diff options
Diffstat (limited to 'pkgs/tools/archivers/gnutar/CVE-2016-6321.patch')
-rw-r--r-- | pkgs/tools/archivers/gnutar/CVE-2016-6321.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch deleted file mode 100644 index c53d92891fc4..000000000000 --- a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 7340f67b9860ea0531c1450e5aa261c50f67165d -Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> -Date: Sat Oct 29 21:04:40 2016 -0700 - - When extracting, skip ".." members - - * NEWS: Document this. - * src/extract.c (extract_archive): Skip members whose names - contain "..". - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { |