diff --git a/bsc1202436.patch b/bsc1202436.patch new file mode 100644 index 0000000..94c22e5 --- /dev/null +++ b/bsc1202436.patch @@ -0,0 +1,14 @@ +diff --git a/src/extract.c b/src/extract.c +index 37ab2956..b70b6c2f 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -854,6 +854,9 @@ maybe_recoverable (char *file_name, bool regular, bool *interdir_made) + case EEXIST: + /* Remove an old file, if the options allow this. */ + ++ if (strlen(file_name) == 1 && *file_name == '.') ++ return RECOVER_NO; ++ + switch (old_files_option) + { + case SKIP_OLD_FILES: diff --git a/tar.changes b/tar.changes index d7635d9..a930420 100644 --- a/tar.changes +++ b/tar.changes @@ -6,9 +6,9 @@ Tue Feb 14 11:07:40 UTC 2023 - Danilo Spinella (CVE-2022-48303, bsc#1207753) * fix-CVE-2022-48303.patch - Fix hang when unpacking test tarball, bsc#1202436 - * remove bsc1202436.patch - * bsc1202436-1.patch * bsc1202436-1.patch + * bsc1202436-2.patch + * go-testsuite-test-hang.patch ------------------------------------------------------------------- Tue Dec 27 13:22:21 UTC 2022 - Ludwig Nussel diff --git a/tar.spec b/tar.spec index ed2e0f5..6d0b2ff 100644 --- a/tar.spec +++ b/tar.spec @@ -51,12 +51,13 @@ Patch11: tar-fix-extract-unlink.patch # PATCH-FIX-SUSE danilo.spinella@suse.com bsc#1202436 Patch12: go-testsuite-test-hang.patch # PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1202436 -Patch13: bsc1202436-1.patch -Patch14: bsc1202436-2.patch +Patch13: bsc1202436.patch +Patch14: bsc1202436-1.patch +Patch15: bsc1202436-2.patch # PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1207753 # tar has a one-byte out-of-bounds read that results in use of # uninitialized memory for a conditional jump -Patch15: fix-CVE-2022-48303.patch +Patch16: fix-CVE-2022-48303.patch BuildRequires: automake >= 1.15 BuildRequires: libacl-devel BuildRequires: libselinux-devel @@ -136,6 +137,7 @@ it may as well access remote devices or files. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 cp %{S:3} tests %build