Your message dated Sat, 15 Mar 2025 09:44:44 +0000
with message-id <e1tto4s-005kkc...@coccia.debian.org>
and subject line Close 1093625
has caused the Debian Bug report #1093625,
regarding bookworm-pu: package libtar/1.2.20-8+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1093625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093625
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: secur...@debian.org
* CVE-2021-33643: out-of-bounds read in gnu_longlink()
* CVE-2021-33644: out-of-bounds read in gnu_longname()
* CVE-2021-33645: memory leak in th_read()
* CVE-2021-33646: memory leak in th_read()
diffstat for libtar-1.2.20 libtar-1.2.20
changelog | 10 +
patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch | 40 ++++++
patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch | 110 ++++++++++++++++++
patches/series | 2
4 files changed, 162 insertions(+)
diff -Nru libtar-1.2.20/debian/changelog libtar-1.2.20/debian/changelog
--- libtar-1.2.20/debian/changelog 2019-08-25 19:49:41.000000000 +0300
+++ libtar-1.2.20/debian/changelog 2025-01-20 11:39:12.000000000 +0200
@@ -1,3 +1,13 @@
+libtar (1.2.20-8+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2021-33643: out-of-bounds read in gnu_longlink()
+ * CVE-2021-33644: out-of-bounds read in gnu_longname()
+ * CVE-2021-33645: memory leak in th_read()
+ * CVE-2021-33646: memory leak in th_read()
+
+ -- Adrian Bunk <b...@debian.org> Mon, 20 Jan 2025 11:39:12 +0200
+
libtar (1.2.20-8) unstable; urgency=low
* Convert debian/rules to modern dh style and upgrade to compat level
diff -Nru
libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch
libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch
--- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch
1970-01-01 02:00:00.000000000 +0200
+++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch
2025-01-20 11:38:54.000000000 +0200
@@ -0,0 +1,40 @@
+From 6bacfdcb84a4b80c7c026e926b7e1f84d6eed26d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671...@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..80b41ac 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ if (TH_ISLONGLINK(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ if (TH_ISLONGNAME(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+--
+1.8.3.1
+
diff -Nru
libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch
libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch
--- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch
1970-01-01 02:00:00.000000000 +0200
+++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch
2025-01-20 11:39:12.000000000 +0200
@@ -0,0 +1,110 @@
+From 8ba8e71a2b86d08ddd3478a4797170f95766c2af Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuant...@h-partners.com>
+Date: Sat, 7 May 2022 17:04:46 +0800
+Subject: [PATCH] fix memory leak
+
+---
+ lib/libtar.h | 1 +
+ lib/util.c | 9 ++++++++-
+ lib/wrapper.c | 11 +++++++++++
+ libtar/libtar.c | 3 +++
+ 4 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/lib/libtar.h b/lib/libtar.h
+index 08a8e0f..8b00e93 100644
+--- a/lib/libtar.h
++++ b/lib/libtar.h
+@@ -285,6 +285,7 @@ int oct_to_int(char *oct);
+ /* integer to string-octal conversion, no NULL */
+ void int_to_oct_nonull(int num, char *oct, size_t octlen);
+
++void free_longlink_longname(struct tar_header th_buf);
+
+ /***** wrapper.c **********************************************************/
+
+diff --git a/lib/util.c b/lib/util.c
+index 11438ef..8a42e62 100644
+--- a/lib/util.c
++++ b/lib/util.c
+@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen)
+ oct[octlen - 1] = ' ';
+ }
+
+-
++void free_longlink_longname(struct tar_header th_buf)
++{
++ if (th_buf.gnu_longname != NULL)
++ free(th_buf.gnu_longname);
++ if (th_buf.gnu_longlink !=NULL)
++ free(th_buf.gnu_longlink);
++}
+diff --git a/lib/wrapper.c b/lib/wrapper.c
+index 44cc435..df6d617 100644
+--- a/lib/wrapper.c
++++ b/lib/wrapper.c
+@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
+ if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
+ {
+ if (TH_ISREG(t) && tar_skip_regfile(t))
++ {
++ free_longlink_longname(t->th_buf);
+ return -1;
++ }
+ continue;
+ }
+ if (t->options & TAR_VERBOSE)
+@@ -58,11 +58,13 @@ tar_extract_glob(TAR *t, char *globname,
+ if (tar_extract_file(t, buf) != 0)
+ {
+ free(buf);
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ free(buf);
+ }
+
++ free_longlink_longname(t->th_buf);
+ return (i == 1 ? 0 : -1);
+ }
+
+@@ -109,11 +111,13 @@ tar_extract_all(TAR *t, char *prefix)
+ if (tar_extract_file(t, buf) != 0)
+ {
+ free(buf);
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ free(buf);
+ }
+
++ free_longlink_longname(t->th_buf);
+ return (i == 1 ? 0 : -1);
+ }
+
+diff --git a/libtar/libtar.c b/libtar/libtar.c
+index 23f8741..7e7354f 100644
+--- a/libtar/libtar.c
++++ b/libtar/libtar.c
+@@ -196,6 +196,7 @@ list(char *tarfile)
+ {
+ fprintf(stderr, "tar_skip_regfile(): %s\n",
+ strerror(errno));
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ }
+@@ -217,10 +218,12 @@ list(char *tarfile)
+
+ if (tar_close(t) != 0)
+ {
++ free_longlink_longname(t->th_buf);
+ fprintf(stderr, "tar_close(): %s\n", strerror(errno));
+ return -1;
+ }
+
++ free_longlink_longname(t->th_buf);
+ return 0;
+ }
+
+--
+1.8.3.1
diff -Nru libtar-1.2.20/debian/patches/series
libtar-1.2.20/debian/patches/series
--- libtar-1.2.20/debian/patches/series 2016-10-11 23:01:03.000000000 +0300
+++ libtar-1.2.20/debian/patches/series 2025-01-20 11:39:12.000000000 +0200
@@ -5,3 +5,5 @@
oldgnu_prefix.patch
testsuite.patch
no_strip.patch
+openEuler-CVE-2021-33643-CVE-2021-33644.patch
+openEuler-CVE-2021-33645-CVE-2021-33646.patch
--- End Message ---
--- Begin Message ---
Version: 12.10
This update has been released as part of 12.10. Thank you for your contribution.
--- End Message ---
