Update gtar to 1.23 - fixes CVE2010-0624

Also: # Improved record size autodetection # Use of lseek on seekable archives # New command line option --warning # New command line option --level # Improved behavior if some files were removed during incremental dumps # Modification times of PAX extended headers # Time references in the --pax-option argument # Augmented environment of the --to-command script # Bugfixes: * Fix handling of hard link targets by -c --transform * Fix hard links recognition with -c --remove-files * Fix restoring files from backup (debian bug #508199) * Correctly restore modes and permissions on existing directories * The --remove-files option removes files only if they were succesfully stored in the archive * Fix storing and listing of the volume labels in POSIX format * Improve algorithm for splitting long file names (ustar format)
2010-03-23 19:00:10 +00:00 · 2010-03-23 19:00:10 +00:00 · 42991b8a12
commit 42991b8a12
parent 66493b90dc
11 changed files with 72 additions and 95 deletions
--- a/archivers/gtar-base/Makefile
+++ b/archivers/gtar-base/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2009/08/16 13:53:32 wiz Exp $
+# $NetBSD: Makefile,v 1.65 2010/03/23 19:00:10 tez Exp $

-DISTNAME=	tar-1.22
-PKGNAME=	gtar-base-1.22
+DISTNAME=	tar-1.23
+PKGNAME=	gtar-base-1.23
 SVR4_PKGNAME=	gtarb
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_GNU:=tar/}
--- a/archivers/gtar-base/distinfo
+++ b/archivers/gtar-base/distinfo
@ -1,11 +1,9 @@
-$NetBSD: distinfo,v 1.24 2009/08/16 13:53:32 wiz Exp $
+$NetBSD: distinfo,v 1.25 2010/03/23 19:00:10 tez Exp $

-SHA1 (tar-1.22.tar.gz) = 79875be57ca47d16ab41fc1bf3853efe68b81167
-RMD160 (tar-1.22.tar.gz) = 92aae7f6ebce77d1e334acc59320980c4ce7ffe4
-Size (tar-1.22.tar.gz) = 2998989 bytes
-SHA1 (patch-ab) = bc2cb4547a0df1d1877a3d09a6e3969123ddecab
-SHA1 (patch-ad) = c5106ba2d0a0414ccbc55dfbf71c95280080b190
-SHA1 (patch-af) = 2965f2dbbf4914daab3ffcc067acbc2bac6729e7
-SHA1 (patch-ag) = 8e1f6d2b6d38a029485cd7a1987cc6acb6a4cc84
-SHA1 (patch-ah) = f1e26c3474982b9cef494554cd6e876c86afc22c
-SHA1 (patch-ai) = 93904441dc0bfc100ce07845a0ba3c3b2c74ba25
+SHA1 (tar-1.23.tar.gz) = b58a709eb0df611b77e9f381ffc83097306b371c
+RMD160 (tar-1.23.tar.gz) = 0750be49398887c48bef0c5bc02bb26e2b075b0b
+Size (tar-1.23.tar.gz) = 3193303 bytes
+SHA1 (patch-ab) = c18f5e205f92949d1568ca3d484af5e7f51a1da4
+SHA1 (patch-ad) = 05c6ab3826e8b715413ff93e045599be0d8bb126
+SHA1 (patch-af) = 5ffbb0f6fe760f8fafa6eb34340438588b9b5d16
+SHA1 (patch-ag) = 32bd77d6063a1f70d109b3c63ba25b68168ba4d8
--- a/archivers/gtar-base/patches/patch-ab
+++ b/archivers/gtar-base/patches/patch-ab
@ -1,32 +1,34 @@
-$NetBSD: patch-ab,v 1.12 2008/05/18 01:48:09 tnn Exp $
+$NetBSD: patch-ab,v 1.13 2010/03/23 19:00:10 tez Exp $
+add --no-unlink-first option to negate --unlink-first option
+earlier patches made --unlink-first a default, but that was dropped years ago

--- src/tar.c.orig	2008-04-14 14:03:13.000000000 +0200
-+++ src/tar.c
-@@ -285,6 +286,7 @@ enum
+--- src/tar.c.orig	2010-03-23 12:11:49.133467100 -0500
+++ src/tar.c	2010-03-23 12:39:58.326191800 -0500
+@@ -299,6 +299,7 @@
   NO_RECURSION_OPTION,
   NO_SAME_OWNER_OPTION,
   NO_SAME_PERMISSIONS_OPTION,
 +  NO_UNLINK_FIRST_OPTION,
+   NO_SEEK_OPTION,
   NO_UNQUOTE_OPTION,
   NO_WILDCARDS_MATCH_SLASH_OPTION,
-   NO_WILDCARDS_OPTION,
-@@ -483,6 +485,8 @@ static struct argp_option options[] = {
-    N_("try extracting files with the same ownership"), GRID+1 },
+@@ -504,6 +505,8 @@
+    N_("try extracting files with the same ownership as exists in the archive (default for superuser)"), GRID+1 },
   {"no-same-owner", NO_SAME_OWNER_OPTION, 0, 0,
-    N_("extract files as yourself"), GRID+1 },
+    N_("extract files as yourself (default for ordinary users)"), GRID+1 },
 +  {"no-unlink-first", NO_UNLINK_FIRST_OPTION, 0, 0,
 +   N_("don't remove each file prior to extracting"), GRID+1 },
   {"numeric-owner", NUMERIC_OWNER_OPTION, 0, 0,
    N_("always use numbers for user/group names"), GRID+1 },
   {"preserve-permissions", 'p', 0, 0,
-@@ -1495,6 +1501,10 @@ parse_opt (int key, char *arg, struct ar
+@@ -1642,6 +1645,10 @@
       old_files_option = UNLINK_FIRST_OLD_FILES;
       break;
- 
+       
 +    case NO_UNLINK_FIRST_OPTION:
-+      old_files_option = 0;
+      old_files_option = DEFAULT_OLD_FILES;
 +      break;
-+
+      
     case UTC_OPTION:
       utc_option = true;
       break;
--- a/archivers/gtar-base/patches/patch-ad
+++ b/archivers/gtar-base/patches/patch-ad
@ -1,13 +1,13 @@
-$NetBSD: patch-ad,v 1.8 2008/05/18 01:48:09 tnn Exp $
+$NetBSD: patch-ad,v 1.9 2010/03/23 19:00:10 tez Exp $

--- Makefile.in.orig	2008-04-14 14:04:01.000000000 +0200
-+++ Makefile.in
-@@ -532,7 +532,7 @@ top_builddir = @top_builddir@
+--- Makefile.in.orig	2010-03-23 12:41:47.657803000 -0500
+++ Makefile.in	2010-03-23 12:42:22.936337700 -0500
+@@ -899,7 +899,7 @@
 top_srcdir = @top_srcdir@
 ACLOCAL_AMFLAGS = -I m4
- EXTRA_DIST = ChangeLog.1 PORTS
-SUBDIRS = doc lib rmt src scripts po tests
-+SUBDIRS = lib rmt src scripts po tests
- all: config.h
- 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
- 
+ EXTRA_DIST = ChangeLog.1 Make.rules
+-SUBDIRS = doc gnu lib rmt src scripts po tests
+SUBDIRS = gnu lib rmt src scripts po tests
+ gen_start_date = 2009-03-06
+ prev_change_log = ChangeLog.CVS
+ changelog_dir = .
--- a/archivers/gtar-base/patches/patch-af
+++ b/archivers/gtar-base/patches/patch-af
@ -1,13 +1,14 @@
-$NetBSD: patch-af,v 1.5 2009/08/16 13:53:32 wiz Exp $
+$NetBSD: patch-af,v 1.6 2010/03/23 19:00:10 tez Exp $
+skip autotest gzip.at (currently #35 but that changes every release)

--- tests/testsuite.orig	2009-03-05 07:18:59.000000000 +0000
-+++ tests/testsuite
-@@ -620,7 +620,7 @@ at_times_file=$at_suite_dir/at-times
+--- tests/testsuite.orig	2010-03-23 13:08:29.122310500 -0500
+++ tests/testsuite	2010-03-23 13:11:27.216980700 -0500
+@@ -621,7 +621,7 @@
 # List of the tested programs.
 at_tested='tar'
 # List of the all the test groups.
-at_groups_all=' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77'
-+at_groups_all=' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77'
+-at_groups_all=' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98'
+at_groups_all=' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98'
 # As many question marks as there are digits in the last test group number.
 # Used to normalize the test group numbers so that `ls' lists them in
 # numerical order.
--- a/archivers/gtar-base/patches/patch-ag
+++ b/archivers/gtar-base/patches/patch-ag
@ -1,16 +1,26 @@
-$NetBSD: patch-ag,v 1.5 2008/05/18 01:48:09 tnn Exp $
+$NetBSD: patch-ag,v 1.6 2010/03/23 19:00:10 tez Exp $

--- src/extract.c.orig	2007-08-26 10:56:55.000000000 +0200
-+++ src/extract.c
-@@ -186,7 +186,11 @@ set_mode (char const *file_name,
+--- src/extract.c.orig	2010-03-23 13:15:18.015134100 -0500
+++ src/extract.c	2010-03-23 13:21:52.818991900 -0500
+@@ -188,13 +188,21 @@
       mode = cur_info->st_mode ^ invert_permissions;
     }
 
 +#if (defined (__NetBSD__) && NetBSD > 199706 && !defined(NetBSD1_2))
-+  if (lchmod (file_name, mode) != 0)
+  failed = lchmod (file_name, mode) != 0;
 +#else
-   if (chmod (file_name, mode) != 0)
+   failed = chmod (file_name, mode) != 0;
 +#endif
-     chmod_error_details (file_name, mode);
- }
- 
+   if (failed && errno == EPERM)
+     {
+       /* On Solaris, chmod may fail if we don't have PRIV_ALL.  */
+       if (priv_set_restore_linkdir () == 0)
+ 	{
+#if (defined (__NetBSD__) && NetBSD > 199706 && !defined(NetBSD1_2))
+	  failed = lchmod (file_name, mode) != 0;
+#else
+ 	  failed = chmod (file_name, mode) != 0;
+#endif
+ 	  priv_set_remove_linkdir ();
+ 	}
+     }
--- a/archivers/gtar-base/patches/patch-ah
+++ b/archivers/gtar-base/patches/patch-ah
@ -1,17 +0,0 @@
-$NetBSD: patch-ah,v 1.5 2009/01/20 00:33:56 tnn Exp $
-
--- lib/getdate.c.orig	2008-02-16 13:14:35.000000000 +0100
-+++ lib/getdate.c
-@@ -227,8 +227,12 @@
-    long int.  It also assumes that signed integer overflow silently
-    wraps around, but there's no portable way to check for that at
-    compile-time.  */
-+#ifdef __NetBSD__
-+#warning this might break with 64-bit time_t on 32-bit hosts
-+#else
- verify (TYPE_IS_INTEGER (time_t));
- verify (LONG_MIN <= TYPE_MINIMUM (time_t) && TYPE_MAXIMUM (time_t) <= LONG_MAX);
-+#endif
- 
- /* An integer value, and the number of digits in its textual
-    representation.  */
--- a/archivers/gtar-base/patches/patch-ai
+++ b/archivers/gtar-base/patches/patch-ai
@ -1,17 +0,0 @@
-$NetBSD: patch-ai,v 1.4 2009/01/20 00:33:56 tnn Exp $
-
--- lib/mktime.c.orig	2007-10-30 21:48:29.000000000 +0100
-+++ lib/mktime.c
-@@ -167,8 +167,12 @@ ydhms_diff (long int year1, long int yda
- 	    int year0, int yday0, int hour0, int min0, int sec0)
- {
-   verify (C99_integer_division, -1 / 2 == 0);
-+#ifdef __NetBSD__
-+#warning this might break with 64-bit time_t on 32-bit hosts
-+#else
-   verify (long_int_year_and_yday_are_wide_enough,
- 	  INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
-+#endif
- 
-   /* Compute intervening leap days correctly even if year is negative.
-      Take care to avoid integer overflow here.  */
--- a/archivers/gtar-info/Makefile
+++ b/archivers/gtar-info/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.27 2009/08/16 13:53:32 wiz Exp $
+# $NetBSD: Makefile,v 1.28 2010/03/23 19:00:10 tez Exp $
 #

-DISTNAME=	tar-1.22
-PKGNAME=	gtar-info-1.22
+DISTNAME=	tar-1.23
+PKGNAME=	gtar-info-1.23
 SVR4_PKGNAME=	gtari
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_GNU:=tar/}
--- a/archivers/gtar-info/distinfo
+++ b/archivers/gtar-info/distinfo
@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.8 2009/08/16 13:53:32 wiz Exp $
+$NetBSD: distinfo,v 1.9 2010/03/23 19:00:10 tez Exp $

-SHA1 (tar-1.22.tar.gz) = 79875be57ca47d16ab41fc1bf3853efe68b81167
-RMD160 (tar-1.22.tar.gz) = 92aae7f6ebce77d1e334acc59320980c4ce7ffe4
-Size (tar-1.22.tar.gz) = 2998989 bytes
+SHA1 (tar-1.23.tar.gz) = b58a709eb0df611b77e9f381ffc83097306b371c
+RMD160 (tar-1.23.tar.gz) = 0750be49398887c48bef0c5bc02bb26e2b075b0b
+Size (tar-1.23.tar.gz) = 3193303 bytes
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.38 2009/08/16 13:53:32 wiz Exp $
+# $NetBSD: Makefile,v 1.39 2010/03/23 19:00:10 tez Exp $

-DISTNAME=	gtar-1.22
+DISTNAME=	gtar-1.23
 CATEGORIES=	archivers
 MASTER_SITES=	# empty
 DISTFILES=	# empty
@ -12,8 +12,8 @@ LICENSE=	gnu-gpl-v3 AND gnu-fdl-v1.1

 META_PACKAGE=	yes

-DEPENDS+=	gtar-base-1.22{,nb*}:../../archivers/gtar-base
-DEPENDS+=	gtar-info-1.22{,nb*}:../../archivers/gtar-info
+DEPENDS+=	gtar-base-1.23{,nb*}:../../archivers/gtar-base
+DEPENDS+=	gtar-info-1.23{,nb*}:../../archivers/gtar-info

 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir