rpms/tar
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- add security patch into devel branch

Browse Source
This commit is contained in:
Florian La Roche 2006-12-12 12:27:18 +00:00
parent 0bdef84811
commit 732a997a16
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
tar-1.15.1-mangling.patch Normal file
View File

@ -0,0 +1,59 @@
--- tar-1.15.1/src/common.h.mangling 2006-12-04 12:47:40.000000000 +0100
+++ tar-1.15.1/src/common.h 2006-12-04 12:47:40.000000000 +0100
@@ -124,6 +124,9 @@
GLOBAL bool absolute_names_option;
+/* Allow GNUTYPE_NAMES type? */
+GLOBAL bool allow_name_mangling_option;
+
/* Display file times in UTC */
GLOBAL bool utc_option;
--- tar-1.15.1/src/extract.c.mangling 2006-12-04 12:47:40.000000000 +0100
+++ tar-1.15.1/src/extract.c 2006-12-04 12:47:40.000000000 +0100
@@ -1171,7 +1171,13 @@
break;
case GNUTYPE_NAMES:
- extract_mangle ();
+ if (allow_name_mangling_option) {
+ extract_mangle ();
+ }
+ else {
+ ERROR ((0, 0, _("GNUTYPE_NAMES mangling ignored")));
+ skip_member ();
+ }
break;
case GNUTYPE_MULTIVOL:
--- tar-1.15.1/src/tar.c.mangling 2006-12-04 12:47:40.000000000 +0100
+++ tar-1.15.1/src/tar.c 2006-12-04 12:55:35.000000000 +0100
@@ -182,6 +182,7 @@
{
ACLS_OPTION = CHAR_MAX + 1,
ANCHORED_OPTION,
+ ALLOW_NAME_MANGLING_OPTION,
ATIME_PRESERVE_OPTION,
BACKUP_OPTION,
CHECKPOINT_OPTION,
@@ -546,6 +547,8 @@
{NULL, 'o', 0, 0,
N_("when creating, same as --old-archive. When extracting, same as --no-same-owner"), 91 },
+ {"allow-name-mangling", ALLOW_NAME_MANGLING_OPTION, 0, 0,
+ N_("when creating, allow GNUTYPE_NAMES mangling -- considered dangerous"), 91 },
{NULL, 0, NULL, 0,
N_("Other options:"), 100 },
@@ -931,6 +934,10 @@
case 'Z':
set_use_compress_program_option ("compress");
break;
+
+ case ALLOW_NAME_MANGLING_OPTION:
+ allow_name_mangling_option = true;
+ break;
case ANCHORED_OPTION:
args->exclude_options |= EXCLUDE_ANCHORED;

7
tar.spec
View File

@ -2,7 +2,7 @@ Summary: A GNU file archiving program
Name: tar Name: tar
Epoch: 2 Epoch: 2
Version: 1.15.1 Version: 1.15.1
Release: 22%{?dist} Release: 23%{?dist}
License: GPL License: GPL
Group: Applications/Archiving Group: Applications/Archiving
URL: http://www.gnu.org/software/tar/ URL: http://www.gnu.org/software/tar/
@ -24,6 +24,7 @@ Patch12: tar-1.15.1-optionsOrder.patch
Patch13: tar-1.15.1-permissions.patch Patch13: tar-1.15.1-permissions.patch
Patch14: tar-1.15.1-incompatibilities.patch Patch14: tar-1.15.1-incompatibilities.patch
Patch15: tar-1.15.1-xattrs.patch Patch15: tar-1.15.1-xattrs.patch
Patch16: tar-1.15.1-mangling.patch
Prereq: info Prereq: info
BuildRequires: autoconf automake gzip BuildRequires: autoconf automake gzip
Buildroot: %{_tmppath}/%{name}-%{version}-root Buildroot: %{_tmppath}/%{name}-%{version}-root
@ -57,6 +58,7 @@ the rmt package.
%patch13 -p1 -b .permissions %patch13 -p1 -b .permissions
%patch14 -p1 -b .incompatibilities %patch14 -p1 -b .incompatibilities
%patch15 -p1 -b .xattrs %patch15 -p1 -b .xattrs
%patch16 -p1 -b .mangling
%build %build
%configure --bindir=/bin --libexecdir=/sbin %configure --bindir=/bin --libexecdir=/sbin
@ -113,6 +115,9 @@ fi
%{_infodir}/tar.info* %{_infodir}/tar.info*
%changelog %changelog
* Tue Dec 12 2006 Florian La Roche <laroche@redhat.com> 2:1.15.1-23
- fix CVE-2006-6097 GNU tar directory traversal (#216937)
* Sat Dec 10 2006 Peter Vrabec <pvrabec@redhat.com> 2:1.15.1-22 * Sat Dec 10 2006 Peter Vrabec <pvrabec@redhat.com> 2:1.15.1-22
- fix some rpmlint spec file issues - fix some rpmlint spec file issues