commit tar for openSUSE:Factory

Sun, 10 May 2026 07:48:40 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package tar for openSUSE:Factory checked in 
at 2026-05-10 16:47:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tar (Old)
 and      /work/SRC/openSUSE:Factory/.tar.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tar"

Sun May 10 16:47:15 2026 rev:89 rq:1351363 version:1.35

Changes:
--------
--- /work/SRC/openSUSE:Factory/tar/tar.changes  2026-04-21 12:41:44.582756495 
+0200
+++ /work/SRC/openSUSE:Factory/.tar.new.1966/tar.changes        2026-05-10 
16:47:50.383589372 +0200
@@ -1,0 +2,14 @@
+Thu May  7 07:30:04 UTC 2026 - Dirk Müller <[email protected]>
+
+- remove the userspace fallback implementation for openat2
+
+-------------------------------------------------------------------
+Tue May  5 13:55:07 UTC 2026 - Antonio Teixeira <[email protected]>
+
+- Fix bsc#1246399 / CVE-2025-45582.
+- Add patch:
+  * CVE-2025-45582.patch
+- Refresh patch:
+  * tar-fix-extract-unlink.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-2025-45582.patch

----------(New B)----------
  New:- Add patch:
  * CVE-2025-45582.patch
- Refresh patch:
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tar.spec ++++++
--- /var/tmp/diff_new_pack.pIkByE/_old  2026-05-10 16:47:51.391630626 +0200
+++ /var/tmp/diff_new_pack.pIkByE/_new  2026-05-10 16:47:51.399630953 +0200
@@ -53,6 +53,7 @@
 Patch16:        fix-CVE-2022-48303.patch
 Patch17:        add_forgotten-tests.patch
 Patch18:        tar-fix-deletion-from-archive.patch
+Patch19:        CVE-2025-45582.patch
 BuildRequires:  automake >= 1.15
 BuildRequires:  libacl-devel
 BuildRequires:  libselinux-devel
@@ -120,6 +121,8 @@
 %prep
 %autosetup -p1
 touch -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} doc/tar.texi # ensure mtime is 
reproducible as it ends up in tar.info (boo#1047218)
+# Fallback implementation of openat2 that is security unsafe. make sure it 
doesn't get used.
+echo > gnu/openat2.c
 cp %{S:3} tests
 
 %build

++++++ CVE-2025-45582.patch ++++++
++++ 2704 lines (skipped)


++++++ tar-fix-extract-unlink.patch ++++++
--- /var/tmp/diff_new_pack.pIkByE/_old  2026-05-10 16:47:51.563637665 +0200
+++ /var/tmp/diff_new_pack.pIkByE/_new  2026-05-10 16:47:51.571637993 +0200
@@ -1,87 +1,90 @@
-From 1e6ce98e3a4ef5c807458a35973af7e3503c678c Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <[email protected]>
-Date: Wed, 5 Jun 2024 18:19:10 +0300
-Subject: [PATCH] Fix spurious diagnostic during extraction of . with
- --keep-newer-files
-
-Bug reported in https://savannah.gnu.org/bugs/?65838.
-
-Bug introduced by 79d1ac38c1.
-
-* src/extract.c (make_directories): Restore second argument.  This
-reverts the change made in 79d1ac38c1.
-(maybe_recoverable, rename_directory): Update calls to make_directories.
-* tests/extrac27.at: New file.
-* tests/Makefile.am: Add new test.
-* tests/testsuite.at: Likewise.
----
- src/extract.c      | 19 ++++++++++---------
- tests/Makefile.am  |  1 +
- tests/extrac27.at  | 46 ++++++++++++++++++++++++++++++++++++++++++++++
- tests/testsuite.at |  1 +
- 4 files changed, 58 insertions(+), 9 deletions(-)
- create mode 100644 tests/extrac27.at
-
 diff --git a/src/extract.c b/src/extract.c
-index 0fef0562..41f8418f 100644
+index 0261134f..f913575c 100644
 --- a/src/extract.c
 +++ b/src/extract.c
-@@ -709,9 +709,9 @@ fixup_delayed_set_stat (char const *src, char const *dst)
- /* After a file/link/directory creation has failed due to ENOENT,
-    create all required directories.  Return zero if all the required
+@@ -711,7 +711,7 @@ fixup_delayed_set_stat (char const *src, char const *dst)
     directories were created, nonzero (issuing a diagnostic) otherwise.
--   Set *INTERDIR_MADE if at least one directory was created.  */
-+   Set *INTERDIR_MADE (unless NULL) if at least one directory was created. */
+    Set *INTERDIR_MADE if at least one directory was created.  */
  static int
 -make_directories (char *file_name)
 +make_directories (char *file_name, bool *interdir_made)
  {
    char *cursor0 = file_name + FILE_SYSTEM_PREFIX_LEN (file_name);
    char *cursor;                       /* points into the file name */
-@@ -753,7 +753,8 @@ make_directories (char *file_name)
-         delay_set_stat (file_name,
-                         0, mode & ~ current_umask, MODE_RWX,
+@@ -755,6 +755,7 @@ make_directories (char *file_name)
                          desired_mode, AT_SYMLINK_NOFOLLOW);
--
-+        if (interdir_made)
-+          *interdir_made = true;
+ 
          print_for_mkdir (file_name, desired_mode);
++        *interdir_made = true;
          parent_end = NULL;
        }
-@@ -793,6 +794,9 @@ make_directories (char *file_name)
-       errno = parent_errno;
-       mkdir_error (file_name);
-     }
-+  else if (interdir_made)
-+    *interdir_made = true;
-+
-   *parent_end = '/';
- 
-   return stat_status;
-@@ -910,11 +914,8 @@ maybe_recoverable (char *file_name, bool regular, bool 
*interdir_made)
+       else
+@@ -910,11 +911,8 @@ maybe_recoverable (char *file_name, bool regular, bool 
*interdir_made)
  
      case ENOENT:
        /* Attempt creating missing intermediate directories. */
 -      if (make_directories (file_name) == 0)
 -      {
 -        *interdir_made = true;
--        return RECOVER_OK;
++      if (make_directories (file_name, interdir_made) == 0)
+         return RECOVER_OK;
 -      }
-+      if (make_directories (file_name, interdir_made) == 0 && *interdir_made)
-+      return RECOVER_OK;
        break;
  
      default:
-@@ -2011,7 +2012,7 @@ rename_directory (char *src, char *dst)
+@@ -1109,7 +1107,7 @@ extract_dir (char *file_name, int typeflag)
+             || old_files_option == NO_OVERWRITE_DIR_OLD_FILES
+             || old_files_option == DEFAULT_OLD_FILES
+             || old_files_option == OVERWRITE_OLD_FILES)
+-          {
++              {
+             struct stat st;
+             st.st_mode = 0;
+ 
+@@ -1117,21 +1115,21 @@ extract_dir (char *file_name, int typeflag)
+                 && is_directory_link (file_name, &st))
+               return 0;
+ 
+-            if ((st.st_mode != 0 && fstatat_flags == 0)
+-                || deref_stat (file_name, &st) == 0)
+-              {
++      if ((st.st_mode != 0 && fstatat_flags == 0)
++        || deref_stat (file_name, &st) == 0)
++                  {
+                 current_mode = st.st_mode;
+                 current_mode_mask = ALL_MODE_BITS;
+ 
+                 if (S_ISDIR (current_mode))
+-                  {
+-                    if (interdir_made)
+-                      {
+-                        repair_delayed_set_stat (file_name, &st);
+-                        return 0;
+-                      }
+-                    else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES)
+                       {
++                    if (interdir_made)
++                          {
++                        repair_delayed_set_stat (file_name, &st);
++                        return 0;
++                          }
++            else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES)
++                          {
+                         /* Temporarily change the directory mode to a safe
+                            value, to be able to create files in it, should
+                            the need be.
+@@ -2007,11 +2005,12 @@ rename_directory (char *src, char *dst)
+   else
+     {
+       int e = errno;
++      bool interdir_made;
+ 
        switch (e)
        {
        case ENOENT:
 -        if (make_directories (dst) == 0)
-+        if (make_directories (dst, NULL) == 0)
++        if (make_directories (dst, &interdir_made) == 0)
            {
              if (renameat (chdir_fd, src, chdir_fd, dst) == 0)
                return true;
--- 
-2.45.2
-

Reply via email to