1 |
commit: a3a8c469b2bb96d3ee3a4fa99bb5b30aa38c7589 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 1 14:36:33 2019 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 1 14:38:01 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3a8c469 |
7 |
|
8 |
app-arch/tar: Revbump to fix CVE-2018-20482 |
9 |
|
10 |
Patch added without new test suite because that would require |
11 |
an eautoreconf run. |
12 |
|
13 |
Bug: https://bugs.gentoo.org/674210 |
14 |
Package-Manager: Portage-2.3.53, Repoman-2.3.12 |
15 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
16 |
|
17 |
app-arch/tar/files/tar-1.30-CVE-2018-20482.patch | 146 +++++++++++++++++++++++ |
18 |
app-arch/tar/tar-1.30-r1.ebuild | 82 +++++++++++++ |
19 |
2 files changed, 228 insertions(+) |
20 |
|
21 |
diff --git a/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch b/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch |
22 |
new file mode 100644 |
23 |
index 00000000000..8abab5df6c0 |
24 |
--- /dev/null |
25 |
+++ b/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch |
26 |
@@ -0,0 +1,146 @@ |
27 |
+From c15c42ccd1e2377945fd0414eca1a49294bff454 Mon Sep 17 00:00:00 2001 |
28 |
+From: Sergey Poznyakoff <gray@×××.org> |
29 |
+Date: Thu, 27 Dec 2018 17:48:57 +0200 |
30 |
+Subject: Fix CVE-2018-20482 |
31 |
+ |
32 |
+* src/sparse.c (sparse_dump_region): Handle short read condition. |
33 |
+(sparse_extract_region,check_data_region): Fix dumped_size calculation. |
34 |
+Handle short read condition. |
35 |
+(pax_decode_header): Fix dumped_size calculation. |
36 |
+ |
37 |
+diff --git a/src/sparse.c b/src/sparse.c |
38 |
+index d41c0ea..f611200 100644 |
39 |
+--- a/src/sparse.c |
40 |
++++ b/src/sparse.c |
41 |
+@@ -1,6 +1,6 @@ |
42 |
+ /* Functions for dealing with sparse files |
43 |
+ |
44 |
+- Copyright 2003-2007, 2010, 2013-2017 Free Software Foundation, Inc. |
45 |
++ Copyright 2003-2007, 2010, 2013-2018 Free Software Foundation, Inc. |
46 |
+ |
47 |
+ This program is free software; you can redistribute it and/or modify it |
48 |
+ under the terms of the GNU General Public License as published by the |
49 |
+@@ -427,6 +427,30 @@ sparse_dump_region (struct tar_sparse_file *file, size_t i) |
50 |
+ bufsize); |
51 |
+ return false; |
52 |
+ } |
53 |
++ else if (bytes_read == 0) |
54 |
++ { |
55 |
++ char buf[UINTMAX_STRSIZE_BOUND]; |
56 |
++ struct stat st; |
57 |
++ size_t n; |
58 |
++ if (fstat (file->fd, &st) == 0) |
59 |
++ n = file->stat_info->stat.st_size - st.st_size; |
60 |
++ else |
61 |
++ n = file->stat_info->stat.st_size |
62 |
++ - (file->stat_info->sparse_map[i].offset |
63 |
++ + file->stat_info->sparse_map[i].numbytes |
64 |
++ - bytes_left); |
65 |
++ |
66 |
++ WARNOPT (WARN_FILE_SHRANK, |
67 |
++ (0, 0, |
68 |
++ ngettext ("%s: File shrank by %s byte; padding with zeros", |
69 |
++ "%s: File shrank by %s bytes; padding with zeros", |
70 |
++ n), |
71 |
++ quotearg_colon (file->stat_info->orig_file_name), |
72 |
++ STRINGIFY_BIGINT (n, buf))); |
73 |
++ if (! ignore_failed_read_option) |
74 |
++ set_exit_status (TAREXIT_DIFFERS); |
75 |
++ return false; |
76 |
++ } |
77 |
+ |
78 |
+ memset (blk->buffer + bytes_read, 0, BLOCKSIZE - bytes_read); |
79 |
+ bytes_left -= bytes_read; |
80 |
+@@ -464,9 +488,9 @@ sparse_extract_region (struct tar_sparse_file *file, size_t i) |
81 |
+ return false; |
82 |
+ } |
83 |
+ set_next_block_after (blk); |
84 |
++ file->dumped_size += BLOCKSIZE; |
85 |
+ count = blocking_write (file->fd, blk->buffer, wrbytes); |
86 |
+ write_size -= count; |
87 |
+- file->dumped_size += count; |
88 |
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size); |
89 |
+ file->offset += count; |
90 |
+ if (count != wrbytes) |
91 |
+@@ -598,6 +622,12 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end) |
92 |
+ rdsize); |
93 |
+ return false; |
94 |
+ } |
95 |
++ else if (bytes_read == 0) |
96 |
++ { |
97 |
++ report_difference (file->stat_info, _("Size differs")); |
98 |
++ return false; |
99 |
++ } |
100 |
++ |
101 |
+ if (!zero_block_p (diff_buffer, bytes_read)) |
102 |
+ { |
103 |
+ char begbuf[INT_BUFSIZE_BOUND (off_t)]; |
104 |
+@@ -609,6 +639,7 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end) |
105 |
+ |
106 |
+ beg += bytes_read; |
107 |
+ } |
108 |
++ |
109 |
+ return true; |
110 |
+ } |
111 |
+ |
112 |
+@@ -635,6 +666,7 @@ check_data_region (struct tar_sparse_file *file, size_t i) |
113 |
+ return false; |
114 |
+ } |
115 |
+ set_next_block_after (blk); |
116 |
++ file->dumped_size += BLOCKSIZE; |
117 |
+ bytes_read = safe_read (file->fd, diff_buffer, rdsize); |
118 |
+ if (bytes_read == SAFE_READ_ERROR) |
119 |
+ { |
120 |
+@@ -645,7 +677,11 @@ check_data_region (struct tar_sparse_file *file, size_t i) |
121 |
+ rdsize); |
122 |
+ return false; |
123 |
+ } |
124 |
+- file->dumped_size += bytes_read; |
125 |
++ else if (bytes_read == 0) |
126 |
++ { |
127 |
++ report_difference (¤t_stat_info, _("Size differs")); |
128 |
++ return false; |
129 |
++ } |
130 |
+ size_left -= bytes_read; |
131 |
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size); |
132 |
+ if (memcmp (blk->buffer, diff_buffer, rdsize)) |
133 |
+@@ -1213,7 +1249,8 @@ pax_decode_header (struct tar_sparse_file *file) |
134 |
+ union block *blk; |
135 |
+ char *p; |
136 |
+ size_t i; |
137 |
+- |
138 |
++ off_t start; |
139 |
++ |
140 |
+ #define COPY_BUF(b,buf,src) do \ |
141 |
+ { \ |
142 |
+ char *endp = b->buffer + BLOCKSIZE; \ |
143 |
+@@ -1229,7 +1266,6 @@ pax_decode_header (struct tar_sparse_file *file) |
144 |
+ if (src == endp) \ |
145 |
+ { \ |
146 |
+ set_next_block_after (b); \ |
147 |
+- file->dumped_size += BLOCKSIZE; \ |
148 |
+ b = find_next_block (); \ |
149 |
+ src = b->buffer; \ |
150 |
+ endp = b->buffer + BLOCKSIZE; \ |
151 |
+@@ -1240,8 +1276,8 @@ pax_decode_header (struct tar_sparse_file *file) |
152 |
+ dst[-1] = 0; \ |
153 |
+ } while (0) |
154 |
+ |
155 |
++ start = current_block_ordinal (); |
156 |
+ set_next_block_after (current_header); |
157 |
+- file->dumped_size += BLOCKSIZE; |
158 |
+ blk = find_next_block (); |
159 |
+ p = blk->buffer; |
160 |
+ COPY_BUF (blk,nbuf,p); |
161 |
+@@ -1278,6 +1314,8 @@ pax_decode_header (struct tar_sparse_file *file) |
162 |
+ sparse_add_map (file->stat_info, &sp); |
163 |
+ } |
164 |
+ set_next_block_after (blk); |
165 |
++ |
166 |
++ file->dumped_size += BLOCKSIZE * (current_block_ordinal () - start); |
167 |
+ } |
168 |
+ |
169 |
+ return true; |
170 |
+-- |
171 |
+cgit v1.0-41-gc330 |
172 |
+ |
173 |
|
174 |
diff --git a/app-arch/tar/tar-1.30-r1.ebuild b/app-arch/tar/tar-1.30-r1.ebuild |
175 |
new file mode 100644 |
176 |
index 00000000000..731db2be72c |
177 |
--- /dev/null |
178 |
+++ b/app-arch/tar/tar-1.30-r1.ebuild |
179 |
@@ -0,0 +1,82 @@ |
180 |
+# Copyright 1999-2019 Gentoo Authors |
181 |
+# Distributed under the terms of the GNU General Public License v2 |
182 |
+ |
183 |
+EAPI=6 |
184 |
+ |
185 |
+inherit flag-o-matic |
186 |
+ |
187 |
+DESCRIPTION="Use this to make tarballs :)" |
188 |
+HOMEPAGE="https://www.gnu.org/software/tar/" |
189 |
+SRC_URI="mirror://gnu/tar/${P}.tar.bz2 |
190 |
+ mirror://gnu-alpha/tar/${P}.tar.bz2" |
191 |
+ |
192 |
+LICENSE="GPL-3+" |
193 |
+SLOT="0" |
194 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
195 |
+IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr" |
196 |
+ |
197 |
+RDEPEND="acl? ( virtual/acl ) |
198 |
+ selinux? ( sys-libs/libselinux )" |
199 |
+DEPEND="${RDEPEND} |
200 |
+ nls? ( >=sys-devel/gettext-0.10.35 ) |
201 |
+ xattr? ( elibc_glibc? ( sys-apps/attr ) )" |
202 |
+ |
203 |
+PATCHES=( |
204 |
+ "${FILESDIR}"/${P}-fix-test-92.patch |
205 |
+ "${FILESDIR}"/${P}-fix-test-117-and-118.patch |
206 |
+ "${FILESDIR}"/${P}-CVE-2018-20482.patch #674210 |
207 |
+) |
208 |
+ |
209 |
+src_prepare() { |
210 |
+ default |
211 |
+ |
212 |
+ if ! use userland_GNU ; then |
213 |
+ sed -i \ |
214 |
+ -e 's:/backup\.sh:/gbackup.sh:' \ |
215 |
+ scripts/{backup,dump-remind,restore}.in \ |
216 |
+ || die "sed non-GNU" |
217 |
+ fi |
218 |
+} |
219 |
+ |
220 |
+src_configure() { |
221 |
+ use static && append-ldflags -static |
222 |
+ local myeconfargs=( |
223 |
+ --bindir="${EPREFIX%/}"/bin |
224 |
+ --enable-backup-scripts |
225 |
+ --libexecdir="${EPREFIX%/}"/usr/sbin |
226 |
+ $(usex userland_GNU "" "--program-prefix=g") |
227 |
+ $(use_with acl posix-acls) |
228 |
+ $(use_enable nls) |
229 |
+ $(use_with selinux) |
230 |
+ $(use_with xattr xattrs) |
231 |
+ ) |
232 |
+ FORCE_UNSAFE_CONFIGURE=1 econf "${myeconfargs[@]}" |
233 |
+} |
234 |
+ |
235 |
+src_install() { |
236 |
+ default |
237 |
+ |
238 |
+ local p=$(usex userland_GNU "" "g") |
239 |
+ if [[ -z ${p} ]] ; then |
240 |
+ # a nasty yet required piece of baggage |
241 |
+ exeinto /etc |
242 |
+ doexe "${FILESDIR}"/rmt |
243 |
+ fi |
244 |
+ |
245 |
+ # autoconf looks for gtar before tar (in configure scripts), hence |
246 |
+ # in Prefix it is important that it is there, otherwise, a gtar from |
247 |
+ # the host system (FreeBSD, Solaris, Darwin) will be found instead |
248 |
+ # of the Prefix provided (GNU) tar |
249 |
+ if use prefix ; then |
250 |
+ dosym tar /bin/gtar |
251 |
+ fi |
252 |
+ |
253 |
+ mv "${ED%/}"/usr/sbin/${p}backup{,-tar} || die |
254 |
+ mv "${ED%/}"/usr/sbin/${p}restore{,-tar} || die |
255 |
+ |
256 |
+ if use minimal ; then |
257 |
+ find "${ED%/}"/etc "${ED%/}"/*bin/ "${ED%/}"/usr/*bin/ \ |
258 |
+ -type f -a '!' '(' -name tar -o -name ${p}tar ')' \ |
259 |
+ -delete || die |
260 |
+ fi |
261 |
+} |