1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-23 00:43:28 +00:00

Fix GNUTYPE_NAMES directory traversal vulnerability by not extracting

these entries.  Support for GNUTYPE_NAMES will be dropped completely
in 1.16.1.

Notified by sem@

Security:	VuXML 3dd7eb58-80ae-11db-b4ec-000854d03344
This commit is contained in:
Christian Weisgerber 2006-11-30 20:31:51 +00:00
parent 743eba7ed2
commit 521d9e0ead
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=178377
2 changed files with 17 additions and 1 deletions

View File

@ -7,7 +7,7 @@
PORTNAME= tar
PORTVERSION= 1.16
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= archivers sysutils
MASTER_SITES= ${MASTER_SITE_GNU}
MASTER_SITE_SUBDIR= ${PORTNAME}

View File

@ -0,0 +1,16 @@
$FreeBSD$
--- src/extract.c.orig
+++ src/extract.c
@@ -1121,10 +1121,6 @@
*fun = extract_volhdr;
break;
- case GNUTYPE_NAMES:
- *fun = extract_mangle_wrapper;
- break;
-
case GNUTYPE_MULTIVOL:
ERROR ((0, 0,
_("%s: Cannot extract -- file is continued from another volume"),