Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tar for openSUSE:Factory checked in at 2023-03-02 23:01:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tar (Old) and /work/SRC/openSUSE:Factory/.tar.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tar" Thu Mar 2 23:01:48 2023 rev:80 rq:1068196 version:1.34 Changes: -------- --- /work/SRC/openSUSE:Factory/tar/tar.changes 2023-01-07 17:15:46.544746126 +0100 +++ /work/SRC/openSUSE:Factory/.tar.new.31432/tar.changes 2023-03-02 23:01:52.154720545 +0100 @@ -1,0 +2,13 @@ +Tue Feb 14 11:07:40 UTC 2023 - Danilo Spinella <danilo.spine...@suse.com> + +- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that + results in use of uninitialized memory for a conditional jump + (CVE-2022-48303, bsc#1207753) + * fix-CVE-2022-48303.patch +- Fix hang when unpacking test tarball, bsc#1202436 + * bsc1202436.patch + * bsc1202436-1.patch + * bsc1202436-2.patch + * go-testsuite-test-hang.patch + +------------------------------------------------------------------- New: ---- bsc1202436-1.patch bsc1202436-2.patch bsc1202436.patch fix-CVE-2022-48303.patch go-testsuite-test-hang.patch pax-global-records.tar ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tar.spec ++++++ --- /var/tmp/diff_new_pack.sFp3mD/_old 2023-03-02 23:01:53.014724441 +0100 +++ /var/tmp/diff_new_pack.sFp3mD/_new 2023-03-02 23:01:53.022724477 +0100 @@ -1,7 +1,7 @@ # # spec file for package tar # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,7 @@ Source1: https://ftp.gnu.org/gnu/tar/%{name}-%{version}.tar.xz.sig # http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x3602B07F55D0C732 Source2: %{name}.keyring +Source3: pax-global-records.tar Patch0: %{name}-wildcards.patch Patch1: %{name}-backup-spec-fix-paths.patch Patch2: paxutils-rtapelib_mtget.patch @@ -47,6 +48,16 @@ Patch9: tar-avoid-overflow-in-symlinks-tests.patch Patch10: bsc1200657.patch Patch11: tar-fix-extract-unlink.patch +# PATCH-FIX-SUSE danilo.spine...@suse.com bsc#1202436 +Patch12: go-testsuite-test-hang.patch +# PATCH-FIX-UPSTREAM danilo.spine...@suse.com bsc#1202436 +Patch13: bsc1202436.patch +Patch14: bsc1202436-1.patch +Patch15: bsc1202436-2.patch +# PATCH-FIX-UPSTREAM danilo.spine...@suse.com bsc#1207753 +# tar has a one-byte out-of-bounds read that results in use of +# uninitialized memory for a conditional jump +Patch16: fix-CVE-2022-48303.patch BuildRequires: automake >= 1.15 BuildRequires: libacl-devel BuildRequires: libselinux-devel @@ -109,6 +120,7 @@ %lang_package %prep +# TODO: Use autosetup %setup -q %patch0 -p1 %patch1 -p1 @@ -121,6 +133,12 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +cp %{S:3} tests %build %define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter -fPIE ++++++ bsc1202436-1.patch ++++++ >From edf38d13a47becec81b2c3a2b74f54771e1cbee4 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff <g...@gnu.org> Date: Sat, 11 Feb 2023 13:03:23 +0200 Subject: Prevent dead loop in extract_file * src/extract.c (maybe_recoverable): If make_directories indicates success, suppose some intermediate directories have been made, even if in fact they have not. That's necessary to avoid dead loops when maybe_recoverable is called with the same arguments again. --- src/extract.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/extract.c b/src/extract.c index 2d43947..aec5de6 100644 --- a/src/extract.c +++ b/src/extract.c @@ -682,7 +682,7 @@ fixup_delayed_set_stat (char const *src, char const *dst) directories were created, nonzero (issuing a diagnostic) otherwise. Set *INTERDIR_MADE if at least one directory was created. */ static int -make_directories (char *file_name, bool *interdir_made) +make_directories (char *file_name) { char *cursor0 = file_name + FILE_SYSTEM_PREFIX_LEN (file_name); char *cursor; /* points into the file name */ @@ -726,7 +726,6 @@ make_directories (char *file_name, bool *interdir_made) desired_mode, AT_SYMLINK_NOFOLLOW); print_for_mkdir (file_name, cursor - file_name, desired_mode); - *interdir_made = true; parent_end = NULL; } else @@ -882,8 +881,11 @@ maybe_recoverable (char *file_name, bool regular, bool *interdir_made) case ENOENT: /* Attempt creating missing intermediate directories. */ - if (make_directories (file_name, interdir_made) == 0) - return RECOVER_OK; + if (make_directories (file_name) == 0) + { + *interdir_made = true; + return RECOVER_OK; + } break; default: @@ -1985,12 +1987,11 @@ rename_directory (char *src, char *dst) else { int e = errno; - bool interdir_made; switch (e) { case ENOENT: - if (make_directories (dst, &interdir_made) == 0) + if (make_directories (dst) == 0) { if (renameat (chdir_fd, src, chdir_fd, dst) == 0) return true; -- cgit v1.1 ++++++ bsc1202436-2.patch ++++++ >From 5e8a915b16c5f06d2a16d98cdc2af666199caabb Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff <g...@gnu.org> Date: Sat, 11 Feb 2023 14:21:05 +0200 Subject: Changes in extended header decoder * src/xheader.c (decode_time): Fix error detection. (raw_path_decoder): Ignore empty paths. --- src/xheader.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/xheader.c b/src/xheader.c index 7ff216b..a195f3e 100644 --- a/src/xheader.c +++ b/src/xheader.c @@ -1059,6 +1059,12 @@ decode_time (struct timespec *ts, char const *arg, char const *keyword) keyword, arg)); return false; } + if (*arg_lim) + { + ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"), + keyword, arg)); + return false; + } *ts = t; return true; @@ -1247,9 +1253,12 @@ path_coder (struct tar_stat_info const *st, char const *keyword, static void raw_path_decoder (struct tar_stat_info *st, char const *arg) { - decode_string (&st->orig_file_name, arg); - decode_string (&st->file_name, arg); - st->had_trailing_slash = strip_trailing_slashes (st->file_name); + if (*arg) + { + decode_string (&st->orig_file_name, arg); + decode_string (&st->file_name, arg); + st->had_trailing_slash = strip_trailing_slashes (st->file_name); + } } -- cgit v1.1 ++++++ bsc1202436.patch ++++++ diff --git a/src/extract.c b/src/extract.c index 37ab2956..b70b6c2f 100644 --- a/src/extract.c +++ b/src/extract.c @@ -854,6 +854,9 @@ maybe_recoverable (char *file_name, bool regular, bool *interdir_made) case EEXIST: /* Remove an old file, if the options allow this. */ + if (strlen(file_name) == 1 && *file_name == '.') + return RECOVER_NO; + switch (old_files_option) { case SKIP_OLD_FILES: ++++++ fix-CVE-2022-48303.patch ++++++ >From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuz...@gmail.com> Date: Wed, 11 Jan 2023 08:55:58 +0100 Subject: [PATCH] Fix savannah bug #62387 * src/list.c (from_header): Check for the end of field after leading byte (0x80 or 0xff) of base-256 encoded header value --- src/list.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/list.c b/src/list.c index 9fafc425..bf41b581 100644 --- a/src/list.c +++ b/src/list.c @@ -895,6 +895,12 @@ from_header (char const *where0, size_t digs, char const *type, << (CHAR_BIT * sizeof (uintmax_t) - LG_256 - (LG_256 - 2))); value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit; + if (where == lim) + { + if (type && !silent) + ERROR ((0, 0, _("Archive base-256 value is invalid"))); + return -1; + } for (;;) { value = (value << LG_256) + (unsigned char) *where++; -- 2.38.1 ++++++ go-testsuite-test-hang.patch ++++++ Index: tar-1.34/tests/testsuite.at =================================================================== --- tar-1.34.orig/tests/testsuite.at +++ tar-1.34/tests/testsuite.at @@ -204,6 +204,8 @@ m4_include([version.at]) m4_include([pipe.at]) +m4_include([go-testsuite-test-hang.at]) + AT_BANNER([Options]) m4_include([options.at]) m4_include([options02.at]) Index: tar-1.34/suse-test.at =================================================================== --- /dev/null +++ tar-1.34/tests/go-testsuite-test-hang.at @@ -0,0 +1,9 @@ +AT_SETUP([try extracting archive without hanging]) +AT_KEYWORDS([suse]) + +AT_TAR_CHECK([ +# This command will fail, just don't hang +tar xf ../../../pax-global-records.tar || exit 0 +]) + +AT_CLEANUP
