Update tar to 1.31 Fixes CVE-2018-20482 Switch to tar.xz tarball Refresh patches Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
		
			
				
	
	
		
			28 lines
		
	
	
		
			830 B
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			28 lines
		
	
	
		
			830 B
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Force root/root as names for uid0/gid0 instead of using the system
 | |
| names. This helps make packed download tarballs more reproducible
 | |
| 
 | |
| Signed-off-by: Felix Fietkau <nbd@nbd.name>
 | |
| ---
 | |
| --- a/src/create.c
 | |
| +++ b/src/create.c
 | |
| @@ -543,17 +543,8 @@ write_gnu_long_link (struct tar_stat_inf
 | |
|    union block *header;
 | |
|  
 | |
|    header = start_private_header ("././@LongLink", size, 0);
 | |
| -  if (! numeric_owner_option)
 | |
| -    {
 | |
| -      static char *uname, *gname;
 | |
| -      if (!uname)
 | |
| -	{
 | |
| -	  uid_to_uname (0, &uname);
 | |
| -	  gid_to_gname (0, &gname);
 | |
| -	}
 | |
| -      UNAME_TO_CHARS (uname, header->header.uname);
 | |
| -      GNAME_TO_CHARS (gname, header->header.gname);
 | |
| -    }
 | |
| +  UNAME_TO_CHARS ("root", header->header.uname);
 | |
| +  GNAME_TO_CHARS ("root", header->header.gname);
 | |
|  
 | |
|    strcpy (header->buffer + offsetof (struct posix_header, magic),
 | |
|  	  OLDGNU_MAGIC);
 |