mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
694953a024
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
56 lines
2.1 KiB
Diff
56 lines
2.1 KiB
Diff
diff -Nur tar-1.13.orig/src/tar.c tar-1.13/src/tar.c
|
|
--- tar-1.13.orig/src/tar.c 1999-07-07 00:49:50.000000000 -0500
|
|
+++ tar-1.13/src/tar.c 2017-12-22 00:39:37.515271544 -0600
|
|
@@ -16,6 +16,8 @@
|
|
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
|
|
|
|
+/* Patched to integrate bzip2 as compression filter (option -j) */
|
|
+
|
|
#include "system.h"
|
|
|
|
#include <getopt.h>
|
|
@@ -164,6 +166,8 @@
|
|
{"block-number", no_argument, NULL, 'R'},
|
|
{"block-size", required_argument, NULL, OBSOLETE_BLOCKING_FACTOR},
|
|
{"blocking-factor", required_argument, NULL, 'b'},
|
|
+ {"bzip2", required_argument, NULL, 'j'},
|
|
+ {"bunzip2", required_argument, NULL, 'j'},
|
|
{"catenate", no_argument, NULL, 'A'},
|
|
{"checkpoint", no_argument, &checkpoint_option, 1},
|
|
{"compare", no_argument, NULL, 'd'},
|
|
@@ -340,6 +344,7 @@
|
|
PATTERN at list/extract time, a globbing PATTERN\n\
|
|
-o, --old-archive, --portability write a V7 format archive\n\
|
|
--posix write a POSIX conformant archive\n\
|
|
+ -j, --bzip2, --bunzip2 filter the archive through bzip2\n\
|
|
-z, --gzip, --ungzip filter the archive through gzip\n\
|
|
-Z, --compress, --uncompress filter the archive through compress\n\
|
|
--use-compress-program=PROG filter through PROG (must accept -d)\n"),
|
|
@@ -410,13 +415,13 @@
|
|
| Parse the options for tar. |
|
|
`----------------------------*/
|
|
|
|
-/* Available option letters are DEHIJQY and aejnqy. Some are reserved:
|
|
+/* Available option letters are DEHIJQY and aenqy. Some are reserved:
|
|
|
|
y per-file gzip compression
|
|
Y per-block gzip compression */
|
|
|
|
#define OPTION_STRING \
|
|
- "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hiklmoprstuvwxz"
|
|
+ "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hijklmoprstuvwxz"
|
|
|
|
static void
|
|
set_subcommand_option (enum subcommand subcommand)
|
|
@@ -788,6 +793,10 @@
|
|
FATAL_ERROR ((0, errno, "%s", optarg));
|
|
break;
|
|
|
|
+ case 'j':
|
|
+ set_use_compress_program_option ("bzip2");
|
|
+ break;
|
|
+
|
|
case 'z':
|
|
set_use_compress_program_option ("gzip");
|
|
break;
|