From 4935506e9a5cbfabd37c64093eac5f36c2ff0017 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 17 Feb 2018 20:03:52 +0000 Subject: gentoo resync : 17.02.2018 --- dev-libs/libtar/Manifest | 9 +- dev-libs/libtar/files/CVE-2013-4420.patch | 12 +-- dev-libs/libtar/files/libtar-1.2.11-free.patch | 8 +- .../libtar/files/libtar-1.2.20-bin-memleaks.patch | 117 +++++++++++++++++++++ dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch | 98 +++++++++++++++++ .../files/libtar-1.2.20-tar_open-memleak.patch | 24 +++++ dev-libs/libtar/libtar-1.2.20-r2.ebuild | 54 ---------- dev-libs/libtar/libtar-1.2.20-r4.ebuild | 70 ++++++++++++ 8 files changed, 325 insertions(+), 67 deletions(-) create mode 100644 dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch create mode 100644 dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch create mode 100644 dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch delete mode 100644 dev-libs/libtar/libtar-1.2.20-r2.ebuild create mode 100644 dev-libs/libtar/libtar-1.2.20-r4.ebuild (limited to 'dev-libs/libtar') diff --git a/dev-libs/libtar/Manifest b/dev-libs/libtar/Manifest index dc40319631a0..abc160155d19 100644 --- a/dev-libs/libtar/Manifest +++ b/dev-libs/libtar/Manifest @@ -1,7 +1,10 @@ -AUX CVE-2013-4420.patch 2454 BLAKE2B 99bd37c92d0d92145cb4084b93efd35e061b7d232d003eb5219b0b99fe9a7555a5a40a52c0b68f4e6afb8eba37719775ef46d8a34b566db09bf9a2252737c65c SHA512 a325c1225b838a573448f05ba1a6712ab8430107793bc574dcea6a77b28d3ad36f3d1d801b392be0992007df78ea59b0b729623631f12b80846fdd039a66eb26 -AUX libtar-1.2.11-free.patch 337 BLAKE2B 56d50688210f4d4d298b804ae5a7990b98f0a1c87183ab8f0c0ca14ed2d18b869d739d7fccbc1370e439ea499d5912996729c261f514208d80d330cccfb04445 SHA512 ea6475cdb000967c0029a35d8b02cde3c9227cfa73c57ab654879e7b030a5ca2732e5286fcd2f146bbb74213e01ea4d0f9259f06a6fe466a7bd63b1e6e43e07c +AUX CVE-2013-4420.patch 2412 BLAKE2B 6ccf26f8f5d365abe485098c601298c17639cf3221b62f6dc5f44ddcc0d7bc295937aa5e91a5271209631507c15d4a0d079872ed28cec76d72c77f3c04c20ee6 SHA512 e04b131a77fed6be668d6175f13037d28ac29f8d173b2fd53681b3daaa72848418fd117e4a2f257d7de4c2dd1fc27d37a5ba70ca22cc3659e3b0e778e8951c3e +AUX libtar-1.2.11-free.patch 345 BLAKE2B d13964a6ff546ef67bef36512cf74b72d7549f0de39663b2f36e8df8076a5e6e399455d04708580ce019718ae56fec3688b21bd9c033b550dc3e1849cf2d5a0f SHA512 6560b3c963f8111ee765b8d3cff5e9470f9a856034da1c712b39dea4274779d9b9dc4a5bc81798f85d411e35cedd0b293d269ac064df0a09a8b1b23159e83470 AUX libtar-1.2.11-impl-dec.patch 332 BLAKE2B f070458c7d3e46a4a50c542c0559012b2b99fd94473f203e2b1cc693e5c27dbd8dec5817953d1fd4dc3ceb7946998834df52a6d2fb1e260a1a08d83994ccae50 SHA512 d8e6d341b4f30121571da0afc369fd3b45055224cc336640cb6f087e020959dcee8b2f00ac7b4d9f20faf44f1d87414b1a267080b412f043bb58d02bdbc91f94 +AUX libtar-1.2.20-bin-memleaks.patch 2571 BLAKE2B 72217c256a8f504e1647ecd8157bc94d4895ed70270633892fd692ff6fa7baa8441d051a0c37f1f05c64d48882c54d668fd2f1419196f8010532366bb40697b7 SHA512 17522eaac5b3c860aa8b5665d851672cae0c4aa81b7e0bea13ae7e39fe4306bf131c9f25fff744252c0f61a5cfe2d8bbb981676162ed6dde526d0910c2a8959c +AUX libtar-1.2.20-fd-leaks.patch 2021 BLAKE2B 73e9ca5475e86fc6c5cddee5f608b0a1e349e987c17c0a1d1d9406ba2b3efd414a138402f2d78f925a736dc1a0bbe1511e2047fec5c6c25891f0874f233f53fe SHA512 93312a12b14f47d80a81368438afb4af9883d95691f4c33a2443c595808943087e31a00b44038028106ed99a23343efa41cd7ba432a8c8be00c5ea0d51817a26 +AUX libtar-1.2.20-tar_open-memleak.patch 630 BLAKE2B 31616574597017dc5444d0b79aa6084c55f3eedf5c23099663da2905bdf8be8d499c9a81228b268840524e286e06b18c3221a60c95f2e3effbb09beb8c0712f9 SHA512 a37df7b6e1e98298f622c1cbef348861c187409abf6614eafac21d802aaa1418081281db3e03fda0ba9fc5a690f4fb00b61fbe277c4c34c82443d4fe4548e317 DIST libtar-1.2.20.tar.gz 63542 BLAKE2B 57565fd703aec159a0b30280c026ce82d4a74fc658a24e589c2d9fcf11ff0e8c79de172df8b4cfeefa776eb27bb4b1a65951739ec37de4300da47d508a8d4227 SHA512 360a0296af99bedd6d93236c3d6d6746fd38deaa5287e7a138d303e1072bc8871437a693dc926d82af5b54dedba2ebdff5a3edb1f7d7dc494b4235439e477dec -EBUILD libtar-1.2.20-r2.ebuild 1148 BLAKE2B 40c541769bb879e288f086620c6e526fbd21acd754d60656210d4e4a217629a0fbe98d338c796a409bf87c207d571b1ee7edbf0659849f976a64f8e71fae58fc SHA512 d618f5a389e62579fee30c6315893990765f5d35a64e2c727b741d9d393f6bbf8c120e7a3102c058e57186e0bd5ff772b5472ff7df642b262692c9e354cb0de2 EBUILD libtar-1.2.20-r3.ebuild 1363 BLAKE2B a18bc2460adcbd2ca5e453219edafd307d261be4c50035e6861d3590ebd3e2d9d0aaa479f03d995bd22c76191400274ac401ca94cd526bd960d266c92796b83f SHA512 8e7a8081bd465e86f4104931e0cf874c104f620e85dbab7d82cebf8522bb1eca457e1cd02b0882897007d43adf729affa9114b1a4157cc2cf89c31d46b0875ab +EBUILD libtar-1.2.20-r4.ebuild 1503 BLAKE2B a8516ffcd11e27e8aa631b558d92e45893cca4172536a35bad196fe7261d649397bcab51be479dd204a5f66b8a8835f50aa70f97309bc9466c96dcd7e0ecb55b SHA512 c25520317c284bc691df088194416ee83544b00c321b614545f7b064521557d6268de75fa6d84c4efd698a6ef470f70647d7bbf6ab6673ed1d45cd68f89fa5d7 MISC metadata.xml 440 BLAKE2B ddd6460d11370e00f795797bad8dabffa776efcf95eaad8c9951359e9e4a9b1e5c07f09814d349ee28a6818b943ec7d1d56b195ebd8287ea7489b0bd4f9d27a1 SHA512 12a537b5b96a35ccdb346e02d76bb048af1b638ba2742946d8c396d7f5dba6aa82b90da18de7795e3b0ab1b4849120edc04b6e68b0ad416d4e5d6acc4536c10e diff --git a/dev-libs/libtar/files/CVE-2013-4420.patch b/dev-libs/libtar/files/CVE-2013-4420.patch index d6e24860c929..833ff7b1dbb3 100644 --- a/dev-libs/libtar/files/CVE-2013-4420.patch +++ b/dev-libs/libtar/files/CVE-2013-4420.patch @@ -1,5 +1,5 @@ ---- a/libtar/lib/decode.c 2013-10-09 09:59:44.000000000 -0700 -+++ b/libtar/lib/decode.c 2015-07-20 20:57:58.331945962 -0700 +--- a/lib/decode.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/decode.c 2015-07-20 20:57:58.331945962 -0700 @@ -21,24 +21,55 @@ # include #endif @@ -59,8 +59,8 @@ return filename; } ---- a/libtar/lib/extract.c 2013-10-09 09:59:44.000000000 -0700 -+++ b/libtar/lib/extract.c 2015-07-20 21:00:16.560956122 -0700 +--- a/lib/extract.c 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/extract.c 2015-07-20 21:00:16.560956122 -0700 @@ -305,7 +305,7 @@ linktgt = &lnp[strlen(lnp) + 1]; } @@ -82,8 +82,8 @@ { #ifdef DEBUG perror("symlink()"); ---- a/libtar/lib/internal.h 2013-10-09 09:59:44.000000000 -0700 -+++ b/libtar/lib/internal.h 2015-07-20 21:00:51.258958673 -0700 +--- a/lib/internal.h 2013-10-09 09:59:44.000000000 -0700 ++++ b/lib/internal.h 2015-07-20 21:00:51.258958673 -0700 @@ -15,6 +15,7 @@ #include diff --git a/dev-libs/libtar/files/libtar-1.2.11-free.patch b/dev-libs/libtar/files/libtar-1.2.11-free.patch index 3a7b028d5d2d..cb6524e5e5a0 100644 --- a/dev-libs/libtar/files/libtar-1.2.11-free.patch +++ b/dev-libs/libtar/files/libtar-1.2.11-free.patch @@ -1,7 +1,7 @@ stdlib.h is required for free() ---- lib/output.c -+++ lib/output.c +--- a/lib/output.c ++++ b/lib/output.c @@ -20,6 +20,7 @@ #include @@ -10,8 +10,8 @@ stdlib.h is required for free() # include #endif ---- lib/wrapper.c -+++ lib/wrapper.c +--- a/lib/wrapper.c ++++ b/lib/wrapper.c @@ -18,6 +18,7 @@ #include diff --git a/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch new file mode 100644 index 000000000000..b6195da88d97 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-bin-memleaks.patch @@ -0,0 +1,117 @@ +From f3c711cf3054ff366a1a3500cdc8c64ecc2d2da6 Mon Sep 17 00:00:00 2001 +From: Huzaifa Sidhpurwala +Date: Tue, 15 Oct 2013 20:05:04 -0400 +Subject: [PATCH] fix memleaks in libtar sample program + +--- + libtar/libtar.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/libtar/libtar.c b/libtar/libtar.c +index bb5644c..23f8741 100644 +--- a/libtar/libtar.c ++++ b/libtar/libtar.c +@@ -253,6 +253,7 @@ extract(char *tarfile, char *rootdir) + if (tar_extract_all(t, rootdir) != 0) + { + fprintf(stderr, "tar_extract_all(): %s\n", strerror(errno)); ++ tar_close(t); + return -1; + } + +@@ -270,12 +271,13 @@ extract(char *tarfile, char *rootdir) + + + void +-usage() ++usage(void *rootdir) + { + printf("Usage: %s [-C rootdir] [-g] [-z] -x|-t filename.tar\n", + progname); + printf(" %s [-C rootdir] [-g] [-z] -c filename.tar ...\n", + progname); ++ free(rootdir); + exit(-1); + } + +@@ -292,6 +294,7 @@ main(int argc, char *argv[]) + int c; + int mode = 0; + libtar_list_t *l; ++ int return_code = -2; + + progname = basename(argv[0]); + +@@ -313,17 +316,17 @@ main(int argc, char *argv[]) + break; + case 'c': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_CREATE; + break; + case 'x': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_EXTRACT; + break; + case 't': + if (mode) +- usage(); ++ usage(rootdir); + mode = MODE_LIST; + break; + #ifdef HAVE_LIBZ +@@ -332,7 +335,7 @@ main(int argc, char *argv[]) + break; + #endif /* HAVE_LIBZ */ + default: +- usage(); ++ usage(rootdir); + } + + if (!mode || ((argc - optind) < (mode == MODE_CREATE ? 2 : 1))) +@@ -341,7 +344,7 @@ main(int argc, char *argv[]) + printf("argc - optind == %d\tmode == %d\n", argc - optind, + mode); + #endif +- usage(); ++ usage(rootdir); + } + + #ifdef DEBUG +@@ -351,21 +354,25 @@ main(int argc, char *argv[]) + switch (mode) + { + case MODE_EXTRACT: +- return extract(argv[optind], rootdir); ++ return_code = extract(argv[optind], rootdir); ++ break; + case MODE_CREATE: + tarfile = argv[optind]; + l = libtar_list_new(LIST_QUEUE, NULL); + for (c = optind + 1; c < argc; c++) + libtar_list_add(l, argv[c]); +- return create(tarfile, rootdir, l); ++ return_code = create(tarfile, rootdir, l); ++ libtar_list_free(l, NULL); ++ break; + case MODE_LIST: +- return list(argv[optind]); ++ return_code = list(argv[optind]); ++ break; + default: + break; + } + +- /* NOTREACHED */ +- return -2; ++ free(rootdir); ++ return return_code; + } + + +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch new file mode 100644 index 000000000000..816c96925512 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-fd-leaks.patch @@ -0,0 +1,98 @@ +From abd0274e6b2f708e9eaa29414b07b3f542cec694 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 15 Oct 2013 19:48:41 -0400 +Subject: [PATCH] fix file descriptor leaks reported by cppcheck + +Bug: https://bugzilla.redhat.com/785760 +--- + lib/append.c | 14 +++++++++----- + lib/extract.c | 4 ++++ + libtar/libtar.c | 3 +++ + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/lib/append.c b/lib/append.c +index e8bd89d..ff58532 100644 +--- a/lib/append.c ++++ b/lib/append.c +@@ -216,6 +216,7 @@ tar_append_regfile(TAR *t, const char *realname) + int filefd; + int i, j; + size_t size; ++ int rv = -1; + + filefd = open(realname, O_RDONLY); + if (filefd == -1) +@@ -234,25 +235,28 @@ tar_append_regfile(TAR *t, const char *realname) + { + if (j != -1) + errno = EINVAL; +- return -1; ++ goto fail; + } + if (tar_block_write(t, &block) == -1) +- return -1; ++ goto fail; + } + + if (i > 0) + { + j = read(filefd, &block, i); + if (j == -1) +- return -1; ++ goto fail; + memset(&(block[i]), 0, T_BLOCKSIZE - i); + if (tar_block_write(t, &block) == -1) +- return -1; ++ goto fail; + } + ++ /* success! */ ++ rv = 0; ++fail: + close(filefd); + +- return 0; ++ return rv; + } + + +diff --git a/lib/extract.c b/lib/extract.c +index 36357e7..9fc6ad5 100644 +--- a/lib/extract.c ++++ b/lib/extract.c +@@ -228,13 +228,17 @@ tar_extract_regfile(TAR *t, char *realname) + { + if (k != -1) + errno = EINVAL; ++ close(fdout); + return -1; + } + + /* write block to output file */ + if (write(fdout, buf, + ((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1) ++ { ++ close(fdout); + return -1; ++ } + } + + /* close output file */ +diff --git a/libtar/libtar.c b/libtar/libtar.c +index 9fa92b2..bb5644c 100644 +--- a/libtar/libtar.c ++++ b/libtar/libtar.c +@@ -83,7 +83,10 @@ gzopen_frontend(char *pathname, int oflags, int mode) + return -1; + + if ((oflags & O_CREAT) && fchmod(fd, mode)) ++ { ++ close(fd); + return -1; ++ } + + gzf = gzdopen(fd, gzoflags); + if (!gzf) +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch new file mode 100644 index 000000000000..b2a1209f3fc0 --- /dev/null +++ b/dev-libs/libtar/files/libtar-1.2.20-tar_open-memleak.patch @@ -0,0 +1,24 @@ +From 36629a41208375f5105427e98078127551692028 Mon Sep 17 00:00:00 2001 +From: Huzaifa Sidhpurwala +Date: Tue, 15 Oct 2013 20:02:58 -0400 +Subject: [PATCH] fix memleak on tar_open() failure + +--- + lib/handle.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/handle.c b/lib/handle.c +index 33a262c..002d23c 100644 +--- a/lib/handle.c ++++ b/lib/handle.c +@@ -82,6 +82,7 @@ tar_open(TAR **t, const char *pathname, tartype_t *type, + (*t)->fd = (*((*t)->type->openfunc))(pathname, oflags, mode); + if ((*t)->fd == -1) + { ++ libtar_hash_free((*t)->h, NULL); + free(*t); + return -1; + } +-- +2.10.5.GIT + diff --git a/dev-libs/libtar/libtar-1.2.20-r2.ebuild b/dev-libs/libtar/libtar-1.2.20-r2.ebuild deleted file mode 100644 index 926bb060d8d5..000000000000 --- a/dev-libs/libtar/libtar-1.2.20-r2.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -AUTOTOOLS_AUTORECONF=1 -inherit autotools-utils - -DESCRIPTION="C library for manipulating tar archives" -HOMEPAGE="http://www.feep.net/libtar/ http://repo.or.cz/w/libtar.git/" -SRC_URI="https://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ppc ppc64 ~sparc x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos" -IUSE="static-libs zlib" - -RDEPEND="zlib? ( sys-libs/zlib ) - !zlib? ( app-arch/gzip )" -DEPEND="${RDEPEND}" - -S="${WORKDIR}/${PN}" - -PATCHES=( - "${FILESDIR}/${PN}-1.2.11-free.patch" - "${FILESDIR}/${PN}-1.2.11-impl-dec.patch" -) - -src_prepare() { - sed -i \ - -e '/INSTALL_PROGRAM/s:-s::' \ - {doc,lib{,tar}}/Makefile.in || die - - autotools-utils_src_prepare -} - -src_configure() { - local myeconfargs=( - --disable-encap - --disable-epkg-install - $(use_with zlib) - ) - - autotools-utils_src_configure -} - -src_install() { - autotools-utils_src_install - - dodoc ChangeLog* README TODO - newdoc compat/README README.compat - newdoc compat/TODO TODO.compat - newdoc listhash/TODO TODO.listhash -} diff --git a/dev-libs/libtar/libtar-1.2.20-r4.ebuild b/dev-libs/libtar/libtar-1.2.20-r4.ebuild new file mode 100644 index 000000000000..eccd392e3bad --- /dev/null +++ b/dev-libs/libtar/libtar-1.2.20-r4.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools + +DESCRIPTION="C library for manipulating tar archives" +HOMEPAGE="http://repo.or.cz/w/libtar.git/" +SRC_URI="https://dev.gentoo.org/~pinkbyte/distfiles/snapshots/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~amd64-linux ~x86-linux ~ppc-macos" +IUSE="static-libs zlib" + +RDEPEND=" + zlib? ( sys-libs/zlib:= ) + !zlib? ( app-arch/gzip ) +" +DEPEND="${RDEPEND}" + +DOCS=( ChangeLog{,-1.0.x} README TODO ) + +S="${WORKDIR}/${PN}" + +# There is no test and 'check' target errors out due to mixing of automake & +# non-automake makefiles. +# https://bugs.gentoo.org/show_bug.cgi?id=526436 +RESTRICT="test" + +PATCHES=( + "${FILESDIR}"/${PN}-1.2.11-free.patch + "${FILESDIR}"/${PN}-1.2.11-impl-dec.patch + "${FILESDIR}"/CVE-2013-4420.patch + "${FILESDIR}"/${P}-fd-leaks.patch + "${FILESDIR}"/${P}-tar_open-memleak.patch + "${FILESDIR}"/${P}-bin-memleaks.patch +) + +src_prepare() { + default + + sed -e '/INSTALL_PROGRAM/s:-s::' \ + -i {doc,lib{,tar}}/Makefile.in || die + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --enable-shared + --disable-encap + --disable-epkg-install + $(use_enable static-libs static) + $(use_with zlib) + ) + + econf ${myeconfargs[@]} +} + +src_install() { + default + + newdoc compat/README README.compat + newdoc compat/TODO TODO.compat + newdoc listhash/TODO TODO.listhash + + find "${D}" -name '*.la' -delete || die +} -- cgit v1.2.3