diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-03-31 00:39:38 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-03-31 00:39:38 +0000 |
| commit | 69be62cd4f898765cda93d9e79da36e16b9782b0 (patch) | |
| tree | 0facf0df308f0c1de46b96c93390844d98250619 /archivers | |
| parent | 89cec61b88f3983087089966157f31bface53df6 (diff) | |
| download | pkgsrc-69be62cd4f898765cda93d9e79da36e16b9782b0.tar.gz | |
Add patch for gtar-base to fix a directory traversal vulnerability
(CVE-2007-4131, pkgsrc-sec ticket #15481)
Approved-by: joerg
Diffstat (limited to 'archivers')
| -rw-r--r-- | archivers/gtar-base/Makefile | 4 | ||||
| -rw-r--r-- | archivers/gtar-base/distinfo | 3 | ||||
| -rw-r--r-- | archivers/gtar-base/patches/patch-ak | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/archivers/gtar-base/Makefile b/archivers/gtar-base/Makefile index 431b540905d..98049ca7a64 100644 --- a/archivers/gtar-base/Makefile +++ b/archivers/gtar-base/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.59 2007/09/08 21:57:57 jlam Exp $ +# $NetBSD: Makefile,v 1.60 2008/03/31 00:39:38 tonnerre Exp $ DISTNAME= tar-1.15.1 PKGNAME= gtar-base-1.15.1 -PKGREVISION= 4 +PKGREVISION= 5 SVR4_PKGNAME= gtarb CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=tar/} diff --git a/archivers/gtar-base/distinfo b/archivers/gtar-base/distinfo index f5aca43a8f8..7b243cb7cd3 100644 --- a/archivers/gtar-base/distinfo +++ b/archivers/gtar-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2006/12/03 15:21:20 tron Exp $ +$NetBSD: distinfo,v 1.20 2008/03/31 00:39:38 tonnerre Exp $ SHA1 (tar-1.15.1.tar.gz) = 21574ae5d39b698f7f577e2cecc91a5ec89b659c RMD160 (tar-1.15.1.tar.gz) = 83f35ee090d05f0865ebd9915bbd1b649a6555c5 @@ -13,3 +13,4 @@ SHA1 (patch-ag) = 39fd6e84665a632258c722a35359713a1e194287 SHA1 (patch-ah) = d8532a99bf2bd0c35a9d994101fbd722f52c9ead SHA1 (patch-ai) = 9e065a4bbe3fcaee7e08a53b64e863b8fbd0d32a SHA1 (patch-aj) = 409760785d3a0e12175760f2f71e192c3dd1ef52 +SHA1 (patch-ak) = 18fd849db1ea337f38e7ed7e7fac73b85566325a diff --git a/archivers/gtar-base/patches/patch-ak b/archivers/gtar-base/patches/patch-ak new file mode 100644 index 00000000000..de9981bd692 --- /dev/null +++ b/archivers/gtar-base/patches/patch-ak @@ -0,0 +1,19 @@ +$NetBSD: patch-ak,v 1.1 2008/03/31 00:39:38 tonnerre Exp $ + +Fix directory traversal vulnerability (CVE-2007-4131). + +--- src/names.c.orig 2004-09-06 13:30:54.000000000 +0200 ++++ src/names.c +@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name) + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + return 1; + +- do ++ while (! ISSLASH (*p)); + { + if (! *p++) + return 0; + } +- while (! ISSLASH (*p)); + } + } |