From ca085da0b1ebc6498fd9076b42970b6f68979667 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Nogueira?= Date: Sun, 25 Apr 2021 02:03:14 -0300 Subject: [PATCH] tar: remove outdated CVE patch. Patch was added d95a0b07065a6cde65cfb94e5581024696883610, apparently based on the one discussed in [1], but using ERROR instead of FATAL_ERROR. However, per [2], this was fixed in another way, though upstream seems to not consider it worthy of a CVE. [1] https://lists.gnu.org/archive/html/bug-tar/2016-10/msg00014.html [2] https://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html --- .../tar-1.29-extract-pathname-bypass.patch | 27 ------------------- srcpkgs/tar/template | 2 +- 2 files changed, 1 insertion(+), 28 deletions(-) delete mode 100644 srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch diff --git a/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch b/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch deleted file mode 100644 index cf0c3725b9b8..000000000000 --- a/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- lib/paxnames.c.orig 2016-04-06 00:04:47.314860045 +0300 -+++ lib/paxnames.c 2016-04-06 02:08:44.962297881 +0300 -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - - /* Hash tables of strings. */ -@@ -114,7 +115,15 @@ - for (p = file_name + prefix_len; *p; ) - { - if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) -- prefix_len = p + 2 - file_name; -+ { -+ static char const *const diagnostic[] = -+ { -+ N_("%s: Member name contains '..'"), -+ N_("%s: Hard link target contains '..'") -+ }; -+ ERROR ((0, 0, _(diagnostic[link_target]), -+ quotearg_colon (file_name))); -+ } - - do - { diff --git a/srcpkgs/tar/template b/srcpkgs/tar/template index 2ac475c035a2..c18acdba1120 100644 --- a/srcpkgs/tar/template +++ b/srcpkgs/tar/template @@ -1,7 +1,7 @@ # Template file for 'tar' pkgname=tar version=1.34 -revision=1 +revision=2 build_style=gnu-configure configure_args="gl_cv_struct_dirent_d_ino=yes" makedepends="acl-devel"