diff options
| author | naddy <naddy@FreeBSD.org> | 2006-12-01 04:31:51 +0800 |
|---|---|---|
| committer | naddy <naddy@FreeBSD.org> | 2006-12-01 04:31:51 +0800 |
| commit | 6cf066003b919c49a54eb3e166f56f1189159f4f (patch) | |
| tree | 425feac21e7ce1b9e3c8fba8c88e719433fb64e3 | |
| parent | 28561921582e3e42af1bbe3c42e346d81f9b7186 (diff) | |
| download | freebsd-ports-gnome-6cf066003b919c49a54eb3e166f56f1189159f4f.tar.gz freebsd-ports-gnome-6cf066003b919c49a54eb3e166f56f1189159f4f.tar.zst freebsd-ports-gnome-6cf066003b919c49a54eb3e166f56f1189159f4f.zip | |
Fix GNUTYPE_NAMES directory traversal vulnerability by not extracting
these entries. Support for GNUTYPE_NAMES will be dropped completely
in 1.16.1.
Notified by sem@
Security: VuXML 3dd7eb58-80ae-11db-b4ec-000854d03344
| -rw-r--r-- | archivers/gtar/Makefile | 2 | ||||
| -rw-r--r-- | archivers/gtar/files/patch-src_extract.c | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile index 22ad679ffb68..5306c50966a2 100644 --- a/archivers/gtar/Makefile +++ b/archivers/gtar/Makefile @@ -7,7 +7,7 @@ PORTNAME= tar PORTVERSION= 1.16 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers sysutils MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= ${PORTNAME} diff --git a/archivers/gtar/files/patch-src_extract.c b/archivers/gtar/files/patch-src_extract.c new file mode 100644 index 000000000000..07e8db665bfa --- /dev/null +++ b/archivers/gtar/files/patch-src_extract.c @@ -0,0 +1,16 @@ + +$FreeBSD$ + +--- src/extract.c.orig ++++ src/extract.c +@@ -1121,10 +1121,6 @@ + *fun = extract_volhdr; + break; + +- case GNUTYPE_NAMES: +- *fun = extract_mangle_wrapper; +- break; +- + case GNUTYPE_MULTIVOL: + ERROR ((0, 0, + _("%s: Cannot extract -- file is continued from another volume"), |