Patch to fix a directory traversal vulnerability, #189682

  thanks to Robert Buchholz.
(Portage version: 2.1.3.6)

3 files changed, 26 insertions, 0 deletions

diff --git a/app-arch/tar/files/digest-tar-1.17-r1 b/app-arch/tar/files/digest-tar-1.17-r1
new file mode 100644
index 000000000000..71e71f65d601
--- /dev/null
+++ b/app-arch/tar/files/digest-tar-1.17-r1
@@ -0,0 +1,3 @@
+MD5 c6c4f1c075dbf0f75c29737faa58f290 tar-1.17.tar.bz2 1882911
+RMD160 f4671e909c1ff8fac531d438b50a4a197049bc45 tar-1.17.tar.bz2 1882911
+SHA256 19f9021dda51a16295e4706e80870e71f87107675e51c176a491eba0fc4ca492 tar-1.17.tar.bz2 1882911
diff --git a/app-arch/tar/files/digest-tar-1.18-r2 b/app-arch/tar/files/digest-tar-1.18-r2
new file mode 100644
index 000000000000..1e3df17e14e6
--- /dev/null
+++ b/app-arch/tar/files/digest-tar-1.18-r2
@@ -0,0 +1,3 @@
+MD5 70170208d7c1bb9ab40120579434b6a3 tar-1.18.tar.bz2 1877207
+RMD160 129e1a53ed3b580f5efc582622a90fdfc9d105f5 tar-1.18.tar.bz2 1877207
+SHA256 44944ee0427c8e0d8dbaa0b8f900073a7456819610cc521c53630c3eb117cf5e tar-1.18.tar.bz2 1877207
diff --git a/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch b/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch
new file mode 100644
index 000000000000..27b2c955f02f
--- /dev/null
+++ b/app-arch/tar/files/tar-1.15.1-alt-contains-dot-dot.patch
@@ -0,0 +1,20 @@
+2005-05-15  Dmitry V. Levin <ldv@altlinux.org>
+
+	* src/names.c (contains_dot_dot): Fix ".." detection.
+	Previous edition fails to recognize "foo//.." case.
+
+--- tar-1.15.1/src/names.c.orig	2004-09-06 11:30:54 +0000
++++ tar-1.15.1/src/names.c	2005-05-15 13:21:13 +0000
+@@ -1152,11 +1152,10 @@ contains_dot_dot (char const *name)
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+     }
+ }