tar: Update to 1.31, including fix for bug #11958
authorMatthias Fischer <matthias.fischer@ipfire.org>
Thu, 10 Jan 2019 13:29:22 +0000 (14:29 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 7 Jan 2019 01:31:43 +0000 (01:31 +0000)
For details see:

http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"

This patch was reverted because 'tar 1.31' crashed when installing PakFire packages
with the option '--no-overwrite-dir'.
See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958

Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue.
The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.

As always, please check and confirm.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/tar
src/patches/tar/01_extract.c.patch [new file with mode: 0644]

diff --git a/lfs/tar b/lfs/tar
index cbab6c2..953613d 100644 (file)
--- a/lfs/tar
+++ b/lfs/tar
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.30
+VER        = 1.31
 
 THISAPP    = tar-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 8404e4c1fc5a3000228ab2b8ad674a65
+$(DL_FILE)_MD5 = 77afa35b696c8d760331fa0e12c2fac9
 
 install : $(TARGET)
 
@@ -80,6 +80,9 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/tar/01_extract.c.patch
+
        cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
diff --git a/src/patches/tar/01_extract.c.patch b/src/patches/tar/01_extract.c.patch
new file mode 100644 (file)
index 0000000..21c3cd8
--- /dev/null
@@ -0,0 +1,12 @@
+--- tar-1.31/src/extract.c     2019-01-02 18:07:48.000000000 +0000
++++ tar-1.31.patched/src/extract.c     2019-01-09 16:17:20.368612005 +0000
+@@ -782,7 +782,8 @@
+       case OVERWRITE_OLD_FILES:
+         if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION))
+           return RECOVER_OK;
+-        break;
++        errno = e;
++        return RECOVER_NO;
+       case UNLINK_FIRST_OLD_FILES:
+         break;