Fix GNUTYPE_NAMES directory traversal vulnerability by not extracting
these entries. Support for GNUTYPE_NAMES will be dropped completely in 1.16.1. Notified by sem@ Security: VuXML 3dd7eb58-80ae-11db-b4ec-000854d03344
This commit is contained in:
Christian Weisgerber
parent
743eba7ed2
commit
521d9e0ead
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=178377
2 changed files with 17 additions and 1 deletions
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
PORTNAME= tar
|
||||
PORTVERSION= 1.16
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= archivers sysutils
|
||||
MASTER_SITES= ${MASTER_SITE_GNU}
|
||||
MASTER_SITE_SUBDIR= ${PORTNAME}
|
||||
|
|
|
|||
16
archivers/gtar/files/patch-src_extract.c
Normal file
16
archivers/gtar/files/patch-src_extract.c
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
|
||||
$FreeBSD$
|
||||
|
||||
--- src/extract.c.orig
|
||||
+++ src/extract.c
|
||||
@@ -1121,10 +1121,6 @@
|
||||
*fun = extract_volhdr;
|
||||
break;
|
||||
|
||||
- case GNUTYPE_NAMES:
|
||||
- *fun = extract_mangle_wrapper;
|
||||
- break;
|
||||
-
|
||||
case GNUTYPE_MULTIVOL:
|
||||
ERROR ((0, 0,
|
||||
_("%s: Cannot extract -- file is continued from another volume"),
|
||||
Loading…
Reference in a new issue