Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070906063713-dd049-bbf20d39c2bf524c23965946773841b0d763ace9.gz;
[tar-1.16.1-2terminus1-i686 voroskoi <[EMAIL PROTECTED]>**20070906063713 secfix relbump, closes #2376 ] { addfile ./source/base/tar/CVE-2007-4131.diff hunk ./source/base/tar/CVE-2007-4131.diff 1 +2005-05-15 Dmitry V. Levin <[EMAIL PROTECTED]> + + * src/names.c (contains_dot_dot): Fix ".." detection. + Previous edition fails to recognize "foo//.." case. + +--- tar-1.15.1/src/names.c.orig 2004-09-06 11:30:54 +0000 ++++ tar-1.15.1/src/names.c 2005-05-15 13:21:13 +0000 +@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name) + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + return 1; + +- do ++ while (! ISSLASH (*p)) + { + if (! *p++) + return 0; + } +- while (! ISSLASH (*p)); + } + } hunk ./source/base/tar/FrugalBuild 6 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/base/tar/FrugalBuild 14 - $pkgname-1.16-lzma.diff) -signatures=($source.sig '' '') + $pkgname-1.16-lzma.diff CVE-2007-4131.diff) +signatures=($source.sig '' '' '') hunk ./source/base/tar/FrugalBuild 23 -# optimization ok +# optimization OK } _______________________________________________ Frugalware-darcs mailing list Frugalware-darcs@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-darcs