Hello community,
here is the log from the commit of package tar for openSUSE:Factory checked in
at 2016-11-13 22:50:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tar (Old)
and /work/SRC/openSUSE:Factory/.tar.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tar"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tar/tar.changes 2016-06-07 23:43:05.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.tar.new/tar.changes 2016-11-13
22:50:05.000000000 +0100
@@ -1,0 +2,9 @@
+Tue Nov 8 17:50:44 UTC 2016 - [email protected]
+
+- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER
+ vulnerability - GNU tar archiver can be tricked into extracting
+ files and directories in the given destination, regardless of the
+ path name(s) specified on the command line [bsc#1007188]
+ [CVE-2016-6321]
+
+-------------------------------------------------------------------
New:
----
tar-1.29-extract_pathname_bypass.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tar.spec ++++++
--- /var/tmp/diff_new_pack.8QpQIE/_old 2016-11-13 22:50:07.000000000 +0100
+++ /var/tmp/diff_new_pack.8QpQIE/_new 2016-11-13 22:50:07.000000000 +0100
@@ -47,6 +47,8 @@
# add return values to the backup scripts for better results monitoring.
# https://savannah.gnu.org/patch/?8953
Patch21: add-return-values-to-backup-scripts.patch
+# PATCH-FIX-UPSTREAM bnc#1007188 CVE-2016-6321 [email protected] -- fix
POINTYFEATHER vulnerability
+Patch22: tar-1.29-extract_pathname_bypass.patch
%if 0%{?suse_version} >= %min_suse_ver
BuildRequires: automake
BuildRequires: help2man
@@ -97,6 +99,7 @@
#%patch12 -p1
%patch20 -p1
%patch21 -p1
+%patch22 -p0
%build
%define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes
-Wformat-security -Wno-unused-parameter -fPIE
++++++ tar-1.29-extract_pathname_bypass.patch ++++++
Index: lib/paxnames.c
===================================================================
--- lib/paxnames.c.orig
+++ lib/paxnames.c
@@ -18,6 +18,7 @@
#include <system.h>
#include <hash.h>
#include <paxlib.h>
+#include <quotearg.h>
�
/* Hash tables of strings. */
@@ -114,7 +115,15 @@ safer_name_suffix (char const *file_name
for (p = file_name + prefix_len; *p; )
{
if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
- prefix_len = p + 2 - file_name;
+ {
+ static char const *const diagnostic[] =
+ {
+ N_("%s: Member name contains '..'"),
+ N_("%s: Hard link target contains '..'")
+ };
+ FATAL_ERROR ((0, 0, _(diagnostic[link_target]),
+ quotearg_colon (file_name)));
+ }
do
{
