summaryrefslogtreecommitdiffstats
path: root/archivers
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2002-10-05 07:50:22 +0000
committerkris <kris@FreeBSD.org>2002-10-05 07:50:22 +0000
commit5140c329cac11ecf8ecf43215f7a1b7e93f5fa1c (patch)
treea11051441c7dc0adea974f9df5f3faa81f601d76 /archivers
parente6295405bc41d6e4b9286e58d717e6a79efdf899 (diff)
downloadFreeBSD-ports-5140c329cac11ecf8ecf43215f7a1b7e93f5fa1c.zip
FreeBSD-ports-5140c329cac11ecf8ecf43215f7a1b7e93f5fa1c.tar.gz
Fix a security bug that allows extracted filenames to contain ".." and
bump PORTREVISION. Submitted by: naddy
Diffstat (limited to 'archivers')
-rw-r--r--archivers/gtar/Makefile2
-rw-r--r--archivers/gtar/files/patch-src::extract.c34
-rw-r--r--archivers/gtar/files/patch-src::misc.c20
3 files changed, 44 insertions, 12 deletions
diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile
index 2c49447..0b66aed 100644
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@@ -7,7 +7,7 @@
PORTNAME= tar
PORTVERSION= 1.13.25
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= archivers sysutils
MASTER_SITES= ftp://alpha.gnu.org/gnu/tar/ \
ftp://ftp.sunsite.org.uk/Mirrors/alpha.gnu.org/gnu/tar/ \
diff --git a/archivers/gtar/files/patch-src::extract.c b/archivers/gtar/files/patch-src::extract.c
index 7a0a416..e49d24f 100644
--- a/archivers/gtar/files/patch-src::extract.c
+++ b/archivers/gtar/files/patch-src::extract.c
@@ -1,11 +1,8 @@
-Index: src/extract.c
-===================================================================
-RCS file: /home/ncvs/src/contrib/tar/src/extract.c,v
-retrieving revision 1.1.1.1
-retrieving revision 1.3
-diff -d -u -r1.1.1.1 -r1.3
---- src/extract.c 4 Jun 2002 10:37:44 -0000 1.1.1.1
-+++ src/extract.c 7 Jun 2002 06:02:35 -0000 1.3
+
+$FreeBSD$
+
+--- src/extract.c.orig Mon Sep 24 20:55:17 2001
++++ src/extract.c Wed Oct 2 19:10:55 2002
@@ -19,6 +19,8 @@
with this program; if not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
@@ -25,3 +22,24 @@ diff -d -u -r1.1.1.1 -r1.3
same_owner_option += we_are_root;
xalloc_fail_func = extract_finish;
+@@ -1019,10 +1023,19 @@
+ {
+ struct stat st1, st2;
+ int e;
++ size_t skiplinkcrud;
++
++ if (absolute_names_option)
++ skiplinkcrud = 0;
++ else {
++ skiplinkcrud = FILESYSTEM_PREFIX_LEN (current_link_name);
++ while (ISSLASH (current_link_name[skiplinkcrud]))
++ skiplinkcrud++;
++ }
+
+ /* MSDOS does not implement links. However, djgpp's link() actually
+ copies the file. */
+- status = link (current_link_name, CURRENT_FILE_NAME);
++ status = link (current_link_name + skiplinkcrud, CURRENT_FILE_NAME);
+
+ if (status == 0)
+ {
diff --git a/archivers/gtar/files/patch-src::misc.c b/archivers/gtar/files/patch-src::misc.c
index 1a891c2..8d5564e 100644
--- a/archivers/gtar/files/patch-src::misc.c
+++ b/archivers/gtar/files/patch-src::misc.c
@@ -1,9 +1,23 @@
$FreeBSD$
---- src/misc.c 2002/06/01 21:08:46 1.1
-+++ src/misc.c 2002/06/01 21:09:16
-@@ -549,10 +549,8 @@
+--- src/misc.c.orig Mon Aug 27 01:14:26 2001
++++ src/misc.c Wed Oct 2 19:10:55 2002
+@@ -214,6 +214,13 @@
+ return 0;
+ }
+ while (! ISSLASH (*p));
++
++ do
++ {
++ if (! *p++)
++ return 0;
++ }
++ while ( ISSLASH (*p));
+ }
+ }
+
+@@ -549,10 +556,8 @@
chmod_error_details (char const *name, mode_t mode)
{
int e = errno;
OpenPOWER on IntegriCloud