diff options
| author |   Alastair Tse <liquidx@gentoo.org> | 2005-06-25 12:40:21 +0000 |
|---|---|---|
| committer | Alastair Tse <liquidx@gentoo.org> | 2005-06-25 12:40:21 +0000 |
| commit | 06fa8983648245a686a1e852714251a3d44352dc (patch) | |
| tree | 55a2543a6e74966a8d794bb12867a8ecd3012b83 /app-arch/rpm2targz | |
| parent | Mask net-snmp-5.3 snapshot. (diff) | |
| download | gentoo-2-06fa8983648245a686a1e852714251a3d44352dc.tar.gz gentoo-2-06fa8983648245a686a1e852714251a3d44352dc.tar.bz2 gentoo-2-06fa8983648245a686a1e852714251a3d44352dc.zip | |
added patch to secure temp file handling thanks to solar@gentoo.org (#96192)
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'app-arch/rpm2targz')
| -rw-r--r-- | app-arch/rpm2targz/ChangeLog | 8 | ||||
| -rw-r--r-- | app-arch/rpm2targz/Manifest | 13 | ||||
| -rw-r--r-- | app-arch/rpm2targz/files/digest-rpm2targz-9.0-r3 | 1 | ||||
| -rw-r--r-- | app-arch/rpm2targz/files/rpm2targz-9.0-secure_temp_handling.patch | 113 | ||||
| -rw-r--r-- | app-arch/rpm2targz/rpm2targz-9.0-r3.ebuild | 47 |
5 files changed, 171 insertions, 11 deletions
diff --git a/app-arch/rpm2targz/ChangeLog b/app-arch/rpm2targz/ChangeLog index a2eefa85562d..3e67afaf31f6 100644 --- a/app-arch/rpm2targz/ChangeLog +++ b/app-arch/rpm2targz/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-arch/rpm2targz # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/rpm2targz/ChangeLog,v 1.28 2005/05/17 10:33:31 liquidx Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/rpm2targz/ChangeLog,v 1.29 2005/06/25 12:40:21 liquidx Exp $ + +*rpm2targz-9.0-r3 (25 Jun 2005) + + 25 Jun 2005; Alastair Tse <liquidx@gentoo.org> + +files/rpm2targz-9.0-secure_temp_handling.patch, +rpm2targz-9.0-r3.ebuild: + added patch to secure temp file handling thanks to solar@gentoo.org (#96192) 17 May 2005; Alastair Tse <liquidx@gentoo.org> -rpm2targz-8.0.ebuild, -rpm2targz-9.0.ebuild, -rpm2targz-9.0-r1.ebuild, rpm2targz-9.0-r2.ebuild: diff --git a/app-arch/rpm2targz/Manifest b/app-arch/rpm2targz/Manifest index 9e414d3ca422..366c65780bd7 100644 --- a/app-arch/rpm2targz/Manifest +++ b/app-arch/rpm2targz/Manifest @@ -1,17 +1,10 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 a1b5f7898b587e16f3bbcc79613629dd ChangeLog 3651 MD5 8f906ffe0aa837e5e26fe03af3043461 metadata.xml 219 MD5 448bca5e5f0e53872f20fc4464e9e0aa rpm2targz-9.0-r2.ebuild 1203 +MD5 34331e7f9f1fe4f9e48596526f861cc8 rpm2targz-9.0-r3.ebuild 1294 MD5 d0f2d521642a49ec038e441268ab6480 files/digest-rpm2targz-9.0-r2 63 MD5 75217fcb7780c16c88ead1295d8e9d7b files/rpm2targz-9.0-bzip2.patch 800 MD5 96b33b5b51d34b9764ed9c50ffac18d6 files/rpm2targz-9.0-bzip2_rpm2targz.patch 2100 MD5 a850046e92cebae159a1a554cdab3f91 files/rpm2targz-9.0-gentoo.patch 554 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFCiciSTM53OX+9xmMRAjprAJ0TuCjV6O9i001me54wwnJRLvKA9QCfQvPk -8dNwDReD4UCpcVFboLl2OAc= -=/LrC ------END PGP SIGNATURE----- +MD5 283d89e6340eec30f8850b1b9c50d453 files/rpm2targz-9.0-secure_temp_handling.patch 3940 +MD5 d0f2d521642a49ec038e441268ab6480 files/digest-rpm2targz-9.0-r3 63 diff --git a/app-arch/rpm2targz/files/digest-rpm2targz-9.0-r3 b/app-arch/rpm2targz/files/digest-rpm2targz-9.0-r3 new file mode 100644 index 000000000000..154805e3f598 --- /dev/null +++ b/app-arch/rpm2targz/files/digest-rpm2targz-9.0-r3 @@ -0,0 +1 @@ +MD5 7b8ba680dcbe7e1e4e349698400bcea6 rpm2targz-9.0.tar.gz 2639 diff --git a/app-arch/rpm2targz/files/rpm2targz-9.0-secure_temp_handling.patch b/app-arch/rpm2targz/files/rpm2targz-9.0-secure_temp_handling.patch new file mode 100644 index 000000000000..a2d1c3cc4814 --- /dev/null +++ b/app-arch/rpm2targz/files/rpm2targz-9.0-secure_temp_handling.patch @@ -0,0 +1,113 @@ +--- rpm2targz.orig 2005-06-15 10:19:12.000000000 -0400 ++++ rpm2targz 2005-06-15 12:55:10.000000000 -0400 +@@ -2,6 +2,7 @@ + # Copyright 1997, 1998 Patrick Volkerding, Moorhead, MN USA + # Copyright 2002 Slackware Linux, Inc., Concord, CA USA + # All rights reserved. ++# $Header: /var/cvsroot/gentoo-x86/app-arch/rpm2targz/files/rpm2targz-9.0-secure_temp_handling.patch,v 1.1 2005/06/25 12:40:21 liquidx Exp $ + # + # Redistribution and use of this script, with or without modification, is + # permitted provided that the following conditions are met: +@@ -23,20 +24,24 @@ + + # debug switch to allow to bypass use of rpm2cpio provided by the rpm package + USERPM2CPIO=true +-if [ "$TMPDIR" = "" ]; then +- TMPDIR=/tmp ++[ "$TMPDIR" == "" ] && TMPDIR=/tmp ++if [ ! -d "$TMPDIR" ]; then ++ echo "TMPDIR=$TMPDIR is not a dir" > /dev/stderr ++ exit 1 + fi +-# If mcookie is available, use it for better /tmp security. +-if [ -x `which mcookie` ]; then +- COOKIE=`mcookie` +-else +- COOKIE=$$ ++WORKDIR=`mktemp -d $TMPDIR/$$XXXXXX` ++if [ $? != 0 ]; then ++ echo "Failed to make tmp workdir for file i/o conversion" > /dev/stderr ++ exit 1 + fi ++ + if [ "$1" = "" ]; then + echo "$0: Converts RPM format to standard GNU tar + GNU zip format." +- echo " (view converted packages with \"less\", install and remove" +- echo " with \"installpkg\", \"removepkg\", \"pkgtool\", or manually" +- echo " with \"tar\")" ++ if [ -e /etc/slackware-version ]; then ++ echo " (view converted packages with \"less\", install and remove" ++ echo " with \"installpkg\", \"removepkg\", \"pkgtool\", or manually" ++ echo " with \"tar\")" ++ fi + echo + echo "Usage: $0 <file.rpm>" + if [ "`basename $0`" = "rpm2tgz" ]; then +@@ -50,12 +55,11 @@ + if [ ! "$1" = "$*" ]; then + echo "Processing file: $i" + fi +- rm -rf $TMPDIR/rpm2targz$COOKIE # clear the way, just in case of mischief +- mkdir $TMPDIR/rpm2targz$COOKIE ++ rm -rf ${WORKDIR}/* || exit 1 ; # clear the way, just in case of mischief + + # Determine if this is a source or binary RPM. + # If we have getrpmtype, use that. Otherwise, try "file". +- if which getrpmtype 1> /dev/null 2> /dev/null; then ++ if type -p getrpmtype 1> /dev/null 2> /dev/null; then + if getrpmtype -n $i | grep source 1> /dev/null 2> /dev/null ; then + isSource=1 + else +@@ -69,12 +73,12 @@ + fi + fi + +- ofn=$TMPDIR/rpm2targz$COOKIE/`basename $i .rpm`.cpio ++ ofn=${WORKDIR}/`basename $i .rpm`.cpio + if $USERPM2CPIO && which rpm2cpio 1> /dev/null 2> /dev/null ; then + rpm2cpio $i > $ofn 2> /dev/null + if [ ! $? = 0 ]; then + echo "... rpm2cpio failed. (maybe $i is not an RPM?)" +- ( cd $TMPDIR ; rm -rf rpm2targz$COOKIE ) ++ ( rm -rf "${WORKDIR}/*" ) + continue + fi + else # less reliable than rpm2cpio... +@@ -90,7 +94,7 @@ + decomp="bzip2" + else + echo " $i - no magic compression identifier found - skipping file" +- ( cd $TMPDIR ; rm -rf rpm2targz$COOKIE ) ++ ( rm -rf "${WORKDIR}/*" ) + continue + fi + echo -n " trying to decompress with ${decomp}..." +@@ -100,11 +104,11 @@ + else + echo " FAILED" + echo " $i failed to decompress - skipping file" +- ( cd $TMPDIR ; rm -rf rpm2targz$COOKIE ) ++ ( rm -rf "${WORKDIR}/*" ) + continue + fi + fi +- DEST=$TMPDIR/rpm2targz$COOKIE ++ DEST=${WORKDIR} + #if [ "$isSource" = "1" ]; then + # DEST=$DEST/$(basename $(basename $i .rpm) .src) + #fi +@@ -113,11 +117,12 @@ + cpio --extract --preserve-modification-time --make-directories < $ofn 1> /dev/null 2> /dev/null + rm -f $ofn + find . -type d -perm 700 -exec chmod 755 {} \; ) +- ( cd $TMPDIR/rpm2targz$COOKIE ; tar cf - . ) > `basename $i .rpm`.tar ++ ( cd ${WORKDIR} ; tar cf - . ) > `basename $i .rpm`.tar + gzip -9 `basename $i .rpm`.tar + if [ "`basename $0`" = "rpm2tgz" ]; then + mv `basename $i .rpm`.tar.gz `basename $i .rpm`.tgz + fi +- ( cd $TMPDIR ; rm -rf rpm2targz$COOKIE ) ++ ( rm -rf "${WORKDIR}/*" ) + echo + done ++rm -rf ${WORKDIR} diff --git a/app-arch/rpm2targz/rpm2targz-9.0-r3.ebuild b/app-arch/rpm2targz/rpm2targz-9.0-r3.ebuild new file mode 100644 index 000000000000..bd9e30c425ba --- /dev/null +++ b/app-arch/rpm2targz/rpm2targz-9.0-r3.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-arch/rpm2targz/rpm2targz-9.0-r3.ebuild,v 1.1 2005/06/25 12:40:21 liquidx Exp $ + +inherit toolchain-funcs eutils + +DESCRIPTION="Convert a .rpm file to a .tar.gz archive" +HOMEPAGE="http://www.slackware.com/config/packages.php" +SRC_URI="mirror://gentoo/${P}.tar.gz" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="" + +# NOTE: rpm2targz autodetects rpm2cpio at runtime, and uses it if available, +# so we don't explicitly set it as a dependency. +DEPEND="virtual/libc + app-arch/cpio + sys-apps/file" +RDEPEND="${DEPEND} + sys-apps/util-linux + sys-apps/which" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + cd ${S} + # makes rpm2targz extract in current dir + epatch ${FILESDIR}/${P}-gentoo.patch + # adds bzip2 detection (#23249) + epatch ${FILESDIR}/${P}-bzip2.patch + # adds bzip2 decompression to rpm2targz (#31164) + epatch ${FILESDIR}/${P}-bzip2_rpm2targz.patch + # secures temp file handling (#96192) + epatch ${FILESDIR}/${P}-secure_temp_handling.patch +} + +src_compile() { + $(tc-getCC) ${CFLAGS} -o rpmoffset rpmoffset.c || die +} + +src_install() { + dobin rpmoffset rpm2targz || die + dodoc rpm2targz.README +} |