summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lutgens <lamer@gentoo.org>2001-07-12 19:43:49 +0000
committerBen Lutgens <lamer@gentoo.org>2001-07-12 19:43:49 +0000
commitecdb58b09896ef22fd4ffe45b6a2a51a9b60c837 (patch)
tree903bbed15c508f003253726c818d51f22cfa5bed /sys-apps/tar
parentfixed doc installs. (diff)
downloadgentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.tar.gz
gentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.tar.bz2
gentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.zip
Some security fixes and some touch ups. tar and unzip are both prone to
undesirable directory traversal (nothing like leaving .. unlinked *shudder*) I package.masked unzip-5.42 since thier server is busted and I can't test it yet. http://www.security.nnov.ru/advisories <-- is the advisories. rar is also suceptible. Remeber you should run archivers under a privleged UID.
Diffstat (limited to 'sys-apps/tar')
-rw-r--r--sys-apps/tar/files/digest-tar-1.13.191
-rw-r--r--sys-apps/tar/files/tar-1.13.19.patch40
-rw-r--r--sys-apps/tar/tar-1.13.19.ebuild61
3 files changed, 102 insertions, 0 deletions
diff --git a/sys-apps/tar/files/digest-tar-1.13.19 b/sys-apps/tar/files/digest-tar-1.13.19
new file mode 100644
index 000000000000..5c266195c6f9
--- /dev/null
+++ b/sys-apps/tar/files/digest-tar-1.13.19
@@ -0,0 +1 @@
+MD5 ff10ade59f5b312869ffb2f229177e14 tar-1.13.19.tar.gz
diff --git a/sys-apps/tar/files/tar-1.13.19.patch b/sys-apps/tar/files/tar-1.13.19.patch
new file mode 100644
index 000000000000..26c0d63bedc1
--- /dev/null
+++ b/sys-apps/tar/files/tar-1.13.19.patch
@@ -0,0 +1,40 @@
+*** misc.c.orig Sat Jan 13 08:59:29 2001
+--- misc.c Mon Jul 9 15:45:09 2001
+***************
+*** 201,217 ****
+ {
+ char const *p = name + FILESYSTEM_PREFIX_LEN (name);
+
+ for (;;)
+ {
+! if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ return 1;
+
+ do
+ {
+! if (! *p++)
+ return 0;
+ }
+! while (! ISSLASH (*p));
+ }
+ }
+
+--- 201,218 ----
+ {
+ char const *p = name + FILESYSTEM_PREFIX_LEN (name);
+
++ if(ISSLASH (*p) ) return 1;
+ for (;;)
+ {
+! if (p[0] == '.' && p[1] == '.' && (!p[2] || ISSLASH (p[2])))
+ return 1;
+
+ do
+ {
+! if (! *p)
+ return 0;
+ }
+! while (! ISSLASH (*p++));
+ }
+ }
+
diff --git a/sys-apps/tar/tar-1.13.19.ebuild b/sys-apps/tar/tar-1.13.19.ebuild
new file mode 100644
index 000000000000..cd32405d9a99
--- /dev/null
+++ b/sys-apps/tar/tar-1.13.19.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2000 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Author Achim Gottinger <achim@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/tar/tar-1.13.19.ebuild,v 1.1 2001/07/12 19:43:49 lamer Exp $
+
+A=${P}.tar.gz
+S=${WORKDIR}/${P}
+
+DESCRIPTION="Use this to try make tarballs :)"
+SRC_URI="ftp://alpha.gnu.org/gnu/tar/"${A}
+HOMEPAGE="http://www.gnu.org/software/tar/"
+
+DEPEND="virtual/glibc
+ nls? ( sys-devel/gettext-0.10.35 )"
+
+RDEPEND="virtual/glibc"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}/src
+ patch -p0 < ${FILESDIR}/tar-1.13.19.patch
+}
+
+src_compile() {
+
+ local myconf
+ if [ -z "`use nls`" ]
+ then
+ myconf="--disable-nls"
+ fi
+ try ./configure --prefix=/usr --bindir=/bin --libexecdir=/usr/lib/misc \
+ --infodir=/usr/share/info --host=${CHOST} ${myconf}
+
+ if [ -z "`use static`" ]
+ then
+ try make ${MAKEOPTS}
+ else
+ try make ${MAKEOPTS} LDFLAGS=-static
+ fi
+}
+
+src_install() {
+ try make DESTDIR=${D} install
+ #FHS 2.1 stuff
+ dodir /usr/sbin
+ cd ${D}
+ mv usr/lib/misc/rmt usr/sbin/rmt.gnu
+ dosym rmt.gnu /usr/sbin/rmt
+ if [ -z "`use build`" ]
+ then
+ dodoc AUTHORS ChangeLog* COPYING NEWS README* PORTS THANKS
+
+ #we're using Schilly's enhanced rmt command included with star
+# rm -rf ${D}/usr/lib
+ else
+ rm -rf ${D}/usr/share/info
+ fi
+
+}
+
+