perl-core/Archive-Tar: Add 2.300.0 for CVE-2018-12015 bug #657968

This resurrects perl-core/Archive-Tar that was previously removed from tree, so that it can be installed independently on top of Perl 5.24 and perl 5.26, without forcing users to upgrade to perl 5.28 just to get this fix. virtual/perl-Archive-Tar will be also mapped for this purpose. Keywords taken from dev-lang/perl-5.26.2 on the basis that due to Archive-Tar being included there, that this codebase is already keyworded under a different name. Patches applied to fence out Text-Diff dependent mechanics and a bunch of other weirdness that seem to be targeted for non-vendor layouts ( eg: it assumes we're installing bin/* into /usr/local/bin ) I'm not 100% on the mechanics I've chosen, but its OK for now. Package-Manager: Portage-2.3.40, Repoman-2.3.9
author: Kent Fredric <kentnl@gentoo.org> 2018-07-06 17:45:37 +1200
committer: Kent Fredric <kentnl@gentoo.org> 2018-07-06 17:59:37 +1200
commit: 1cec7c9d4656c7df67cdb1aaebf6ce53109dd062 (patch)
tree: 18ef8b219c9b7c69acfc75eedb1443c5fad5e3d4 /perl-core
parent: dev-ruby/rack-protection: add 2.0.3 (diff)
download: gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.tar.gz
gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.tar.bz2
gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.zip
4 files changed, 186 insertions, 0 deletions
diff --git a/perl-core/Archive-Tar/Archive-Tar-2.300.0.ebuild b/perl-core/Archive-Tar/Archive-Tar-2.300.0.ebuild
new file mode 100644
index 000000000000..fa4859ac4f82
--- /dev/null
+++ b/perl-core/Archive-Tar/Archive-Tar-2.300.0.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+DIST_AUTHOR=BINGOS
+DIST_VERSION=2.30
+inherit perl-module
+
+DESCRIPTION="A Perl module for creation and manipulation of tar files"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="test"
+
+RDEPEND="
+	>=virtual/perl-File-Spec-0.820.0
+	>=virtual/perl-IO-Compress-2.15.0
+	>=virtual/perl-IO-Zlib-1.10.0
+"
+DEPEND="${DEPEND}
+	virtual/perl-ExtUtils-MakeMaker
+	test? (
+		>=virtual/perl-Test-Harness-2.260.0
+		virtual/perl-Test-Simple
+	)
+"
+# TODO
+# Consider adding some sort of system for turning this stuff on, the
+# ENV vars GENTOO_TAR_BZIP2 and GENTOO_TAR_PTARDIFF exist for expert users,
+# but we can't regulate it by USE flags without creating a circular
+# dependency, specifically, the kind of circular dependency that
+# prohibits dev-lang/perl depending on virtual/perl-Archive-Tar
+# depending on perl-core/Archive-Tar, due to needing dev-perl/Text-Diff
+# that *will not be present* during perl upgrade.
+PATCHES=(
+	"${FILESDIR}/${PN}-2.30-makefileptar.patch"
+)
+PERL_RM_FILES=(
+	"t/99_pod.t"
+)
diff --git a/perl-core/Archive-Tar/Manifest b/perl-core/Archive-Tar/Manifest
new file mode 100644
index 000000000000..16252e1ab749
--- /dev/null
+++ b/perl-core/Archive-Tar/Manifest
@@ -0,0 +1 @@
+DIST Archive-Tar-2.30.tar.gz 63693 BLAKE2B aa7d1697984d76211e66d50488de1b7748f45187b7da946570342c7e9fda508325f1b9dc1263a5fc54d57809a91fc685b188de4c181c6935da0d2c18344c12e2 SHA512 7be2745d7c5b73cec9ef66968e6f28a4d4dcc0d80b41861e3aa2d4c27ba6c013cce6a87bba8a626888fcaa0d4ebecd17a7b09324215876f79ca9f39d671aed4b
diff --git a/perl-core/Archive-Tar/files/Archive-Tar-2.30-makefileptar.patch b/perl-core/Archive-Tar/files/Archive-Tar-2.30-makefileptar.patch
new file mode 100644
index 000000000000..dad52df5d344
--- /dev/null
+++ b/perl-core/Archive-Tar/files/Archive-Tar-2.30-makefileptar.patch
@@ -0,0 +1,130 @@
+From 14ecca4632b44461d3c23344027ec30eedba1b0a Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Fri, 6 Jul 2018 17:20:30 +1200
+Subject: Patch ptardiff support out conditional on ENV
+
+- Toggle installation and testing of ptardiff functionality to only
+  trigger when requested
+
+- Toggle testing of bzip2 support only when requested
+
+- Disable mechanics intended for user-perl environments where
+  installation is to somewhere that may fall outside PATH
+---
+ Makefile.PL     | 46 +++++++++-------------------------------------
+ t/07_ptardiff.t | 11 +++++++++--
+ 2 files changed, 18 insertions(+), 39 deletions(-)
+
+diff --git a/Makefile.PL b/Makefile.PL
+index fe093bd..0289409 100644
+--- a/Makefile.PL
++++ b/Makefile.PL
+@@ -9,19 +9,12 @@ unless( $] >= 5.005_03 ) {
+     die qq[Archive::Tar requires perl version 5.005_03 or higher to run\n];
+ }
+ 
+-if( !eval { require IO::Compress::Bzip2; 1 } and !$opt->{n} ) {
+-    warn    qq[You do not have IO::Compress::Bzip2 installed. This means you can ].
+-            qq[not read or write bzip2 compressed archives!\n] .
+-            qq[Note: you can disable this warning (and the prerequisite) ].
+-            qq[by invoking Makefile.PL with '-n'\n];
++if( $ENV{GENTOO_TAR_BZIP2} ) {
++  require IO::Compress::Bzip2;
+ }
+ 
+-if( !$opt->{d} and not eval { require Text::Diff; 1 } ) {
+-    print   qq[\nArchive::Tar comes with a utility called 'ptardiff' which ].
+-            qq[lets you run diffs against tar archives.\n\nHowever, this ].
+-            qq[utility requires you to have Text::Diff installed.\n\n].
+-            qq[To add Text::Diff as a prerequisite, please supply the ].
+-            qq['-d' option when invoking this Makefile.PL.\n\n];
++if ( $ENV{GENTOO_TAR_PTARDIFF} ) {
++  require Text::Diff;
+ }
+ 
+ my $prereqs = {
+@@ -45,10 +38,10 @@ unless ($Config{useperlio}) {
+ }
+ 
+ ### ok, you didn't want IO::Zlib ###
+-delete $prereqs->{'IO::Compress::Bzip2'} if $opt->{n};
++delete $prereqs->{'IO::Compress::Bzip2'} unless $ENV{GENTOO_TAR_BZIP2};
+ 
+ ### so you want text::diff ###
+-$prereqs->{'Text::Diff'} = 0 if $opt->{d};
++$prereqs->{'Text::Diff'} = 0 if $ENV{GENTOO_TAR_PTARDIFF};
+ 
+ 
+ WriteMakefile1(
+@@ -68,7 +61,6 @@ WriteMakefile1(
+     #EXE_FILES       => ['bin/ptar', 'bin/ptardiff'],
+     EXE_FILES       => [ _scripts() ],
+     PREREQ_PM       => $prereqs,
+-    INSTALLDIRS     => ( $] >= 5.009003 && $] < 5.012 ? 'perl' : 'site' ),
+     AUTHOR          => 'Jos Boumans <kane[at]cpan.org>',
+     ABSTRACT        => 'Manipulates TAR archives',
+ );
+@@ -84,29 +76,9 @@ sub _scripts {
+          File::Copy::copy( $_, "$_$version" ) for @scripts;
+          @scripts = glob("bin/*$version");
+     }
+-    if ( $] >= 5.012 && $Config::Config{installscript} ne $Config::Config{installsitescript} ) {
+-      my $script = $Config::Config{installscript};
+-      my $site   = $Config::Config{installsitescript};
+-      warn <<"WARNING";
+-###############################################################
+-##
+-##    Hi! Your script and sitescript locations are different
+-##
+-##    As your perl is v5.12.0 or greater the script included
+-##    in this distribution will be installed into sitescript
+-##
+-##    You might want to check that the following location is
+-##    in your PATH environment variable:
+-##
+-##    '$site'
+-##
+-##    Many thanks.
+-##
+-###############################################################
+-
+-WARNING
+-      sleep 10;
+-    }
++  }
++  if ( not $ENV{GENTOO_TAR_PTARDIFF} ) {
++    @scripts = grep { $_ !~ /ptardiff/ } @scripts;
+   }
+   return @scripts;
+ }
+diff --git a/t/07_ptardiff.t b/t/07_ptardiff.t
+index 6935fc6..da4ea29 100644
+--- a/t/07_ptardiff.t
++++ b/t/07_ptardiff.t
+@@ -1,5 +1,13 @@
+ use strict;
+ use warnings;
++
++BEGIN {
++  unless ( $ENV{GENTOO_TAR_PTARDIFF} ) {
++    print "1..0 # SKIP this test requires GENTOO_TAR_PTARDIFF set";
++    exit
++  }
++}
++
+ use Test::More;
+ 
+ use File::Spec;
+@@ -14,8 +22,7 @@ my $tarfile = File::Spec->catfile("t", "ptardiff.tar");
+ my $ptardiff = File::Spec->catfile($Bin, "..", "bin", "ptardiff");
+ my $cmd = "$^X $ptardiff $tarfile";
+ 
+-eval { require Text::Diff; };
+-plan skip_all => 'Text::Diff required to test ptardiff' if $@;
++require Text::Diff;
+ plan tests => 1;
+ 
+ # create directory/files
+-- 
+2.17.1
+
diff --git a/perl-core/Archive-Tar/metadata.xml b/perl-core/Archive-Tar/metadata.xml
new file mode 100644
index 000000000000..02a8a8d03d6c
--- /dev/null
+++ b/perl-core/Archive-Tar/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>perl@gentoo.org</email>
+		<name>Gentoo Perl Project</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="cpan">Archive-Tar</remote-id>
+		<remote-id type="cpan-module">Archive::Tar</remote-id>
+		<remote-id type="cpan-module">Archive::Tar::Constant</remote-id>
+		<remote-id type="cpan-module">Archive::Tar::File</remote-id>
+	</upstream>
+</pkgmetadata>
author	Kent Fredric <kentnl@gentoo.org>	2018-07-06 17:45:37 +1200
committer	Kent Fredric <kentnl@gentoo.org>	2018-07-06 17:59:37 +1200
commit	1cec7c9d4656c7df67cdb1aaebf6ce53109dd062 (patch)
tree	18ef8b219c9b7c69acfc75eedb1443c5fad5e3d4 /perl-core
parent	dev-ruby/rack-protection: add 2.0.3 (diff)
download	gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.tar.gz gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.tar.bz2 gentoo-1cec7c9d4656c7df67cdb1aaebf6ce53109dd062.zip