diff options
-rw-r--r-- | meta/recipes-extended/tar/tar/CVE-2016-6321.patch | 66 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar_1.29.bb | 1 |
2 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2016-6321.patch b/meta/recipes-extended/tar/tar/CVE-2016-6321.patch new file mode 100644 index 0000000000..6d35bcc513 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2016-6321.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> | ||
3 | Date: Sat, 29 Oct 2016 21:04:40 -0700 | ||
4 | Subject: [PATCH] When extracting, skip ".." members | ||
5 | |||
6 | * NEWS: Document this. | ||
7 | * src/extract.c (extract_archive): Skip members whose names | ||
8 | contain "..". | ||
9 | |||
10 | CVE: CVE-2016-6321 | ||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Cherry picked from commit: 7340f67 When extracting, skip ".." members | ||
14 | |||
15 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
16 | --- | ||
17 | NEWS | 8 +++++++- | ||
18 | src/extract.c | 8 ++++++++ | ||
19 | 2 files changed, 15 insertions(+), 1 deletion(-) | ||
20 | |||
21 | diff --git a/NEWS b/NEWS | ||
22 | index 501164a..fc97cfc 100644 | ||
23 | --- a/NEWS | ||
24 | +++ b/NEWS | ||
25 | @@ -1,6 +1,12 @@ | ||
26 | -GNU tar NEWS - User visible changes. 2016-05-16 | ||
27 | +GNU tar NEWS - User visible changes. 2016-10-29 | ||
28 | Please send GNU tar bug reports to <bug-tar@gnu.org> | ||
29 | |||
30 | +* Member names containing '..' components are now skipped when extracting. | ||
31 | + | ||
32 | +This fixes tar's behavior to match its documentation, and is a bit | ||
33 | +safer when extracting untrusted archives over old files (an unsafe | ||
34 | +practice that the tar manual has long recommended against). | ||
35 | + | ||
36 | |||
37 | version 1.29 - Sergey Poznyakoff, 2016-05-16 | ||
38 | |||
39 | diff --git a/src/extract.c b/src/extract.c | ||
40 | index f982433..7904148 100644 | ||
41 | --- a/src/extract.c | ||
42 | +++ b/src/extract.c | ||
43 | @@ -1629,12 +1629,20 @@ extract_archive (void) | ||
44 | { | ||
45 | char typeflag; | ||
46 | tar_extractor_t fun; | ||
47 | + bool skip_dotdot_name; | ||
48 | |||
49 | fatal_exit_hook = extract_finish; | ||
50 | |||
51 | set_next_block_after (current_header); | ||
52 | |||
53 | + skip_dotdot_name = (!absolute_names_option | ||
54 | + && contains_dot_dot (current_stat_info.orig_file_name)); | ||
55 | + if (skip_dotdot_name) | ||
56 | + ERROR ((0, 0, _("%s: Member name contains '..'"), | ||
57 | + quotearg_colon (current_stat_info.orig_file_name))); | ||
58 | + | ||
59 | if (!current_stat_info.file_name[0] | ||
60 | + || skip_dotdot_name | ||
61 | || (interactive_option | ||
62 | && !confirm ("extract", current_stat_info.file_name))) | ||
63 | { | ||
64 | -- | ||
65 | 1.9.1 | ||
66 | |||
diff --git a/meta/recipes-extended/tar/tar_1.29.bb b/meta/recipes-extended/tar/tar_1.29.bb index efce57d9d7..f22d9c9388 100644 --- a/meta/recipes-extended/tar/tar_1.29.bb +++ b/meta/recipes-extended/tar/tar_1.29.bb | |||
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | |||
8 | 8 | ||
9 | SRC_URI += "file://remove-gets.patch \ | 9 | SRC_URI += "file://remove-gets.patch \ |
10 | file://musl_dirent.patch \ | 10 | file://musl_dirent.patch \ |
11 | file://CVE-2016-6321.patch \ | ||
11 | " | 12 | " |
12 | SRC_URI[md5sum] = "955cd533955acb1804b83fd70218da51" | 13 | SRC_URI[md5sum] = "955cd533955acb1804b83fd70218da51" |
13 | SRC_URI[sha256sum] = "236b11190c0a3a6885bdb8d61424f2b36a5872869aa3f7f695dea4b4843ae2f2" | 14 | SRC_URI[sha256sum] = "236b11190c0a3a6885bdb8d61424f2b36a5872869aa3f7f695dea4b4843ae2f2" |