From 56bd759df1d0c750a065b8c845e93d5dfa6b549d Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Sat, 8 Aug 2015 13:49:04 -0700 Subject: proj/gentoo: Initial commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson X-Thanks: Alec Warner - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring - wrote much python to improve cvs2svn X-Thanks: Rich Freeman - validation scripts X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed --- dev-libs/libtar/Manifest | 1 + dev-libs/libtar/files/CVE-2013-4420.patch | 94 ++++++++++++++++++++++ dev-libs/libtar/files/libtar-1.2.11-fortify.patch | 11 +++ dev-libs/libtar/files/libtar-1.2.11-free.patch | 22 +++++ dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch | 15 ++++ dev-libs/libtar/libtar-1.2.20-r2.ebuild | 55 +++++++++++++ dev-libs/libtar/libtar-1.2.20-r3.ebuild | 56 +++++++++++++ dev-libs/libtar/metadata.xml | 10 +++ 8 files changed, 264 insertions(+) create mode 100644 dev-libs/libtar/Manifest create mode 100644 dev-libs/libtar/files/CVE-2013-4420.patch create mode 100644 dev-libs/libtar/files/libtar-1.2.11-fortify.patch create mode 100644 dev-libs/libtar/files/libtar-1.2.11-free.patch create mode 100644 dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch create mode 100644 dev-libs/libtar/libtar-1.2.20-r2.ebuild create mode 100644 dev-libs/libtar/libtar-1.2.20-r3.ebuild create mode 100644 dev-libs/libtar/metadata.xml (limited to 'dev-libs/libtar') diff --git a/dev-libs/libtar/Manifest b/dev-libs/libtar/Manifest new file mode 100644 index 000000000000..30f372e4a6ee --- /dev/null +++ b/dev-libs/libtar/Manifest @@ -0,0 +1 @@ +DIST libtar-1.2.20.tar.gz 63542 SHA256 b17f84c3cfb8734c1ec5290f5fed8285037199f11ea8c0e2d8f807cbe83c9d8f SHA512 360a0296af99bedd6d93236c3d6d6746fd38deaa5287e7a138d303e1072bc8871437a693dc926d82af5b54dedba2ebdff5a3edb1f7d7dc494b4235439e477dec WHIRLPOOL c2f9b243a497df4ec03188b25d4bf5a8ab17e895c1c3c7e359c3eca869229df6ff8d5b632cafa0f297e3e613538b94755d176295d8e15673b9ab9a71bd5435d7 diff --git a/dev-libs/libtar/files/CVE-2013-4420.patch b/dev-libs/libtar/files/CVE-2013-4420.patch new file mode 100644 index 000000000000..d6e24860c929 --- /dev/null +++ b/dev-libs/libtar/files/CVE-2013-4420.patch @@ -0,0 +1,94 @@ +--- a/libtar/lib/decode.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/libtar/lib/decode.c 2015-07-20 20:57:58.331945962 -0700 +@@ -21,24 +21,55 @@ + # include + #endif + ++char * ++safer_name_suffix (char const *file_name) ++{ ++ char const *p, *t; ++ p = t = file_name; ++ while (*p) ++ { ++ if (p[0] == '.' && p[0] == p[1] && p[2] == '/') ++ { ++ p += 3; ++ t = p; ++ } ++ /* advance pointer past the next slash */ ++ while (*p && (p++)[0] != '/'); ++ } ++ ++ if (!*t) ++ { ++ t = "."; ++ } ++ ++ if (t != file_name) ++ { ++ /* TODO: warn somehow that the path was modified */ ++ } ++ return (char*)t; ++} ++ + + /* determine full path name */ + char * + th_get_pathname(TAR *t) + { + static TLS_THREAD char filename[MAXPATHLEN]; ++ char *safer_name; + + if (t->th_buf.gnu_longname) +- return t->th_buf.gnu_longname; ++ return safer_name_suffix(t->th_buf.gnu_longname); ++ ++ safer_name = safer_name_suffix(t->th_buf.name); + + if (t->th_buf.prefix[0] != '\0') + { + snprintf(filename, sizeof(filename), "%.155s/%.100s", +- t->th_buf.prefix, t->th_buf.name); ++ t->th_buf.prefix, safer_name); + return filename; + } + +- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); ++ snprintf(filename, sizeof(filename), "%.100s", safer_name); + return filename; + } + +--- a/libtar/lib/extract.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/libtar/lib/extract.c 2015-07-20 21:00:16.560956122 -0700 +@@ -305,7 +305,7 @@ + linktgt = &lnp[strlen(lnp) + 1]; + } + else +- linktgt = th_get_linkname(t); ++ linktgt = safer_name_suffix(th_get_linkname(t)); + + #ifdef DEBUG + printf(" ==> extracting: %s (link to %s)\n", filename, linktgt); +@@ -343,9 +343,9 @@ + + #ifdef DEBUG + printf(" ==> extracting: %s (symlink to %s)\n", +- filename, th_get_linkname(t)); ++ filename, safer_name_suffix(th_get_linkname(t))); + #endif +- if (symlink(th_get_linkname(t), filename) == -1) ++ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1) + { + #ifdef DEBUG + perror("symlink()"); +--- a/libtar/lib/internal.h 2013-10-09 09:59:44.000000000 -0700 ++++ b/libtar/lib/internal.h 2015-07-20 21:00:51.258958673 -0700 +@@ -15,6 +15,7 @@ + + #include + ++char* safer_name_suffix(char const*); + #ifdef TLS + #define TLS_THREAD TLS + #else diff --git a/dev-libs/libtar/files/libtar-1.2.11-fortify.patch b/dev-libs/libtar/files/libtar-1.2.11-fortify.patch new file mode 100644 index 000000000000..8b919ad8f4ac --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.11-fortify.patch @@ -0,0 +1,11 @@ +--- lib/encode.c ++++ lib/encode.c +@@ -30,7 +30,7 @@ + int i, sum = 0; + + if (t->options & TAR_GNU) +- strncpy(t->th_buf.magic, "ustar ", 8); ++ strncpy(t->th_buf.magic, "ustar", 6); + else + { + strncpy(t->th_buf.version, TVERSION, TVERSLEN); diff --git a/dev-libs/libtar/files/libtar-1.2.11-free.patch b/dev-libs/libtar/files/libtar-1.2.11-free.patch new file mode 100644 index 000000000000..3a7b028d5d2d --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.11-free.patch @@ -0,0 +1,22 @@ +stdlib.h is required for free() + +--- lib/output.c ++++ lib/output.c +@@ -20,6 +20,7 @@ + #include + + #ifdef STDC_HEADERS ++# include + # include + #endif + +--- lib/wrapper.c ++++ lib/wrapper.c +@@ -18,6 +18,7 @@ + #include + + #ifdef STDC_HEADERS ++# include + # include + #endif + diff --git a/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch b/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch new file mode 100644 index 000000000000..ee00f5c1c9f3 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.11-impl-dec.patch @@ -0,0 +1,15 @@ + lib/extract.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/lib/extract.c b/lib/extract.c +index 6bbb801..3ef2fb8 100644 +--- a/lib/extract.c ++++ b/lib/extract.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + #ifdef STDC_HEADERS + # include diff --git a/dev-libs/libtar/libtar-1.2.20-r2.ebuild b/dev-libs/libtar/libtar-1.2.20-r2.ebuild new file mode 100644 index 000000000000..d1b78280bfc3 --- /dev/null +++ b/dev-libs/libtar/libtar-1.2.20-r2.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +AUTOTOOLS_AUTORECONF=1 +inherit autotools-utils + +DESCRIPTION="C library for manipulating tar archives" +HOMEPAGE="http://www.feep.net/libtar/ http://repo.or.cz/w/libtar.git/" +SRC_URI="http://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc ppc64 ~sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="static-libs zlib" + +RDEPEND="zlib? ( sys-libs/zlib ) + !zlib? ( app-arch/gzip )" +DEPEND="${RDEPEND}" + +S="${WORKDIR}/${PN}" + +PATCHES=( + "${FILESDIR}/${PN}-1.2.11-free.patch" + "${FILESDIR}/${PN}-1.2.11-impl-dec.patch" +) + +src_prepare() { + sed -i \ + -e '/INSTALL_PROGRAM/s:-s::' \ + {doc,lib{,tar}}/Makefile.in || die + + autotools-utils_src_prepare +} + +src_configure() { + local myeconfargs=( + --disable-encap + --disable-epkg-install + $(use_with zlib) + ) + + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + + dodoc ChangeLog* README TODO + newdoc compat/README README.compat + newdoc compat/TODO TODO.compat + newdoc listhash/TODO TODO.listhash +} diff --git a/dev-libs/libtar/libtar-1.2.20-r3.ebuild b/dev-libs/libtar/libtar-1.2.20-r3.ebuild new file mode 100644 index 000000000000..251c33a0e13a --- /dev/null +++ b/dev-libs/libtar/libtar-1.2.20-r3.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +AUTOTOOLS_AUTORECONF=1 +inherit autotools-utils + +DESCRIPTION="C library for manipulating tar archives" +HOMEPAGE="http://www.feep.net/libtar/ http://repo.or.cz/w/libtar.git/" +SRC_URI="http://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc ~ppc64 sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="static-libs zlib" + +RDEPEND="zlib? ( sys-libs/zlib ) + !zlib? ( app-arch/gzip )" +DEPEND="${RDEPEND}" + +S="${WORKDIR}/${PN}" + +PATCHES=( + "${FILESDIR}"/${PN}-1.2.11-free.patch + "${FILESDIR}"/${PN}-1.2.11-impl-dec.patch + "${FILESDIR}"/CVE-2013-4420.patch +) + +src_prepare() { + sed -i \ + -e '/INSTALL_PROGRAM/s:-s::' \ + {doc,lib{,tar}}/Makefile.in || die + + autotools-utils_src_prepare +} + +src_configure() { + local myeconfargs=( + --disable-encap + --disable-epkg-install + $(use_with zlib) + ) + + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + + dodoc ChangeLog* README TODO + newdoc compat/README README.compat + newdoc compat/TODO TODO.compat + newdoc listhash/TODO TODO.listhash +} diff --git a/dev-libs/libtar/metadata.xml b/dev-libs/libtar/metadata.xml new file mode 100644 index 000000000000..2644f03ae0e6 --- /dev/null +++ b/dev-libs/libtar/metadata.xml @@ -0,0 +1,10 @@ + + + + proxy-maintainers + + sdnick484@gmail.com + Nick Andrade + Active Maintainer, Assign bugs + + -- cgit v1.2.3-65-gdbad