Subject: CVS commit: pkgsrc/archivers/star
From: Michael Baeuerle
Date: 2019-10-24 18:53:34
Message id: 20191024165334.9C04BFA84@cvs.NetBSD.org

Log Message:
archivers/star: Update to 1.6.1nb2

Based on Release 2019-10-07.

Changelog
=========
- configure: Some shells report a syntax error with "< file (cmd)"
  and need the redirection statement to be *after* the command. Our
  changes to support the V7 shell by adding round braces caused ash
  variants like "dash" to fail.

  Thanks to Harald van Dijk for reporting

- cont/cc-config.sh: canged some :>some-file statements into
  (:)>some-file. they have meen missed when introducing work arounds
  for the V7 Shell on Ultrix that does not support I/O redirection
  for builtin commands.

  Thanks to Robert Clausecker for reporting

- libschily/resolvepath.c: resolving a symlink that points to another
  symlink that points to itself, caused a coredump as a result from an
  endless recursion.

  We now detect this situation and abort the check before the endless
  recursion causes a stack overflow. A symlink that directly loops
  is immediately stopped. A longer symlink loop chain over more than one
  symlink can only be detected by the recursion nesting level and is
  aborted after a nesting level of 1024 has been reached. This works
  under the assumption that the minimum stack size is more than
  1024 * PATH_MAX and that there is no useful directory path with more
  than 1024 symlinks in the path.

  ----> This problem affected star and SCCS.

  Thanks to Philipp Wellner for reporting

- star: Added a hint to the man page that helps to find pkglist= as a.
  similar option to list=

- star: The new method to avoid extracting symlinks that point outside
  the star working directory that has been introduced in October 2018
  could cause a core dump if a symlink is checked that points to
  another aready existing symlink that points to itself. This was caused
  by a problem in libschily/resolvepath.c, see above.

  Thanks to Philipp Wellner for reporting

- star: The option -no-secure-links now may be configured as a global
  default via the tag STAR_SECURE_LINKS= in the file /etc/default/star
  and as a private default via an environment of the same name.

  If the value for this tag is 'n' or 'N', -no-secure-links is made the
  default, any other value sets the option -secure-links as the default.

  This may be useful for sysadmins that frequently use star to copy
  installation specific files, but it is risky in case that alien TAR
  archives are imported. The good news is that this permits users to
  switch to the old star behavior where no checks for risky links
  existed.

  Thanks to Dennis Clarke for reporting

-  star: A new enviroment STAR_NOHINT has been introduced to supress
  hint messages that are otherwise seen in case STAR_SECURE_LINKS or
  STAR_FSYNC is in the environment or in /etc/default/star

- star: New version date

Files:
RevisionActionfile
1.41modifypkgsrc/archivers/star/Makefile
1.17modifypkgsrc/archivers/star/distinfo