From 70160e5164e816a2d53aae09da97e197ad9591e5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 28 2023 11:44:04 +0000
Subject: import libtar-1.2.20-17.el8


---

diff --git a/SOURCES/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch b/SOURCES/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
new file mode 100644
index 0000000..f6692c3
--- /dev/null
+++ b/SOURCES/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
@@ -0,0 +1,40 @@
+From 3936c7aa74d89e7a91dfbb2c1b7bfcad58a0355d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671442@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH 1/2] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..f12c4bc 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGLINK(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGNAME(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+-- 
+2.37.1
+
diff --git a/SOURCES/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch b/SOURCES/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch
new file mode 100644
index 0000000..c625d61
--- /dev/null
+++ b/SOURCES/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch
@@ -0,0 +1,30 @@
+From 78e95da690556874baac96dd1d655e577c6d8e95 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 4 Oct 2022 10:39:35 +0200
+Subject: [PATCH] free memory allocated by gnu_long* fields
+
+---
+ lib/handle.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/handle.c b/lib/handle.c
+index 28a7dc2..18bd8dc 100644
+--- a/lib/handle.c
++++ b/lib/handle.c
+@@ -122,8 +122,11 @@ tar_close(TAR *t)
+ 		libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
+ 					? free
+ 					: (libtar_freefunc_t)tar_dev_free));
+-	if (t->th_pathname != NULL)
+-		free(t->th_pathname);
++
++	free(t->th_pathname);
++	free(t->th_buf.gnu_longname);
++	free(t->th_buf.gnu_longlink);
++
+ 	free(t);
+ 
+ 	return i;
+-- 
+2.38.1
+
diff --git a/SPECS/libtar.spec b/SPECS/libtar.spec
index 3b5312d..1c13366 100644
--- a/SPECS/libtar.spec
+++ b/SPECS/libtar.spec
@@ -1,7 +1,7 @@
 Summary:        Tar file manipulation API
 Name:           libtar
 Version:        1.2.20
-Release:        15%{?dist}
+Release:        17%{?dist}
 License:        MIT
 URL:            http://repo.or.cz/libtar.git
 Source:         http://repo.or.cz/libtar.git/snapshot/refs/tags/v1.2.20.tar.gz#/libtar-v1.2.20.tar.gz
@@ -14,6 +14,12 @@ Patch7:         libtar-1.2.20-no-static-buffer.patch
 # fix programming mistakes detected by static analysis (#1602596)
 Patch8:         libtar-1.2.20-static-analysis.patch
 
+# fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
+Patch9:         libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
+
+# fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
+Patch10:        libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch
+
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
 
@@ -71,6 +77,13 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 
 
 %changelog
+* Mon Dec 19 2022 Kamil Dudka <kdudka@redhat.com> - 1.2.20-17
+- fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
+
+* Fri Aug 26 2022 Kamil Dudka <kdudka@redhat.com> - 1.2.20-16
+- fix memory leaks through gnu_long{name,link} (CVE-2021-33645 CVE-2021-33646)
+- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
+
 * Wed Nov 07 2018 Kamil Dudka <kdudka@redhat.com> - 1.2.20-15
 - fix programming mistakes detected by static analysis (#1602596)