commit: a3a8c469b2bb96d3ee3a4fa99bb5b30aa38c7589 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Tue Jan 1 14:36:33 2019 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Tue Jan 1 14:38:01 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3a8c469
app-arch/tar: Revbump to fix CVE-2018-20482 Patch added without new test suite because that would require an eautoreconf run. Bug: https://bugs.gentoo.org/674210 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> app-arch/tar/files/tar-1.30-CVE-2018-20482.patch | 146 +++++++++++++++++++++++ app-arch/tar/tar-1.30-r1.ebuild | 82 +++++++++++++ 2 files changed, 228 insertions(+) diff --git a/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch b/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch new file mode 100644 index 00000000000..8abab5df6c0 --- /dev/null +++ b/app-arch/tar/files/tar-1.30-CVE-2018-20482.patch @@ -0,0 +1,146 @@ +From c15c42ccd1e2377945fd0414eca1a49294bff454 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <[email protected]> +Date: Thu, 27 Dec 2018 17:48:57 +0200 +Subject: Fix CVE-2018-20482 + +* src/sparse.c (sparse_dump_region): Handle short read condition. +(sparse_extract_region,check_data_region): Fix dumped_size calculation. +Handle short read condition. +(pax_decode_header): Fix dumped_size calculation. + +diff --git a/src/sparse.c b/src/sparse.c +index d41c0ea..f611200 100644 +--- a/src/sparse.c ++++ b/src/sparse.c +@@ -1,6 +1,6 @@ + /* Functions for dealing with sparse files + +- Copyright 2003-2007, 2010, 2013-2017 Free Software Foundation, Inc. ++ Copyright 2003-2007, 2010, 2013-2018 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the +@@ -427,6 +427,30 @@ sparse_dump_region (struct tar_sparse_file *file, size_t i) + bufsize); + return false; + } ++ else if (bytes_read == 0) ++ { ++ char buf[UINTMAX_STRSIZE_BOUND]; ++ struct stat st; ++ size_t n; ++ if (fstat (file->fd, &st) == 0) ++ n = file->stat_info->stat.st_size - st.st_size; ++ else ++ n = file->stat_info->stat.st_size ++ - (file->stat_info->sparse_map[i].offset ++ + file->stat_info->sparse_map[i].numbytes ++ - bytes_left); ++ ++ WARNOPT (WARN_FILE_SHRANK, ++ (0, 0, ++ ngettext ("%s: File shrank by %s byte; padding with zeros", ++ "%s: File shrank by %s bytes; padding with zeros", ++ n), ++ quotearg_colon (file->stat_info->orig_file_name), ++ STRINGIFY_BIGINT (n, buf))); ++ if (! ignore_failed_read_option) ++ set_exit_status (TAREXIT_DIFFERS); ++ return false; ++ } + + memset (blk->buffer + bytes_read, 0, BLOCKSIZE - bytes_read); + bytes_left -= bytes_read; +@@ -464,9 +488,9 @@ sparse_extract_region (struct tar_sparse_file *file, size_t i) + return false; + } + set_next_block_after (blk); ++ file->dumped_size += BLOCKSIZE; + count = blocking_write (file->fd, blk->buffer, wrbytes); + write_size -= count; +- file->dumped_size += count; + mv_size_left (file->stat_info->archive_file_size - file->dumped_size); + file->offset += count; + if (count != wrbytes) +@@ -598,6 +622,12 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end) + rdsize); + return false; + } ++ else if (bytes_read == 0) ++ { ++ report_difference (file->stat_info, _("Size differs")); ++ return false; ++ } ++ + if (!zero_block_p (diff_buffer, bytes_read)) + { + char begbuf[INT_BUFSIZE_BOUND (off_t)]; +@@ -609,6 +639,7 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end) + + beg += bytes_read; + } ++ + return true; + } + +@@ -635,6 +666,7 @@ check_data_region (struct tar_sparse_file *file, size_t i) + return false; + } + set_next_block_after (blk); ++ file->dumped_size += BLOCKSIZE; + bytes_read = safe_read (file->fd, diff_buffer, rdsize); + if (bytes_read == SAFE_READ_ERROR) + { +@@ -645,7 +677,11 @@ check_data_region (struct tar_sparse_file *file, size_t i) + rdsize); + return false; + } +- file->dumped_size += bytes_read; ++ else if (bytes_read == 0) ++ { ++ report_difference (¤t_stat_info, _("Size differs")); ++ return false; ++ } + size_left -= bytes_read; + mv_size_left (file->stat_info->archive_file_size - file->dumped_size); + if (memcmp (blk->buffer, diff_buffer, rdsize)) +@@ -1213,7 +1249,8 @@ pax_decode_header (struct tar_sparse_file *file) + union block *blk; + char *p; + size_t i; +- ++ off_t start; ++ + #define COPY_BUF(b,buf,src) do \ + { \ + char *endp = b->buffer + BLOCKSIZE; \ +@@ -1229,7 +1266,6 @@ pax_decode_header (struct tar_sparse_file *file) + if (src == endp) \ + { \ + set_next_block_after (b); \ +- file->dumped_size += BLOCKSIZE; \ + b = find_next_block (); \ + src = b->buffer; \ + endp = b->buffer + BLOCKSIZE; \ +@@ -1240,8 +1276,8 @@ pax_decode_header (struct tar_sparse_file *file) + dst[-1] = 0; \ + } while (0) + ++ start = current_block_ordinal (); + set_next_block_after (current_header); +- file->dumped_size += BLOCKSIZE; + blk = find_next_block (); + p = blk->buffer; + COPY_BUF (blk,nbuf,p); +@@ -1278,6 +1314,8 @@ pax_decode_header (struct tar_sparse_file *file) + sparse_add_map (file->stat_info, &sp); + } + set_next_block_after (blk); ++ ++ file->dumped_size += BLOCKSIZE * (current_block_ordinal () - start); + } + + return true; +-- +cgit v1.0-41-gc330 + diff --git a/app-arch/tar/tar-1.30-r1.ebuild b/app-arch/tar/tar-1.30-r1.ebuild new file mode 100644 index 00000000000..731db2be72c --- /dev/null +++ b/app-arch/tar/tar-1.30-r1.ebuild @@ -0,0 +1,82 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic + +DESCRIPTION="Use this to make tarballs :)" +HOMEPAGE="https://www.gnu.org/software/tar/"; +SRC_URI="mirror://gnu/tar/${P}.tar.bz2 + mirror://gnu-alpha/tar/${P}.tar.bz2" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr" + +RDEPEND="acl? ( virtual/acl ) + selinux? ( sys-libs/libselinux )" +DEPEND="${RDEPEND} + nls? ( >=sys-devel/gettext-0.10.35 ) + xattr? ( elibc_glibc? ( sys-apps/attr ) )" + +PATCHES=( + "${FILESDIR}"/${P}-fix-test-92.patch + "${FILESDIR}"/${P}-fix-test-117-and-118.patch + "${FILESDIR}"/${P}-CVE-2018-20482.patch #674210 +) + +src_prepare() { + default + + if ! use userland_GNU ; then + sed -i \ + -e 's:/backup\.sh:/gbackup.sh:' \ + scripts/{backup,dump-remind,restore}.in \ + || die "sed non-GNU" + fi +} + +src_configure() { + use static && append-ldflags -static + local myeconfargs=( + --bindir="${EPREFIX%/}"/bin + --enable-backup-scripts + --libexecdir="${EPREFIX%/}"/usr/sbin + $(usex userland_GNU "" "--program-prefix=g") + $(use_with acl posix-acls) + $(use_enable nls) + $(use_with selinux) + $(use_with xattr xattrs) + ) + FORCE_UNSAFE_CONFIGURE=1 econf "${myeconfargs[@]}" +} + +src_install() { + default + + local p=$(usex userland_GNU "" "g") + if [[ -z ${p} ]] ; then + # a nasty yet required piece of baggage + exeinto /etc + doexe "${FILESDIR}"/rmt + fi + + # autoconf looks for gtar before tar (in configure scripts), hence + # in Prefix it is important that it is there, otherwise, a gtar from + # the host system (FreeBSD, Solaris, Darwin) will be found instead + # of the Prefix provided (GNU) tar + if use prefix ; then + dosym tar /bin/gtar + fi + + mv "${ED%/}"/usr/sbin/${p}backup{,-tar} || die + mv "${ED%/}"/usr/sbin/${p}restore{,-tar} || die + + if use minimal ; then + find "${ED%/}"/etc "${ED%/}"/*bin/ "${ED%/}"/usr/*bin/ \ + -type f -a '!' '(' -name tar -o -name ${p}tar ')' \ + -delete || die + fi +}
