This issue is not public.
Created attachment 79933 [details, diff] patch from RedHat
Created attachment 79934 [details] demonstration script to reproduce issue
Created attachment 79935 [details] malformed tar archive
Upstream has been informed and has requested non-disclosure until a new version can be prepared for release.
.
This issue is public
base-system: no new release from upstream yet, this issue is pretty serious, could you patch our package?
i heard from a little birdie that the RedHat patch was not correct ...
Could you elaborate ? That's not what *my* little birdie told me. And this just can't wait :)
vapier/base-system: please apply patch or tell us why you can't
This bug is fairly critical, do you have any update vapier/base-system guys? We really need to get a fix out asap, we're already late on this one.
Added tar-1.15.1-r1 to the tree for CVE-2006-0300 tar-1.15.1: alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86 tar-1.15.1-r1: ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 tar aborts correctly when using the demonstration script. I also tested a few tar.gz files and a few tar.bz2 files. tar is a vital program to a functioning gentoo system so arch maintainers are encouraged to test carefully.
Arches please test and mark stable
Verified, revision tested and marked stable for hppa.
sparc stable.
IA64 done.
Tested app-arch/tar-1.15.1-r1 for amd64. Builds and runs. Apparently properly errors on demo script with: "/bin/tar: memory exhausted /bin/tar: Error is not recoverable: exiting now" Able to properly untar from tar.bz2 a large archive (kernel sources), retar with gzip, untar, retar without compression and untar, with no apparent errors (kernel builds). Happy to do additional regression tests (this is, after all, a pretty critical app) if someone can suggest them, otherwise I'd recommend stable on amd64.
amd64 done
x86 done
stable on ppc64
Builds and runs on ppc. Regression-test as in #17: passed Also run the demoscript, output while untaring the malformed archive: pluto ~ # /bin/tar tf z.tar /bin/tar: Extended header GNU.sparse.numblocks=4294967296 is out of range /bin/tar: Malformed extended header: excess GNU.sparse.offset=1048576 big /bin/tar: Error exit delayed from previous errors Recommend stable marks on ppc.
alpha stable
ppc please mark stable, following comment #21
ppc stable
GLSA 200603-06
Stable on mips.