[CVS] OpenPKG: openpkg-src/tar/ tar.patch tar.spec

Tue, 04 Sep 2007 01:33:20 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   04-Sep-2007 10:33:25
  Branch: HEAD                             Handle: 2007090409332500

  Modified files:
    openpkg-src/tar         tar.patch tar.spec

  Log:
    Security Fix (CVE-2007-4131)

  Summary:
    Revision    Changes     Path
    1.18        +21 -0      openpkg-src/tar/tar.patch
    1.61        +1  -1      openpkg-src/tar/tar.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/tar/tar.patch
  ============================================================================
  $ cvs diff -u -r1.17 -r1.18 tar.patch
  --- openpkg-src/tar/tar.patch 30 Jun 2007 07:44:49 -0000      1.17
  +++ openpkg-src/tar/tar.patch 4 Sep 2007 08:33:25 -0000       1.18
  @@ -96,3 +96,24 @@
    static bool xheader_protected_pattern_p (char const *pattern);
    static bool xheader_protected_keyword_p (char const *keyword);
    static void xheader_set_single_keyword (char *) __attribute__ ((noreturn));
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix (CVE-2007-4131)
  +
  +Index: src/names.c
  +--- src/names.c.orig
  ++++ src/names.c
  +@@ -1012,11 +1012,10 @@
  +       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
  +     return 1;
  + 
  +-      do
  ++      while (! ISSLASH (*p))
  +     {
  +       if (! *p++)
  +         return 0;
  +     }
  +-      while (! ISSLASH (*p));
  +     }
  + }
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/tar/tar.spec
  ============================================================================
  $ cvs diff -u -r1.60 -r1.61 tar.spec
  --- openpkg-src/tar/tar.spec  30 Jun 2007 07:44:49 -0000      1.60
  +++ openpkg-src/tar/tar.spec  4 Sep 2007 08:33:25 -0000       1.61
  @@ -33,7 +33,7 @@
   Group:        Archiver
   License:      GPL
   Version:      1.18
  -Release:      20070630
  +Release:      20070904
   
   #   list of sources
   Source0:      ftp://ftp.gnu.org/gnu/tar/tar-%{version}.tar.gz
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to