Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTony Vroon <chainsaw@gentoo.org>2010-04-25 18:53:46 +0000
committerTony Vroon <chainsaw@gentoo.org>2010-04-25 18:53:46 +0000
commit0b3e7504f992868ea7007d5e1826281d31db95e9 (patch)
tree6d9eb8eaac054d3ec670c90a2524e1a477bf0180
parentDelete calls to deprecated python_version(). (diff)
downloadgentoo-2-0b3e7504f992868ea7007d5e1826281d31db95e9.tar.gz
gentoo-2-0b3e7504f992868ea7007d5e1826281d31db95e9.tar.bz2
gentoo-2-0b3e7504f992868ea7007d5e1826281d31db95e9.zip
Glibc built with GCC 4.5 will notice a buffer overflow in the handling of OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil Karlson to avoid this happening; closes bug #317139.
(Portage version: 2.2_rc67/cvs/Linux x86_64)
Diffstat
-rw-r--r--app-arch/tar/ChangeLog10
-rw-r--r--app-arch/tar/files/tar-1.22-strncpy.patch32
-rw-r--r--app-arch/tar/tar-1.22-r1.ebuild70
3 files changed, 111 insertions, 1 deletions
diff --git a/app-arch/tar/ChangeLog b/app-arch/tar/ChangeLog
index 629a855a6e46..e9db26d76b07 100644
--- a/app-arch/tar/ChangeLog
+++ b/app-arch/tar/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-arch/tar
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.143 2010/04/25 16:44:23 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/ChangeLog,v 1.144 2010/04/25 18:53:46 chainsaw Exp $
+
+*tar-1.22-r1 (25 Apr 2010)
+
+ 25 Apr 2010; <chainsaw@gentoo.org> +tar-1.22-r1.ebuild,
+ +files/tar-1.22-strncpy.patch:
+ Glibc built with GCC 4.5 will notice a buffer overflow in the handling of
+ OLD_GNU magic bytes and kill us. Apply a Fedora patch scavenged by Emil
+ Karlson to avoid this happening; closes bug #317139.
*tar-1.23-r1 (25 Apr 2010)
diff --git a/app-arch/tar/files/tar-1.22-strncpy.patch b/app-arch/tar/files/tar-1.22-strncpy.patch
new file mode 100644
index 000000000000..6c439170ec40
--- /dev/null
+++ b/app-arch/tar/files/tar-1.22-strncpy.patch
@@ -0,0 +1,32 @@
+diff -uNr tar-1.22.ORIG//src/create.c tar-1.22/src/create.c
+--- tar-1.22.ORIG//src/create.c 2010-04-25 19:50:28.147606290 +0100
++++ tar-1.22/src/create.c 2010-04-25 19:50:44.849606051 +0100
+@@ -577,7 +577,10 @@
+ GNAME_TO_CHARS (tmpname, header->header.gname);
+ free (tmpname);
+
+- strcpy (header->header.magic, OLDGNU_MAGIC);
++ /* OLDGNU_MAGIC is string with 7 chars + NULL */
++ strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
++ strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
++ sizeof(header->header.version));
+ header->header.typeflag = type;
+ finish_header (st, header, -1);
+
+@@ -907,9 +910,13 @@
+ break;
+
+ case OLDGNU_FORMAT:
+- case GNU_FORMAT: /*FIXME?*/
+- /* Overwrite header->header.magic and header.version in one blow. */
+- strcpy (header->header.magic, OLDGNU_MAGIC);
++ case GNU_FORMAT:
++ /* OLDGNU_MAGIC is string with 7 chars + NULL */
++ strncpy (header->header.magic, OLDGNU_MAGIC,
++ sizeof(header->header.magic));
++ strncpy (header->header.version,
++ OLDGNU_MAGIC+sizeof(header->header.magic),
++ sizeof(header->header.version));
+ break;
+
+ case POSIX_FORMAT:
diff --git a/app-arch/tar/tar-1.22-r1.ebuild b/app-arch/tar/tar-1.22-r1.ebuild
new file mode 100644
index 000000000000..c67a65b9d076
--- /dev/null
+++ b/app-arch/tar/tar-1.22-r1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/tar/tar-1.22-r1.ebuild,v 1.1 2010/04/25 18:53:46 chainsaw Exp $
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="http://www.gnu.org/software/tar/"
+SRC_URI="http://ftp.gnu.org/gnu/tar/${P}.tar.bz2
+ ftp://alpha.gnu.org/gnu/tar/${P}.tar.bz2
+ mirror://gnu/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="nls static userland_GNU"
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+ nls? ( >=sys-devel/gettext-0.10.35 )"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}"/${PN}-1.21-revert-pipe.patch #252680
+ epatch "${FILESDIR}"/${P}-strncpy.patch #317139
+
+ if ! use userland_GNU ; then
+ sed -i \
+ -e 's:/backup\.sh:/gbackup.sh:' \
+ scripts/{backup,dump-remind,restore}.in \
+ || die "sed non-GNU"
+ fi
+}
+
+src_compile() {
+ local myconf
+ use static && append-ldflags -static
+ use userland_GNU || myconf="--program-prefix=g"
+ # Work around bug in sandbox #67051
+ gl_cv_func_chown_follows_symlink=yes \
+ econf \
+ --enable-backup-scripts \
+ --bindir=/bin \
+ --libexecdir=/usr/sbin \
+ $(use_enable nls) \
+ ${myconf} || die
+ emake || die "emake failed"
+}
+
+src_install() {
+ local p=""
+ use userland_GNU || p=g
+
+ emake DESTDIR="${D}" install || die "make install failed"
+
+ if [[ -z ${p} ]] ; then
+ # a nasty yet required piece of baggage
+ exeinto /etc
+ doexe "${FILESDIR}"/rmt || die
+ fi
+
+ dodoc AUTHORS ChangeLog* NEWS README* PORTS THANKS
+ newman "${FILESDIR}"/tar.1 ${p}tar.1
+ mv "${D}"/usr/sbin/${p}backup{,-tar}
+ mv "${D}"/usr/sbin/${p}restore{,-tar}
+
+ rm -f "${D}"/usr/$(get_libdir)/charset.alias
+}