From 2827f691c9a5cbe20264a87eb9140be17461ebf1a3de01110ce9dfca018be5d4 Mon Sep 17 00:00:00 2001
From: OBS User autobuild <null@suse.de>
Date: Fri, 26 Mar 2010 01:16:16 +0000
Subject: [PATCH] Accepting request 35527 from Base:System

checked in (request 35527)

OBS-URL: https://build.opensuse.org/request/show/35527
OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=16
---
 ...ch => tar-1.22-fortifysourcessigabrt.patch | 12 ++---
 tar-1.22.tar.bz2                              |  3 ++
 tar-1.23.tar.bz2                              |  3 --
 tar-disable-listed02-test.diff                | 10 ++++
 tar-disable-listed02-test.patch               | 12 -----
 tar-disable_languages.patch                   |  6 +--
 tar-heap_overflow_in_rtapelib.patch           | 52 +++++++++++++++++++
 tar-manpage.patch                             | 20 +++----
 tar-wildcards.patch                           | 18 ++++---
 tar.changes                                   | 22 --------
 tar.spec                                      | 11 ++--
 11 files changed, 102 insertions(+), 67 deletions(-)
 rename tar-fortifysourcessigabrt.patch => tar-1.22-fortifysourcessigabrt.patch (86%)
 create mode 100644 tar-1.22.tar.bz2
 delete mode 100644 tar-1.23.tar.bz2
 create mode 100644 tar-disable-listed02-test.diff
 delete mode 100644 tar-disable-listed02-test.patch
 create mode 100644 tar-heap_overflow_in_rtapelib.patch

diff --git a/tar-fortifysourcessigabrt.patch b/tar-1.22-fortifysourcessigabrt.patch
similarity index 86%
rename from tar-fortifysourcessigabrt.patch
rename to tar-1.22-fortifysourcessigabrt.patch
index 8e895d2..92ac632 100644
--- a/tar-fortifysourcessigabrt.patch
+++ b/tar-1.22-fortifysourcessigabrt.patch
@@ -1,8 +1,8 @@
-Index: tar-1.23/src/create.c
+Index: tar-1.21/src/create.c
 ===================================================================
---- tar-1.23.orig/src/create.c
-+++ tar-1.23/src/create.c
-@@ -530,8 +530,8 @@ start_private_header (const char *name,
+--- tar-1.21.orig/src/create.c
++++ tar-1.21/src/create.c
+@@ -532,8 +532,8 @@ start_private_header (const char *name,
    GID_TO_CHARS (getgid (), header->header.gid);
    MAJOR_TO_CHARS (0, header->header.devmajor);
    MINOR_TO_CHARS (0, header->header.devminor);
@@ -13,7 +13,7 @@ Index: tar-1.23/src/create.c
    return header;
  }
  
-@@ -575,7 +575,10 @@ write_gnu_long_link (struct tar_stat_inf
+@@ -577,7 +577,10 @@ write_gnu_long_link (struct tar_stat_inf
    GNAME_TO_CHARS (tmpname, header->header.gname);
    free (tmpname);
  
@@ -25,7 +25,7 @@ Index: tar-1.23/src/create.c
    header->header.typeflag = type;
    finish_header (st, header, -1);
  
-@@ -910,15 +913,19 @@ start_header (struct tar_stat_info *st)
+@@ -907,15 +910,19 @@ start_header (struct tar_stat_info *st)
        break;
  
      case OLDGNU_FORMAT:
diff --git a/tar-1.22.tar.bz2 b/tar-1.22.tar.bz2
new file mode 100644
index 0000000..650bd58
--- /dev/null
+++ b/tar-1.22.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3cefb67f197a3f8f5235999fe749ced0889466a71ddcbc96fddca84e5d53aa4d
+size 2094575
diff --git a/tar-1.23.tar.bz2 b/tar-1.23.tar.bz2
deleted file mode 100644
index e073d98..0000000
--- a/tar-1.23.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c9328372db62fbb1d94c9e4e3cefc961111af46de47085b635359c00a0eebe36
-size 2189324
diff --git a/tar-disable-listed02-test.diff b/tar-disable-listed02-test.diff
new file mode 100644
index 0000000..26f4eaa
--- /dev/null
+++ b/tar-disable-listed02-test.diff
@@ -0,0 +1,10 @@
+--- tar-1.15.1/tests/testsuite.at
++++ tar-1.15.1/tests/testsuite.at
+@@ -87,7 +87,6 @@
+ m4_include([incr01.at])
+ m4_include([incr02.at])
+ m4_include([listed01.at])
+-m4_include([listed02.at])
+ m4_include([incr03.at])
+ m4_include([incr04.at])
+ m4_include([rename01.at])
diff --git a/tar-disable-listed02-test.patch b/tar-disable-listed02-test.patch
deleted file mode 100644
index 956e2aa..0000000
--- a/tar-disable-listed02-test.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Index: tar-1.23/tests/testsuite.at
-===================================================================
---- tar-1.23.orig/tests/testsuite.at
-+++ tar-1.23/tests/testsuite.at
-@@ -157,7 +157,6 @@ m4_include([incremental.at])
- m4_include([incr01.at])
- m4_include([incr02.at])
- m4_include([listed01.at])
--m4_include([listed02.at])
- m4_include([incr03.at])
- m4_include([incr04.at])
- m4_include([incr05.at])
diff --git a/tar-disable_languages.patch b/tar-disable_languages.patch
index f7fe21c..6229edf 100644
--- a/tar-disable_languages.patch
+++ b/tar-disable_languages.patch
@@ -1,9 +1,9 @@
 Disable the languages, which don't have yet a path in /usr/share/locale/
 
-Index: tar-1.23/po/LINGUAS
+Index: tar-1.20/po/LINGUAS
 ===================================================================
---- tar-1.23.orig/po/LINGUAS
-+++ tar-1.23/po/LINGUAS
+--- tar-1.20.orig/po/LINGUAS
++++ tar-1.20/po/LINGUAS
 @@ -16,7 +16,6 @@ id
  it
  ja
diff --git a/tar-heap_overflow_in_rtapelib.patch b/tar-heap_overflow_in_rtapelib.patch
new file mode 100644
index 0000000..41d0626
--- /dev/null
+++ b/tar-heap_overflow_in_rtapelib.patch
@@ -0,0 +1,52 @@
+From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Mon, 01 Mar 2010 08:49:03 +0000
+Subject: Bugfixes in rtapelib
+
+* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of
+their hardcoded values.
+* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent
+potential overflow.
+---
+diff --git a/lib/rmt.h b/lib/rmt.h
+index 50f037c..2ce9dc5 100644
+--- a/lib/rmt.h
++++ b/lib/rmt.h
+@@ -61,7 +61,7 @@ extern bool force_local_option;
+ 
+ #define rmtcreat(dev_name, mode, command) \
+    (_remdev (dev_name) \
+-    ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \
++    ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \
+     : creat (dev_name, mode))
+ 
+ #define rmtlstat(dev_name, muffer) \
+diff --git a/lib/rtapelib.c b/lib/rtapelib.c
+index 02ad1e7..cb645db 100644
+--- a/lib/rtapelib.c
++++ b/lib/rtapelib.c
+@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length)
+ 
+   sprintf (command_buffer, "R%lu\n", (unsigned long) length);
+   if (do_command (handle, command_buffer) == -1
+-      || (status = get_status (handle)) == SAFE_READ_ERROR)
++      || (status = get_status (handle)) == SAFE_READ_ERROR
++      || status > length)
+     return SAFE_READ_ERROR;
+ 
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument)
+ 	    || (status = get_status (handle), status == -1))
+ 	  return -1;
+ 
++	if (status > sizeof (struct mtop))
++	  {
++	    errno = EOVERFLOW;
++	    return -1;
++	  }
++	
+ 	for (; status > 0; status -= counter, argument += counter)
+ 	  {
+ 	    counter = safe_read (READ_SIDE (handle), argument, status);
+--
+cgit v0.8.2.1
diff --git a/tar-manpage.patch b/tar-manpage.patch
index 4866fcb..eaefb65 100644
--- a/tar-manpage.patch
+++ b/tar-manpage.patch
@@ -1,7 +1,7 @@
-Index: tar-1.23/doc/Makefile.am
+Index: tar-1.20/doc/Makefile.am
 ===================================================================
---- tar-1.23.orig/doc/Makefile.am
-+++ tar-1.23/doc/Makefile.am
+--- tar-1.20.orig/doc/Makefile.am
++++ tar-1.20/doc/Makefile.am
 @@ -32,6 +32,9 @@ tar_TEXINFOS = \
   sparse.texi\
   value.texi
@@ -23,16 +23,16 @@ Index: tar-1.23/doc/Makefile.am
  header.texi: $(top_srcdir)/src/tar.h
  	sed -f $(srcdir)/texify.sed $(top_srcdir)/src/tar.h \
  	  | expand >$@
-Index: tar-1.23/Makefile.am
+Index: tar-1.20/Makefile.am
 ===================================================================
---- tar-1.23.orig/Makefile.am
-+++ tar-1.23/Makefile.am
+--- tar-1.20.orig/Makefile.am
++++ tar-1.20/Makefile.am
 @@ -20,7 +20,7 @@
  
  ACLOCAL_AMFLAGS = -I m4
- EXTRA_DIST = ChangeLog.1 Make.rules
--SUBDIRS = doc gnu lib rmt src scripts po tests
-+SUBDIRS = gnu lib rmt src doc scripts po tests
+ EXTRA_DIST = ChangeLog.1 PORTS
+-SUBDIRS = doc lib rmt src scripts po tests
++SUBDIRS = lib rmt src doc scripts po tests
  
  dist-hook: 
- 	$(MAKE) changelog_dir=$(distdir) ChangeLog
+ 	-rm -f $(distdir).cpio
diff --git a/tar-wildcards.patch b/tar-wildcards.patch
index 6905ad4..2e1dcc8 100644
--- a/tar-wildcards.patch
+++ b/tar-wildcards.patch
@@ -1,15 +1,19 @@
-Index: tar-1.23/src/names.c
+Index: src/names.c
 ===================================================================
---- tar-1.23.orig/src/names.c
-+++ tar-1.23/src/names.c
-@@ -909,10 +909,6 @@ collect_and_sort_names (void)
-     {
-       if (name->found_count || name->directory)
+RCS file: /cvsroot/tar/tar/src/names.c,v
+retrieving revision 1.60
+diff -p -u -r1.60 names.c
+--- a/src/names.c	20 Jun 2006 15:14:19 -0000	1.60
++++ b/src/names.c	6 Feb 2007 23:02:39 -0000
+@@ -813,10 +813,6 @@ collect_and_sort_names (void)
+       next_name = name->next;
+       if (name->found_count || name->dir_contents)
  	continue;
 -      if (name->matching_flags & EXCLUDE_WILDCARDS)
 -	/* NOTE: EXCLUDE_ANCHORED is not relevant here */
 -	/* FIXME: just skip regexps for now */
 -	continue;
        chdir_do (name->change_dir);
- 
        if (name->name[0] == 0)
+ 	continue;
+
diff --git a/tar.changes b/tar.changes
index 156b417..d22680c 100644
--- a/tar.changes
+++ b/tar.changes
@@ -1,25 +1,3 @@
--------------------------------------------------------------------
-Fri Mar 12 16:21:49 UTC 2010 - mseben@novell.com
-
-- updated to version 1.23
-  * Improved record size autodetection
-  * Use of lseek on seekable archives
-  * New command line option --warning
-  * New command line option --level
-  * Improved behavior if some files were removed during incremental dumps
-  * Modification times of PAX extended headers
-  * Time references in the --pax-option argument
-  * Augmented environment of the --to-command script
-  * Fix handling of hard link targets by -c --transform
-  * Fix hard links recognition with -c --remove-files
-  * Fix restoring files from backup (debian bug #508199)
-  * Correctly restore modes and permissions on existing directories
-  * The --remove-files option removes files only if they were succesfully stored in the archive
-  * Fix storing and listing of the volume labels in POSIX format
-  * Improve algorithm for splitting long file names (ustar format)
-  * Fix possible memory overflow in the rmt client code (CVE-2010-0624)
-- deprecated heap_overflow_in_rtapelib.patch  
-
 -------------------------------------------------------------------
 Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com
 
diff --git a/tar.spec b/tar.spec
index 94ed769..d60910c 100644
--- a/tar.spec
+++ b/tar.spec
@@ -26,16 +26,18 @@ Group:          System/Base
 Provides:       base:/bin/tar
 PreReq:         %install_info_prereq
 AutoReqProv:    on
-Version:        1.23
+Version:        1.22
 Release:        2
 Summary:        GNU implementation of tar ((t)ape (ar)chiver)
 Source0:        %name-%version.tar.bz2
 #
 Patch0:         tar-disable_languages.patch
-Patch1:         tar-disable-listed02-test.patch
+Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-wildcards.patch
-Patch5:         tar-fortifysourcessigabrt.patch
+Patch5:         tar-1.22-fortifysourcessigabrt.patch
+#fix possible heap overflow in rtapelib.c bnc#579475 (fix already in upstream git)
+Patch6:         tar-heap_overflow_in_rtapelib.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Recommends:     xz
 Recommends:     tar-lang = %version
@@ -89,6 +91,7 @@ Shell scripts for system backup/restore
 %patch2 -p1
 %patch3 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 rm -f po/no.* po/ky.*
@@ -127,7 +130,7 @@ rm -r %buildroot/usr/libexec
 %files
 %defattr(-, root, root)
 %_bindir/tar
-%doc README* ABOUT-NLS AUTHORS COPYING NEWS THANKS ChangeLog TODO
+%doc README* ABOUT-NLS AUTHORS COPYING NEWS THANKS ChangeLog PORTS TODO
 %_infodir/tar.info*.gz
 %_mandir/man1/tar.1.gz