Accepting request 439571 from home:kstreitova:branches:Base:System

- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] OBS-URL: https://build.opensuse.org/request/show/439571 OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=73
2016-11-10 22:20:00 +00:00
parent ecfd71c5af
commit 885805a010
3 changed files with 41 additions and 0 deletions
--- a/tar.spec
+++ b/tar.spec
@@ -47,6 +47,8 @@ Patch20:        add_readme-tests.patch
 # add return values to the backup scripts for better results monitoring.
 # https://savannah.gnu.org/patch/?8953
 Patch21:        add-return-values-to-backup-scripts.patch
+# PATCH-FIX-UPSTREAM bnc#1007188 CVE-2016-6321 kstreitova@suse.com -- fix POINTYFEATHER vulnerability
+Patch22:        tar-1.29-extract_pathname_bypass.patch
 %if 0%{?suse_version} >= %min_suse_ver
 BuildRequires:  automake
 BuildRequires:  help2man
@@ -97,6 +99,7 @@ Upstream testsuite for the package
 #%patch12 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p0

 %build
 %define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter -fPIE