cvs commit: patches/tar tar-1.13.25-dot_dot-1.patch tar-1.13.25-y_compat_flag-1.patch tar-1.13.25-dot-dot.patch tar-1.13.25-y_compat_flag.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Mon Jun 7 22:08:10 PDT 2004


jim         04/06/07 23:08:10

  Added:       tar      tar-1.13.25-dot_dot-1.patch
                        tar-1.13.25-y_compat_flag-1.patch
  Removed:     tar      tar-1.13.25-dot-dot.patch
                        tar-1.13.25-y_compat_flag.patch
  Log:
  Naming Scheme Update
  
  Revision  Changes    Path
  1.1                  patches/tar/tar-1.13.25-dot_dot-1.patch
  
  Index: tar-1.13.25-dot_dot-1.patch
  ===================================================================
  Submitted By: Oliver Brakmann <obrakmann at gmx dot net>
  Date: 2003-09-13
  Initial Package Version: 1.13.25
  Origin: Bugtraq Mailing List
  	http://www.securityfocus.com/archive/1/294574
  Description: This patch fixes a security vulnerability by which	a specially
  	crafted tarball can be used to overwrite files on the victim's system.
  	See http://www.securityfocus.com/archive/1/293362 and following as
  	well as references therein for details.
  
  diff -ur tar-1.13.19.orig/src/misc.c tar-1.13.19/src/misc.c
  --- tar-1.13.19.orig/src/misc.c	Sat Jan 13 08:59:29 2001
  +++ tar-1.13.19/src/misc.c	Sat Sep 28 13:48:03 2002
  @@ -206,12 +206,12 @@
         if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
   	return 1;
  
  -      do
  +      while (! ISSLASH (*p))
   	{
   	  if (! *p++)
   	    return 0;
   	}
  -      while (! ISSLASH (*p));
  +      p++;
       }
   }
  
  
  
  1.1                  patches/tar/tar-1.13.25-y_compat_flag-1.patch
  
  Index: tar-1.13.25-y_compat_flag-1.patch
  ===================================================================
  Submitted By: DJ Lucas (dj_at_lucasit_dot_com)
  Date: 2003-08-17
  Initial Package Version: 1.13.25
  Origin: DJ Lucas (dj_at_lucasit_dot_com)
  Description: Adds -y as a valid switch for bzip2 compression.  This was
    common on older versions of  Mandrake Linux as well as others.  The
    patch does not remove the -j option.  It's only for those of us who
    just can't quit adding 'y' as a switch.
  
  diff -Naur tar-1.13.25-orig/src/tar.c tar-1.13.25/src/tar.c
  --- tar-1.13.25-orig/src/tar.c	2001-09-21 00:11:27.000000000 +0000
  +++ tar-1.13.25/src/tar.c	2003-08-17 18:53:06.000000000 +0000
  @@ -382,6 +382,7 @@
     -o, --old-archive, --portability   write a V7 format archive\n\
         --posix                        write a POSIX format archive\n\
     -j, --bzip2                        filter the archive through bzip2\n\
  +  -y                                 same as -j, added for compatibility\n\
     -z, --gzip, --ungzip               filter the archive through gzip\n\
     -Z, --compress, --uncompress       filter the archive through compress\n\
         --use-compress-program=PROG    filter through PROG (must accept -d)\n"),
  @@ -876,10 +877,8 @@
   	break;
   
         case 'y':
  -	USAGE_ERROR ((0, 0,
  -		      _("Warning: the -y option is not supported;"
  -			" perhaps you meant -j?")));
  -	break;
  +        set_use_compress_program_option ("bzip2");
  +        break;
   
         case 'z':
   	set_use_compress_program_option ("gzip");
  
  
  



More information about the patches mailing list