[PATCH] tar: Update to 1.31, including fix for bug #11958

For details see:

http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482"

This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958

Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.

As always, please check and confirm.

Best, Matthias

Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/tar | 7 +++++-- src/patches/tar/01_extract.c.patch | 12 ++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 src/patches/tar/01_extract.c.patch

diff --git a/lfs/tar b/lfs/tar index cbab6c2a9..953613d51 100644 --- a/lfs/tar +++ b/lfs/tar @@ -24,7 +24,7 @@

include Config

-VER = 1.30 +VER = 1.31

THISAPP = tar-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -50,7 +50,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 8404e4c1fc5a3000228ab2b8ad674a65 +$(DL_FILE)_MD5 = 77afa35b696c8d760331fa0e12c2fac9

install : $(TARGET)

@@ -80,6 +80,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/tar/01_extract.c.patch + cd $(DIR_APP) && ./configure $(EXTRA_CONFIG) FORCE_UNSAFE_CONFIGURE=1 cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/tar/01_extract.c.patch b/src/patches/tar/01_extract.c.patch new file mode 100644 index 000000000..21c3cd86f --- /dev/null +++ b/src/patches/tar/01_extract.c.patch @@ -0,0 +1,12 @@ +--- tar-1.31/src/extract.c 2019-01-02 18:07:48.000000000 +0000 ++++ tar-1.31.patched/src/extract.c 2019-01-09 16:17:20.368612005 +0000 +@@ -782,7 +782,8 @@ + case OVERWRITE_OLD_FILES: + if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION)) + return RECOVER_OK; +- break; ++ errno = e; ++ return RECOVER_NO; + + case UNLINK_FIRST_OLD_FILES: + break;