rpms/tar/devel tar-1.17-dot_dot_vuln.patch, NONE, 1.1 tar.spec, 1.61, 1.62
Radek Brich (rbrich)
fedora-extras-commits at redhat.com
Tue Aug 28 11:46:42 UTC 2007
Author: rbrich
Update of /cvs/extras/rpms/tar/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27408
Modified Files:
tar.spec
Added Files:
tar-1.17-dot_dot_vuln.patch
Log Message:
CVE-2007-4131
tar-1.17-dot_dot_vuln.patch:
--- NEW FILE tar-1.17-dot_dot_vuln.patch ---
--- tar-1.17/src/names.c.dot_dot_vuln 2007-06-28 18:19:13.000000000 +0200
+++ tar-1.17/src/names.c 2007-08-15 16:29:20.000000000 +0200
@@ -1009,11 +1009,10 @@ contains_dot_dot (char const *name)
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
return 1;
- do
+ while (! ISSLASH (*p))
{
if (! *p++)
return 0;
}
- while (! ISSLASH (*p));
}
}
Index: tar.spec
===================================================================
RCS file: /cvs/extras/rpms/tar/devel/tar.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- tar.spec 2 Jul 2007 08:26:18 -0000 1.61
+++ tar.spec 28 Aug 2007 11:46:09 -0000 1.62
@@ -2,8 +2,8 @@
Name: tar
Epoch: 2
Version: 1.17
-Release: 1%{?dist}
-License: GPL
+Release: 2%{?dist}
+License: GPLv2+
Group: Applications/Archiving
URL: http://www.gnu.org/software/tar/
Source0: ftp://ftp.gnu.org/pub/gnu/tar/tar-%{version}.tar.gz
@@ -14,6 +14,7 @@
Patch3: tar-1.17-testsuite.patch
Patch4: tar-1.17-xattrs.patch
Patch5: tar-1.17-wildcards.patch
+Patch6: tar-1.17-dot_dot_vuln.patch
Prereq: info
BuildRequires: autoconf automake gzip texinfo gettext libacl-devel libselinux-devel
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -39,6 +40,7 @@
%patch3 -p1 -b .testsuite
%patch4 -p1 -b .xattrs
%patch5 -p1 -b .wildcards
+%patch6 -p1 -b .dot_dot_vuln.patch
%build
%configure --bindir=/bin --libexecdir=/sbin
@@ -89,6 +91,10 @@
%{_infodir}/tar.info*
%changelog
+* Tue Aug 28 2007 Radek Brich <rbrich at redhat.com> 2:1.17-2
+- updated license tag
+- fixed CVE-2007-4131 tar directory traversal vulnerability (#251921)
+
* Thu Jun 28 2007 Radek Brich <rbrich at redhat.com> 2:1.17-1
- new upstream version
- patch for wildcards (#206841), restoring old behavior
More information about the fedora-extras-commits
mailing list