From 521d9e0eade8efa74ebd75771a0a7cdac24c64d6 Mon Sep 17 00:00:00 2001
From: Christian Weisgerber <naddy@FreeBSD.org>
Date: Thu, 30 Nov 2006 20:31:51 +0000
Subject: Fix GNUTYPE_NAMES directory traversal vulnerability by not extracting
 these entries.  Support for GNUTYPE_NAMES will be dropped completely in
 1.16.1.

Notified by sem@

Security:	VuXML 3dd7eb58-80ae-11db-b4ec-000854d03344
---
 archivers/gtar/Makefile                  |  2 +-
 archivers/gtar/files/patch-src_extract.c | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 archivers/gtar/files/patch-src_extract.c

(limited to 'archivers/gtar')

diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile
index 22ad679ffb68..5306c50966a2 100644
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	tar
 PORTVERSION=	1.16
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers sysutils
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/archivers/gtar/files/patch-src_extract.c b/archivers/gtar/files/patch-src_extract.c
new file mode 100644
index 000000000000..07e8db665bfa
--- /dev/null
+++ b/archivers/gtar/files/patch-src_extract.c
@@ -0,0 +1,16 @@
+
+$FreeBSD$
+
+--- src/extract.c.orig
++++ src/extract.c
+@@ -1121,10 +1121,6 @@
+       *fun = extract_volhdr;
+       break;
+ 
+-    case GNUTYPE_NAMES:
+-      *fun = extract_mangle_wrapper;
+-      break;
+-
+     case GNUTYPE_MULTIVOL:
+       ERROR ((0, 0,
+ 	      _("%s: Cannot extract -- file is continued from another volume"),
-- 
cgit v1.2.3