mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 23:43:34 +08:00
9486774bbf
https://security-tracker.debian.org/tracker/CVE-2007-4476 Currently NVD has this incorrectly tagged for all versions. The bug trackers on different distros show it was generally fixed in versions >= 1.16 but because the impacted source code is in the GNU paxutils, it is hard to follow in what cases tar has been fixed around that 1.16 version. https://bugs.gentoo.org/196978 https://www.itsecdb.com/oval/definition/oval/org.mitre.oval/def/9336/Buffer-overflow-in-the-safer-name-suffix-function-in-GNU-tar.html Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
55 lines
1.4 KiB
Makefile
55 lines
1.4 KiB
Makefile
################################################################################
|
|
#
|
|
# tar
|
|
#
|
|
################################################################################
|
|
|
|
TAR_VERSION = 1.34
|
|
TAR_SOURCE = tar-$(TAR_VERSION).tar.xz
|
|
TAR_SITE = $(BR2_GNU_MIRROR)/tar
|
|
# busybox installs in /bin, so we need tar to install as well in /bin
|
|
# so that we don't end up with two different tar
|
|
TAR_CONF_OPTS = --exec-prefix=/
|
|
TAR_LICENSE = GPL-3.0+
|
|
TAR_LICENSE_FILES = COPYING
|
|
TAR_CPE_ID_VENDOR = gnu
|
|
# only tar <= 1.16
|
|
TAR_IGNORE_CVES += CVE-2007-4476
|
|
|
|
ifeq ($(BR2_PACKAGE_ACL),y)
|
|
TAR_DEPENDENCIES += acl
|
|
TAR_CONF_OPTS += --with-posix-acls
|
|
else
|
|
TAR_CONF_OPTS += --without-posix-acls
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_ATTR),y)
|
|
TAR_DEPENDENCIES += attr
|
|
TAR_CONF_OPTS += --with-xattrs
|
|
else
|
|
TAR_CONF_OPTS += --without-xattrs
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|
|
|
|
# host-tar: use cpio.gz instead of tar.gz to prevent chicken-egg problem
|
|
# of needing tar to build tar.
|
|
HOST_TAR_SOURCE = tar-$(TAR_VERSION).cpio.gz
|
|
|
|
define HOST_TAR_EXTRACT_CMDS
|
|
mkdir -p $(@D)
|
|
cd $(@D) && \
|
|
$(call suitable-extractor,$(HOST_TAR_SOURCE)) $(TAR_DL_DIR)/$(HOST_TAR_SOURCE) | cpio -i --preserve-modification-time
|
|
mv $(@D)/tar-$(HOST_TAR_VERSION)/* $(@D)
|
|
rmdir $(@D)/tar-$(HOST_TAR_VERSION)
|
|
endef
|
|
|
|
HOST_TAR_CONF_OPTS = --without-selinux
|
|
|
|
# we are built before ccache
|
|
HOST_TAR_CONF_ENV = \
|
|
CC="$(HOSTCC_NOCCACHE)" \
|
|
CXX="$(HOSTCXX_NOCCACHE)"
|
|
|
|
$(eval $(host-autotools-package))
|