diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2019-01-04 14:07:44 +0100 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-01-17 16:24:46 +0100 |
| commit | 25c0433d9b2f5d1714a20c53a424eb8726bc00e6 (patch) | |
| tree | 47262477b2b53e61c2d9e06ba968a6197cc49b61 | |
| parent | 813a6e811df47ec9eb24129eee3d1ef560a53a84 (diff) | |
| download | aports-25c0433d9b2f5d1714a20c53a424eb8726bc00e6.tar.bz2 aports-25c0433d9b2f5d1714a20c53a424eb8726bc00e6.tar.xz | |
main/tar: security upgrade to 1.31
fixes #9850
| -rw-r--r-- | main/tar/APKBUILD | 16 | ||||
| -rw-r--r-- | main/tar/CVE-2016-6321.patch | 37 |
2 files changed, 5 insertions, 48 deletions
diff --git a/main/tar/APKBUILD b/main/tar/APKBUILD index c111e56adc..dea8a53cd7 100644 --- a/main/tar/APKBUILD +++ b/main/tar/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=tar -pkgver=1.29 -pkgrel=1 +pkgver=1.31 +pkgrel=0 pkgdesc="Utility used to store, backup, and transport files" url="http://www.gnu.org" arch="all" @@ -11,12 +11,13 @@ install="" makedepends="" subpackages="$pkgname-doc" source="ftp://ftp.gnu.org/gnu/tar/$pkgname-$pkgver.tar.xz - CVE-2016-6321.patch ignore-apk-tools-checksums.patch" # secfixes: # 1.29-r1: # - CVE-2016-6321 +# 1.31-r0: +# - CVE-2018-20482 _builddir="$srcdir/$pkgname-$pkgver" prepare() { @@ -53,12 +54,5 @@ package() { ln -s /bin/tar "$pkgdir"/usr/bin/tar } -md5sums="a1802fec550baaeecff6c381629653ef tar-1.29.tar.xz -7a8c4416b6f8e325d78155b56fdec62b CVE-2016-6321.patch -2c4c807811c4ba827f4510dc2a2f8460 ignore-apk-tools-checksums.patch" -sha256sums="402dcfd0022fd7a1f2c5611f5c61af1cd84910a760a44a688e18ddbff4e9f024 tar-1.29.tar.xz -d951145580cf4c15b2c0b4f9e71bf00a3ef180bd1b9e61482ca667af85b0d27e CVE-2016-6321.patch -4f6330e37e0540f8731256a65fd8ff6de475cf9e3ec9d0245b9dd21d7546713d ignore-apk-tools-checksums.patch" -sha512sums="7249689176bd9e4e842e1e363c3f5867d9d4db9ec082ba59805047091e89de22a67153a366c23bdc1e53a3fb154df1c19a5bc1fa88267333724c5bc11bd27329 tar-1.29.tar.xz -dd3802066a36e8f59d927e6cce013dfdfa194413f1795a007be0894057e8eadce79d17d24c8b49ac89fd11b7e6a32a84c89bbd58ef9f5471a66e023a4060d7e7 CVE-2016-6321.patch +sha512sums="2185fbbe53d4fe3eb688ebc8c2fa800db2599a282c07007358d0a011394aafcf27a80600d044bb4fc299a172d3d95f953106be651db33eb6e5555bd24cad02aa tar-1.31.tar.xz 9cde0f1509328bc5fe2cb46642b53c7681c548cf28a2fb83eda7e9374c9c0ad27a0cd55b9c0cc93951def58dafa55ee71cace5493ddcb7966ee94dc5f1099739 ignore-apk-tools-checksums.patch" diff --git a/main/tar/CVE-2016-6321.patch b/main/tar/CVE-2016-6321.patch deleted file mode 100644 index d2f5a0764f..0000000000 --- a/main/tar/CVE-2016-6321.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 -From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> -Date: Sat, 29 Oct 2016 21:04:40 -0700 -Subject: [PATCH] When extracting, skip ".." members - -* NEWS: Document this. -* src/extract.c (extract_archive): Skip members whose names -contain "..". ---- - src/extract.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { |