aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/tar/APKBUILD14
-rw-r--r--main/tar/CVE-2016-6321.patch37
2 files changed, 3 insertions, 48 deletions
diff --git a/main/tar/APKBUILD b/main/tar/APKBUILD
index 182dee5171..02220a1652 100644
--- a/main/tar/APKBUILD
+++ b/main/tar/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=tar
-pkgver=1.29
-pkgrel=1
+pkgver=1.30
+pkgrel=0
pkgdesc="Utility used to store, backup, and transport files"
url="https://www.gnu.org"
arch="all"
@@ -11,7 +11,6 @@ install=""
makedepends=""
subpackages="$pkgname-doc"
source="ftp://ftp.gnu.org/gnu/tar/$pkgname-$pkgver.tar.xz
- CVE-2016-6321.patch
ignore-apk-tools-checksums.patch"
# secfixes:
@@ -53,12 +52,5 @@ package() {
ln -s /bin/tar "$pkgdir"/usr/bin/tar
}
-md5sums="a1802fec550baaeecff6c381629653ef tar-1.29.tar.xz
-7a8c4416b6f8e325d78155b56fdec62b CVE-2016-6321.patch
-2c4c807811c4ba827f4510dc2a2f8460 ignore-apk-tools-checksums.patch"
-sha256sums="402dcfd0022fd7a1f2c5611f5c61af1cd84910a760a44a688e18ddbff4e9f024 tar-1.29.tar.xz
-d951145580cf4c15b2c0b4f9e71bf00a3ef180bd1b9e61482ca667af85b0d27e CVE-2016-6321.patch
-4f6330e37e0540f8731256a65fd8ff6de475cf9e3ec9d0245b9dd21d7546713d ignore-apk-tools-checksums.patch"
-sha512sums="7249689176bd9e4e842e1e363c3f5867d9d4db9ec082ba59805047091e89de22a67153a366c23bdc1e53a3fb154df1c19a5bc1fa88267333724c5bc11bd27329 tar-1.29.tar.xz
-dd3802066a36e8f59d927e6cce013dfdfa194413f1795a007be0894057e8eadce79d17d24c8b49ac89fd11b7e6a32a84c89bbd58ef9f5471a66e023a4060d7e7 CVE-2016-6321.patch
+sha512sums="9c8b2cacf8f6ca1b19f788d4ec0410127c4d71e54b9c9cac99ee5af6c002189ccc521302955510bb22a54a069ffd00fc2de12ac776985cbbeb3f1ecf38a4f8d9 tar-1.30.tar.xz
9cde0f1509328bc5fe2cb46642b53c7681c548cf28a2fb83eda7e9374c9c0ad27a0cd55b9c0cc93951def58dafa55ee71cace5493ddcb7966ee94dc5f1099739 ignore-apk-tools-checksums.patch"
diff --git a/main/tar/CVE-2016-6321.patch b/main/tar/CVE-2016-6321.patch
deleted file mode 100644
index d2f5a0764f..0000000000
--- a/main/tar/CVE-2016-6321.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
-Date: Sat, 29 Oct 2016 21:04:40 -0700
-Subject: [PATCH] When extracting, skip ".." members
-
-* NEWS: Document this.
-* src/extract.c (extract_archive): Skip members whose names
-contain "..".
----
- src/extract.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/extract.c b/src/extract.c
-index f982433..7904148 100644
---- a/src/extract.c
-+++ b/src/extract.c
-@@ -1629,12 +1629,20 @@ extract_archive (void)
- {
- char typeflag;
- tar_extractor_t fun;
-+ bool skip_dotdot_name;
-
- fatal_exit_hook = extract_finish;
-
- set_next_block_after (current_header);
-
-+ skip_dotdot_name = (!absolute_names_option
-+ && contains_dot_dot (current_stat_info.orig_file_name));
-+ if (skip_dotdot_name)
-+ ERROR ((0, 0, _("%s: Member name contains '..'"),
-+ quotearg_colon (current_stat_info.orig_file_name)));
-+
- if (!current_stat_info.file_name[0]
-+ || skip_dotdot_name
- || (interactive_option
- && !confirm ("extract", current_stat_info.file_name)))
- {