tar: add v1.35 (fix CVEs) (#47426)

2024-12-03 06:26:04 -06:00 · 2024-12-03 06:26:04 -06:00 · c3de3b0b6f
commit c3de3b0b6f
parent 6da9bf226a
1 changed files with 38 additions and 26 deletions
--- a/var/spack/repos/builtin/packages/tar/package.py
+++ b/var/spack/repos/builtin/packages/tar/package.py
@ -21,16 +21,18 @@ class Tar(AutotoolsPackage, GNUMirrorPackage):

    license("GPL-3.0-or-later")

+    version("1.35", sha256="14d55e32063ea9526e057fbf35fcabd53378e769787eff7919c3755b02d2b57e")
    version("1.34", sha256="03d908cf5768cfe6b7ad588c921c6ed21acabfb2b79b788d1330453507647aed")
-    version("1.32", sha256="b59549594d91d84ee00c99cf2541a3330fed3a42c440503326dab767f2fbb96c")
-    version("1.31", sha256="b471be6cb68fd13c4878297d856aebd50551646f4e3074906b1a74549c40d5a2")
-    version("1.30", sha256="4725cc2c2f5a274b12b39d1f78b3545ec9ebb06a6e48e8845e1995ac8513b088")
-    version("1.29", sha256="cae466e6e58c7292355e7080248f244db3a4cf755f33f4fa25ca7f9a7ed09af0")
-    version("1.28", sha256="6a6b65bac00a127a508533c604d5bf1a3d40f82707d56f20cefd38a05e8237de")
+    with default_args(deprecated=True):
+        # https://nvd.nist.gov/vuln/detail/CVE-2019-9923
+        version("1.32", sha256="b59549594d91d84ee00c99cf2541a3330fed3a42c440503326dab767f2fbb96c")
+        version("1.31", sha256="b471be6cb68fd13c4878297d856aebd50551646f4e3074906b1a74549c40d5a2")
+        version("1.30", sha256="4725cc2c2f5a274b12b39d1f78b3545ec9ebb06a6e48e8845e1995ac8513b088")
+        version("1.29", sha256="cae466e6e58c7292355e7080248f244db3a4cf755f33f4fa25ca7f9a7ed09af0")
+        version("1.28", sha256="6a6b65bac00a127a508533c604d5bf1a3d40f82707d56f20cefd38a05e8237de")

-    depends_on("c", type="build")  # generated
+    depends_on("c", type="build")

-    # A saner default than gzip?
    variant(
        "zip",
        default="pigz",
@ -52,12 +54,16 @@ class Tar(AutotoolsPackage, GNUMirrorPackage):
    patch("se-selinux.patch", when="@:1.29")
    patch("argp-pgi.patch", when="@:1.29")
    patch("gnutar-configure-xattrs.patch", when="@1.28")
+
    # The NVIDIA compilers do not currently support some GNU builtins.
    # Detect this case and use the fallback path.
-    patch("nvhpc-1.30.patch", when="@1.30:1.32 %nvhpc")
-    patch("nvhpc-1.34.patch", when="@1.34 %nvhpc")
-    # Workaround bug where __LONG_WIDTH__ is not defined
-    patch("nvhpc-long-width.patch", when="@1.34 %nvhpc")
+    with when("%nvhpc"):
+        patch("nvhpc-1.30.patch", when="@1.30:1.32")
+        patch("nvhpc-1.34.patch", when="@1.34")
+        # Workaround bug where __LONG_WIDTH__ is not defined
+        patch("nvhpc-long-width.patch", when="@1.34:")
+        # Newer versions are marked as conflict for now
+        conflicts("@1.35:", msg="NVHPC not yet supported for 1.35")

    @classmethod
    def determine_version(cls, exe):
@ -65,29 +71,35 @@ def determine_version(cls, exe):
        match = re.search(r"tar \(GNU tar\) (\S+)", output)
        return match.group(1) if match else None

+    def flag_handler(self, name, flags):
+        if name == "ldflags" and self.spec.satisfies("@1.35"):
+            # https://savannah.gnu.org/bugs/?64441
+            flags.append("-liconv")
+        return (flags, None, None)
+
    def configure_args(self):
-        spec = self.spec
        # Note: compression programs are passed by abs path,
        # so that tar can locate them when invoked without spack load.
        args = [
-            "--with-xz={0}".format(spec["xz"].prefix.bin.xz),
-            "--with-lzma={0}".format(spec["xz"].prefix.bin.lzma),
-            "--with-bzip2={0}".format(spec["bzip2"].prefix.bin.bzip2),
+            "--disable-nls",
+            f"--with-xz={self.spec['xz'].prefix.bin.xz}",
+            f"--with-lzma={self.spec['xz'].prefix.bin.lzma}",
+            f"--with-bzip2={self.spec['bzip2'].prefix.bin.bzip2}",
        ]

-        if spec["iconv"].name == "libiconv":
-            args.append(f"--with-libiconv-prefix={spec['iconv'].prefix}")
-        else:
-            args.append("--without-libiconv-prefix")
-
-        if "^zstd" in spec:
-            args.append("--with-zstd={0}".format(spec["zstd"].prefix.bin.zstd))
+        if self.spec.dependencies("zstd"):
+            args.append(f"--with-zstd={self.spec['zstd'].prefix.bin.zstd}")

        # Choose gzip/pigz
-        zip = spec.variants["zip"].value
+        zip = self.spec.variants["zip"].value
        if zip == "gzip":
-            gzip_path = spec["gzip"].prefix.bin.gzip
+            gzip_path = self.spec["gzip"].prefix.bin.gzip
        elif zip == "pigz":
-            gzip_path = spec["pigz"].prefix.bin.pigz
-        args.append("--with-gzip={}".format(gzip_path))
+            gzip_path = self.spec["pigz"].prefix.bin.pigz
+        args.append(f"--with-gzip={gzip_path}")
+
+        if self.spec["iconv"].name == "libiconv":
+            args.append(f"--with-libiconv-prefix={self.spec['iconv'].prefix}")
+        else:
+            args.append("--without-libiconv-prefix")
        return args