diff --git a/sysutils/iocage-devel/Makefile b/sysutils/iocage-devel/Makefile index 21db6054355a..adac6bfff7b8 100644 --- a/sysutils/iocage-devel/Makefile +++ b/sysutils/iocage-devel/Makefile @@ -1,60 +1,60 @@ PORTNAME= iocage-devel PORTVERSION= 1.8.20241014 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= sysutils python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= nc@FreeBSD.org COMMENT= FreeBSD jail manager written in Python3 WWW= https://github.com/freebsd/iocage LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pytest-runner>=2.0.0:devel/py-pytest-runner@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}click>=6.7:devel/py-click@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}coloredlogs>0:devel/py-coloredlogs@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}dnspython>0:dns/py-dnspython@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}gitpython>=2.1.10:devel/py-gitpython@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}jsonschema>0:devel/py-jsonschema@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}libzfs>=1.0.2:filesystems/py-libzfs@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}netifaces>0:net/py-netifaces@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-runner>=2.0.0:devel/py-pytest-runner@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=2.11.1:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}texttable>=0.8.7:textproc/py-texttable@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tqdm>=4.10.0:misc/py-tqdm@${PY_FLAVOR} \ ca_root_nss>0:security/ca_root_nss USES= python USE_GITHUB= yes GH_ACCOUNT= freebsd GH_PROJECT= iocage GH_TAGNAME= 32de9d515ba54f7635545f20c9f81d7cc0442d66 USE_PYTHON= autoplist distutils CONFLICTS= py*-iocage py*-iocage-devel NO_ARCH= yes _IOCAGE_LIB_VERSION= 1.7 PLIST_FILES= ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/dependency_links.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/entry_points.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/PKG-INFO \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/requires.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/SOURCES.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib-${_IOCAGE_LIB_VERSION}-py${PYTHON_VER}.egg-info/top_level.txt \ ${PYTHON_SITELIBDIR}/${PORTNAME:S/-devel//g}_lib/plugin_manifest.json OPTIONS_DEFAULT= GIT OPTIONS_RADIO= GIT_PACKAGE OPTIONS_RADIO_GIT_PACKAGE= GIT GIT_LITE GIT_DESC= depend on devel/git GIT_LITE_DESC= depend on lite flavor of devel/git (bare minimum git experience) GIT_RUN_DEPENDS= git:devel/git GIT_LITE_RUN_DEPENDS= git:devel/git@lite .include diff --git a/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py index 73d8b6e58068..d5697b9205af 100644 --- a/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py +++ b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py @@ -1,22 +1,41 @@ --- iocage_lib/ioc_fetch.py.orig 2024-09-20 06:45:27 UTC +++ iocage_lib/ioc_fetch.py -@@ -47,7 +47,10 @@ import iocage_lib.ioc_start +@@ -47,6 +47,29 @@ import iocage_lib.ioc_start from iocage_lib.pools import Pool from iocage_lib.dataset import Dataset -+# deliberately crash if tarfile doesn't have required filter -+tarfile.tar_filter ++# taken from tarfile.tar_filter (and _get_filtered_attrs) ++# basically the same, but **without**: ++# - Clear high mode bits (setuid, setgid, sticky) and ++# group/other write bits (S_IWGRP | S_IWOTH). ++def untar_release_filter(member, dest_path): ++ new_attrs = {} ++ name = member.name ++ dest_path = os.path.realpath(dest_path) ++ # Strip leading / (tar's directory separator) from filenames. ++ # Include os.sep (target OS directory separator) as well. ++ if name.startswith(('/', os.sep)): ++ name = new_attrs['name'] = member.path.lstrip('/' + os.sep) ++ if os.path.isabs(name): ++ # Path is absolute even after stripping. ++ # For example, 'C:/foo' on Windows. ++ raise tarfile.AbsolutePathError(member) ++ # Ensure we stay in the destination ++ target_path = os.path.realpath(os.path.join(dest_path, name)) ++ if os.path.commonpath([target_path, dest_path]) != dest_path: ++ raise tarfile.OutsideDestinationError(member, target_path) ++ if new_attrs: ++ return member.replace(**new_attrs, deep=False) ++ return member -+ class IOCFetch: - """Fetch a RELEASE for use as a jail base.""" -@@ -817,7 +820,7 @@ class IOCFetch: +@@ -817,7 +840,7 @@ class IOCFetch: # removing them first. member = self.__fetch_extract_remove__(f) member = self.__fetch_check_members__(member) - f.extractall(dest, members=member) -+ f.extractall(dest, members=member, filter='tar') ++ f.extractall(dest, members=member, filter=untar_release_filter) def fetch_update(self, cli=False, uuid=None): """This calls 'freebsd-update' to update the fetched RELEASE."""