commit tar for openSUSE:Factory
Hello community,
here is the log from the commit of package tar for openSUSE:Factory checked in at 2016-11-13 22:50:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tar (Old)
and /work/SRC/openSUSE:Factory/.tar.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tar"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tar/tar.changes 2016-06-07 23:43:05.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tar.new/tar.changes 2016-11-13 22:50:05.000000000 +0100
@@ -1,0 +2,9 @@
+Tue Nov 8 17:50:44 UTC 2016 - kstreitova@suse.com
+
+- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER
+ vulnerability - GNU tar archiver can be tricked into extracting
+ files and directories in the given destination, regardless of the
+ path name(s) specified on the command line [bsc#1007188]
+ [CVE-2016-6321]
+
+-------------------------------------------------------------------
New:
----
tar-1.29-extract_pathname_bypass.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tar.spec ++++++
--- /var/tmp/diff_new_pack.8QpQIE/_old 2016-11-13 22:50:07.000000000 +0100
+++ /var/tmp/diff_new_pack.8QpQIE/_new 2016-11-13 22:50:07.000000000 +0100
@@ -47,6 +47,8 @@
# add return values to the backup scripts for better results monitoring.
# https://savannah.gnu.org/patch/?8953
Patch21: add-return-values-to-backup-scripts.patch
+# PATCH-FIX-UPSTREAM bnc#1007188 CVE-2016-6321 kstreitova@suse.com -- fix POINTYFEATHER vulnerability
+Patch22: tar-1.29-extract_pathname_bypass.patch
%if 0%{?suse_version} >= %min_suse_ver
BuildRequires: automake
BuildRequires: help2man
@@ -97,6 +99,7 @@
#%patch12 -p1
%patch20 -p1
%patch21 -p1
+%patch22 -p0
%build
%define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter -fPIE
++++++ tar-1.29-extract_pathname_bypass.patch ++++++
Index: lib/paxnames.c
===================================================================
--- lib/paxnames.c.orig
+++ lib/paxnames.c
@@ -18,6 +18,7 @@
#include
participants (1)
-
root@hilbert.suse.de