testing/tar
SHA256
3
0
Fork 0
forked from pool/tar
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tar?expand=0&rev=8

Browse Source
This commit is contained in:
OBS User unknown 2007-08-31 14:03:28 +00:00 committed by Git OBS Bridge
parent 13c7c40712
commit 037738a590
3 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tar-1.15.1-CVE-2001-1267.patch Normal file
View File

@ -0,0 +1,15 @@
--- src/names.c
+++ src/names.c
@@ -1152,11 +1152,10 @@
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;
- do
+ while (! ISSLASH (*p))
{
if (! *p++)
return 0;
}
- while (! ISSLASH (*p));
}
}

6
tar.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Aug 31 12:55:24 CEST 2007 - mkoenig@suse.de
- fixed another directory traversal vulnerability, CVE-2001-1267,
CVE-2002-0399, [#29973]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de

7
tar.spec
View File

@ -19,7 +19,7 @@ Provides: base:/bin/tar
PreReq: %install_info_prereq PreReq: %install_info_prereq
Autoreqprov: on Autoreqprov: on
Version: 1.17 Version: 1.17
Release: 13 Release: 17
Summary: GNU implementation of tar ((t)ape (ar)chiver) Summary: GNU implementation of tar ((t)ape (ar)chiver)
Source0: %name-%version.tar.bz2 Source0: %name-%version.tar.bz2
Patch0: tar-disable_languages.patch Patch0: tar-disable_languages.patch
@ -27,6 +27,7 @@ Patch1: tar-disable-listed02-test.diff
Patch2: tar-manpage.patch Patch2: tar-manpage.patch
Patch3: tar-1.17-testsuite12.patch Patch3: tar-1.17-testsuite12.patch
Patch4: tar-1.17-paxlib-owl-alloca.patch Patch4: tar-1.17-paxlib-owl-alloca.patch
Patch5: tar-1.15.1-CVE-2001-1267.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define _bindir /bin %define _bindir /bin
@ -67,6 +68,7 @@ Authors:
%patch2 -p1 %patch2 -p1
%patch3 %patch3
%patch4 %patch4
%patch5 -p0
%build %build
rm -f po/no.* po/ky.* rm -f po/no.* po/ky.*
@ -108,6 +110,9 @@ rm -r %buildroot/usr/libexec
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Fri Aug 31 2007 - mkoenig@suse.de
- fixed another directory traversal vulnerability, CVE-2001-1267,
CVE-2002-0399, [#29973]
* Mon Aug 20 2007 - mkoenig@suse.de * Mon Aug 20 2007 - mkoenig@suse.de
- use correct patch for paxlib stack overflow [#301416] - use correct patch for paxlib stack overflow [#301416]
* Fri Aug 17 2007 - lmichnovic@suse.cz * Fri Aug 17 2007 - lmichnovic@suse.cz