SECURITY:

Fix a directory traversal vulnerability. (CVE-2007-4131)
2007-09-01 21:05:21 +00:00 · 2007-09-01 21:05:21 +00:00 · c1ff722c4b
commit c1ff722c4b
parent eb4770dc84
2 changed files with 18 additions and 2 deletions
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.44 2007/08/25 19:49:01 naddy Exp $
+# $OpenBSD: Makefile,v 1.45 2007/09/01 21:05:21 naddy Exp $

 COMMENT=	GNU version of the traditional tape archiver

 DISTNAME=	tar-1.18
-PKGNAME=	g${DISTNAME}
+PKGNAME=	g${DISTNAME}p0
 CATEGORIES=	archivers
 HOMEPAGE=	http://www.gnu.org/software/tar/

--- a/archivers/gtar/patches/patch-src_names_c
+++ b/archivers/gtar/patches/patch-src_names_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-src_names_c,v 1.1 2007/09/01 21:05:21 naddy Exp $
+--- src/names.c.orig	Wed Jun 27 15:30:32 2007
+++ src/names.c	Sat Sep  1 21:58:57 2007
+@@ -1012,11 +1012,10 @@ contains_dot_dot (char const *name)
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
+      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }