diff --git a/tar-1.15.1-CVE-2001-1267.patch b/tar-1.15.1-CVE-2001-1267.patch new file mode 100644 index 0000000..9836388 --- /dev/null +++ b/tar-1.15.1-CVE-2001-1267.patch @@ -0,0 +1,15 @@ +--- src/names.c ++++ src/names.c +@@ -1152,11 +1152,10 @@ + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + return 1; + +- do ++ while (! ISSLASH (*p)) + { + if (! *p++) + return 0; + } +- while (! ISSLASH (*p)); + } + } diff --git a/tar.changes b/tar.changes index b4239b9..d1ba375 100644 --- a/tar.changes +++ b/tar.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Aug 31 12:55:24 CEST 2007 - mkoenig@suse.de + +- fixed another directory traversal vulnerability, CVE-2001-1267, + CVE-2002-0399, [#29973] + ------------------------------------------------------------------- Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de diff --git a/tar.spec b/tar.spec index ceef2d9..7a5cbc8 100644 --- a/tar.spec +++ b/tar.spec @@ -19,7 +19,7 @@ Provides: base:/bin/tar PreReq: %install_info_prereq Autoreqprov: on Version: 1.17 -Release: 13 +Release: 17 Summary: GNU implementation of tar ((t)ape (ar)chiver) Source0: %name-%version.tar.bz2 Patch0: tar-disable_languages.patch @@ -27,6 +27,7 @@ Patch1: tar-disable-listed02-test.diff Patch2: tar-manpage.patch Patch3: tar-1.17-testsuite12.patch Patch4: tar-1.17-paxlib-owl-alloca.patch +Patch5: tar-1.15.1-CVE-2001-1267.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define _bindir /bin @@ -67,6 +68,7 @@ Authors: %patch2 -p1 %patch3 %patch4 +%patch5 -p0 %build rm -f po/no.* po/ky.* @@ -108,6 +110,9 @@ rm -r %buildroot/usr/libexec rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 31 2007 - mkoenig@suse.de +- fixed another directory traversal vulnerability, CVE-2001-1267, + CVE-2002-0399, [#29973] * Mon Aug 20 2007 - mkoenig@suse.de - use correct patch for paxlib stack overflow [#301416] * Fri Aug 17 2007 - lmichnovic@suse.cz