summaryrefslogtreecommitdiff
path: root/archivers
diff options
context:
space:
mode:
authortonnerre <tonnerre@pkgsrc.org>2008-03-31 00:39:38 +0000
committertonnerre <tonnerre@pkgsrc.org>2008-03-31 00:39:38 +0000
commit69be62cd4f898765cda93d9e79da36e16b9782b0 (patch)
tree0facf0df308f0c1de46b96c93390844d98250619 /archivers
parent89cec61b88f3983087089966157f31bface53df6 (diff)
downloadpkgsrc-69be62cd4f898765cda93d9e79da36e16b9782b0.tar.gz
Add patch for gtar-base to fix a directory traversal vulnerability
(CVE-2007-4131, pkgsrc-sec ticket #15481) Approved-by: joerg
Diffstat (limited to 'archivers')
-rw-r--r--archivers/gtar-base/Makefile4
-rw-r--r--archivers/gtar-base/distinfo3
-rw-r--r--archivers/gtar-base/patches/patch-ak19
3 files changed, 23 insertions, 3 deletions
diff --git a/archivers/gtar-base/Makefile b/archivers/gtar-base/Makefile
index 431b540905d..98049ca7a64 100644
--- a/archivers/gtar-base/Makefile
+++ b/archivers/gtar-base/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.59 2007/09/08 21:57:57 jlam Exp $
+# $NetBSD: Makefile,v 1.60 2008/03/31 00:39:38 tonnerre Exp $
DISTNAME= tar-1.15.1
PKGNAME= gtar-base-1.15.1
-PKGREVISION= 4
+PKGREVISION= 5
SVR4_PKGNAME= gtarb
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU:=tar/}
diff --git a/archivers/gtar-base/distinfo b/archivers/gtar-base/distinfo
index f5aca43a8f8..7b243cb7cd3 100644
--- a/archivers/gtar-base/distinfo
+++ b/archivers/gtar-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2006/12/03 15:21:20 tron Exp $
+$NetBSD: distinfo,v 1.20 2008/03/31 00:39:38 tonnerre Exp $
SHA1 (tar-1.15.1.tar.gz) = 21574ae5d39b698f7f577e2cecc91a5ec89b659c
RMD160 (tar-1.15.1.tar.gz) = 83f35ee090d05f0865ebd9915bbd1b649a6555c5
@@ -13,3 +13,4 @@ SHA1 (patch-ag) = 39fd6e84665a632258c722a35359713a1e194287
SHA1 (patch-ah) = d8532a99bf2bd0c35a9d994101fbd722f52c9ead
SHA1 (patch-ai) = 9e065a4bbe3fcaee7e08a53b64e863b8fbd0d32a
SHA1 (patch-aj) = 409760785d3a0e12175760f2f71e192c3dd1ef52
+SHA1 (patch-ak) = 18fd849db1ea337f38e7ed7e7fac73b85566325a
diff --git a/archivers/gtar-base/patches/patch-ak b/archivers/gtar-base/patches/patch-ak
new file mode 100644
index 00000000000..de9981bd692
--- /dev/null
+++ b/archivers/gtar-base/patches/patch-ak
@@ -0,0 +1,19 @@
+$NetBSD: patch-ak,v 1.1 2008/03/31 00:39:38 tonnerre Exp $
+
+Fix directory traversal vulnerability (CVE-2007-4131).
+
+--- src/names.c.orig 2004-09-06 13:30:54.000000000 +0200
++++ src/names.c
+@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ return 1;
+
+- do
++ while (! ISSLASH (*p));
+ {
+ if (! *p++)
+ return 0;
+ }
+- while (! ISSLASH (*p));
+ }
+ }