Fix a security bug that allows extracted filenames to contain ".." and

bump PORTREVISION.

Submitted by:	naddy

3 files changed, 44 insertions, 12 deletions

diff --git a/archivers/gtar/Makefile b/archivers/gtar/Makefile
index 2c49447cb853..0b66aed0a1a5 100644
--- a/archivers/gtar/Makefile
+++ b/archivers/gtar/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	tar
 PORTVERSION=	1.13.25
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers sysutils
 MASTER_SITES=	ftp://alpha.gnu.org/gnu/tar/ \
 		ftp://ftp.sunsite.org.uk/Mirrors/alpha.gnu.org/gnu/tar/ \
diff --git a/archivers/gtar/files/patch-src::extract.c b/archivers/gtar/files/patch-src::extract.c
index 7a0a41640fa8..e49d24faf86b 100644
--- a/archivers/gtar/files/patch-src::extract.c
+++ b/archivers/gtar/files/patch-src::extract.c
@@ -1,11 +1,8 @@
-Index: src/extract.c
-===================================================================
-RCS file: /home/ncvs/src/contrib/tar/src/extract.c,v
-retrieving revision 1.1.1.1
-retrieving revision 1.3
-diff -d -u -r1.1.1.1 -r1.3
---- src/extract.c	4 Jun 2002 10:37:44 -0000	1.1.1.1
-+++ src/extract.c	7 Jun 2002 06:02:35 -0000	1.3
+
+$FreeBSD$
+
+--- src/extract.c.orig	Mon Sep 24 20:55:17 2001
++++ src/extract.c	Wed Oct  2 19:10:55 2002
 @@ -19,6 +19,8 @@
     with this program; if not, write to the Free Software Foundation, Inc.,
     59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
@@ -25,3 +22,24 @@ diff -d -u -r1.1.1.1 -r1.3
    same_owner_option += we_are_root;
    xalloc_fail_func = extract_finish;
  
+@@ -1019,10 +1023,19 @@
+       {
+ 	struct stat st1, st2;
+ 	int e;
++	size_t skiplinkcrud;
++
++	if (absolute_names_option)
++	  skiplinkcrud = 0;
++	else {
++	  skiplinkcrud = FILESYSTEM_PREFIX_LEN (current_link_name);
++	  while (ISSLASH (current_link_name[skiplinkcrud]))
++	    skiplinkcrud++;
++	}
+ 
+ 	/* MSDOS does not implement links.  However, djgpp's link() actually
+ 	   copies the file.  */
+-	status = link (current_link_name, CURRENT_FILE_NAME);
++	status = link (current_link_name + skiplinkcrud, CURRENT_FILE_NAME);
+ 
+ 	if (status == 0)
+ 	  {
diff --git a/archivers/gtar/files/patch-src::misc.c b/archivers/gtar/files/patch-src::misc.c
index 1a891c28e9a3..8d5564eec1cd 100644
--- a/archivers/gtar/files/patch-src::misc.c
+++ b/archivers/gtar/files/patch-src::misc.c
@@ -1,9 +1,23 @@
 
 $FreeBSD$
 
---- src/misc.c	2002/06/01 21:08:46	1.1
-+++ src/misc.c	2002/06/01 21:09:16
-@@ -549,10 +549,8 @@
+--- src/misc.c.orig	Mon Aug 27 01:14:26 2001
++++ src/misc.c	Wed Oct  2 19:10:55 2002
+@@ -214,6 +214,13 @@
+ 	    return 0;
+ 	}
+       while (! ISSLASH (*p));
++
++      do
++	{
++	  if (! *p++)
++	    return 0;
++	}
++      while ( ISSLASH (*p));
+     }
+ }
+ 
+@@ -549,10 +556,8 @@
  chmod_error_details (char const *name, mode_t mode)
  {
    int e = errno;