pool/tar
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=11

Browse Source
This commit is contained in:
OBS User unknown 2007-11-15 14:21:59 +00:00 committed by Git OBS Bridge
parent c00d162a78
commit cc0cb52d71
6 changed files with 30 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tar-1.15.1-CVE-2001-1267.patch
View File

@ -1,15 +0,0 @@
--- src/names.c
+++ src/names.c
@@ -1152,11 +1152,10 @@
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;
- do
+ while (! ISSLASH (*p))
{
if (! *p++)
return 0;
}
- while (! ISSLASH (*p));
}
}

102
tar-1.17-paxlib-owl-alloca.patch
View File

@ -1,102 +0,0 @@
Patch from Sergey Poznyakoff <gray@mirddin.farlep.net> for cpio
based on patch:
2007-08-15 Dmitry V. Levin <ldv@owl.openwall.com>
Do not use alloca to avoid stack overflow with untrusted input.
* lib/paxnames.c (hash_string_insert_direct): New function.
(hash_string_insert): Use it.
(hash_string_insert_data): New function.
(safer_name_suffix): Use it instead of hash_string_insert()
and alloca().
Index: lib/paxnames.c
===================================================================
--- lib/paxnames.c.orig
+++ lib/paxnames.c
@@ -36,15 +36,27 @@ hash_string_compare (void const *name1,
return strcmp (name1, name2) == 0;
}
-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
- copy of STRING to TABLE and return 1. */
-bool
-hash_string_insert (Hash_table **table, char const *string)
+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
+ otherwise, insert a newly allocated copy of this prefix to TABLE and
+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
+ copy. */
+static bool
+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
+ const char **return_prefix)
{
Hash_table *t = *table;
- char *s = xstrdup (string);
+ char *s;
char *e;
+ if (len)
+ {
+ s = xmalloc (len + 1);
+ memcpy (s, string, len);
+ s[len] = 0;
+ }
+ else
+ s = xstrdup (string);
+
if (! ((t
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
hash_string_compare, 0)))
@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table,
xalloc_die ();
if (e == s)
- return 1;
+ {
+ if (return_prefix)
+ *return_prefix = s;
+ return 1;
+ }
else
{
free (s);
@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table,
}
}
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+ copy of STRING to TABLE and return 1. */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
+ return hash_string_insert_prefix (table, string, 0, NULL);
+}
+
/* Return 1 if TABLE contains STRING. */
bool
hash_string_lookup (Hash_table const *table, char const *string)
@@ -88,7 +112,8 @@ removed_prefixes_p (void)
If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
char *
-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+safer_name_suffix (char const *file_name, bool link_target,
+ bool absolute_names)
{
char const *p;
@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
- char *prefix = alloca (prefix_len + 1);
- memcpy (prefix, file_name, prefix_len);
- prefix[prefix_len] = '\0';
-
- if (hash_string_insert (&prefix_table[link_target], prefix))
+ const char *prefix;
+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
+ prefix_len, &prefix))
{
static char const *const diagnostic[] =
{

3
tar-1.18.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:44944ee0427c8e0d8dbaa0b8f900073a7456819610cc521c53630c3eb117cf5e
size 1877207

3
tar-1.19.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c690d46da77b1ee07b7c758de46d6d07da698a75e63ed3e8f83e3fca8f809cb4
size 1882486

14
tar.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Wed Nov 14 18:09:03 CET 2007 - mkoenig@suse.de
- update to version 1.19
* New option --exclude-vcs
* --exclude-tag and --exclude-cache options now work under
incremental archives
* Fix handling of renamed files in listed incremental archives
* Fix --version output
* Recognition of broken archives
- merged patches:
tar-1.15.1-CVE-2001-1267.patch
tar-1.17-paxlib-owl-alloca.patch
-------------------------------------------------------------------
Fri Oct 5 16:06:49 CEST 2007 - mkoenig@suse.de

20
tar.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package tar (Version 1.18)
# spec file for package tar (Version 1.19)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -18,16 +18,13 @@ Group: System/Base
Provides: base:/bin/tar
PreReq: %install_info_prereq
AutoReqProv: on
Version: 1.18
Version: 1.19
Release: 1
Summary: GNU implementation of tar ((t)ape (ar)chiver)
Source0: %name-%version.tar.bz2
Patch0: tar-disable_languages.patch
Patch1: tar-disable-listed02-test.diff
Patch2: tar-manpage.patch
#Patch3: tar-1.17-testsuite12.patch
Patch4: tar-1.17-paxlib-owl-alloca.patch
Patch5: tar-1.15.1-CVE-2001-1267.patch
Patch6: tar-gcc43.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define _bindir /bin
@ -67,8 +64,6 @@ Authors:
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4
%patch5 -p0
%patch6
%build
@ -109,6 +104,17 @@ rm -r %buildroot/usr/libexec
%clean
rm -rf $RPM_BUILD_ROOT
%changelog
* Wed Nov 14 2007 - mkoenig@suse.de
- update to version 1.19
* New option --exclude-vcs
* --exclude-tag and --exclude-cache options now work under
incremental archives
* Fix handling of renamed files in listed incremental archives
* Fix --version output
* Recognition of broken archives
- merged patches:
tar-1.15.1-CVE-2001-1267.patch
tar-1.17-paxlib-owl-alloca.patch
* Fri Oct 05 2007 - mkoenig@suse.de
- update to version 1.18
Licensed under the GPLv3