diff options
Diffstat (limited to 'patches')
-rw-r--r-- | patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt (renamed from patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt) | 0 | ||||
-rw-r--r-- | patches/packages/tar-1.34-x86_64-2_slack15.0.txt | 11 | ||||
-rw-r--r-- | patches/source/tar/CVE-2022-48303.patch | 31 | ||||
-rw-r--r-- | patches/source/tar/slack-desc | 19 | ||||
-rw-r--r-- | patches/source/tar/tar-1.13.bzip2.diff | 56 | ||||
-rwxr-xr-x | patches/source/tar/tar.SlackBuild | 177 | ||||
-rw-r--r-- | patches/source/tar/tar.nolonezero.diff | 31 |
7 files changed, 325 insertions, 0 deletions
diff --git a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt index c6e7a698e..c6e7a698e 100644 --- a/patches/packages/glibc-zoneinfo-2022g-noarch-1_slack15.0.txt +++ b/patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txt diff --git a/patches/packages/tar-1.34-x86_64-2_slack15.0.txt b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt new file mode 100644 index 000000000..a2ff0aa53 --- /dev/null +++ b/patches/packages/tar-1.34-x86_64-2_slack15.0.txt @@ -0,0 +1,11 @@ +tar: tar (archiving utility) +tar: +tar: This is the GNU version of tar, an archiving program designed to store +tar: and extract files from an archive file known as a tarfile. A tarfile +tar: may be made on a tape drive, however, it is also common to write a +tar: tarfile to a normal file. +tar: +tar: Slackware's package system uses tarfiles compressed with bzip2, gzip, +tar: lzip, or xz. +tar: +tar: diff --git a/patches/source/tar/CVE-2022-48303.patch b/patches/source/tar/CVE-2022-48303.patch new file mode 100644 index 000000000..b248fb089 --- /dev/null +++ b/patches/source/tar/CVE-2022-48303.patch @@ -0,0 +1,31 @@ +From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@gmail.com> +Date: Wed, 11 Jan 2023 08:55:58 +0100 +Subject: [PATCH] Fix savannah bug #62387 + +* src/list.c (from_header): Check for the end of field after leading byte + (0x80 or 0xff) of base-256 encoded header value +--- + src/list.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/list.c b/src/list.c +index 9fafc425..bf41b581 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -895,6 +895,12 @@ from_header (char const *where0, size_t digs, char const *type, + << (CHAR_BIT * sizeof (uintmax_t) + - LG_256 - (LG_256 - 2))); + value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit; ++ if (where == lim) ++ { ++ if (type && !silent) ++ ERROR ((0, 0, _("Archive base-256 value is invalid"))); ++ return -1; ++ } + for (;;) + { + value = (value << LG_256) + (unsigned char) *where++; +-- +2.38.1 + diff --git a/patches/source/tar/slack-desc b/patches/source/tar/slack-desc new file mode 100644 index 000000000..2314ce9a3 --- /dev/null +++ b/patches/source/tar/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +tar: tar (archiving utility) +tar: +tar: This is the GNU version of tar, an archiving program designed to store +tar: and extract files from an archive file known as a tarfile. A tarfile +tar: may be made on a tape drive, however, it is also common to write a +tar: tarfile to a normal file. +tar: +tar: Slackware's package system uses tarfiles compressed with bzip2, gzip, +tar: lzip, or xz. +tar: +tar: diff --git a/patches/source/tar/tar-1.13.bzip2.diff b/patches/source/tar/tar-1.13.bzip2.diff new file mode 100644 index 000000000..891301d14 --- /dev/null +++ b/patches/source/tar/tar-1.13.bzip2.diff @@ -0,0 +1,56 @@ +diff -Nur tar-1.13.orig/src/tar.c tar-1.13/src/tar.c +--- tar-1.13.orig/src/tar.c 1999-07-07 00:49:50.000000000 -0500 ++++ tar-1.13/src/tar.c 2017-12-22 00:39:37.515271544 -0600 +@@ -16,6 +16,8 @@ + with this program; if not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + ++/* Patched to integrate bzip2 as compression filter (option -j) */ ++ + #include "system.h" + + #include <getopt.h> +@@ -164,6 +166,8 @@ + {"block-number", no_argument, NULL, 'R'}, + {"block-size", required_argument, NULL, OBSOLETE_BLOCKING_FACTOR}, + {"blocking-factor", required_argument, NULL, 'b'}, ++ {"bzip2", required_argument, NULL, 'j'}, ++ {"bunzip2", required_argument, NULL, 'j'}, + {"catenate", no_argument, NULL, 'A'}, + {"checkpoint", no_argument, &checkpoint_option, 1}, + {"compare", no_argument, NULL, 'd'}, +@@ -340,6 +344,7 @@ + PATTERN at list/extract time, a globbing PATTERN\n\ + -o, --old-archive, --portability write a V7 format archive\n\ + --posix write a POSIX conformant archive\n\ ++ -j, --bzip2, --bunzip2 filter the archive through bzip2\n\ + -z, --gzip, --ungzip filter the archive through gzip\n\ + -Z, --compress, --uncompress filter the archive through compress\n\ + --use-compress-program=PROG filter through PROG (must accept -d)\n"), +@@ -410,13 +415,13 @@ + | Parse the options for tar. | + `----------------------------*/ + +-/* Available option letters are DEHIJQY and aejnqy. Some are reserved: ++/* Available option letters are DEHIJQY and aenqy. Some are reserved: + + y per-file gzip compression + Y per-block gzip compression */ + + #define OPTION_STRING \ +- "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hiklmoprstuvwxz" ++ "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hijklmoprstuvwxz" + + static void + set_subcommand_option (enum subcommand subcommand) +@@ -788,6 +793,10 @@ + FATAL_ERROR ((0, errno, "%s", optarg)); + break; + ++ case 'j': ++ set_use_compress_program_option ("bzip2"); ++ break; ++ + case 'z': + set_use_compress_program_option ("gzip"); + break; diff --git a/patches/source/tar/tar.SlackBuild b/patches/source/tar/tar.SlackBuild new file mode 100755 index 000000000..edb7ba59c --- /dev/null +++ b/patches/source/tar/tar.SlackBuild @@ -0,0 +1,177 @@ +#!/bin/bash + +# Copyright 2005-2023 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Slackware build script for tar + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=tar +VERSION=1.34 +BUILD=${BUILD:-2_slack15.0} + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +# Automatically determine architecture for build & packaging: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-tar + +# Don't use icecream: +PATH=$(echo $PATH | sed "s|/usr/libexec/icecc/bin||g" | tr -s : | sed "s/^://g" | sed "s/:$//g") + +rm -rf $PKG +mkdir -p $TMP $PKG + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +else + SLKCFLAGS="-O2" +fi + +# This old version is the only one that won't clobber symlinks, e.g.: +# someone moves /opt to /usr/opt and makes a symlink. With newer +# versions of tar, installing any new package will remove the /opt +# symlink and plop down a new directory there. +# Well, there's a lot of other bugs (the remote stuff particularly I'm +# told is flaky) in tar-1.13, so it'll only be here now for use by the +# Slackware package utils. And, we'll even let people remove it and +# the pkgutils will still try to work (but eventually they'll pay the +# price :) +# +# NOTE: The latest versions of tar can supposedly work for the pkgtools, +# but some changes to add new options to the scripts might be required. +# +# Until tar-1.13 won't compile any more, it might be safer to keep using +# it, though. +cd $TMP +rm -rf tar-1.13 +tar xvf $CWD/tar-1.13.tar.gz || exit 1 +cd tar-1.13 || exit 1 +zcat $CWD/tar-1.13.bzip2.diff.gz | patch -p1 --verbose || exit 1 +# The original config.{guess,sub} do not work on x86_64 +cp -p --verbose /usr/share/libtool/build-aux/config.{guess,sub} . +chown -R root:root . +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --disable-nls \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +mkdir -p $PKG/bin +cat src/tar > $PKG/bin/tar-1.13 +chmod 0755 $PKG/bin/tar-1.13 +# End building of tar-1.13 + +cd $TMP +rm -rf tar-$VERSION +tar xvf $CWD/tar-$VERSION.tar.xz || exit 1 +cd tar-$VERSION || exit 1 +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# The "A lone zero block at %s" messages also cause problems: +zcat $CWD/tar.nolonezero.diff.gz | patch -p1 --verbose || exit 1 + +# Patch for CVE-2022-48303: +zcat $CWD/CVE-2022-48303.patch.gz | patch -p1 --verbose || exit 1 + +FORCE_UNSAFE_CONFIGURE=1 \ +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --infodir=/usr/info \ + --mandir=/usr/man \ + --docdir=/usr/doc/tar-$VERSION \ + --enable-backup-scripts \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null +) + +mv $PKG/usr/bin/tar $PKG/bin +( cd $PKG/usr/bin ; ln -sf /bin/tar . ) +( cd $PKG/bin ; ln -sf tar tar-$VERSION ) + +# Support "historic" rmt locations: +mkdir -p $PKG/{etc,sbin} +( cd $PKG/etc + ln -sf /usr/libexec/rmt . + cd $PKG/sbin + ln -sf /usr/libexec/rmt . +) + +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Compress info files, if any: +if [ -d $PKG/usr/info ]; then + ( cd $PKG/usr/info + rm -f dir + gzip -9 * + ) +fi + +mkdir -p $PKG/usr/doc/tar-$VERSION +cp -a \ + AUTHORS COPYING* NEWS PORTS README* THANKS TODO \ + $PKG/usr/doc/tar-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/tar-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/tar/tar.nolonezero.diff b/patches/source/tar/tar.nolonezero.diff new file mode 100644 index 000000000..529679724 --- /dev/null +++ b/patches/source/tar/tar.nolonezero.diff @@ -0,0 +1,31 @@ +--- ./src/list.c.orig 2017-12-16 15:23:12.000000000 -0600 ++++ ./src/list.c 2018-09-06 16:51:52.982740004 -0500 +@@ -242,15 +242,22 @@ + + if (!ignore_zeros_option) + { +- char buf[UINTMAX_STRSIZE_BOUND]; ++ ++ /* ++ * According to POSIX tar specs, this is wrong, but on the web ++ * there are some tar specs that can trigger this, and some tar ++ * implementations create tars according to that spec. For now, ++ * let's not be pedantic about issuing the warning. ++ * ++ * char buf[UINTMAX_STRSIZE_BOUND]; */ + + status = read_header (¤t_header, ¤t_stat_info, + read_header_auto); +- if (status == HEADER_ZERO_BLOCK) +- break; +- WARNOPT (WARN_ALONE_ZERO_BLOCK, +- (0, 0, _("A lone zero block at %s"), +- STRINGIFY_BIGINT (current_block_ordinal (), buf))); ++ /* if (status == HEADER_ZERO_BLOCK) ++ * break; ++ * WARNOPT (WARN_ALONE_ZERO_BLOCK, ++ * (0, 0, _("A lone zero block at %s"), ++ * STRINGIFY_BIGINT (current_block_ordinal (), buf))); */ + break; + } + status = prev_status; |