4 files changed, 8 insertions, 3 deletions

diff --git a/UPDATING b/UPDATING
index 5c996821c40ac..daffe76d0ef9f 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,11 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
+20071129:	p17	FreeBSD-SA-07:09.random, FreeBSD-SA-07:10.gtar
+	Correct a random value disclosure in random(4). [07:09]
+
+	Correct a gtar directory traversal vulnerability. [07:10]
+
 20071003:	p16	FreeBSD-SA-07:08.openssl
 	Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
 
diff --git a/contrib/tar/src/misc.c b/contrib/tar/src/misc.c
index 8ece9c6ffd3ff..a6193552458a0 100644
--- a/contrib/tar/src/misc.c
+++ b/contrib/tar/src/misc.c
@@ -210,12 +210,11 @@ contains_dot_dot (char const *name)
       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
 	return 1;
 
-      do
+      while (! ISSLASH (*p))
 	{
 	  if (! *p++)
 	    return 0;
 	}
-      while (! ISSLASH (*p));
 
       do
 	{
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 6093ef8448416..a41150fac5edf 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.5"
-BRANCH="RELEASE-p16"
+BRANCH="RELEASE-p17"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
index ae22046925b03..d0a82ff6ba36a 100644
--- a/sys/dev/random/yarrow.c
+++ b/sys/dev/random/yarrow.c
@@ -298,6 +298,7 @@ random_yarrow_read(void *buf, int count)
 				random_state.outputblocks = 0;
 			}
 			retval += (int)tomove;
+			cur = 0;
 		}
 	}
 	else {