From 885805a01076ed2f22349f9bac2b4ba5099703a7df5e31bbb3d76065dfb194c9 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 10 Nov 2016 22:20:00 +0000
Subject: [PATCH] Accepting request 439571 from
 home:kstreitova:branches:Base:System

- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER
  vulnerability - GNU tar archiver can be tricked into extracting
  files and directories in the given destination, regardless of the
  path name(s) specified on the command line [bsc#1007188]
  [CVE-2016-6321]

OBS-URL: https://build.opensuse.org/request/show/439571
OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=73
---
 tar-1.29-extract_pathname_bypass.patch | 29 ++++++++++++++++++++++++++
 tar.changes                            |  9 ++++++++
 tar.spec                               |  3 +++
 3 files changed, 41 insertions(+)
 create mode 100644 tar-1.29-extract_pathname_bypass.patch

diff --git a/tar-1.29-extract_pathname_bypass.patch b/tar-1.29-extract_pathname_bypass.patch
new file mode 100644
index 0000000..2e00dac
--- /dev/null
+++ b/tar-1.29-extract_pathname_bypass.patch
@@ -0,0 +1,29 @@
+Index: lib/paxnames.c
+===================================================================
+--- lib/paxnames.c.orig
++++ lib/paxnames.c
+@@ -18,6 +18,7 @@
+ #include <system.h>
+ #include <hash.h>
+ #include <paxlib.h>
++#include <quotearg.h>
+ 
+ 
+ /* Hash tables of strings.  */
+@@ -114,7 +115,15 @@ safer_name_suffix (char const *file_name
+       for (p = file_name + prefix_len; *p; )
+ 	{
+           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+-	    prefix_len = p + 2 - file_name;
++            {
++	      static char const *const diagnostic[] =
++	      {
++		N_("%s: Member name contains '..'"),
++		N_("%s: Hard link target contains '..'")
++	      };
++	      FATAL_ERROR ((0, 0, _(diagnostic[link_target]),
++	                    quotearg_colon (file_name)));
++	    }
+ 
+ 	  do
+ 	    {
diff --git a/tar.changes b/tar.changes
index 4f042e4..3d20bd6 100644
--- a/tar.changes
+++ b/tar.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Nov  8 17:50:44 UTC 2016 - kstreitova@suse.com
+
+- add tar-1.29-extract_pathname_bypass.patch to fix POINTYFEATHER
+  vulnerability - GNU tar archiver can be tricked into extracting 
+  files and directories in the given destination, regardless of the 
+  path name(s) specified on the command line [bsc#1007188] 
+  [CVE-2016-6321] 
+
 -------------------------------------------------------------------
 Sat May 28 19:06:33 UTC 2016 - astieger@suse.com
 
diff --git a/tar.spec b/tar.spec
index 83af999..90f0b62 100644
--- a/tar.spec
+++ b/tar.spec
@@ -47,6 +47,8 @@ Patch20:        add_readme-tests.patch
 # add return values to the backup scripts for better results monitoring.
 # https://savannah.gnu.org/patch/?8953
 Patch21:        add-return-values-to-backup-scripts.patch
+# PATCH-FIX-UPSTREAM bnc#1007188 CVE-2016-6321 kstreitova@suse.com -- fix POINTYFEATHER vulnerability
+Patch22:        tar-1.29-extract_pathname_bypass.patch
 %if 0%{?suse_version} >= %min_suse_ver
 BuildRequires:  automake
 BuildRequires:  help2man
@@ -97,6 +99,7 @@ Upstream testsuite for the package
 #%patch12 -p1
 %patch20 -p1
 %patch21 -p1
+%patch22 -p0
 
 %build
 %define my_cflags -W -Wall -Wpointer-arith -Wstrict-prototypes -Wformat-security -Wno-unused-parameter -fPIE