diff --git a/tar-1.21.tar.bz2 b/tar-1.21.tar.bz2
new file mode 100644
index 0000000..05c34f2
--- /dev/null
+++ b/tar-1.21.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc6c70d2071ca4a928460b6d68ab500a32e67d50255261a0d17765a307aeb350
+size 2071237
diff --git a/tar-heap_overflow_in_rtapelib.patch b/tar-heap_overflow_in_rtapelib.patch
new file mode 100644
index 0000000..41d0626
--- /dev/null
+++ b/tar-heap_overflow_in_rtapelib.patch
@@ -0,0 +1,52 @@
+From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Mon, 01 Mar 2010 08:49:03 +0000
+Subject: Bugfixes in rtapelib
+
+* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of
+their hardcoded values.
+* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent
+potential overflow.
+---
+diff --git a/lib/rmt.h b/lib/rmt.h
+index 50f037c..2ce9dc5 100644
+--- a/lib/rmt.h
++++ b/lib/rmt.h
+@@ -61,7 +61,7 @@ extern bool force_local_option;
+ 
+ #define rmtcreat(dev_name, mode, command) \
+    (_remdev (dev_name) \
+-    ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \
++    ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \
+     : creat (dev_name, mode))
+ 
+ #define rmtlstat(dev_name, muffer) \
+diff --git a/lib/rtapelib.c b/lib/rtapelib.c
+index 02ad1e7..cb645db 100644
+--- a/lib/rtapelib.c
++++ b/lib/rtapelib.c
+@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length)
+ 
+   sprintf (command_buffer, "R%lu\n", (unsigned long) length);
+   if (do_command (handle, command_buffer) == -1
+-      || (status = get_status (handle)) == SAFE_READ_ERROR)
++      || (status = get_status (handle)) == SAFE_READ_ERROR
++      || status > length)
+     return SAFE_READ_ERROR;
+ 
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument)
+ 	    || (status = get_status (handle), status == -1))
+ 	  return -1;
+ 
++	if (status > sizeof (struct mtop))
++	  {
++	    errno = EOVERFLOW;
++	    return -1;
++	  }
++	
+ 	for (; status > 0; status -= counter, argument += counter)
+ 	  {
+ 	    counter = safe_read (READ_SIDE (handle), argument, status);
+--
+cgit v0.8.2.1
diff --git a/tar.changes b/tar.changes
index 9ba0e4c..d22680c 100644
--- a/tar.changes
+++ b/tar.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com
+
+- added heap_overflow_in_rtapelib.patch fix possible heap overflow in 
+  rtapelib.c (bnc#579475)
+
 -------------------------------------------------------------------
 Tue Feb  2 20:35:03 UTC 2010 - mseben@novell.com
 
diff --git a/tar.spec b/tar.spec
index 1b165aa..027b8d4 100644
--- a/tar.spec
+++ b/tar.spec
@@ -36,6 +36,8 @@ Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-wildcards.patch
 Patch5:         tar-1.22-fortifysourcessigabrt.patch
+#fix possible heap overflow in rtapelib.c bnc#579475 (fix already in upstream git)
+Patch6:		    tar-heap_overflow_in_rtapelib.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Recommends:     xz
 Recommends:     tar-lang = %version
@@ -89,6 +91,7 @@ Shell scripts for system backup/restore
 %patch2 -p1
 %patch3 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 rm -f po/no.* po/ky.*