diff --git a/star-1.5.2-bufferoverflow.patch b/star-1.5.2-bufferoverflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..33d31cbdb032da06f6c809ad6172551586f84e55 --- /dev/null +++ b/star-1.5.2-bufferoverflow.patch @@ -0,0 +1,22 @@ +diff --git a/star/longnames.c b/star/longnames.c +index 33cbe2a..9d2e303 100644 +--- a/star/longnames.c ++++ b/star/longnames.c +@@ -155,7 +155,7 @@ name_to_tcb(info, ptb) + if (add) + strcatl(ptb->ndbuf.t_name, name, "/", (char *)NULL); + else +- strcpy(ptb->ndbuf.t_name, name); ++ strncpy(ptb->ndbuf.t_name, name, props.pr_maxsname); + return (TRUE); + } + +@@ -198,7 +198,7 @@ name_to_tcb(info, ptb) + if (add) + strcatl(ptb->ndbuf.t_name, &np[1], "/", (char *)NULL); + else +- strcpy(ptb->ndbuf.t_name, &np[1]); ++ strncpy(ptb->ndbuf.t_name, &np[1], props.pr_maxsname); + strncpy(ptb->dbuf.t_prefix, name, np - name); + info->f_flags |= F_SPLIT_NAME; + return (TRUE); diff --git a/star-1.6-manpagereferences.patch b/star-1.6-manpagereferences.patch new file mode 100644 index 0000000000000000000000000000000000000000..1bb18c7de3b8f6f9f381f8248e889584d65845db --- /dev/null +++ b/star-1.6-manpagereferences.patch @@ -0,0 +1,43 @@ +diff --git a/star/spax.1 b/star/spax.1 +index b9a77e0..c462fe3 100644 +--- a/star/spax.1 ++++ b/star/spax.1 +@@ -4047,7 +4047,7 @@ Interfaces volume of IEEE Std 1003.1-2001, + .BR chown (2), + .BR creat (2), + .BR mkdir (2), +-.BR mkfifo (2), ++.BR mkfifo (3), + .BR stat (2), + .BR utime (2), + .BR write (2). +@@ -4099,7 +4099,7 @@ entry is added to the ENVIRONMENT VARIABLES section. + IEEE PASC Interpretation 1003.2 #168 is applied, clarifying that + .BR mkdir (2) + and +-.BR mkfifo (2) ++.BR mkfifo (3) + calls can ignore an [EEXIST] error when + extracting an archive. + .PP +diff --git a/star/star.1 b/star/star.1 +index caed9f4..a24d619 100644 +--- a/star/star.1 ++++ b/star/star.1 +@@ -5293,7 +5293,6 @@ cron script). + Is used for the interactive user interface. + .SH "SEE ALSO" + .BR spax (1), +-.BR suntar (1), + .BR scpio (1), + .BR tar (1), + .BR cpio (1), +@@ -5308,7 +5307,7 @@ Is used for the interactive user interface. + .BR ssh (1), + .BR star_sym (1), + .BR tartest (1), +-.BR star (4), ++.BR star (1), + .BR rcmd (3), + .BR fssnap (1m) + .SH DIAGNOSTICS diff --git a/star-configure-c99.patch b/star-configure-c99.patch new file mode 100644 index 0000000000000000000000000000000000000000..0fa63ec67d196e5637fb4109d978c02f174327b7 --- /dev/null +++ b/star-configure-c99.patch @@ -0,0 +1,26 @@ +Port the GNU/Linux parts of config.guess to C99 because the script is +invoked without CFLAGS. + +diff --git a/autoconf/config.guess b/autoconf/config.guess +index 41249c1295106577..bf567065edc492a6 100755 +--- a/autoconf/config.guess ++++ b/autoconf/config.guess +@@ -686,7 +686,8 @@ EOF + # Determine whether the default compiler is a.out or elf + cat >dummy.c < +-main(argc, argv) ++#include ++int main(argc, argv) + int argc; + char *argv[]; + { +@@ -900,7 +901,7 @@ cat >dummy.c < + # include + #endif +-main () ++int main (void) + { + #if defined (sony) + #if defined (MIPSEB) diff --git a/star.spec b/star.spec index 4a135a7684ff0b0e3e1c87b3ecef2623537a8296..c7f5fe9e0efef2c0d7981912532b37fe89a6bac0 100644 --- a/star.spec +++ b/star.spec @@ -1,17 +1,20 @@ -%define anolis_release 7 +%define anolis_release 8 Name: star -Version: 1.6 +Version: 1.6 Release: %{anolis_release}%{?dist} Summary: An archiving tool with ACL support License: CDDL URL: https://sourceforge.net/projects/s-tar/ -Source0: https://downloads.sourceforge.net/s-tar/%{name}-%{version}.tar.bz2 +Source0: https://downloads.sourceforge.net/s-tar/star-1.6.tar.bz2 Patch0: 0000-star-1.6-star-mk.patch Patch1: 0001-star-1.5.2-bufferoverflow.patch Patch2: 0002-star-1.6-manpagereferences.patch Patch3: 0003-star-1.5.2-use-ssh-by-default.patch Patch4: 0004-star-uos-add-sw64-support.patch +Patch5: star-1.5.2-bufferoverflow.patch +Patch6: star-1.6-manpagereferences.patch +Patch7: star-configure-c99.patch BuildRequires: make libattr-devel libacl-devel libtool libselinux-devel e2fsprogs-devel @@ -177,6 +180,9 @@ fi %doc README* %changelog +* Fri Sep 19 2025 wenyuzifang - 1.6-8 +- Apply patch to prevent buffer overflows and ensure safe string handling in file name operations +- Fix documentation accuracy by correcting manual sections and removing obsolete references * Sun Apr 27 2025 Shangtong Guo - 1.6-7 - add support for riscv64 build