[Frugalware-darcs] frugalware-0.6: tar-1.16.1-2terminus1-i686

voroskoi voroskoi at frugalware.org
Thu Sep 6 08:48:32 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070906063713-dd049-bbf20d39c2bf524c23965946773841b0d763ace9.gz;

[tar-1.16.1-2terminus1-i686
voroskoi <voroskoi at frugalware.org>**20070906063713
 secfix relbump, closes #2376
] {
addfile ./source/base/tar/CVE-2007-4131.diff
hunk ./source/base/tar/CVE-2007-4131.diff 1
+2005-05-15  Dmitry V. Levin <ldv at altlinux.org>
+
+	* src/names.c (contains_dot_dot): Fix ".." detection.
+	Previous edition fails to recognize "foo//.." case.
+
+--- tar-1.15.1/src/names.c.orig	2004-09-06 11:30:54 +0000
++++ tar-1.15.1/src/names.c	2005-05-15 13:21:13 +0000
+@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }
hunk ./source/base/tar/FrugalBuild 6
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/base/tar/FrugalBuild 14
-	$pkgname-1.16-lzma.diff)
-signatures=($source.sig '' '')
+	$pkgname-1.16-lzma.diff CVE-2007-4131.diff)
+signatures=($source.sig '' '' '')
hunk ./source/base/tar/FrugalBuild 23
-# optimization ok
+# optimization OK
}


More information about the Frugalware-darcs mailing list