CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/04/30 13:30:57
Modified files:
bin/pax : Tag: OPENBSD_5_6 ar_subs.c extern.h file_subs.c
ftree.c pat_rep.c pax.c pax.h tables.c tables.h
tar.c
Log message:
Backport trunk commit of 2015/03/09 04:23:29:
tar/pax/cpio had multiple issues:
* extracting a malicious archive could create files outside of the
current directory without using pre-existing symlinks to 'escape',
and could change the timestamps and modes on preexisting files
* tar without -P would permit extraction of paths with ".." components
* there was a buffer overflow in the handling of pax extension headers
