OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 04-Sep-2007 10:33:25 Branch: HEAD Handle: 2007090409332500 Modified files: openpkg-src/tar tar.patch tar.spec Log: Security Fix (CVE-2007-4131) Summary: Revision Changes Path 1.18 +21 -0 openpkg-src/tar/tar.patch 1.61 +1 -1 openpkg-src/tar/tar.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/tar/tar.patch ============================================================================ $ cvs diff -u -r1.17 -r1.18 tar.patch --- openpkg-src/tar/tar.patch 30 Jun 2007 07:44:49 -0000 1.17 +++ openpkg-src/tar/tar.patch 4 Sep 2007 08:33:25 -0000 1.18 @@ -96,3 +96,24 @@ static bool xheader_protected_pattern_p (char const *pattern); static bool xheader_protected_keyword_p (char const *keyword); static void xheader_set_single_keyword (char *) __attribute__ ((noreturn)); + +----------------------------------------------------------------------------- + +Security Fix (CVE-2007-4131) + +Index: src/names.c +--- src/names.c.orig ++++ src/names.c +@@ -1012,11 +1012,10 @@ + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + return 1; + +- do ++ while (! ISSLASH (*p)) + { + if (! *p++) + return 0; + } +- while (! ISSLASH (*p)); + } + } @@ . patch -p0 <<'@@ .' Index: openpkg-src/tar/tar.spec ============================================================================ $ cvs diff -u -r1.60 -r1.61 tar.spec --- openpkg-src/tar/tar.spec 30 Jun 2007 07:44:49 -0000 1.60 +++ openpkg-src/tar/tar.spec 4 Sep 2007 08:33:25 -0000 1.61 @@ -33,7 +33,7 @@ Group: Archiver License: GPL Version: 1.18 -Release: 20070630 +Release: 20070904 # list of sources Source0: ftp://ftp.gnu.org/gnu/tar/tar-%{version}.tar.gz @@ . ______________________________________________________________________ OpenPKG http://openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org