| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| no_static_buffers.patch | decode: avoid using a static buffer in th_get_pathname() A solution suggested by Chris Frey: https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html Note this can break programs that expect sizeof(TAR) to be fixed. |
Kamil Dudka <kdudka@redhat.com> | no | http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 | 2013-10-23 | |
| no_maxpathlen.patch | Fix FTBFS on Hurd by dynamically allocating path names. Depends on no_static_buffers.patch, which introduced the th_pathname field. | Magnus Holmgren <magnus@debian.org> | no | debian | ||
| CVE-2013-4420.patch | Avoid directory traversal when extracting archives by skipping over leading slashes and any prefix containing ".." components. | Raphael Geissert <geissert@debian.org> | invalid | debian | ||
| th_get_size-unsigned-int.patch | [PATCH] Change th_get_size() macro to return unsigned int On systems where size_t is larger than an int (and larger than unsigned int), then in various places in the library, where stuff like this happens: size_t sz = th_get_size(t); then the int value returned from th_get_size() is sign extended to some unwieldy amount. On 64bit systems, this can yield extremely large values. By fixing this problem in the header, and only for th_get_size(), we avoid breaking the API of the function call oct_to_int() (which arguably should return an unsigned int, since the sscanf() it uses expects to yield an unsigned int). We also fix the library, which uses th_get_size() internally to assign sizes to size_t. The drawback is that not all client code that uses th_get_size() will be fixed, until they recompile, but they will automatically take advantage of the bugs fixed *inside* the library. The remaining th_get_*() functions operate on modes and CRC values and the like, and should be fine, remaining as ints. Thanks very much to Magnus Holmgren for catching this behaviour. https://lists.feep.net:8080/pipermail/libtar/2013-October/000365.html |
Chris Frey <cdfrey@foursquare.net> | no | http://repo.or.cz/w/libtar.git/commitdiff/e4c1f2974258d6a325622cfd712873d49b5e7a73 | 2013-10-24 | |
| oldgnu_prefix.patch | Detect old-style GNU headers correctly | Steinar H. Gunderson <sesse@debian.org> | no | |||
| testsuite.patch | no | |||||
| no_strip.patch | make install must not strip binaries | no |