tar/tar-fortifysourcessigabrt.patch

Index: tar-1.23/src/create.c
===================================================================
--- tar-1.23.orig/src/create.c
+++ tar-1.23/src/create.c
@@ -530,8 +530,8 @@ start_private_header (const char *name,
   GID_TO_CHARS (getgid (), header->header.gid);
   MAJOR_TO_CHARS (0, header->header.devmajor);
   MINOR_TO_CHARS (0, header->header.devminor);
-  strncpy (header->header.magic, TMAGIC, TMAGLEN);
-  strncpy (header->header.version, TVERSION, TVERSLEN);
+  memcpy (header->header.magic, TMAGIC, TMAGLEN);
+  memcpy (header->header.version, TVERSION, TVERSLEN);
   return header;
 }
 
@@ -575,7 +575,10 @@ write_gnu_long_link (struct tar_stat_inf
   GNAME_TO_CHARS (tmpname, header->header.gname);
   free (tmpname);
 
-  strcpy (header->header.magic, OLDGNU_MAGIC);
+  /* OLDGNU_MAGIC is string with 7 chars + NULL */
+  memcpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
+  memcpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
+           sizeof(header->header.version));
   header->header.typeflag = type;
   finish_header (st, header, -1);
 
@@ -910,15 +913,19 @@ start_header (struct tar_stat_info *st)
       break;
 
     case OLDGNU_FORMAT:
-    case GNU_FORMAT:   /*FIXME?*/
-      /* Overwrite header->header.magic and header.version in one blow.  */
-      strcpy (header->header.magic, OLDGNU_MAGIC);
+    case GNU_FORMAT:
+      /* OLDGNU_MAGIC is string with 7 chars + NULL */
+      memcpy (header->header.magic, OLDGNU_MAGIC,
+              sizeof(header->header.magic));
+      memcpy (header->header.version,
+              OLDGNU_MAGIC+sizeof(header->header.magic),
+              sizeof(header->header.version));
       break;
 
     case POSIX_FORMAT:
     case USTAR_FORMAT:
-      strncpy (header->header.magic, TMAGIC, TMAGLEN);
-      strncpy (header->header.version, TVERSION, TVERSLEN);
+      memcpy (header->header.magic, TMAGIC, TMAGLEN);
+      memcpy (header->header.version, TVERSION, TVERSLEN);
       break;
 
     default: