From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] tar: Update to 1.31, including fix for bug #11958
Date: Thu, 10 Jan 2019 14:29:22 +0100
Message-ID: <20190110132922.31660-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6732972309015723003=="
List-Id: <development.lists.ipfire.org>

--===============6732972309015723003==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

For details see:

http://savannah.gnu.org/forum/forum.php?forum_id=3D9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command lin=
e.
- Fix CVE-2018-20482"

This patch was reverted because 'tar 1.31' crashed when installing PakFire pa=
ckages
with the option '--no-overwrite-dir'.
See: https://bugzilla.ipfire.org/show_bug.cgi?id=3D11958

Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seem=
s to fix this issue.
The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran wit=
hout problems.

As always, please check and confirm.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/tar                            |  7 +++++--
 src/patches/tar/01_extract.c.patch | 12 ++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 src/patches/tar/01_extract.c.patch

diff --git a/lfs/tar b/lfs/tar
index cbab6c2a9..953613d51 100644
--- a/lfs/tar
+++ b/lfs/tar
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 1.30
+VER        =3D 1.31
=20
 THISAPP    =3D tar-$(VER)
 DL_FILE    =3D $(THISAPP).tar.bz2
@@ -50,7 +50,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 8404e4c1fc5a3000228ab2b8ad674a65
+$(DL_FILE)_MD5 =3D 77afa35b696c8d760331fa0e12c2fac9
=20
 install : $(TARGET)
=20
@@ -80,6 +80,9 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/tar/01_extract.c.patch
+
 	cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=3D1
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
diff --git a/src/patches/tar/01_extract.c.patch b/src/patches/tar/01_extract.=
c.patch
new file mode 100644
index 000000000..21c3cd86f
--- /dev/null
+++ b/src/patches/tar/01_extract.c.patch
@@ -0,0 +1,12 @@
+--- tar-1.31/src/extract.c	2019-01-02 18:07:48.000000000 +0000
++++ tar-1.31.patched/src/extract.c	2019-01-09 16:17:20.368612005 +0000
+@@ -782,7 +782,8 @@
+ 	case OVERWRITE_OLD_FILES:
+ 	  if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION))
+ 	    return RECOVER_OK;
+-	  break;
++	  errno =3D e;
++	  return RECOVER_NO;
+=20
+ 	case UNLINK_FIRST_OLD_FILES:
+ 	  break;
--=20
2.18.0


--===============6732972309015723003==--