GNU bug report logs

#47422 tar is vulnerable to CVE-2021-20193

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #13 received at 47422@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47422) by debbugs.gnu.org; 5 Nov 2021 05:14:30 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 05 01:14:30 2021
Received: from localhost ([127.0.0.1]:44359 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mirYc-0001Ol-0x
	for submit@debbugs.gnu.org; Fri, 05 Nov 2021 01:14:30 -0400
Received: from mail-4316.protonmail.ch ([185.70.43.16]:58583)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@protonmail.com>) id 1mirYW-0001OT-V1
 for 47422@debbugs.gnu.org; Fri, 05 Nov 2021 01:14:28 -0400
Date: Fri, 05 Nov 2021 05:14:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1636089258;
 bh=HzE1zJJI5axoAGhOvzmR92ZxN8Jj5AOG9j4LUHhxDsk=;
 h=Date:To:From:Reply-To:Subject:From;
 b=mgBthmrsi81IkDEHdt6DMyJOxNYmLDmFqG6kfZJe5ZHB8yQHjPbubQkQST+wE5A3D
 NGO/suQBrTjziOIUMrbenL+kbBEEUfIeg2VprLqKIoPFH0243nsQt4tFJePAtG8tGo
 PNZ6B28ceHCJTIGmhAIYhkSlKQbZHlcXJeJVXjsg=
To: "47422@debbugs.gnu.org" <47422@debbugs.gnu.org>
From: phodina <phodina@protonmail.com>
Subject: RE: tar is vulnerable to CVE-2021-20193
Message-ID: <ysdJZxCdgMKsc9Tq-LKYLg_OgwwdXBljXBYTzfupOKMOshTTI34ijmXx0D8acxWF7OYW9NFXOLFLOVuV-NT-T3IyIjxCU0RboaItON_XjFY=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, here's patch for the master branch as I'm not sure what
 is the roadmap for merging core-updates into master. The obvious downside
 is that the update triggers large rebuild of core packages :-/ 
 Content analysis details:   (1.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_MSPIKE_H4      RBL: Very Good reputation (+4)
 [185.70.43.16 listed in wl.mailspike.net]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (phodina[at]protonmail.com)
 0.0 T_SPF_TEMPERROR        SPF: test of record failed (temperror)
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 1.3 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: 47422
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: phodina <phodina@protonmail.com>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

here's patch for the master branch as I'm not sure what is the roadmap for merging core-updates into master.

The obvious downside is that the update triggers large rebuild of core packages :-/

---8<-------------cut here----------start------------>8----

[PATCH] gnu: tar: Update to 1.34.

* gnu/package/base.scm (tar): Update to 1.34.

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index ea2e102c15..6ebe30464e 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -179,14 +179,14 @@ (define-public sed
(define-public tar
   (package
    (name "tar")
-   (version "1.32")
+   (version "1.34")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/tar/tar-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "1n7xy657ii0sa42zx6944v2m4v9qrh6sqgmw17l3nch3y43sxlyh"))
+              "0a0x87anh9chbi2cgcyy7pmnm5hzk4yd1w2j8gm1wplwhwkbvgk3"))
             (patches (search-patches "tar-skip-unreliable-tests.patch"
                                      "tar-remove-wholesparse-check.patch"))))
    (build-system gnu-build-system)
--
2.33.1

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 10:30:51 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.