~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH v3.3] main/tar: security upgrade - fixes #6399

Details
Message ID
<1481013956-92-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1481013956
DKIM signature
missing
Download raw message
Patch: +30 -2
CVE-2016-6321
---
 main/tar/APKBUILD                                  |  5 ++--
 ...tar-extract-pathname-bypass-CVE-2016-6321.patch | 27 ++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 main/tar/tar-extract-pathname-bypass-CVE-2016-6321.patch

diff --git a/main/tar/APKBUILD b/main/tar/APKBUILD
index be41c1a..3f60a60 100644
--- a/main/tar/APKBUILD
+++ b/main/tar/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=tar
pkgver=1.28
pkgrel=1
pkgrel=2
pkgdesc="Utility used to store, backup, and transport files"
url="http://www.gnu.org"
arch="all"
@@ -11,7 +11,8 @@ install=
makedepends=
source="ftp://ftp.gnu.org/gnu/tar/$pkgname-$pkgver.tar.xz
	ignore-apk-tools-checksums.patch
	"
	tar-extract-pathname-bypass-CVE-2016-6321.patch
        "
subpackages="$pkgname-doc"

_builddir="$srcdir/$pkgname-$pkgver"
diff --git a/main/tar/tar-extract-pathname-bypass-CVE-2016-6321.patch b/main/tar/tar-extract-pathname-bypass-CVE-2016-6321.patch
new file mode 100644
index 0000000..36ab4ac
--- /dev/null
+++ b/main/tar/tar-extract-pathname-bypass-CVE-2016-6321.patch
@@ -0,0 +1,27 @@
--- a/lib/paxnames.c
+++ b/lib/paxnames.c
@@ -18,6 +18,7 @@
 #include <system.h>
 #include <hash.h>
 #include <paxlib.h>
+#include <quotearg.h>
 
 
 /* Hash tables of strings.  */
@@ -114,7 +115,15 @@
       for (p = file_name + prefix_len; *p; )
 	{
           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
-	    prefix_len = p + 2 - file_name;
+            {
+	      static char const *const diagnostic[] =
+	      {
+		N_("%s: Member name contains '..'"),
+		N_("%s: Hard link target contains '..'")
+	      };
+	      FATAL_ERROR ((0, 0, _(diagnostic[link_target]),
+	                    quotearg_colon (file_name)));
+	    }
 
 	  do
 	    {
-- 
2.6.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)