fix CVE-2022-48303
This commit is contained in:
wangjiang
parent
e28075f1be
commit
d52f82a727
31
backport-CVE-2022-48303.patch
Normal file
31
backport-CVE-2022-48303.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matej Mužila <mmuzila@gmail.com>
|
||||||
|
Date: Wed, 11 Jan 2023 08:55:58 +0100
|
||||||
|
Subject: [PATCH] Fix savannah bug #62387
|
||||||
|
|
||||||
|
* src/list.c (from_header): Check for the end of field after leading byte
|
||||||
|
(0x80 or 0xff) of base-256 encoded header value
|
||||||
|
---
|
||||||
|
src/list.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/list.c b/src/list.c
|
||||||
|
index 9fafc425..bf41b581 100644
|
||||||
|
--- a/src/list.c
|
||||||
|
+++ b/src/list.c
|
||||||
|
@@ -899,6 +899,12 @@ from_header (char const *where0, size_t digs, char const *type,
|
||||||
|
<< (CHAR_BIT * sizeof (uintmax_t)
|
||||||
|
- LG_256 - (LG_256 - 2)));
|
||||||
|
value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit;
|
||||||
|
+ if (where == lim)
|
||||||
|
+ {
|
||||||
|
+ if (type && !silent)
|
||||||
|
+ ERROR ((0, 0, _("Archive base-256 value is invalid")));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
value = (value << LG_256) + (unsigned char) *where++;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
||||||
6
tar.spec
6
tar.spec
@ -1,6 +1,6 @@
|
|||||||
Name: tar
|
Name: tar
|
||||||
Version: 1.32
|
Version: 1.32
|
||||||
Release: 2
|
Release: 3
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Summary: An organized and systematic method of controlling a large amount of data
|
Summary: An organized and systematic method of controlling a large amount of data
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -9,6 +9,7 @@ Source0: https://ftp.gnu.org/gnu/tar/tar-%{version}.tar.xz
|
|||||||
Source1: https://ftp.gnu.org/gnu/tar/tar-%{version}.tar.xz.sig
|
Source1: https://ftp.gnu.org/gnu/tar/tar-%{version}.tar.xz.sig
|
||||||
|
|
||||||
Patch6000: backport-CVE-2021-20193.patch
|
Patch6000: backport-CVE-2021-20193.patch
|
||||||
|
Patch6001: backport-CVE-2022-48303.patch
|
||||||
|
|
||||||
BuildRequires: autoconf automake texinfo gettext libacl-devel attr acl policycoreutils
|
BuildRequires: autoconf automake texinfo gettext libacl-devel attr acl policycoreutils
|
||||||
Provides: bundled(gnulib) /bin/tar /bin/gtar
|
Provides: bundled(gnulib) /bin/tar /bin/gtar
|
||||||
@ -76,6 +77,9 @@ make check
|
|||||||
%{_infodir}/tar.info*
|
%{_infodir}/tar.info*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 08 2023 wangjiang <wangjiang37@h-partners.com> 2:1.32-3
|
||||||
|
- fix CVE-2022-48303
|
||||||
|
|
||||||
* Wed Apr 14 2021 shixuantong <shixuantong> - 2:1.32-2
|
* Wed Apr 14 2021 shixuantong <shixuantong> - 2:1.32-2
|
||||||
- fix CVE-2021-20193
|
- fix CVE-2021-20193
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user