From nobody Sat Nov 23 18:26:54 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XwgRL5WKvz5dg62;
	Sat, 23 Nov 2024 18:26:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XwgRL4cjpz4Zyx;
	Sat, 23 Nov 2024 18:26:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1732386414;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pth9MJdkeN1vQqtFI/nj4AQrqh/ARPwaDrCDopmOb4g=;
	b=pk6umxtOhUgn1lZEydSY2eYfTUtx+PBRi2FisaKGKZwCw+kRSmQHseMD6z8CXKcYrC9dp4
	Vtk0uR8MmYqKPqJHsqHS9NJ7ibMRPa3leR525PmjnZNurX1ADBiDm7krVPJhV+cTfdCIKE
	RX/7w9N05TEMuB0Ntilu4nxxVD4hfcNnQeh6eqZ3IL8Qlpu5/EgqgSjwK9QpdTPP3vtM0C
	G+Vf+u4SIMFnIvlX9hRIGin8UIEd4J57Np7CBulWQHoBJzxLBbX5LFx1VPsVMAp5EehJyP
	DGjXGWb29bVhdDc8d5J2eO3NpUn82LTnfc6eafkbYF4X9O8xpzVV3I+ytx+bcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1732386414;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pth9MJdkeN1vQqtFI/nj4AQrqh/ARPwaDrCDopmOb4g=;
	b=wKY9drejanw0+mCaMrQ2afAPwAJRRAJE/rzT43uEYgadw5bUOsLbTYuJv3RbQOaegTiM0d
	ZqgA+DQyj11BXkdbrPbyJZSy1gHZC3dE12JyiW/Ozr7WM3oxicUeAF8j1bEHRkACXcC1jh
	ryncLEDVrPnN0njgPl2AOquyqUu07mA99V3F4MXuk7U/3cnPdWWW+LHZsQtI0JZndMw73n
	+xYirPYupQ4pYRSEyTK4SIcmmn0tFCNKgnTRTAW72bqTNIWo4UlV5nvMjY+q+EzoB5HCgg
	YTVx27VhysGyJxbGUxltiS+u+p7wfwqQFI0ll0XnMyDFDkZ0+c4PPFBEijamNg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732386414; a=rsa-sha256; cv=none;
	b=PdcQm0ncTbw3JsVjMa79vu1DviLqnXEVXmQ5SC+JrABIkN8s0wSXdRYx734AMBiBA7EzTB
	dZaPwjYqQdrUgsp4QK734Ibf0mS1iETH/YsImnFKtMV+u6zLfRdeyJzCC9rwNL2aYNp2U8
	/5J/lTbsSn8JsfswIYHCyE+vrl83ATGftdVet3e4XBH7m6piVOpF0h/if57GWlkwBkEYYJ
	MRzcJiVh/Qu+BLk6s/RWUa6i4qRwLOhnwJb+dVJeVi5lQ6SVcQFFLtM/tz0drSZln0PbgB
	leVaVX2Zjq+5BBj4qOkL7uPnnuLeHRzlZrUNwg3i8a0c98wOVc1+WknGgML7yg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XwgRL4D1jzL6N;
	Sat, 23 Nov 2024 18:26:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4ANIQs8K039991;
	Sat, 23 Nov 2024 18:26:54 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4ANIQsca039988;
	Sat, 23 Nov 2024 18:26:54 GMT
	(envelope-from git)
Date: Sat, 23 Nov 2024 18:26:54 GMT
Message-Id: <202411231826.4ANIQsca039988@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Michael Gmelin <grembo@FreeBSD.org>
Subject: git: 0cbaa6fcee8e - 2024Q4 - sysutils/iocage-devel: Add
  hardening measures on untar
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: grembo
X-Git-Repository: ports
X-Git-Refname: refs/heads/2024Q4
X-Git-Reftype: branch
X-Git-Commit: 0cbaa6fcee8e6668142fcac930ea03aa75b25716
Auto-Submitted: auto-generated

The branch 2024Q4 has been updated by grembo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0cbaa6fcee8e6668142fcac930ea03aa75b25716

commit 0cbaa6fcee8e6668142fcac930ea03aa75b25716
Author:     Michael Gmelin <grembo@FreeBSD.org>
AuthorDate: 2024-11-23 18:11:44 +0000
Commit:     Michael Gmelin <grembo@FreeBSD.org>
CommitDate: 2024-11-23 18:25:51 +0000

    sysutils/iocage-devel: Add hardening measures on untar
    
    This adds hardening measures while untaring archives fetched
    over the network (including FreeBSD tarballs and iocage plugins),
    as implemented by TrueNAS.
    
    This reduces the impact of intentionally malicious or accidentally
    broken archives.
    
    Please note that users are still advised to only fetch from
    trusted sources and make use of TLS to prevent MITM attacks.
    
    While there, add patch to store man pages in the correct location.
    
    Obtained from:          https://github.com/truenas/iocage/pull/358
    
    (cherry picked from commit a4b2dd46482c6a039f9ca296fa738b83752b1457)
---
 sysutils/iocage-devel/Makefile                     |  1 +
 .../files/patch-iocage__lib_ioc__fetch.py          | 22 ++++++++++++++++++++++
 .../files/patch-iocage__lib_ioc__plugin.py         | 22 ++++++++++++++++++++++
 sysutils/iocage-devel/files/patch-setup.py         | 15 +++++++++++++++
 4 files changed, 60 insertions(+)

diff --git a/sysutils/iocage-devel/Makefile b/sysutils/iocage-devel/Makefile
index 4754b7d8e909..33f0fa9dc05e 100644
--- a/sysutils/iocage-devel/Makefile
+++ b/sysutils/iocage-devel/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	iocage-devel
 PORTVERSION=	1.7.20240618
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	sysutils python
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
diff --git a/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py
new file mode 100644
index 000000000000..73d8b6e58068
--- /dev/null
+++ b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__fetch.py
@@ -0,0 +1,22 @@
+--- iocage_lib/ioc_fetch.py.orig	2024-09-20 06:45:27 UTC
++++ iocage_lib/ioc_fetch.py
+@@ -47,7 +47,10 @@ import iocage_lib.ioc_start
+ from iocage_lib.pools import Pool
+ from iocage_lib.dataset import Dataset
+ 
++# deliberately crash if tarfile doesn't have required filter
++tarfile.tar_filter
+ 
++
+ class IOCFetch:
+ 
+     """Fetch a RELEASE for use as a jail base."""
+@@ -817,7 +820,7 @@ class IOCFetch:
+             # removing them first.
+             member = self.__fetch_extract_remove__(f)
+             member = self.__fetch_check_members__(member)
+-            f.extractall(dest, members=member)
++            f.extractall(dest, members=member, filter='tar')
+ 
+     def fetch_update(self, cli=False, uuid=None):
+         """This calls 'freebsd-update' to update the fetched RELEASE."""
diff --git a/sysutils/iocage-devel/files/patch-iocage__lib_ioc__plugin.py b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__plugin.py
new file mode 100644
index 000000000000..be9ee84d1e3f
--- /dev/null
+++ b/sysutils/iocage-devel/files/patch-iocage__lib_ioc__plugin.py
@@ -0,0 +1,22 @@
+--- iocage_lib/ioc_plugin.py.orig	2024-09-20 06:45:27 UTC
++++ iocage_lib/ioc_plugin.py
+@@ -61,7 +61,10 @@ from iocage_lib.dataset import Dataset
+ GIT_LOCK = threading.Lock()
+ RE_PLUGIN_VERSION = re.compile(r'"path":"([/\.\+,\d\w-]*)\.txz"')
+ 
++# deliberately crash if tarfile doesn't have required filter
++tarfile.tar_filter
+ 
++
+ class IOCPlugin(object):
+ 
+     """
+@@ -157,7 +160,7 @@ class IOCPlugin(object):
+                             shutil.copyfileobj(r.raw, f)
+ 
+                     with tarfile.open(packagesite_txz_path) as p_file:
+-                        p_file.extractall(path=tmpdir)
++                        p_file.extractall(path=tmpdir, filter='data')
+ 
+                     packagesite_path = os.path.join(tmpdir, 'packagesite.yaml')
+                     if not os.path.exists(packagesite_path):
diff --git a/sysutils/iocage-devel/files/patch-setup.py b/sysutils/iocage-devel/files/patch-setup.py
new file mode 100644
index 000000000000..cad071146d2d
--- /dev/null
+++ b/sysutils/iocage-devel/files/patch-setup.py
@@ -0,0 +1,15 @@
+--- setup.py.orig	2024-09-20 06:45:27 UTC
++++ setup.py
+@@ -30,10 +30,10 @@ from setuptools import find_packages, setup
+ 
+ if os.path.isdir("/".join([sys.prefix, "etc/init.d"])):
+     _data = [('etc/init.d', ['rc.d/iocage']),
+-             ('man/man8', ['iocage.8.gz'])]
++             ('share/man/man8', ['iocage.8.gz'])]
+ else:
+     _data = [('etc/rc.d', ['rc.d/iocage']),
+-             ('man/man8', ['iocage.8.gz'])]
++             ('share/man/man8', ['iocage.8.gz'])]
+ 
+ if os.path.isdir("/".join([sys.prefix, "share/zsh/site-functions/"])):
+     _data.append(('share/zsh/site-functions', ['zsh-completion/_iocage']))