app-arch/tar: Revision bump to 1.29-r1 to add patch for CVE-2016-6321

Gentoo-Bug: 598334

Package-Manager: portage-2.3.2

1 files changed, 27 insertions, 0 deletions

diff --git a/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
new file mode 100644
index 000000000000..6470fe082bda
--- /dev/null
+++ b/app-arch/tar/files/tar-1.29-extract-pathname-bypass.patch
@@ -0,0 +1,27 @@
+--- a/lib/paxnames.c	2016-04-06 00:04:47.314860045 +0300
++++ b/lib/paxnames.c	2016-04-06 02:08:44.962297881 +0300
+@@ -18,6 +18,7 @@
+ #include <system.h>
+ #include <hash.h>
+ #include <paxlib.h>
++#include <quotearg.h>
+ 
+ 
+ /* Hash tables of strings.  */
+@@ -114,7 +115,15 @@
+       for (p = file_name + prefix_len; *p; )
+ 	{
+           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+-	    prefix_len = p + 2 - file_name;
++            {
++	      static char const *const diagnostic[] =
++	      {
++		N_("%s: Member name contains '..'"),
++		N_("%s: Hard link target contains '..'")
++	      };
++	      ERROR ((0, 0, _(diagnostic[link_target]),
++	              quotearg_colon (file_name)));
++	    }
+ 
+ 	  do
+ 	    {