From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Mon, 7 Feb 2011 11:56:46 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Message-ID: <20110207085646.GE1556@altlinux.org>
Mail-Followup-To: ALT Devel discussion list <devel@lists.altlinux.org>
References: <20110206213640.GA605@dad.imath.kiev.ua>
	<20110206220043.GI26014@altlinux.org>
	<20110207001331.GK22517@altlinux.org>
	<20110207002327.GC28263@altlinux.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vv4Sf/kQfcwinyKX"
Content-Disposition: inline
In-Reply-To: <20110207002327.GC28263@altlinux.org>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [devel] patch: rejecting file name with ".." component
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2011 08:56:46 -0000
Archived-At: <http://lore.altlinux.org/devel/20110207085646.GE1556@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--vv4Sf/kQfcwinyKX
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 07, 2011 at 03:23:28AM +0300, Dmitry V. Levin wrote:
> On Mon, Feb 07, 2011 at 03:13:31AM +0300, Alexey Tourbin wrote:
> > On Mon, Feb 07, 2011 at 01:00:43AM +0300, Dmitry V. Levin wrote:
> > > On Sun, Feb 06, 2011 at 11:36:40PM +0200, Igor Vlasenko wrote:
> > > > =EE=CF=D7=D9=CA patch =D3=D4=C1=CC =D2=D5=C7=C1=D4=D8=D3=D1 =CE=C1 =
"..":
> > > >=20
> > > > patch: **** rejecting file name with ".." component:
> > > > ../openjdk/security/ssl/Handshaker.java
> > > > ERROR patch patches/icedtea-ssl.patch FAILED!
> > > >=20
> > > > =E5=D3=D4=D8 =CC=C9 =D7=CF=DA=CD=CF=D6=CE=CF=D3=D4=D8 =CF=D4=CB=CC=
=C0=DE=C1=D4=D8 =D4=C1=CB=CF=C5 =D0=CF=D7=C5=C4=C5=CE=C9e?
> > >=20
> > > =EE=C5=D4, =DC=D4=CF security fix, =D3=CD.
> > > http://bugzilla.redhat.com/CVE-2010-4651
> >=20
> > =F4=C1=CD =D5=D0=CF=CD=D1=CE=D5=D4 =CB=CF=CE=D3=D4=D2=D5=CB=C3=C9=D1
> >=20
> > --- /dev/null (src)
> > +++ ../../dest
> >=20
> > =F7 =D4=CF =D6=C5 =D7=D2=C5=CD=D1 =CE=CF=D7=CF=C5 =D0=CF=D7=C5=C4=C5=CE=
=C9=C5 =D3=D2=C1=C2=C1=D4=D9=D7=C1=C5=D4 =C9 =C4=CC=D1 ".." =D7 src,
> > =C1 =CE=C5 =D4=CF=CC=D8=CB=CF =D7 dest.
>=20
> =E4=C1, =D0=CF=D6=C1=CC=D5=CA =DE=D4=CF =CF=CE=C9 =D0=C5=D2=C5=C7=CE=D5=
=CC=C9 =D0=C1=CC=CB=D5, =CE=C1=C4=CF =D0=D2=C9=D3=CC=C1=D4=D8 =C9=CD =D0=C1=
=D4=DE.

=F3=C8=CF=C4=D5 =D0=C1=D4=DE =CE=C5 =CE=C1=D0=C9=D3=C1=CC=D3=D1, =CF=D3=D4=
=C1=D7=C9=CC =C9=CD =CB=CF=CD=CD=C5=CE=D4=C1=D2=C9=CA =D0=D2=CF regression.


--=20
ldv

--vv4Sf/kQfcwinyKX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1Ps84ACgkQfKvmrJ41Nh5bogCfUycnSshAPc1atwJ01/33pBA4
cK0AoINKQPuJzOlbUWtEMn5EY/xHgVOn
=Po+n
-----END PGP SIGNATURE-----

--vv4Sf/kQfcwinyKX--