Version in base suite: 1.2.20-8 Base version: libtar_1.2.20-8 Target version: libtar_1.2.20-8+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libt/libtar/libtar_1.2.20-8.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libt/libtar/libtar_1.2.20-8+deb12u1.dsc changelog | 10 + patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch | 40 ++++++ patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch | 110 ++++++++++++++++++ patches/series | 2 4 files changed, 162 insertions(+) diff -Nru libtar-1.2.20/debian/changelog libtar-1.2.20/debian/changelog --- libtar-1.2.20/debian/changelog 2019-08-25 16:49:41.000000000 +0000 +++ libtar-1.2.20/debian/changelog 2025-01-20 09:39:12.000000000 +0000 @@ -1,3 +1,13 @@ +libtar (1.2.20-8+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * CVE-2021-33643: out-of-bounds read in gnu_longlink() + * CVE-2021-33644: out-of-bounds read in gnu_longname() + * CVE-2021-33645: memory leak in th_read() + * CVE-2021-33646: memory leak in th_read() + + -- Adrian Bunk Mon, 20 Jan 2025 11:39:12 +0200 + libtar (1.2.20-8) unstable; urgency=low * Convert debian/rules to modern dh style and upgrade to compat level diff -Nru libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch --- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch 1970-01-01 00:00:00.000000000 +0000 +++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch 2025-01-20 09:38:54.000000000 +0000 @@ -0,0 +1,40 @@ +From 6bacfdcb84a4b80c7c026e926b7e1f84d6eed26d Mon Sep 17 00:00:00 2001 +From: shixuantong <1726671442@qq.com> +Date: Wed, 6 Apr 2022 17:40:57 +0800 +Subject: [PATCH] Ensure that sz is greater than 0. + +--- + lib/block.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/lib/block.c b/lib/block.c +index 092bc28..80b41ac 100644 +--- a/lib/block.c ++++ b/lib/block.c +@@ -118,6 +118,11 @@ th_read(TAR *t) + if (TH_ISLONGLINK(t)) + { + sz = th_get_size(t); ++ if ((int)sz <= 0) ++ { ++ errno = EINVAL; ++ return -1; ++ } + blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0); + if (blocks > ((size_t)-1 / T_BLOCKSIZE)) + { +@@ -168,6 +173,11 @@ th_read(TAR *t) + if (TH_ISLONGNAME(t)) + { + sz = th_get_size(t); ++ if ((int)sz <= 0) ++ { ++ errno = EINVAL; ++ return -1; ++ } + blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0); + if (blocks > ((size_t)-1 / T_BLOCKSIZE)) + { +-- +1.8.3.1 + diff -Nru libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch --- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch 1970-01-01 00:00:00.000000000 +0000 +++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch 2025-01-20 09:39:12.000000000 +0000 @@ -0,0 +1,110 @@ +From 8ba8e71a2b86d08ddd3478a4797170f95766c2af Mon Sep 17 00:00:00 2001 +From: shixuantong +Date: Sat, 7 May 2022 17:04:46 +0800 +Subject: [PATCH] fix memory leak + +--- + lib/libtar.h | 1 + + lib/util.c | 9 ++++++++- + lib/wrapper.c | 11 +++++++++++ + libtar/libtar.c | 3 +++ + 4 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/lib/libtar.h b/lib/libtar.h +index 08a8e0f..8b00e93 100644 +--- a/lib/libtar.h ++++ b/lib/libtar.h +@@ -285,6 +285,7 @@ int oct_to_int(char *oct); + /* integer to string-octal conversion, no NULL */ + void int_to_oct_nonull(int num, char *oct, size_t octlen); + ++void free_longlink_longname(struct tar_header th_buf); + + /***** wrapper.c **********************************************************/ + +diff --git a/lib/util.c b/lib/util.c +index 11438ef..8a42e62 100644 +--- a/lib/util.c ++++ b/lib/util.c +@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen) + oct[octlen - 1] = ' '; + } + +- ++void free_longlink_longname(struct tar_header th_buf) ++{ ++ if (th_buf.gnu_longname != NULL) ++ free(th_buf.gnu_longname); ++ if (th_buf.gnu_longlink !=NULL) ++ free(th_buf.gnu_longlink); ++} +diff --git a/lib/wrapper.c b/lib/wrapper.c +index 44cc435..df6d617 100644 +--- a/lib/wrapper.c ++++ b/lib/wrapper.c +@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix) + if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD)) + { + if (TH_ISREG(t) && tar_skip_regfile(t)) ++ { ++ free_longlink_longname(t->th_buf); + return -1; ++ } + continue; + } + if (t->options & TAR_VERBOSE) +@@ -58,11 +58,13 @@ tar_extract_glob(TAR *t, char *globname, + if (tar_extract_file(t, buf) != 0) + { + free(buf); ++ free_longlink_longname(t->th_buf); + return -1; + } + free(buf); + } + ++ free_longlink_longname(t->th_buf); + return (i == 1 ? 0 : -1); + } + +@@ -109,11 +111,13 @@ tar_extract_all(TAR *t, char *prefix) + if (tar_extract_file(t, buf) != 0) + { + free(buf); ++ free_longlink_longname(t->th_buf); + return -1; + } + free(buf); + } + ++ free_longlink_longname(t->th_buf); + return (i == 1 ? 0 : -1); + } + +diff --git a/libtar/libtar.c b/libtar/libtar.c +index 23f8741..7e7354f 100644 +--- a/libtar/libtar.c ++++ b/libtar/libtar.c +@@ -196,6 +196,7 @@ list(char *tarfile) + { + fprintf(stderr, "tar_skip_regfile(): %s\n", + strerror(errno)); ++ free_longlink_longname(t->th_buf); + return -1; + } + } +@@ -217,10 +218,12 @@ list(char *tarfile) + + if (tar_close(t) != 0) + { ++ free_longlink_longname(t->th_buf); + fprintf(stderr, "tar_close(): %s\n", strerror(errno)); + return -1; + } + ++ free_longlink_longname(t->th_buf); + return 0; + } + +-- +1.8.3.1 diff -Nru libtar-1.2.20/debian/patches/series libtar-1.2.20/debian/patches/series --- libtar-1.2.20/debian/patches/series 2016-10-11 20:01:03.000000000 +0000 +++ libtar-1.2.20/debian/patches/series 2025-01-20 09:39:12.000000000 +0000 @@ -5,3 +5,5 @@ oldgnu_prefix.patch testsuite.patch no_strip.patch +openEuler-CVE-2021-33643-CVE-2021-33644.patch +openEuler-CVE-2021-33645-CVE-2021-33646.patch