app-arch/xar-1.8.0.0.487.100.1: version bump, security fix #820641

xar version from macOS 12.3 and up

Bug: https://bugs.gentoo.org/820641
Signed-off-by: Fabian Groffen <grobian@gentoo.org>

4 files changed, 119 insertions, 0 deletions

diff --git a/app-arch/xar/Manifest b/app-arch/xar/Manifest
index 73ada38ef97f..441896afc4b7 100644
--- a/app-arch/xar/Manifest
+++ b/app-arch/xar/Manifest
@@ -1,3 +1,4 @@
 DIST xar-400.tar.gz 213319 BLAKE2B 55b8695313a1a5ae778b62791f716af00edba7e7b01500eac4b951e04cf7b18e84e0d508ac5471996796e5ab59e4628a4f85a63a5929b372555e28b222c77ab1 SHA512 c54850d5443c776f18d788bf7d026b3b08274ee71321d1615238c9fa2d20cc0b21f3f298364b0d0eecd98ce2a6efc8d5039cabd5a21c2419c430d90db004d159
 DIST xar-417.1.tar.gz 219350 BLAKE2B 2ca073e52b8d7a12c3d33fb65ccaf0984b912f42e4e9dc52bcaec7af41bafcc530cd055da16646113fb24ee046122425a66351f88279ef79a0f0b2b04ae51f9a SHA512 4c3c61f5289d0b2e380cbde772b383da369ca8ad046f5d779e02f59300288c90c5e31d105a2c01ac17dc719b8b46b55d8d36a8b3b20360f315766fce92dec762
 DIST xar-452.tar.gz 220690 BLAKE2B 9728c73734a4bcb31e6e72d3d1a6735d5c78e384e15415641c4f40068f2da9498e9808cc36df6eaf7d3addf8be6d9eb90bdfa2900321e4dbe482156075bcdcd7 SHA512 d6ae9e5687020d20ec12579178f84c852fd485c52cff0ad23b7b31d2eabbde8c7fc85ab33e82eb81a5ddb59df4c26b756894be85061195cd191ab32be1f56b10
+DIST xar-487.100.1.tar.gz 224108 BLAKE2B 2fa5c44b46a9e37e49be03d05d6d06ab706b5205d857e6d6f24954160dbf5fc91fbec848053cb2d0a11505e5f7c37f8331ac126d65eb91b08e302a28db12acc0 SHA512 a45d1327ac5c6dc6f1cdb359e7e487fd91cea82a446157b65da34f0481cd58bbe03b0e005643087c802962e89316a1c816e2c6b625f1259b10a52bbf902f79e6
diff --git a/app-arch/xar/files/xar-1.8.0.0.487-non-darwin.patch b/app-arch/xar/files/xar-1.8.0.0.487-non-darwin.patch
new file mode 100644
index 000000000000..c350f69f4ca0
--- /dev/null
+++ b/app-arch/xar/files/xar-1.8.0.0.487-non-darwin.patch
@@ -0,0 +1,12 @@
+don't do availability stuff on non-Darwin
+
+--- a/include/xar.h.in
++++ b/include/xar.h.in
+@@ -52,6 +52,7 @@
+ #import <os/availability.h>
+ #else
+ #define API_DEPRECATED(...)
++#define API_AVAILABLE(...)
+ #endif
+ 
+ #pragma pack(4)
diff --git a/app-arch/xar/files/xar-1.8.0.0.487-variable-sized-object.patch b/app-arch/xar/files/xar-1.8.0.0.487-variable-sized-object.patch
new file mode 100644
index 000000000000..8779c1129cd7
--- /dev/null
+++ b/app-arch/xar/files/xar-1.8.0.0.487-variable-sized-object.patch
@@ -0,0 +1,18 @@
+GCC doesn't like this:
+
+filetree.c:744:9: error: variable-sized object may not be initialized
+
+Since there's nothing changing at runtime at all, just make the compiler
+see it's always going to be 1.
+
+--- a/lib/filetree.c
++++ b/lib/filetree.c
+@@ -740,7 +740,7 @@
+ 	size_t fspath1_size = 0, fspath2_size = 0;
+ 	size_t ns1_size = 0, ns2_size = 0;
+ 	const struct __xar_file_t * child1 = NULL, * child2 = NULL;
+-	const uint keys_to_ignore_count = 1;
++#define keys_to_ignore_count 1
+ 	char * keys_to_ignore[keys_to_ignore_count] = { "id" }; // ID is allowed ot mismatch
+ 	
+ 	// If the two pointers match, call it the same.
diff --git a/app-arch/xar/xar-1.8.0.0.487.100.1.ebuild b/app-arch/xar/xar-1.8.0.0.487.100.1.ebuild
new file mode 100644
index 000000000000..7e4e0547d540
--- /dev/null
+++ b/app-arch/xar/xar-1.8.0.0.487.100.1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit autotools flag-o-matic toolchain-funcs multilib-minimal multilib
+
+APPLE_PV=$(ver_cut 5-)  # 487: macOS 12.3 and up
+DESCRIPTION="An easily extensible archive format"
+HOMEPAGE="https://github.com/apple-oss-distributions/xar/tree/xar-${APPLE_PV}"
+SRC_URI="https://github.com/apple-oss-distributions/xar/archive/xar-${APPLE_PV}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+
+DEPEND="
+	elibc_musl? ( sys-libs/fts-standalone )
+	kernel_linux? ( virtual/acl )
+	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
+	app-arch/bzip2[${MULTILIB_USEDEP}]
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	dev-libs/libxml2[${MULTILIB_USEDEP}]
+"
+RDEPEND="${DEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.6.1-ext2.patch
+	"${FILESDIR}"/${PN}-1.8-safe_dirname.patch
+	"${FILESDIR}"/${PN}-1.8-arm-ppc.patch
+	"${FILESDIR}"/${PN}-1.8-openssl-1.1.patch
+	"${FILESDIR}"/${PN}-1.8.0.0.452-linux.patch
+	"${FILESDIR}"/${PN}-1.8.0.0.487-non-darwin.patch
+	"${FILESDIR}"/${PN}-1.8.0.0.487-variable-sized-object.patch
+)
+
+S=${WORKDIR}/${PN}-${PN}-${APPLE_PV}/${PN}
+
+src_prepare() {
+	default
+
+	# make lib headers available (without installing first?)
+	cd "${S}"/include || die
+	mv ../lib/*.h . || die
+
+	# strip RPATH pointing to ED
+	cd "${S}"/src || die
+	sed -i -e 's/@RPATH@//' Makefile.inc.in || die
+
+	# avoid GNU make (bug?) behaviour of removing xar.o as intermediate
+	# file, this doesn't happen outside portage, but it does from the
+	# ebuild env, causing the install phase to re-compile xar.o and link
+	# the executable
+	echo ".PRECIOUS: @objroot@src/%.o" >> Makefile.inc.in || die
+
+	# drop Darwin specific reliance on CommonCrypto Framework, for it
+	# depends on what version of Darwin we're on, and it is much simpler
+	# to just use openessl instead, which we maintain and control
+	cd "${S}" || die
+	sed -i -e 's/__APPLE__/__NO_APPLE__/' \
+		include/archive.h \
+		lib/hash.c \
+		|| die
+
+	# fix branding somewhat
+	sed -i -e "/XAR_VERSION/s|%s|%s (Gentoo ${PVR})|" src/xar.c || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	append-libs $($(tc-getPKG_CONFIG) --libs openssl)
+	use elibc_musl && append-libs $($(tc-getPKG_CONFIG) --libs fts-standalone)
+	append-cflags -Wno-unused-result  # allow to see real problems
+	ECONF_SOURCE=${S} \
+	econf --disable-static
+	# botched check, fix it up
+	if use kernel_SunOS ; then
+		sed -i -e '/HAVE_SYS_ACL_H/s:^\(.*\)$:/* \1 */:' include/config.h || die
+	fi
+	# allow xar/xar.h to be found
+	(cd include && ln -s . xar)
+}
+
+multilib_src_install() {
+	default
+	find "${D}" -name '*.la' -delete || die
+}