Add software packages for oem needs library

[AGL/meta-agl-devel.git] / meta-oem-extra-libs / recipes-core / libtar / files / CVE-2013-4420.patch
diff --git a/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch b/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch

new file mode 100644 (file)

index 0000000..477d130
--- /dev/null
+++ b/meta-oem-extra-libs/recipes-core/libtar/files/CVE-2013-4420.patch
@@ -0,0 +1,113 @@
+Author: Raphael Geissert <geissert@debian.org>
+Bug-Debian: https://bugs.debian.org/731860
+Description: Avoid directory traversal when extracting archives 
+ by skipping over leading slashes and any prefix containing ".." components.
+Forwarded: yes
+
+--- a/lib/decode.c
++++ b/lib/decode.c
+@@ -22,13 +22,42 @@
+ # include <string.h>
+ #endif
+ 
++char *
++safer_name_suffix (char const *file_name)
++{
++      char const *p, *t;
++      p = t = file_name;
++      while (*p == '/') t = ++p;
++      while (*p)
++      {
++              while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
++              {
++                      p += 3;
++                      t = p;
++              }
++              /* advance pointer past the next slash */
++              while (*p && (p++)[0] != '/');
++      }
++
++      if (!*t)
++      {
++              t = ".";
++      }
++
++      if (t != file_name)
++      {
++              /* TODO: warn somehow that the path was modified */
++      }
++      return (char*)t;
++}
++
+ 
+ /* determine full path name */
+ char *
+ th_get_pathname(TAR *t)
+ {
+       if (t->th_buf.gnu_longname)
+-              return t->th_buf.gnu_longname;
++              return safer_name_suffix(t->th_buf.gnu_longname);
+ 
+       /* allocate the th_pathname buffer if not already */
+       if (t->th_pathname == NULL)
+@@ -51,7 +80,7 @@ th_get_pathname(TAR *t)
+       }
+ 
+       /* will be deallocated in tar_close() */
+-      return t->th_pathname;
++      return safer_name_suffix(t->th_pathname);
+ }
+ 
+ 
+--- a/lib/extract.c
++++ b/lib/extract.c
+@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real
+       if (mkdirhier(dirname(filename)) == -1)
+               return -1;
+       libtar_hashptr_reset(&hp);
+-      if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
++      if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
+                              (libtar_matchfunc_t)libtar_str_match) != 0)
+       {
+               lnp = (char *)libtar_hashptr_data(&hp);
+               linktgt = &lnp[strlen(lnp) + 1];
+       }
+       else
+-              linktgt = th_get_linkname(t);
++              linktgt = safer_name_suffix(th_get_linkname(t));
+ 
+ #ifdef DEBUG
+       printf("  ==> extracting: %s (link to %s)\n", filename, linktgt);
+@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna
+ 
+ #ifdef DEBUG
+       printf("  ==> extracting: %s (symlink to %s)\n",
+-             filename, th_get_linkname(t));
++             filename, safer_name_suffix(th_get_linkname(t)));
+ #endif
+-      if (symlink(th_get_linkname(t), filename) == -1)
++      if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
+       {
+ #ifdef DEBUG
+               perror("symlink()");
+--- a/lib/internal.h
++++ b/lib/internal.h
+@@ -21,3 +21,4 @@
+ #define TLS_THREAD
+ #endif
+ 
++char* safer_name_suffix(char const*);
+--- a/lib/output.c
++++ b/lib/output.c
+@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t)
+               else
+                       printf(" link to ");
+               if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
+-                      printf("%s", t->th_buf.gnu_longlink);
++                      printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
+               else
+-                      printf("%.100s", t->th_buf.linkname);
++                      printf("%.100s", safer_name_suffix(t->th_buf.linkname));
+       }
+ 
+       putchar('\n');