Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070906063713-dd049-bbf20d39c2bf524c23965946773841b0d763ace9.gz;
[tar-1.16.1-2terminus1-i686
voroskoi <[EMAIL PROTECTED]>**20070906063713
secfix relbump, closes #2376
] {
addfile ./source/base/tar/CVE-2007-4131.diff
hunk ./source/base/tar/CVE-2007-4131.diff 1
+2005-05-15 Dmitry V. Levin <[EMAIL PROTECTED]>
+
+ * src/names.c (contains_dot_dot): Fix ".." detection.
+ Previous edition fails to recognize "foo//.." case.
+
+--- tar-1.15.1/src/names.c.orig 2004-09-06 11:30:54 +0000
++++ tar-1.15.1/src/names.c 2005-05-15 13:21:13 +0000
+@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ return 1;
+
+- do
++ while (! ISSLASH (*p))
+ {
+ if (! *p++)
+ return 0;
+ }
+- while (! ISSLASH (*p));
+ }
+ }
hunk ./source/base/tar/FrugalBuild 6
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/base/tar/FrugalBuild 14
- $pkgname-1.16-lzma.diff)
-signatures=($source.sig '' '')
+ $pkgname-1.16-lzma.diff CVE-2007-4131.diff)
+signatures=($source.sig '' '' '')
hunk ./source/base/tar/FrugalBuild 23
-# optimization ok
+# optimization OK
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
