diff --git a/tar-1.17-paxlib-owl-alloca.patch b/tar-1.17-paxlib-owl-alloca.patch
new file mode 100644
index 0000000..4bdaff8
--- /dev/null
+++ b/tar-1.17-paxlib-owl-alloca.patch
@@ -0,0 +1,95 @@
+2007-08-15  Dmitry V. Levin <ldv@owl.openwall.com>
+
+	Do not use alloca to avoid stack overflow with untrusted input.
+
+	* lib/paxnames.c (hash_string_insert_direct): New function.
+	(hash_string_insert): Use it.
+	(hash_string_insert_data): New function.
+	(safer_name_suffix): Use it instead of hash_string_insert()
+	and alloca().
+
+--- lib/paxnames.c
++++ lib/paxnames.c
+@@ -36,22 +36,50 @@
+   return strcmp (name1, name2) == 0;
+ }
+ 
+-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+-   copy of STRING to TABLE and return 1.  */
+-bool
+-hash_string_insert (Hash_table **table, char const *string)
++/* Return zero if TABLE contains given STRING; otherwise, insert
++   given STRING to TABLE and return 1.  */
++static bool
++hash_string_insert_direct (Hash_table **table, char const *string)
+ {
+   Hash_table *t = *table;
+-  char *s = xstrdup (string);
+   char *e;
+ 
+   if (! ((t
+ 	  || (*table = t = hash_initialize (0, 0, hash_string_hasher,
+ 					    hash_string_compare, 0)))
+-	 && (e = hash_insert (t, s))))
++	 && (e = hash_insert (t, string))))
+     xalloc_die ();
+ 
+-  if (e == s)
++  return (e == string);
++}
++
++/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
++   copy of STRING to TABLE and return 1.  */
++bool
++hash_string_insert (Hash_table **table, char const *string)
++{
++  char *s = xstrdup (string);
++
++  if (hash_string_insert_direct (table, s))
++    return 1;
++  else
++    {
++      free (s);
++      return 0;
++    }
++}
++
++/* Return zero if TABLE contains a string which is a NULL-terminated
++   copy of DATA of given LENGTH; otherwise, insert a string which is a
++   NULL-terminated copy of DATA of given LENGTH to TABLE and return 1.  */
++static bool
++hash_string_insert_data (Hash_table **table, char const *data, size_t length)
++{
++  char *s = xmalloc (length + 1);
++  memcpy (s, data, length);
++  s[length] = '\0';
++
++  if (hash_string_insert_direct (table, s))
+     return 1;
+   else
+     {
+@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+ 
+       if (prefix_len)
+ 	{
+-	  char *prefix = alloca (prefix_len + 1);
+-	  memcpy (prefix, file_name, prefix_len);
+-	  prefix[prefix_len] = '\0';
+-
+-	  if (hash_string_insert (&prefix_table[link_target], prefix))
++	  if (hash_string_insert_data (&prefix_table[link_target],
++				       file_name, prefix_len))
+ 	    {
+ 	      static char const *const diagnostic[] =
+ 	      {
+-		N_("Removing leading `%s' from member names"),
+-		N_("Removing leading `%s' from hard link targets")
++		N_("Removing leading `%.*s' from member names"),
++		N_("Removing leading `%.*s' from hard link targets")
+ 	      };
+-	      WARN ((0, 0, _(diagnostic[link_target]), prefix));
++	      WARN ((0, 0, _(diagnostic[link_target]),
++			   (unsigned)prefix_len, file_name));
+ 	    }
+ 	}
+     }
diff --git a/tar.changes b/tar.changes
index 06b8cf4..3b856c0 100644
--- a/tar.changes
+++ b/tar.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 17 14:14:39 CEST 2007 - lmichnovic@suse.cz
+
+- upstream fix: use of alloca can cause stack overflow
+  (paxlib-owl-alloca.patch)
+
 -------------------------------------------------------------------
 Thu Jun 21 10:17:56 CEST 2007 - mkoenig@suse.de
 
diff --git a/tar.spec b/tar.spec
index 9988d6e..84fb17d 100644
--- a/tar.spec
+++ b/tar.spec
@@ -13,19 +13,20 @@
 Name:           tar
 BuildRequires:  help2man
 URL:            http://www.gnu.org/software/tar/
-License:        GNU General Public License (GPL)
+License:        GPL v2 or later
 Group:          System/Base
 Provides:       base:/bin/tar
 PreReq:         %install_info_prereq
 Autoreqprov:    on
 Version:        1.17
-Release:        1
+Release:        11
 Summary:        GNU implementation of tar ((t)ape (ar)chiver)
 Source0:        %name-%version.tar.bz2
 Patch0:         tar-disable_languages.patch
 Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-1.17-testsuite12.patch	
+Patch4:         tar-1.17-paxlib-owl-alloca.patch	
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define _bindir  /bin
 
@@ -65,6 +66,7 @@ Authors:
 %patch1 -p1
 %patch2 -p1
 %patch3
+%patch4
 
 %build
 rm -f po/no.* po/ky.*
@@ -106,6 +108,9 @@ rm -r %buildroot/usr/libexec
 rm -rf $RPM_BUILD_ROOT
 
 %changelog
+* Fri Aug 17 2007 - lmichnovic@suse.cz
+- upstream fix: use of alloca can cause stack overflow
+  (paxlib-owl-alloca.patch)
 * Thu Jun 21 2007 - mkoenig@suse.de
 - update to version 1.17:
   * Fix archivation of sparse files in posix mode