gentoo resync : 14.07.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 21:03:06 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 21:03:06 +0100
commit: 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch)
tree: 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /dev-libs/libtar
parent: 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff)
9 files changed, 454 insertions, 0 deletions
diff --git a/dev-libs/libtar/Manifest b/dev-libs/libtar/Manifest
new file mode 100644
index 000000000000..6b691eb1a909
--- /dev/null
+++ b/dev-libs/libtar/Manifest
@@ -0,0 +1,9 @@
+AUX CVE-2013-4420.patch 2412 BLAKE2B 6ccf26f8f5d365abe485098c601298c17639cf3221b62f6dc5f44ddcc0d7bc295937aa5e91a5271209631507c15d4a0d079872ed28cec76d72c77f3c04c20ee6 SHA512 e04b131a77fed6be668d6175f13037d28ac29f8d173b2fd53681b3daaa72848418fd117e4a2f257d7de4c2dd1fc27d37a5ba70ca22cc3659e3b0e778e8951c3e
+AUX libtar-1.2.11-free.patch 345 BLAKE2B d13964a6ff546ef67bef36512cf74b72d7549f0de39663b2f36e8df8076a5e6e399455d04708580ce019718ae56fec3688b21bd9c033b550dc3e1849cf2d5a0f SHA512 6560b3c963f8111ee765b8d3cff5e9470f9a856034da1c712b39dea4274779d9b9dc4a5bc81798f85d411e35cedd0b293d269ac064df0a09a8b1b23159e83470
+AUX libtar-1.2.11-impl-dec.patch 332 BLAKE2B f070458c7d3e46a4a50c542c0559012b2b99fd94473f203e2b1cc693e5c27dbd8dec5817953d1fd4dc3ceb7946998834df52a6d2fb1e260a1a08d83994ccae50 SHA512 d8e6d341b4f30121571da0afc369fd3b45055224cc336640cb6f087e020959dcee8b2f00ac7b4d9f20faf44f1d87414b1a267080b412f043bb58d02bdbc91f94
+AUX libtar-1.2.20-bin-memleaks.patch 2571 BLAKE2B 72217c256a8f504e1647ecd8157bc94d4895ed70270633892fd692ff6fa7baa8441d051a0c37f1f05c64d48882c54d668fd2f1419196f8010532366bb40697b7 SHA512 17522eaac5b3c860aa8b5665d851672cae0c4aa81b7e0bea13ae7e39fe4306bf131c9f25fff744252c0f61a5cfe2d8bbb981676162ed6dde526d0910c2a8959c
+AUX libtar-1.2.20-fd-leaks.patch 2021 BLAKE2B 73e9ca5475e86fc6c5cddee5f608b0a1e349e987c17c0a1d1d9406ba2b3efd414a138402f2d78f925a736dc1a0bbe1511e2047fec5c6c25891f0874f233f53fe SHA512 93312a12b14f47d80a81368438afb4af9883d95691f4c33a2443c595808943087e31a00b44038028106ed99a23343efa41cd7ba432a8c8be00c5ea0d51817a26
+AUX libtar-1.2.20-tar_open-memleak.patch 630 BLAKE2B 31616574597017dc5444d0b79aa6084c55f3eedf5c23099663da2905bdf8be8d499c9a81228b268840524e286e06b18c3221a60c95f2e3effbb09beb8c0712f9 SHA512 a37df7b6e1e98298f622c1cbef348861c187409abf6614eafac21d802aaa1418081281db3e03fda0ba9fc5a690f4fb00b61fbe277c4c34c82443d4fe4548e317
+DIST libtar-1.2.20.tar.gz 63542 BLAKE2B 57565fd703aec159a0b30280c026ce82d4a74fc658a24e589c2d9fcf11ff0e8c79de172df8b4cfeefa776eb27bb4b1a65951739ec37de4300da47d508a8d4227 SHA512 360a0296af99bedd6d93236c3d6d6746fd38deaa5287e7a138d303e1072bc8871437a693dc926d82af5b54dedba2ebdff5a3edb1f7d7dc494b4235439e477dec
+EBUILD libtar-1.2.20-r4.ebuild 1498 BLAKE2B 864b888e04616a5718eb28e50eff8075b8a7c217edbd758fdfbf67c259fd09187d20d5d4340b5dbd1cfae86bcfe7a8e070856920f92ceb36b0abde86166555f9 SHA512 de3f024551cf56f9b3195ae068801a7c9ed8010698de417aff44f4d02699e2d050163939d1700db36082115f32e2fc41b29da059ef6414aace4b7c794eb2d644
+MISC metadata.xml 166 BLAKE2B c254f1fb642881aba57637be14fb0a89b10384f91a128feaec3a8c870d76efc2cbacb92caccc0dee2dd19a5ac5eaf8643080dafa05c4e2ac96a68568927e5afd SHA512 a56648c974a1d14dd4c18237532773c72057a13ab90c58b5da04f185e3c12a8bd8d5c21fb06053507f31766291a82dc7d87b34cd65fd94cfe2af7295c813ef84
diff --git a/dev-libs/libtar/files/CVE-2013-4420.patch b/dev-libs/libtar/files/CVE-2013-4420.patch
new file mode 100644
index 000000000000..833ff7b1dbb3
--- /dev/null
+++ b/dev-libs/libtar/files/CVE-2013-4420.patch
@@ -0,0 +1,94 @@
+--- a/lib/decode.c	2013-10-09 09:59:44.000000000 -0700
++++ b/lib/decode.c	2015-07-20 20:57:58.331945962 -0700
+@@ -21,24 +21,55 @@
+ # include <string.h>
+ #endif
+ 
++char *
++safer_name_suffix (char const *file_name)
++{
++       char const *p, *t;
++       p = t = file_name;
++       while (*p)
++       {
++               if (p[0] == '.' && p[0] == p[1] && p[2] == '/')
++               {
++                       p += 3;
++                       t = p;
++               }
++               /* advance pointer past the next slash */
++               while (*p && (p++)[0] != '/');
++       }
++
++       if (!*t)
++       {
++               t = ".";
++       }
++
++       if (t != file_name)
++       {
++               /* TODO: warn somehow that the path was modified */
++       }
++       return (char*)t;
++}
++
+ 
+ /* determine full path name */
+ char *
+ th_get_pathname(TAR *t)
+ {
+ 	static TLS_THREAD char filename[MAXPATHLEN];
++	char *safer_name;
+ 
+ 	if (t->th_buf.gnu_longname)
+-		return t->th_buf.gnu_longname;
++               return safer_name_suffix(t->th_buf.gnu_longname);
++
++       safer_name = safer_name_suffix(t->th_buf.name);
+ 
+ 	if (t->th_buf.prefix[0] != '\0')
+ 	{
+ 		snprintf(filename, sizeof(filename), "%.155s/%.100s",
+-			 t->th_buf.prefix, t->th_buf.name);
++			 t->th_buf.prefix, safer_name);
+ 		return filename;
+ 	}
+ 
+-	snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
++	snprintf(filename, sizeof(filename), "%.100s", safer_name);
+ 	return filename;
+ }
+ 
+--- a/lib/extract.c	2013-10-09 09:59:44.000000000 -0700
++++ b/lib/extract.c	2015-07-20 21:00:16.560956122 -0700
+@@ -305,7 +305,7 @@
+ 		linktgt = &lnp[strlen(lnp) + 1];
+ 	}
+ 	else
+-		linktgt = th_get_linkname(t);
++		linktgt = safer_name_suffix(th_get_linkname(t));
+ 
+ #ifdef DEBUG
+ 	printf("  ==> extracting: %s (link to %s)\n", filename, linktgt);
+@@ -343,9 +343,9 @@
+ 
+ #ifdef DEBUG
+ 	printf("  ==> extracting: %s (symlink to %s)\n",
+-	       filename, th_get_linkname(t));
++	       filename, safer_name_suffix(th_get_linkname(t)));
+ #endif
+-	if (symlink(th_get_linkname(t), filename) == -1)
++	if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
+ 	{
+ #ifdef DEBUG
+ 		perror("symlink()");
+--- a/lib/internal.h	2013-10-09 09:59:44.000000000 -0700
++++ b/lib/internal.h	2015-07-20 21:00:51.258958673 -0700
+@@ -15,6 +15,7 @@
+ 
+ #include <libtar.h>
+ 
++char* safer_name_suffix(char const*);
+ #ifdef TLS
+ #define TLS_THREAD TLS
+ #else
diff --git a/dev-libs/libtar/files/libtar-1.2.11-free.patch b/dev-libs/libtar/files/libtar-1.2.11-free.patch
new file mode 100644
index 000000000000..cb6524e5e5a0
--- /dev/null
+++ b/dev-libs/libtar/files/libtar-1.2.11-free.patch
@@ -0,0 +1,22 @@
+stdlib.h is required for free()
+
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -20,6 +20,7 @@
+ #include <sys/param.h>
+ 
+ #ifdef STDC_HEADERS
++# include <stdlib.h>
+ # include <string.h>
+ #endif
+ 
+--- a/lib/wrapper.c
++++ b/lib/wrapper.c
+@@ -18,6 +18,7 @@
+ #include <errno.h>
+ 
+ #ifdef STDC_HEADERS
++# include <stdlib.h>
+ # include <string.h>
+ #endif
+ 
diff --git a/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch b/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch
new file mode 100644
index 000000000000..ee00f5c1c9f3
--- /dev/null
+++ b/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch
@@ -0,0 +1,15 @@
+ lib/extract.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/lib/extract.c b/lib/extract.c
+index 6bbb801..3ef2fb8 100644
+--- a/lib/extract.c
++++ b/lib/extract.c
+@@ -18,6 +18,7 @@
+ #include <fcntl.h>
+ #include <errno.h>
+ #include <utime.h>
++#include <string.h>
+ 
+ #ifdef STDC_HEADERS
+ # include <stdlib.h>
diff --git a/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch
new file mode 100644
index 000000000000..b6195da88d97
--- /dev/null
+++ b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch
@@ -0,0 +1,117 @@
+From f3c711cf3054ff366a1a3500cdc8c64ecc2d2da6 Mon Sep 17 00:00:00 2001
+From: Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>
+Date: Tue, 15 Oct 2013 20:05:04 -0400
+Subject: [PATCH] fix memleaks in libtar sample program
+
+---
+ libtar/libtar.c | 29 ++++++++++++++++++-----------
+ 1 file changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/libtar/libtar.c b/libtar/libtar.c
+index bb5644c..23f8741 100644
+--- a/libtar/libtar.c
++++ b/libtar/libtar.c
+@@ -253,6 +253,7 @@ extract(char *tarfile, char *rootdir)
+ 	if (tar_extract_all(t, rootdir) != 0)
+ 	{
+ 		fprintf(stderr, "tar_extract_all(): %s\n", strerror(errno));
++		tar_close(t);
+ 		return -1;
+ 	}
+ 
+@@ -270,12 +271,13 @@ extract(char *tarfile, char *rootdir)
+ 
+ 
+ void
+-usage()
++usage(void *rootdir)
+ {
+ 	printf("Usage: %s [-C rootdir] [-g] [-z] -x|-t filename.tar\n",
+ 	       progname);
+ 	printf("       %s [-C rootdir] [-g] [-z] -c filename.tar ...\n",
+ 	       progname);
++	free(rootdir);
+ 	exit(-1);
+ }
+ 
+@@ -292,6 +294,7 @@ main(int argc, char *argv[])
+ 	int c;
+ 	int mode = 0;
+ 	libtar_list_t *l;
++	int return_code = -2;
+ 
+ 	progname = basename(argv[0]);
+ 
+@@ -313,17 +316,17 @@ main(int argc, char *argv[])
+ 			break;
+ 		case 'c':
+ 			if (mode)
+-				usage();
++				usage(rootdir);
+ 			mode = MODE_CREATE;
+ 			break;
+ 		case 'x':
+ 			if (mode)
+-				usage();
++				usage(rootdir);
+ 			mode = MODE_EXTRACT;
+ 			break;
+ 		case 't':
+ 			if (mode)
+-				usage();
++				usage(rootdir);
+ 			mode = MODE_LIST;
+ 			break;
+ #ifdef HAVE_LIBZ
+@@ -332,7 +335,7 @@ main(int argc, char *argv[])
+ 			break;
+ #endif /* HAVE_LIBZ */
+ 		default:
+-			usage();
++			usage(rootdir);
+ 		}
+ 
+ 	if (!mode || ((argc - optind) < (mode == MODE_CREATE ? 2 : 1)))
+@@ -341,7 +344,7 @@ main(int argc, char *argv[])
+ 		printf("argc - optind == %d\tmode == %d\n", argc - optind,
+ 		       mode);
+ #endif
+-		usage();
++		usage(rootdir);
+ 	}
+ 
+ #ifdef DEBUG
+@@ -351,21 +354,25 @@ main(int argc, char *argv[])
+ 	switch (mode)
+ 	{
+ 	case MODE_EXTRACT:
+-		return extract(argv[optind], rootdir);
++		return_code = extract(argv[optind], rootdir);
++		break;
+ 	case MODE_CREATE:
+ 		tarfile = argv[optind];
+ 		l = libtar_list_new(LIST_QUEUE, NULL);
+ 		for (c = optind + 1; c < argc; c++)
+ 			libtar_list_add(l, argv[c]);
+-		return create(tarfile, rootdir, l);
++		return_code = create(tarfile, rootdir, l);
++		libtar_list_free(l, NULL);
++		break;
+ 	case MODE_LIST:
+-		return list(argv[optind]);
++		return_code = list(argv[optind]);
++		break;
+ 	default:
+ 		break;
+ 	}
+ 
+-	/* NOTREACHED */
+-	return -2;
++	free(rootdir);
++	return return_code;
+ }
+ 
+ 
+-- 
+2.10.5.GIT
+
diff --git a/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch
new file mode 100644
index 000000000000..816c96925512
--- /dev/null
+++ b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch
@@ -0,0 +1,98 @@
+From abd0274e6b2f708e9eaa29414b07b3f542cec694 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 15 Oct 2013 19:48:41 -0400
+Subject: [PATCH] fix file descriptor leaks reported by cppcheck
+
+Bug: https://bugzilla.redhat.com/785760
+---
+ lib/append.c    | 14 +++++++++-----
+ lib/extract.c   |  4 ++++
+ libtar/libtar.c |  3 +++
+ 3 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/lib/append.c b/lib/append.c
+index e8bd89d..ff58532 100644
+--- a/lib/append.c
++++ b/lib/append.c
+@@ -216,6 +216,7 @@ tar_append_regfile(TAR *t, const char *realname)
+ 	int filefd;
+ 	int i, j;
+ 	size_t size;
++	int rv = -1;
+ 
+ 	filefd = open(realname, O_RDONLY);
+ 	if (filefd == -1)
+@@ -234,25 +235,28 @@ tar_append_regfile(TAR *t, const char *realname)
+ 		{
+ 			if (j != -1)
+ 				errno = EINVAL;
+-			return -1;
++			goto fail;
+ 		}
+ 		if (tar_block_write(t, &block) == -1)
+-			return -1;
++			goto fail;
+ 	}
+ 
+ 	if (i > 0)
+ 	{
+ 		j = read(filefd, &block, i);
+ 		if (j == -1)
+-			return -1;
++			goto fail;
+ 		memset(&(block[i]), 0, T_BLOCKSIZE - i);
+ 		if (tar_block_write(t, &block) == -1)
+-			return -1;
++			goto fail;
+ 	}
+ 
++	/* success! */
++	rv = 0;
++fail:
+ 	close(filefd);
+ 
+-	return 0;
++	return rv;
+ }
+ 
+ 
+diff --git a/lib/extract.c b/lib/extract.c
+index 36357e7..9fc6ad5 100644
+--- a/lib/extract.c
++++ b/lib/extract.c
+@@ -228,13 +228,17 @@ tar_extract_regfile(TAR *t, char *realname)
+ 		{
+ 			if (k != -1)
+ 				errno = EINVAL;
++			close(fdout);
+ 			return -1;
+ 		}
+ 
+ 		/* write block to output file */
+ 		if (write(fdout, buf,
+ 			  ((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1)
++		{
++			close(fdout);
+ 			return -1;
++		}
+ 	}
+ 
+ 	/* close output file */
+diff --git a/libtar/libtar.c b/libtar/libtar.c
+index 9fa92b2..bb5644c 100644
+--- a/libtar/libtar.c
++++ b/libtar/libtar.c
+@@ -83,7 +83,10 @@ gzopen_frontend(char *pathname, int oflags, int mode)
+ 		return -1;
+ 
+ 	if ((oflags & O_CREAT) && fchmod(fd, mode))
++	{
++		close(fd);
+ 		return -1;
++	}
+ 
+ 	gzf = gzdopen(fd, gzoflags);
+ 	if (!gzf)
+-- 
+2.10.5.GIT
+
diff --git a/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch
new file mode 100644
index 000000000000..b2a1209f3fc0
--- /dev/null
+++ b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch
@@ -0,0 +1,24 @@
+From 36629a41208375f5105427e98078127551692028 Mon Sep 17 00:00:00 2001
+From: Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>
+Date: Tue, 15 Oct 2013 20:02:58 -0400
+Subject: [PATCH] fix memleak on tar_open() failure
+
+---
+ lib/handle.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index 33a262c..002d23c 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -82,6 +82,7 @@ tar_open(TAR **t, const char *pathname, tartype_t *type,
+ 	(*t)->fd = (*((*t)->type->openfunc))(pathname, oflags, mode);
+ 	if ((*t)->fd == -1)
+ 	{
++		libtar_hash_free((*t)->h, NULL);
+ 		free(*t);
+ 		return -1;
+ 	}
+-- 
+2.10.5.GIT
+
diff --git a/dev-libs/libtar/libtar-1.2.20-r4.ebuild b/dev-libs/libtar/libtar-1.2.20-r4.ebuild
new file mode 100644
index 000000000000..e9b592b25cc2
--- /dev/null
+++ b/dev-libs/libtar/libtar-1.2.20-r4.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools
+
+DESCRIPTION="C library for manipulating tar archives"
+HOMEPAGE="http://repo.or.cz/w/libtar.git/"
+SRC_URI="https://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~arm64 ppc ppc64 sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="static-libs zlib"
+
+RDEPEND="
+	zlib? ( sys-libs/zlib:= )
+	!zlib? ( app-arch/gzip )
+"
+DEPEND="${RDEPEND}"
+
+DOCS=( ChangeLog{,-1.0.x} README TODO )
+
+S="${WORKDIR}/${PN}"
+
+# There is no test and 'check' target errors out due to mixing of automake &
+# non-automake makefiles.
+# https://bugs.gentoo.org/show_bug.cgi?id=526436
+RESTRICT="test"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.2.11-free.patch
+	"${FILESDIR}"/${PN}-1.2.11-impl-dec.patch
+	"${FILESDIR}"/CVE-2013-4420.patch
+	"${FILESDIR}"/${P}-fd-leaks.patch
+	"${FILESDIR}"/${P}-tar_open-memleak.patch
+	"${FILESDIR}"/${P}-bin-memleaks.patch
+)
+
+src_prepare() {
+	default
+
+	sed -e '/INSTALL_PROGRAM/s:-s::' \
+		-i {doc,lib{,tar}}/Makefile.in || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--enable-shared
+		--disable-encap
+		--disable-epkg-install
+		$(use_enable static-libs static)
+		$(use_with zlib)
+	)
+
+	econf ${myeconfargs[@]}
+}
+
+src_install() {
+	default
+
+	newdoc compat/README README.compat
+	newdoc compat/TODO TODO.compat
+	newdoc listhash/TODO TODO.listhash
+
+	find "${D}" -name '*.la' -delete || die
+}
diff --git a/dev-libs/libtar/metadata.xml b/dev-libs/libtar/metadata.xml
new file mode 100644
index 000000000000..6f49eba8f496
--- /dev/null
+++ b/dev-libs/libtar/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+</pkgmetadata>
author	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 21:03:06 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 21:03:06 +0100
commit	8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch)
tree	7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /dev-libs/libtar
parent	30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff)