diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-03-24 19:42:46 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-03-25 13:30:35 +0100 |
| commit | 694953a02401ef2e4b4ee493a3ad3a1cc50e32bb (patch) | |
| tree | a421ea19056d5286278c14af4f50e81e6873f3c6 /patches/source/tar/tar-1.13.bzip2.diff | |
| parent | 8ea2d785646a6912efbd3bdce75cbff0adafe60b (diff) | |
| download | current-694953a02401ef2e4b4ee493a3ad3a1cc50e32bb.tar.gz current-694953a02401ef2e4b4ee493a3ad3a1cc50e32bb.tar.xz | |
Fri Mar 24 19:42:46 UTC 202320230324194246_15.0
patches/packages/glibc-zoneinfo-2023b-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates.
patches/packages/tar-1.34-x86_64-2_slack15.0.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
Diffstat (limited to 'patches/source/tar/tar-1.13.bzip2.diff')
| -rw-r--r-- | patches/source/tar/tar-1.13.bzip2.diff | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/patches/source/tar/tar-1.13.bzip2.diff b/patches/source/tar/tar-1.13.bzip2.diff new file mode 100644 index 000000000..891301d14 --- /dev/null +++ b/patches/source/tar/tar-1.13.bzip2.diff @@ -0,0 +1,56 @@ +diff -Nur tar-1.13.orig/src/tar.c tar-1.13/src/tar.c +--- tar-1.13.orig/src/tar.c 1999-07-07 00:49:50.000000000 -0500 ++++ tar-1.13/src/tar.c 2017-12-22 00:39:37.515271544 -0600 +@@ -16,6 +16,8 @@ + with this program; if not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + ++/* Patched to integrate bzip2 as compression filter (option -j) */ ++ + #include "system.h" + + #include <getopt.h> +@@ -164,6 +166,8 @@ + {"block-number", no_argument, NULL, 'R'}, + {"block-size", required_argument, NULL, OBSOLETE_BLOCKING_FACTOR}, + {"blocking-factor", required_argument, NULL, 'b'}, ++ {"bzip2", required_argument, NULL, 'j'}, ++ {"bunzip2", required_argument, NULL, 'j'}, + {"catenate", no_argument, NULL, 'A'}, + {"checkpoint", no_argument, &checkpoint_option, 1}, + {"compare", no_argument, NULL, 'd'}, +@@ -340,6 +344,7 @@ + PATTERN at list/extract time, a globbing PATTERN\n\ + -o, --old-archive, --portability write a V7 format archive\n\ + --posix write a POSIX conformant archive\n\ ++ -j, --bzip2, --bunzip2 filter the archive through bzip2\n\ + -z, --gzip, --ungzip filter the archive through gzip\n\ + -Z, --compress, --uncompress filter the archive through compress\n\ + --use-compress-program=PROG filter through PROG (must accept -d)\n"), +@@ -410,13 +415,13 @@ + | Parse the options for tar. | + `----------------------------*/ + +-/* Available option letters are DEHIJQY and aejnqy. Some are reserved: ++/* Available option letters are DEHIJQY and aenqy. Some are reserved: + + y per-file gzip compression + Y per-block gzip compression */ + + #define OPTION_STRING \ +- "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hiklmoprstuvwxz" ++ "-01234567ABC:F:GK:L:MN:OPRST:UV:WX:Zb:cdf:g:hijklmoprstuvwxz" + + static void + set_subcommand_option (enum subcommand subcommand) +@@ -788,6 +793,10 @@ + FATAL_ERROR ((0, errno, "%s", optarg)); + break; + ++ case 'j': ++ set_use_compress_program_option ("bzip2"); ++ break; ++ + case 'z': + set_use_compress_program_option ("gzip"); + break; |