From fa002a1c28b0803731d5403108633a11e28126a8 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Tue, 20 Dec 2016 17:20:09 -0500
Subject: app-arch/tar: move to upstream patch for extract bypass #598334

The patch that we were using was from the security authors, not from
the upstream GNU tar project.  Turns out their patch breaks creation
of archives that use .. names too.  See https://crbug.com/674472#5.
---
 ...tar-1.29-extract-pathname-bypass-upstream.patch | 60 ++++++++++++++++
 app-arch/tar/tar-1.29-r2.ebuild                    | 80 ++++++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 app-arch/tar/files/tar-1.29-extract-pathname-bypass-upstream.patch
 create mode 100644 app-arch/tar/tar-1.29-r2.ebuild

diff --git a/app-arch/tar/files/tar-1.29-extract-pathname-bypass-upstream.patch b/app-arch/tar/files/tar-1.29-extract-pathname-bypass-upstream.patch
new file mode 100644
index 000000000000..2030ca6d2bdd
--- /dev/null
+++ b/app-arch/tar/files/tar-1.29-extract-pathname-bypass-upstream.patch
@@ -0,0 +1,60 @@
+https://bugs.gentoo.org/598334
+
+From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Date: Sat, 29 Oct 2016 21:04:40 -0700
+Subject: [PATCH] When extracting, skip ".." members
+
+* NEWS: Document this.
+* src/extract.c (extract_archive): Skip members whose names
+contain "..".
+---
+ NEWS          | 8 +++++++-
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,16 @@
+ GNU tar NEWS - User visible changes. 2016-05-16
+ Please send GNU tar bug reports to <bug-tar@gnu.org>
+ 
++
++
++version 1.29-r2+ Gentoo
++
++* Member names containing '..' components are now skipped when extracting.
++
++This fixes tar's behavior to match its documentation, and is a bit
++safer when extracting untrusted archives over old files (an unsafe
++practice that the tar manual has long recommended against).
++
+ 
+ version 1.29 - Sergey Poznyakoff, 2016-05-16
+ 
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@
+ {
+   char typeflag;
+   tar_extractor_t fun;
++  bool skip_dotdot_name;
+ 
+   fatal_exit_hook = extract_finish;
+ 
+   set_next_block_after (current_header);
+ 
++  skip_dotdot_name = (!absolute_names_option
++		      && contains_dot_dot (current_stat_info.orig_file_name));
++  if (skip_dotdot_name)
++    ERROR ((0, 0, _("%s: Member name contains '..'"),
++	    quotearg_colon (current_stat_info.orig_file_name)));
++
+   if (!current_stat_info.file_name[0]
++      || skip_dotdot_name
+       || (interactive_option
+ 	  && !confirm ("extract", current_stat_info.file_name)))
+     {
+-- 
+2.11.0.rc2
+
diff --git a/app-arch/tar/tar-1.29-r2.ebuild b/app-arch/tar/tar-1.29-r2.ebuild
new file mode 100644
index 000000000000..dc2ade4b363d
--- /dev/null
+++ b/app-arch/tar/tar-1.29-r2.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Use this to make tarballs :)"
+HOMEPAGE="https://www.gnu.org/software/tar/"
+SRC_URI="mirror://gnu/tar/${P}.tar.bz2
+	mirror://gnu-alpha/tar/${P}.tar.bz2"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="acl elibc_glibc minimal nls selinux static userland_GNU xattr"
+
+RDEPEND="acl? ( virtual/acl )
+	selinux? ( sys-libs/libselinux )"
+DEPEND="${RDEPEND}
+	nls? ( >=sys-devel/gettext-0.10.35 )
+	xattr? ( elibc_glibc? ( sys-apps/attr ) )"
+
+PATCHES=(
+	"${FILESDIR}/${P}-extract-pathname-bypass-upstream.patch" #598334
+)
+
+src_prepare() {
+	epatch "${PATCHES[@]}"
+	epatch_user
+
+	if ! use userland_GNU ; then
+		sed -i \
+			-e 's:/backup\.sh:/gbackup.sh:' \
+			scripts/{backup,dump-remind,restore}.in \
+			|| die "sed non-GNU"
+	fi
+}
+
+src_configure() {
+	use static && append-ldflags -static
+	FORCE_UNSAFE_CONFIGURE=1 \
+	econf \
+		--enable-backup-scripts \
+		--bindir="${EPREFIX}"/bin \
+		--libexecdir="${EPREFIX}"/usr/sbin \
+		$(usex userland_GNU "" "--program-prefix=g") \
+		$(use_with acl posix-acls) \
+		$(use_enable nls) \
+		$(use_with selinux) \
+		$(use_with xattr xattrs)
+}
+
+src_install() {
+	default
+
+	local p=$(usex userland_GNU "" "g")
+	if [[ -z ${p} ]] ; then
+		# a nasty yet required piece of baggage
+		exeinto /etc
+		doexe "${FILESDIR}"/rmt
+	fi
+
+	# autoconf looks for gtar before tar (in configure scripts), hence
+	# in Prefix it is important that it is there, otherwise, a gtar from
+	# the host system (FreeBSD, Solaris, Darwin) will be found instead
+	# of the Prefix provided (GNU) tar
+	if use prefix ; then
+		dosym tar /bin/gtar
+	fi
+
+	mv "${ED}"/usr/sbin/${p}backup{,-tar} || die
+	mv "${ED}"/usr/sbin/${p}restore{,-tar} || die
+
+	if use minimal ; then
+		find "${ED}"/etc "${ED}"/*bin/ "${ED}"/usr/*bin/ \
+			-type f -a '!' '(' -name tar -o -name ${p}tar ')' \
+			-delete || die
+	fi
+}
-- 
cgit v1.2.3-18-g5258