rpm/tar
SHA256
1
0
Fork 0
forked from pool/tar
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=2

Browse Source
This commit is contained in:
OBS User unknown 2007-01-24 13:43:25 +00:00 committed by Git OBS Bridge
parent 3921804989
commit 3e403da25d
6 changed files with 29 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
tar-1.16-CVE-2006-6097.patch
View File

@ -1,182 +0,0 @@
CVE-2006-6097
2006-11-29 Paul Eggert <eggert@cs.ucla.edu>
* NEWS: Remove support for mangled names.
* doc/tar.texi (verbose tutorial): Likewise.
* src/Makefile.am (tar_SOURCES): Remove mangle.c.
* src/common.h (extract_mangle): Remove decl.
* src/extract.c (extract_mangle_wrapper): Remove.
(prepare_to_extract): Remove support for mangled names.
* src/list.c (read_and, print_header): Likewise.
* src/mangle.c: Remove.
* src/tar.c (GNUTYPE_NAMES): Remove.
Index: NEWS
===================================================================
RCS file: /cvsroot/tar/tar/NEWS,v
retrieving revision 1.126
diff -p -u -r1.126 NEWS
--- NEWS 29 Nov 2006 18:16:27 -0000 1.126
+++ NEWS 30 Nov 2006 06:37:07 -0000
@@ -1,6 +1,14 @@
GNU tar NEWS - User visible changes.
Please send GNU tar bug reports to <bug-tar@gnu.org>
+* Support for reading ustar type 'N' header logical records has been removed.
+ This GNU extension was generated only by very old versions of GNU 'tar'.
+ Unfortunately its implementation had security holes; see
+ <http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html>.
+ We don't expect that any tar archives in practical use have type 'N'
+ records, but if you have one and you trust its contents, you can
+ decode it with GNU tar 1.16 or earlier.
+
version 1.16 - Sergey Poznyakoff, 2006-10-21
* After creating an archive, tar exits with code 1 if some files were
Index: doc/tar.texi
===================================================================
RCS file: /cvsroot/tar/tar/doc/tar.texi,v
retrieving revision 1.123
diff -p -u -r1.123 tar.texi
--- doc/tar.texi 29 Nov 2006 18:11:34 -0000 1.123
+++ doc/tar.texi 30 Nov 2006 06:37:07 -0000
@@ -1000,12 +1000,7 @@ Encountered only at the beginning of a m
from the previous volume. The number @var{n} gives the offset where
the original file was split.
@item --Mangled file names--
-This archive member contains @dfn{mangled file names} declarations,
-a special member type that was used by early versions of @GNUTAR{}.
-You probably will never encounter this, unless you are reading a very
-old archive.
-
@item unknown file type @var{c}
An archive member of unknown type. @var{c} is the type character from
the archive header. If you encounter such a message, it means that
Index: src/Makefile.am
===================================================================
RCS file: /cvsroot/tar/tar/src/Makefile.am,v
retrieving revision 1.24
diff -p -u -r1.24 Makefile.am
--- src/Makefile.am 30 Nov 2006 00:14:11 -0000 1.24
+++ src/Makefile.am 30 Nov 2006 06:37:07 -0000
@@ -30,7 +30,6 @@ tar_SOURCES = \
xheader.c\
incremen.c\
list.c\
- mangle.c\
misc.c\
names.c\
sparse.c\
Index: src/common.h
===================================================================
RCS file: /cvsroot/tar/tar/src/common.h,v
retrieving revision 1.91
diff -p -u -r1.91 common.h
--- src/common.h 29 Nov 2006 18:16:27 -0000 1.91
+++ src/common.h 30 Nov 2006 06:37:07 -0000
@@ -546,10 +546,6 @@ enum read_header tar_checksum (union blo
void skip_file (off_t size);
void skip_member (void);
-/* Module mangle.c. */
-
-void extract_mangle (void);
-
/* Module misc.c. */
void assign_string (char **dest, const char *src);
Index: src/extract.c
===================================================================
RCS file: /cvsroot/tar/tar/src/extract.c,v
retrieving revision 1.97
diff -p -u -r1.97 extract.c
--- src/extract.c 29 Nov 2006 18:16:27 -0000 1.97
+++ src/extract.c 30 Nov 2006 06:37:07 -0000
@@ -1024,13 +1024,6 @@ extract_fifo (char *file_name, int typef
#endif
static int
-extract_mangle_wrapper (char *file_name, int typeflag)
-{
- extract_mangle ();
- return 0;
-}
-
-static int
extract_volhdr (char *file_name, int typeflag)
{
if (verbose_option)
@@ -1121,10 +1114,6 @@ prepare_to_extract (char const *file_nam
*fun = extract_volhdr;
break;
- case GNUTYPE_NAMES:
- *fun = extract_mangle_wrapper;
- break;
-
case GNUTYPE_MULTIVOL:
ERROR ((0, 0,
_("%s: Cannot extract -- file is continued from another volume"),
Index: src/list.c
===================================================================
RCS file: /cvsroot/tar/tar/src/list.c,v
retrieving revision 1.101
diff -p -u -r1.101 list.c
--- src/list.c 2 Jun 2006 08:05:04 -0000 1.101
+++ src/list.c 30 Nov 2006 06:37:07 -0000
@@ -107,7 +107,6 @@ read_and (void (*do_something) (void))
{
case GNUTYPE_VOLHDR:
case GNUTYPE_MULTIVOL:
- case GNUTYPE_NAMES:
break;
case DIRTYPE:
@@ -1047,10 +1046,6 @@ print_header (struct tar_stat_info *st,
modes[0] = 'M';
break;
- case GNUTYPE_NAMES:
- modes[0] = 'N';
- break;
-
case GNUTYPE_LONGNAME:
case GNUTYPE_LONGLINK:
modes[0] = 'L';
@@ -1234,10 +1229,6 @@ print_header (struct tar_stat_info *st,
uintbuf));
fprintf (stdlis, _("--Continued at byte %s--\n"), size);
break;
-
- case GNUTYPE_NAMES:
- fprintf (stdlis, _("--Mangled file names--\n"));
- break;
}
}
fflush (stdlis);
Index: src/tar.h
===================================================================
RCS file: /cvsroot/tar/tar/src/tar.h,v
retrieving revision 1.37
diff -p -u -r1.37 tar.h
--- src/tar.h 29 Nov 2006 18:28:45 -0000 1.37
+++ src/tar.h 30 Nov 2006 06:37:07 -0000
@@ -165,6 +165,7 @@ struct oldgnu_header
'A' Solaris Access Control List
'E' Solaris Extended Attribute File
'I' Inode only, as in 'star'
+ 'N' Obsolete GNU tar, for file names that do not fit into the main header.
'X' POSIX 1003.1-2001 eXtended (VU version) */
/* This is a dir entry that contains the names of files that were in the
@@ -180,8 +181,5 @@ struct oldgnu_header
/* This is the continuation of a file that began on another volume. */
#define GNUTYPE_MULTIVOL 'M'
-/* For storing filenames that do not fit into the main header. */
-#define GNUTYPE_NAMES 'N'
-
/* This is for sparse files. */
#define GNUTYPE_SPARSE 'S'

19
tar-1.16-xheader_unused.patch
View File

@ -1,19 +0,0 @@
Bugzilla #223847
Index: tar-1.16-edit/src/xheader.c
===================================================================
--- tar-1.16-edit.orig/src/xheader.c
+++ tar-1.16-edit/src/xheader.c
@@ -647,12 +647,10 @@ void
xheader_read (union block *p, size_t size)
{
size_t j = 0;
- size_t nblocks;
free (extended_header.buffer);
size += BLOCKSIZE;
extended_header.size = size;
- nblocks = (size + BLOCKSIZE - 1) / BLOCKSIZE;
extended_header.buffer = xmalloc (size + 1);
extended_header.buffer[size] = '\0';

3
tar-1.16.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5c843004934142cc85decf4ae0f5f8b8b568834d3e23f1568193b3836422d2bb
size 1793624

3
tar-1.16.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5037dfa4bdd426e680345681070a484f7f4edfa0b3381f595ca6dbc6ca1f5361
size 1785682

13
tar.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Jan 24 10:51:46 CET 2007 - mkoenig@suse.de
- update to version 1.16.1:
* tar-1.16-CVE-2006-6097.patch merged upstream
* tar-1.16-xheader_unused.patch merged upstream
* New option --exclude-tag
* The --exclude-cache option excludes directories that
contain the CACHEDIR.TAG file from being archived
* Race conditions have been fixed that in some cases briefly
allowed files extracted by 'tar -x --same-owner' to be
accessed by users that they shouldn't have been.
-------------------------------------------------------------------
Tue Dec 05 16:07:51 CET 2006 - mkoenig@suse.de

24
tar.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package tar (Version 1.16)
# spec file for package tar (Version 1.16.1)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -18,16 +18,13 @@ Group: System/Base
Provides: base:/bin/tar
PreReq: %install_info_prereq
Autoreqprov: on
Version: 1.16
Version: 1.16.1
Release: 1
Summary: GNU implementation of tar ( (t)ape (ar)chiver )
Source0: %name-%version.tar.bz2
#Source1: tar.1
Patch0: tar-disable_languages.patch
Patch1: tar-disable-listed02-test.diff
Patch2: tar-manpage.patch
Patch3: tar-1.16-xheader_unused.patch
Patch4: tar-1.16-CVE-2006-6097.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define _bindir /bin
@ -66,8 +63,6 @@ Authors:
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4
%build
rm -f po/no.* po/ky.*
@ -87,10 +82,7 @@ make
#%endif
%install
#mkdir -p $RPM_BUILD_ROOT%_mandir
#mkdir $RPM_BUILD_ROOT%_mandir/man1
make install DESTDIR=$RPM_BUILD_ROOT
#install -m 0644 %SOURCE1 $RPM_BUILD_ROOT%_mandir/man1/
rm -r %buildroot/usr/libexec
%files
@ -112,6 +104,16 @@ rm -r %buildroot/usr/libexec
rm -rf $RPM_BUILD_ROOT
%changelog -n tar
* Wed Jan 24 2007 - mkoenig@suse.de
- update to version 1.16.1:
* tar-1.16-CVE-2006-6097.patch merged upstream
* tar-1.16-xheader_unused.patch merged upstream
* New option --exclude-tag
* The --exclude-cache option excludes directories that
contain the CACHEDIR.TAG file from being archived
* Race conditions have been fixed that in some cases briefly
allowed files extracted by 'tar -x --same-owner' to be
accessed by users that they shouldn't have been.
* Tue Dec 05 2006 - mkoenig@suse.de
- update to version 1.16:
Bugfixes: