OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=8

tar-1.15.1-CVE-2001-1267.patch

@@ -0,0 +1,15 @@
+--- src/names.c
++++ src/names.c
+@@ -1152,11 +1152,10 @@
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }

tar.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 31 12:55:24 CEST 2007 - mkoenig@suse.de
+
+- fixed another directory traversal vulnerability, CVE-2001-1267,
+  CVE-2002-0399, [#29973] 
+
 -------------------------------------------------------------------
 Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de
 

tar.spec

@@ -19,7 +19,7 @@ Provides:       base:/bin/tar
 PreReq:         %install_info_prereq
 Autoreqprov:    on
 Version:        1.17
-Release:        13
+Release:        17
 Summary:        GNU implementation of tar ((t)ape (ar)chiver)
 Source0:        %name-%version.tar.bz2
 Patch0:         tar-disable_languages.patch
@@ -27,6 +27,7 @@ Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-1.17-testsuite12.patch	
 Patch4:         tar-1.17-paxlib-owl-alloca.patch	
+Patch5:         tar-1.15.1-CVE-2001-1267.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define _bindir  /bin
 
@@ -67,6 +68,7 @@ Authors:
 %patch2 -p1
 %patch3
 %patch4
+%patch5 -p0
 
 %build
 rm -f po/no.* po/ky.*
@@ -108,6 +110,9 @@ rm -r %buildroot/usr/libexec
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Fri Aug 31 2007 - mkoenig@suse.de
+- fixed another directory traversal vulnerability, CVE-2001-1267,
+  CVE-2002-0399, [#29973]
 * Mon Aug 20 2007 - mkoenig@suse.de
 - use correct patch for paxlib stack overflow [#301416]
 * Fri Aug 17 2007 - lmichnovic@suse.cz