUX tar-1.21-revert-pipe.patch 3701 RMD160 c780024f65b271261f3d02cd9d12c08ccb65f183 SHA1 534b429111dccf6c58d3adafda529c70452ee39b SHA256 26eecb1da171102d3fdc64c66559a41615ca8247ffe3ab4d87b4040873ca8dfd
 AUX tar-1.21-testsuite.patch 3929 RMD160 b37d7633e31a5312b8cac4be90e3810d2ff493ba SHA1 c17909c43bd72c23752ca6b08fcd160c30b2e885 SHA256 21bc687af7390f91bed813858f7ba097a59303fa353e017c309024925caa0211
+AUX tar-1.22-strncpy.patch 1249 RMD160 542af1ab41a609f1fa0189a83a6ca8c6363a94fe SHA1 af241c59cde042a78da2b0478822c099d96468e8 SHA256 a6f857c6747b1fb2a850ac7059e1c7b598bdb8641ac11a77f48e7d326a8a258f
 AUX tar-1.23-strncpy.patch 1249 RMD160 1e0f8fcc6152ec3cc4208a5efebdb4d97b928113 SHA1 9a4c94827703fae8572246c6380d55821db15196 SHA256 d88ba0b9d3b5dc9a8d6b70e4e71c376ff8dcd3412cb8ffceca3a722a17dbaa85
 AUX tar.1 16821 RMD160 f58bc7cfeeee0cc811a6c2b5dd1dffe8b197231e SHA1 b354f0803c03cd59fe24f93d532f27f6f0136316 SHA256 f3558b444ab9427c06bc92838c29194051ed64edd0a909163cfa715cc7e6dcdd
 DIST tar-1.20.tar.bz2 1912591 RMD160 cb5a708e847489e5370b83a433f3e847ce359e56 SHA1 4d4cda2ce857b5ea77b39dc718260ab09c145335 SHA256 be8bf33afb5adc2377e45d94693ffd46b75f267f9b808df0c7006e51211f9deb
@@ -12,15 +13,16 @@ DIST tar-1.22.tar.bz2 2094575 RMD160 62436792e47586f00a9aa8f5eaac87b9ce61d503 SH
 DIST tar-1.23.tar.bz2 2189324 RMD160 e79062b7f69d80b734445306f69fb8b96801e909 SHA1 6f3b1443a019da02e4ec20a1446d4aa54b488071 SHA256 c9328372db62fbb1d94c9e4e3cefc961111af46de47085b635359c00a0eebe36
 EBUILD tar-1.20.ebuild 1654 RMD160 b7bb0fc7bdcfbf33d00fc8a337e8c15c9a801147 SHA1 d80c6ea3d8e71e2a3c8eed9f652ac88babd17dec SHA256 1ba966014de965854cbd2a98aebb899392e889512492a5b5507c57fe59dba496
 EBUILD tar-1.21-r1.ebuild 1782 RMD160 b720a7bd217875e8c03b0b41b460a35a28bcf49c SHA1 489f1d5205b3587d44d8b44c628c7da5525b519b SHA256 c6cc9ba591d974f1911b67e058fdc39fb5b598f031d9e717363ed30cea96e7b9
+EBUILD tar-1.22-r1.ebuild 1783 RMD160 63e68ca7d7e3e9ea66de96000eb87417f4c1f393 SHA1 79751f031b9dabc55ee749122d120085264b22f1 SHA256 253d53116b0a87c712aef285d55ee09dd9b68d213e73ecaaece9bdf597b9a500
 EBUILD tar-1.22.ebuild 1729 RMD160 0f54056f5863afc1cdb87ace86712a36933b3e29 SHA1 58b1d09e17c7c0157d5a0a52a43e2493c80b3066 SHA256 51f382602aad242486d56fcd715a855ef80e5a3db0729d5b2f2438913577fff4
 EBUILD tar-1.23-r1.ebuild 1718 RMD160 ff1571a774e125fcad74d5f1bad2e977f4786953 SHA1 ffc3192881ff573d35c3b581c8881764cf48d302 SHA256 ab5f9599221a0159706943f800b349827a478ddf52b69f8d68ff1188ffe1925c
 EBUILD tar-1.23.ebuild 1663 RMD160 f54f04ef4da24ed97afe7a26aa6e775e5563fe1d SHA1 9c22cb430e703495be53a8d9b91dfc31ec5844fc SHA256 910f5402d7ec00820439cfeb4136f3ccf94cb22653479c9a5375b8fac120cea2
-MISC ChangeLog 21312 RMD160 53b7535dca723d51c0ff41c45836932f39c17639 SHA1 c719ecad21d42ac93a66b383db5d0e507417622a SHA256 b22b33272c83fb167be016eb576b223a8585a58c393d8a064bd953b61702497d
+MISC ChangeLog 21637 RMD160 200de1bd6b67724cf9a021fc01db53b7d60047bc SHA1 3137fb442e85a4579955c314a62c3f7ecd454086 SHA256 7f4783e5243361855bd5c2eb04a54880a559fd8a64cc3f7d77637de45f7d779e
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.15 (GNU/Linux)
 
-iEYEARECAAYFAkvUcagACgkQp5vW4rUFj5pbRwCglFgyX2khGuUsDfk+F/vlDWs3
-dkQAnjeX7eiCgpK8tcYGoZdzQMiPgPF2
-=1V0J
+iEYEARECAAYFAkvUj/sACgkQp5vW4rUFj5rQ8wCfcssrc7a7JWgJEcC0NJOy2X6t
+mG0AniUrlV4ArydoEsvHweteUTdEe7Me
+=U7jE
 -----END PGP SIGNATURE-----
diff --git a/app-arch/tar/files/tar-1.22-strncpy.patch b/app-arch/tar/files/tar-1.22-strncpy.patch
new file mode 100644
index 000000000000..6c439170ec40
--- /dev/null
+++ b/app-arch/tar/files/tar-1.22-strncpy.patch
@@ -0,0 +1,32 @@
+diff -uNr tar-1.22.ORIG//src/create.c tar-1.22/src/create.c
+--- tar-1.22.ORIG//src/create.c	2010-04-25 19:50:28.147606290 +0100
++++ tar-1.22/src/create.c	2010-04-25 19:50:44.849606051 +0100
+@@ -577,7 +577,10 @@
+   GNAME_TO_CHARS (tmpname, header->header.gname);
+   free (tmpname);
+ 
+-  strcpy (header->header.magic, OLDGNU_MAGIC);
++  /* OLDGNU_MAGIC is string with 7 chars + NULL */
++  strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
++  strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
++           sizeof(header->header.version));
+   header->header.typeflag = type;
+   finish_header (st, header, -1);
+ 
+@@ -907,9 +910,13 @@
+       break;
+ 
+     case OLDGNU_FORMAT:
+-    case GNU_FORMAT:   /*FIXME?*/
+-      /* Overwrite header->header.magic and header.version in one blow.  */
+-      strcpy (header->header.magic, OLDGNU_MAGIC);
++    case GNU_FORMAT:
++      /* OLDGNU_MAGIC is string with 7 chars + NULL */
++      strncpy (header->header.magic, OLDGNU_MAGIC,
++               sizeof(header->header.magic));
++      strncpy (header->header.version,
++               OLDGNU_MAGIC+sizeof(header->header.magic),
++               sizeof(header->header.version));
+       break;
+ 
+     case POSIX_FORMAT:
diff --git a/app-arch/tar/tar-1.22-r1.ebuild b/app-arch/tar/tar-1.22-r1.ebuild
new file mode 100644
index 000000000000..c67a65b9d076
--- /dev/null
+++ b/app-arch/tar/tar-1.22-r1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.22-r1.ebuild,v 1.1 2010/04/25 18:53:46 chainsaw Exp $
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="http://www.gnu.org/software/tar/"
+SRC_URI="http://ftp.gnu.org/gnu/tar/${P}.tar.bz2
+	ftp://alpha.gnu.org/gnu/tar/${P}.tar.bz2
+	mirror://gnu/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="nls static userland_GNU"
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+	nls? ( >=sys-devel/gettext-0.10.35 )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${PN}-1.21-revert-pipe.patch #252680
+	epatch "${FILESDIR}"/${P}-strncpy.patch #317139
+
+	if ! use userland_GNU ; then
+		sed -i \
+			-e 's:/backup\.sh:/gbackup.sh:' \
+			scripts/{backup,dump-remind,restore}.in \
+			|| die "sed non-GNU"
+	fi
+}
+
+src_compile() {
+	local myconf
+	use static && append-ldflags -static
+	use userland_GNU || myconf="--program-prefix=g"
+	# Work around bug in sandbox #67051
+	gl_cv_func_chown_follows_symlink=yes \
+	econf \
+		--enable-backup-scripts \
+		--bindir=/bin \
+		--libexecdir=/usr/sbin \
+		$(use_enable nls) \
+		${myconf} || die
+	emake || die "emake failed"
+}
+
+src_install() {
+	local p=""
+	use userland_GNU || p=g
+
+	emake DESTDIR="${D}" install || die "make install failed"
+
+	if [[ -z ${p} ]] ; then
+		# a nasty yet required piece of baggage
+		exeinto /etc
+		doexe "${FILESDIR}"/rmt || die
+	fi
+
+	dodoc AUTHORS ChangeLog* NEWS README* PORTS THANKS
+	newman "${FILESDIR}"/tar.1 ${p}tar.1
+	mv "${D}"/usr/sbin/${p}backup{,-tar}
+	mv "${D}"/usr/sbin/${p}restore{,-tar}
+
+	rm -f "${D}"/usr/$(get_libdir)/charset.alias
+}
author	Tony Vroon <chainsaw@gentoo.org>	2010-04-25 18:53:46 +0000
committer	Tony Vroon <chainsaw@gentoo.org>	2010-04-25 18:53:46 +0000
commit	5872a1fc666809c409052e0e505ccc62cccb7e8b (patch)
tree	037140b310d3f60b3e9718811e66d0b82d8c2434
parent	Delete calls to deprecated python_version(). (diff)
download	historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.tar.gz historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.tar.bz2 historical-5872a1fc666809c409052e0e505ccc62cccb7e8b.zip