This issue is not public.
Created attachment 79933 [details, diff]
patch from RedHat
Created attachment 79934 [details]
demonstration script to reproduce issue
Created attachment 79935 [details]
malformed tar archive
Upstream has been informed and has requested non-disclosure until a new version can be prepared for release.
This issue is public
base-system: no new release from upstream yet, this issue is pretty serious, could you patch our package?
i heard from a little birdie that the RedHat patch was not correct ...
Could you elaborate ? That's not what *my* little birdie told me. And this just can't wait :)
vapier/base-system: please apply patch or tell us why you can't
This bug is fairly critical, do you have any update vapier/base-system guys?
We really need to get a fix out asap, we're already late on this one.
Added tar-1.15.1-r1 to the tree for CVE-2006-0300
tar-1.15.1: alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
tar-1.15.1-r1: ~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86
tar aborts correctly when using the demonstration script.
I also tested a few tar.gz files and a few tar.bz2 files.
tar is a vital program to a functioning gentoo system so arch maintainers
are encouraged to test carefully.
Arches please test and mark stable
Verified, revision tested and marked stable for hppa.
Tested app-arch/tar-1.15.1-r1 for amd64.
Builds and runs.
Apparently properly errors on demo script with: "/bin/tar: memory exhausted
/bin/tar: Error is not recoverable: exiting now"
Able to properly untar from tar.bz2 a large archive (kernel sources), retar with gzip, untar, retar without compression and untar, with no apparent errors (kernel builds).
Happy to do additional regression tests (this is, after all, a pretty critical app) if someone can suggest them, otherwise I'd recommend stable on amd64.
stable on ppc64
Builds and runs on ppc. Regression-test as in #17: passed
Also run the demoscript, output while untaring the malformed archive:
pluto ~ # /bin/tar tf z.tar
/bin/tar: Extended header GNU.sparse.numblocks=4294967296 is out of range
/bin/tar: Malformed extended header: excess GNU.sparse.offset=1048576
/bin/tar: Error exit delayed from previous errors
Recommend stable marks on ppc.
ppc please mark stable, following comment #21
Stable on mips.