gentoo auto-resync : 25:03:2023 - 06:49:35

4 files changed, 139 insertions, 1 deletions

diff --git a/app-arch/tar/Manifest b/app-arch/tar/Manifest
index b8e8410b4436..60a47e680095 100644
--- a/app-arch/tar/Manifest
+++ b/app-arch/tar/Manifest
@@ -1,5 +1,7 @@
 AUX rmt 263 BLAKE2B 7535dd27d5ba367066cd519dee06f053cde9d4f1e86728059935fb80e9a9880e7a934076949af54e47ee7de3f91452f2c642780e7d56619f166574633d1e4759 SHA512 2f1a9d3a522fc1f0d5385d1ea4c27da88a1c9357b866340432c6310604c01d3e328e33080ed1e951c0da6f025c3ee2a0c9f170d4b86a1d235ebb56be48fef152
+AUX tar-1.34-fix-cve-2022-48303.patch 1123 BLAKE2B fd1fd30443372eb29ba6168ec421be849682587c40ecefe5a96050566ec198e680dd9e9baeacecb9ed01376672d826a65573f10e7dd443b7a79dcd66caf33060 SHA512 c9e21ac3bcb592262da9db07d0772d0c14b6e1d0c59542ef984b37e36987d6292343f228622433aed1bd776ca1f5fd049fe00661ec8661c608aad21637f13477
 DIST tar-1.34.tar.xz 2226068 BLAKE2B 741a662457509a6775338ffe5d2d84872fcf38b93ace70c8b748a81055b9b62f65a48c4e541955d08ae99e6f528509e89eacd7c799a65bcc3d017a259110c115 SHA512 5e77c4a7b49983ad7d15238c2bce28be7a8aa437b4b1815fc00abd13096da308b6bba196cc6e3ed79d85e62823d520ae0d8fcda2d93873842cf84dc3369fc902
 DIST tar-1.34.tar.xz.sig 181 BLAKE2B 2fae91293a9dacda0374706e1f83498042a9d5224f80f6f0e14abdb914cb5a8e980f720eb4a453485844c7fe26e0525f230c0eab11c7fa89159a1a929370795c SHA512 55297f41549deee511f5b14c6b5dc7bb3d9282dad52bcc85f9dddfad24b677f989ba86387ad9b133c3698feedbd6b6cd7e9f005e8e4c89f72c80543eeceb78f7
-EBUILD tar-1.34-r2.ebuild 2350 BLAKE2B 47563f0ed793806f802dd0f10f49b2de323bdb8f99387ba8ab341e1e7074cd67d59b24a1d5c7aab10e2d3f45f6ef054670c00ef06da5f53fe879b64beb89c816 SHA512 884b7924fd749bb2f7d500b4697f1a7acf9b81a28e86d3a878d78711898cd816939f7943b5851bfb6ef7c9aaf26d66709914b2f5098691038740f1fefe97a19c
+EBUILD tar-1.34-r2.ebuild 2509 BLAKE2B e4867e9669e4528e654c484d36a26eb16114e61725f1d6730bc0f61beb19c453821a319657337bdcef816216a785f27594e7ad6bcf313266339563981b1d969e SHA512 fef232a1bb0331994b3e46152111143759a4a5f263db30dae0e51272863c5a92b6f1d0da8a61f66c0c09211ebfbc2b91347feb9aea161d19fdcb22971c8e479b
+EBUILD tar-1.34-r3.ebuild 2575 BLAKE2B 3aa6dce66fb212c2c993f4fee3ee2d71f2c3e2799eeba004eb24d1328a711bb6819ea7d9f63193e5de001def2054bcf76747cf8fea8d3abec74e8bffb9dfe9b6 SHA512 6101788d14d1c981d0c9f45ac9436c2a78f9dfbcb861284c36e27e41370370d51e942d824491682b6164120eaf4ae6e253bfcbb9cd31f2b139588169903ded19
 MISC metadata.xml 388 BLAKE2B 85aba561c0c0ad8c72d8d33f66ef6504bed7747957059c19fc5b0267b048bbddbd1112239bd4d3bcdf1c2f465018a2128e086a253253205dd7b815c11f3cc6ca SHA512 83e4c69e150b6420ab2ef4b777d930fd5e0f5cc1244bf8cd9a7cf0f867219100578a4777043fccf5f95a6a44ee264b88381d94924f4f18c80cb2ff339efbce64
diff --git a/app-arch/tar/files/tar-1.34-fix-cve-2022-48303.patch b/app-arch/tar/files/tar-1.34-fix-cve-2022-48303.patch
new file mode 100644
index 000000000000..7ef604b52378
--- /dev/null
+++ b/app-arch/tar/files/tar-1.34-fix-cve-2022-48303.patch
@@ -0,0 +1,32 @@
+Gentoo Bug: https://bugs.gentoo.org/898176
+Upstream Commit Link: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: [PATCH] Fix boundary checking in base-256 decoder
+
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc425..86bcfdd1 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
+ 	  where++;
+ 	}
+     }
+-  else if (*where == '\200' /* positive base-256 */
+-	   || *where == '\377' /* negative base-256 */)
++  else if (where <= lim - 2
++	   && (*where == '\200' /* positive base-256 */
++	       || *where == '\377' /* negative base-256 */))
+     {
+       /* Parse base-256 output.  A nonnegative number N is
+ 	 represented as (256**DIGS)/2 + N; a negative number -N is
+--
+2.39.2.637.g21b0678d19-goog
diff --git a/app-arch/tar/tar-1.34-r2.ebuild b/app-arch/tar/tar-1.34-r2.ebuild
index e6c0b272787b..86fdc8e05e20 100644
--- a/app-arch/tar/tar-1.34-r2.ebuild
+++ b/app-arch/tar/tar-1.34-r2.ebuild
@@ -38,8 +38,13 @@ PDEPEND="
 "
 
 src_configure() {
+	# -fanalyzer doesn't make sense for us in ebuilds, as it's for static analysis
+	export gl_cv_warn_c__fanalyzer=no
+
 	local myeconfargs=(
 		--bindir="${EPREFIX}"/bin
+		# Avoid -Werror
+		--disable-gcc-warnings
 		--enable-backup-scripts
 		--libexecdir="${EPREFIX}"/usr/sbin
 		$(use_with acl posix-acls)
diff --git a/app-arch/tar/tar-1.34-r3.ebuild b/app-arch/tar/tar-1.34-r3.ebuild
new file mode 100644
index 000000000000..f92891dceff1
--- /dev/null
+++ b/app-arch/tar/tar-1.34-r3.ebuild
@@ -0,0 +1,99 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/tar.asc
+inherit verify-sig
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="https://www.gnu.org/software/tar/"
+SRC_URI="mirror://gnu/tar/${P}.tar.xz
+	https://alpha.gnu.org/gnu/tar/${P}.tar.xz"
+SRC_URI+=" verify-sig? (
+		mirror://gnu/tar/${P}.tar.xz.sig
+		https://alpha.gnu.org/gnu/tar/${P}.tar.xz.sig
+	)"
+
+LICENSE="GPL-3+"
+SLOT="0"
+if [[ -z "$(ver_cut 3)" ]] || [[ "$(ver_cut 3)" -lt 90 ]] ; then
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+IUSE="acl minimal nls selinux xattr"
+
+RDEPEND="
+	acl? ( virtual/acl )
+	selinux? ( sys-libs/libselinux )
+"
+DEPEND="${RDEPEND}
+	xattr? ( elibc_glibc? ( sys-apps/attr ) )
+"
+BDEPEND="
+	nls? ( sys-devel/gettext )
+	verify-sig? ( sec-keys/openpgp-keys-tar )
+"
+PDEPEND="
+	app-alternatives/tar
+"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-cve-2022-48303.patch
+)
+
+src_configure() {
+	# -fanalyzer doesn't make sense for us in ebuilds, as it's for static analysis
+	export gl_cv_warn_c__fanalyzer=no
+
+	local myeconfargs=(
+		--bindir="${EPREFIX}"/bin
+		# Avoid -Werror
+		--disable-gcc-warnings
+		--enable-backup-scripts
+		--libexecdir="${EPREFIX}"/usr/sbin
+		$(use_with acl posix-acls)
+		$(use_enable nls)
+		$(use_with selinux)
+		$(use_with xattr xattrs)
+
+		# autoconf looks for gtar before tar (in configure scripts), hence
+		# in Prefix it is important that it is there, otherwise, a gtar from
+		# the host system (FreeBSD, Solaris, Darwin) will be found instead
+		# of the Prefix provided (GNU) tar
+		--program-prefix=g
+	)
+
+	FORCE_UNSAFE_CONFIGURE=1 econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	# a nasty yet required piece of baggage
+	exeinto /etc
+	doexe "${FILESDIR}"/rmt
+
+	mv "${ED}"/usr/sbin/{gbackup,backup-tar} || die
+	mv "${ED}"/usr/sbin/{grestore,restore-tar} || die
+	mv "${ED}"/usr/sbin/{g,}backup.sh || die
+	mv "${ED}"/usr/sbin/{g,}dump-remind || die
+
+	if use minimal ; then
+		find "${ED}"/etc "${ED}"/*bin/ "${ED}"/usr/*bin/ \
+			-type f -a '!' -name gtar \
+			-delete || die
+	fi
+
+	if ! use minimal; then
+		dosym grmt /usr/sbin/rmt
+	fi
+	dosym grmt.8 /usr/share/man/man8/rmt.8
+}
+
+pkg_postinst() {
+	# ensure to preserve the symlink before app-alternatives/tar
+	# is installed
+	if [[ ! -h ${EROOT}/bin/tar ]]; then
+		ln -s gtar "${EROOT}/bin/tar" || die
+	fi
+}