[28502] trunk/dports/archivers/gnutar

source_changes at macosforge.org source_changes at macosforge.org
Sun Sep 2 11:40:09 PDT 2007 

Revision: 28502
          http://trac.macosforge.org/projects/macports/changeset/28502
Author:   mww at macports.org
Date:     2007-09-02 11:40:09 -0700 (Sun, 02 Sep 2007)

Log Message:
-----------
add fix for directory traversal vulnerability, inc. revision -- https://bugzilla.redhat.com/show_bug.cgi?id=251921

Modified Paths:
--------------
    trunk/dports/archivers/gnutar/Portfile

Added Paths:
-----------
    trunk/dports/archivers/gnutar/files/
    trunk/dports/archivers/gnutar/files/patch-src-names.c

Modified: trunk/dports/archivers/gnutar/Portfile
===================================================================
--- trunk/dports/archivers/gnutar/Portfile	2007-09-02 17:59:26 UTC (rev 28501)
+++ trunk/dports/archivers/gnutar/Portfile	2007-09-02 18:40:09 UTC (rev 28502)
@@ -4,6 +4,7 @@
 
 name                gnutar
 version             1.18
+revision            1
 categories          archivers
 maintainers         mww at macports.org
 description         tar version of the GNU project
@@ -21,6 +22,7 @@
 distname            tar-${version}
 use_bzip2           yes
 platforms           darwin
+patchfiles          patch-src-names.c
 
 depends_lib         port:gettext port:libiconv
 

Added: trunk/dports/archivers/gnutar/files/patch-src-names.c
===================================================================
--- trunk/dports/archivers/gnutar/files/patch-src-names.c	                        (rev 0)
+++ trunk/dports/archivers/gnutar/files/patch-src-names.c	2007-09-02 18:40:09 UTC (rev 28502)
@@ -0,0 +1,20 @@
+2005-05-15  Dmitry V. Levin <ldv at altlinux.org>
+
+	* src/names.c (contains_dot_dot): Fix ".." detection.
+	Previous edition fails to recognize "foo//.." case.
+
+--- src/names.c.orig	2004-09-06 11:30:54 +0000
++++ src/names.c	2005-05-15 13:21:13 +0000
+@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-changes/attachments/20070902/d35764f5/attachment.html

More information about the macports-changes mailing list