diff options
author | Alex Vong <alexvong1995@gmail.com> | 2016-12-31 00:05:49 +0800 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-01-01 20:19:36 -0500 |
commit | 20be64dcf7d4d08e75eb56c34890420bea7882ec (patch) | |
tree | b7513f16357459b762afdf6f0c6ce4b68d542246 | |
parent | 89ccb1d88132be14180ca3068df57d685dacdb08 (diff) | |
download | guix-20be64dcf7d4d08e75eb56c34890420bea7882ec.tar.gz |
gnu: tar: Fix CVE-2016-6321.
* gnu/packages/patches/tar-CVE-2016-6321.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/base.scm (tar)[source]: Use it. Signed-off-by: Leo Famulari <leo@famulari.name>
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/base.scm | 3 | ||||
-rw-r--r-- | gnu/packages/patches/tar-CVE-2016-6321.patch | 51 |
3 files changed, 54 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 79d6b14a2b..00f47e3165 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -857,6 +857,7 @@ dist_patch_DATA = \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ + %D%/packages/patches/tar-CVE-2016-6321.patch \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 30364f373c..1962086169 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -162,7 +162,8 @@ implementation offers several extensions over the standard utility.") (sha256 (base32 "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0")) - (patches (search-patches "tar-skip-unreliable-tests.patch")))) + (patches (search-patches "tar-CVE-2016-6321.patch" + "tar-skip-unreliable-tests.patch")))) (build-system gnu-build-system) ;; Note: test suite requires ~1GiB of disk space. (arguments diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch new file mode 100644 index 0000000000..b79be9bc94 --- /dev/null +++ b/gnu/packages/patches/tar-CVE-2016-6321.patch @@ -0,0 +1,51 @@ +Fix CVE-2016-6321: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321 +https://security-tracker.debian.org/tracker/CVE-2016-6321 + +Patch adapted from upstream source repository (the changes to 'NEWS' +don't apply to the Tar 1.29 release tarball). + +http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d + +From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> +Date: Sat, 29 Oct 2016 21:04:40 -0700 +Subject: [PATCH] When extracting, skip ".." members + +* NEWS: Document this. +* src/extract.c (extract_archive): Skip members whose names +contain "..". +--- + NEWS | 8 +++++++- + src/extract.c | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { +-- +2.11.0 + |