<pre style='margin:0'>
Perry E. Metzger (pmetzger) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/a0de3f905d0ad366f8c200ebbb5c5cde99a3e2c6">https://github.com/macports/macports-ports/commit/a0de3f905d0ad366f8c200ebbb5c5cde99a3e2c6</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new a0de3f9 gnutar: update to 1.30
</span>a0de3f9 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit a0de3f905d0ad366f8c200ebbb5c5cde99a3e2c6
</span>Author: David Gilman <davidgilman1@gmail.com>
AuthorDate: Tue Aug 21 16:11:30 2018 -0400
<span style='display:block; white-space:pre;color:#404040;'> gnutar: update to 1.30
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Remove old CVE patch. The two tickets are both about an issue where tar
</span><span style='display:block; white-space:pre;color:#404040;'> crashes when LANG is unset. I'm unable to reproduce this on 10.13 with
</span><span style='display:block; white-space:pre;color:#404040;'> this version of gnutar so it appears to have been fixed by either Apple
</span><span style='display:block; white-space:pre;color:#404040;'> or the tar maintainers.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Closes: https://trac.macports.org/ticket/52186
</span><span style='display:block; white-space:pre;color:#404040;'> Closes: https://trac.macports.org/ticket/47001
</span>---
archivers/gnutar/Portfile | 11 +++-----
archivers/gnutar/files/patch-CVE-2016-6321.diff | 36 -------------------------
2 files changed, 4 insertions(+), 43 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/gnutar/Portfile b/archivers/gnutar/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index c0b8e40..b26d6ed 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/gnutar/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/archivers/gnutar/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3,8 +3,7 @@
</span> PortSystem 1.0
name gnutar
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 1.29
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 1.30
</span> categories archivers
maintainers nomaintainer
license GPL-3
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -20,17 +19,15 @@ master_sites gnu:tar
</span> distname tar-${version}
use_xz yes
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 23e9d8f75c7452a1970fc780f6d684f5affd91f9 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 402dcfd0022fd7a1f2c5611f5c61af1cd84910a760a44a688e18ddbff4e9f024
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 c079128e70df5d8144dee64dcc10d6cb528fac5f \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 f1bf92dbb1e1ab27911a861ea8dde8208ee774866c46c0bb6ead41f4d1f4d2d3 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 2108028
</span>
platforms darwin
depends_lib port:gettext port:libiconv
depends_build port:help2man
<span style='display:block; white-space:pre;background:#ffe0e0;'>-patch.pre_args -p1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-patchfiles patch-CVE-2016-6321.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> use_autoreconf yes
autoreconf.args -fvi
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/archivers/gnutar/files/patch-CVE-2016-6321.diff b/archivers/gnutar/files/patch-CVE-2016-6321.diff
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 84cc3a3..0000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/archivers/gnutar/files/patch-CVE-2016-6321.diff
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,36 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Upstream: https://sources.debian.net/src/tar/1.29b-1.1/debian/patches/When-extracting-skip-.-members.patch/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Security: CVE-2016-6321
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Description: When extracting, skip ".." members (CVE-2016-6321)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Origin: upstream, http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Bug-Debian: https://bugs.debian.org/842339
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Forwarded: not-needed.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Last-Update: 2016-10-30
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- src/extract.c | 8 ++++++++
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 2 files changed, 15 insertions(+), 1 deletion(-)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/src/extract.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/src/extract.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1629,12 +1629,20 @@ extract_archive (void)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- char typeflag;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- tar_extractor_t fun;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ bool skip_dotdot_name;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fatal_exit_hook = extract_finish;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set_next_block_after (current_header);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ skip_dotdot_name = (!absolute_names_option
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ && contains_dot_dot (current_stat_info.orig_file_name));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (skip_dotdot_name)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ERROR ((0, 0, _("%s: Member name contains '..'"),
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ quotearg_colon (current_stat_info.orig_file_name)));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (!current_stat_info.file_name[0]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ || skip_dotdot_name
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- || (interactive_option
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- && !confirm ("extract", current_stat_info.file_name)))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- {
</span></pre><pre style='margin:0'>
</pre>