diff --git a/debian/changelog b/debian/changelog
index d2771421e39bc2e81805c066a98967da778c54a1..7c1298201f88f5ada5c43a616f7e5456987f8d7a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,15 +1,13 @@
-tar (1.30+dfsg-4) UNRELEASED; urgency=medium
+tar (1.30+dfsg-3.1) unstable; urgency=medium
- [ Ondřej Nový ]
- * d/changelog: Remove trailing whitespaces
- * d/control: Remove trailing whitespaces
- * d/rules: Remove trailing whitespaces
+ * Non-maintainer upload.
+ * Infinite read loop in sparse_dump_region function (CVE-2018-20482)
+ (Closes: #917377)
- -- Bdale Garbee <bdale@gag.com> Fri, 16 Nov 2018 21:33:47 -1000
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 31 Dec 2018 21:08:52 +0100
tar (1.30+dfsg-3) unstable; urgency=medium
- [ Bdale Garbee ]
* elide reference to non-existent section 5 page from section 1 tar manpage,
closes: #846490
* update README.Debian to reflect ncompress now being in main
@@ -46,7 +44,7 @@ tar (1.30+dfsg-1) unstable; urgency=medium
tar (1.29b-2) unstable; urgency=medium
* add suggests tar-doc, closes: #856958
- * increase test suite verbosity and dump test results into build log on
+ * increase test suite verbosity and dump test results into build log on
make check failure for kfreebsd team
* move primary git repo to collab-maint
@@ -65,7 +63,7 @@ tar (1.29b-1) unstable; urgency=medium
* re-constitute the 1.29 orig.tar with man pages as version 1.29b
* re-enable parallel builds and increase build verbosity, closes: #824631
- * switch to man pages provided by upstream since 1.28, closes: #827017,
+ * switch to man pages provided by upstream since 1.28, closes: #827017,
#391714, #473228, #524819, #711725, #720877, #766016, #779795.
-- Bdale Garbee <bdale@gag.com> Fri, 22 Jul 2016 13:13:55 -0600
@@ -86,8 +84,8 @@ tar (1.28-2) unstable; urgency=low
tar (1.28-1) unstable; urgency=low
* new upstream version
- * patch from Reiner Herrman that sets timestamp in generated manpage to
- latest changelog date to make building the package reproducible,
+ * patch from Reiner Herrman that sets timestamp in generated manpage to
+ latest changelog date to make building the package reproducible,
closes: #774463
* patch from Lunar adding --clamp-mtime option for reproducible builds,
closes: #790415
@@ -96,7 +94,7 @@ tar (1.28-1) unstable; urgency=low
tar (1.27.1-2) unstable; urgency=low
- * patch from David Gilman adds watch file with signature verification,
+ * patch from David Gilman adds watch file with signature verification,
closes: #742351
* patch from David Gilman fixes problem with multi-line descriptions,
closes: #593149
@@ -180,12 +178,12 @@ tar (1.26+dfsg-6) unstable; urgency=low
tar (1.26+dfsg-5) unstable; urgency=low
[ Wookey ]
- * Fix included gnulib so we don't get FTBFS with eglibc-2.16,
+ * Fix included gnulib so we don't get FTBFS with eglibc-2.16,
closes: #693352, #701419
[ Bdale Garbee ]
* update mailcap entries to use %s, closes: #681302
- * include the http://www.gnu.org/software/tar/utils/tarcat script for use
+ * include the http://www.gnu.org/software/tar/utils/tarcat script for use
with multi-volume archives, closes: #492036
-- Bdale Garbee <bdale@gag.com> Mon, 01 Apr 2013 09:17:04 -0600
@@ -237,11 +235,11 @@ tar (1.25-3) unstable; urgency=low
tar (1.25-2) unstable; urgency=low
- * accept a "hack" from Joey Hess to work around an unfortunate side effect
+ * accept a "hack" from Joey Hess to work around an unfortunate side effect
of removing the patch to src/create.c regarding links of 100 chars in
- 1.23-4 that broke pristine-tar in some cases. The "fix" is to support
- the old behavior if the environment variable TAR_LONGLINK_100 is set,
- which pristine-tar knows about and will use when necessary but which
+ 1.23-4 that broke pristine-tar in some cases. The "fix" is to support
+ the old behavior if the environment variable TAR_LONGLINK_100 is set,
+ which pristine-tar knows about and will use when necessary but which
should never be used by anyone else! closes: #603231
-- Bdale Garbee <bdale@gag.com> Fri, 12 Nov 2010 02:31:25 -0700
@@ -326,11 +324,11 @@ tar (1.22-1) unstable; urgency=low
* new upstream version
* version the Replaces entry for cpio, closes: #483355
- * move config.* update to configure target, yields a smaller diff that
+ * move config.* update to configure target, yields a smaller diff that
doesn't clash with git-buildpackage... already had autotools-dev build dep!
* script debian/tarman contributed by Marcus Watts now used to create tar.1
by processing usage text in source code! Partial fix for #473328.
- closes: #515578, #429776, #411707,
+ closes: #515578, #429776, #411707,
-- Bdale Garbee <bdale@gag.com> Fri, 03 Apr 2009 01:33:52 -0600
@@ -398,9 +396,9 @@ tar (1.16.1-1) unstable; urgency=low
tar (1.16-2) unstable; urgency=high
- * patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
- by default and add a new command-line switch --allow-name-mangling to
- re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
+ * patch from Kees Cook via upstream to disable handling of GNUTYPE_NAMES
+ by default and add a new command-line switch --allow-name-mangling to
+ re-enable it, as a fix for directory traversal bug (CVE-2006-6097),
closes: #399845
-- Bdale Garbee <bdale@gag.com> Fri, 1 Dec 2006 09:19:02 -0700
@@ -413,7 +411,7 @@ tar (1.16-1) unstable; urgency=medium
to work around test suite repeatability problems, closes: #377330, #379393
* accept patch from Raphael Bossek to zero nanoseconds, closes: #329843
* update man page to reflect change in -l definition and other misc changes
- to options since man page was last updated,
+ to options since man page was last updated,
closes: #384508, #391718, 361932, #315506
* stop delivering upstream README, closes: #323232
@@ -422,7 +420,7 @@ tar (1.16-1) unstable; urgency=medium
tar (1.15.91-2) unstable; urgency=low
* add a NEWS.Debian file that communicates the change in wildcard processing
- * re-institute the patch for filenames that are exactly 100 characters in
+ * re-institute the patch for filenames that are exactly 100 characters in
length originally reported in #230910, closes: #376909
-- Bdale Garbee <bdale@gag.com> Thu, 6 Jul 2006 19:30:46 -0600
@@ -453,7 +451,7 @@ tar (1.15.1dfsg-2) unstable; urgency=low
tar (1.15.1dfsg-1) unstable; urgency=low
- * remove the documentation source from this package, since it is licensed
+ * remove the documentation source from this package, since it is licensed
under the GFDL with invariant cover texts that upstream is unwilling or
unable to to remove, closes: #357259
* remove install-info call from postinst, since it is no longer relevant
@@ -473,7 +471,7 @@ tar (1.15.1-6) unstable; urgency=low
tar (1.15.1-5) unstable; urgency=low
- * patch from Goswin von Brederlow to sort tar output in test suite to
+ * patch from Goswin von Brederlow to sort tar output in test suite to
compensate for different file order when ext3 option dir_index is enabled
on build system, first seen on amd64 autobuilder, closes: #354847
@@ -506,7 +504,7 @@ tar (1.15.1-3) unstable; urgency=high
tar (1.15.1-2) unstable; urgency=low
- * patch from LaMont to fix gcc-4.0 error in the test suite,
+ * patch from LaMont to fix gcc-4.0 error in the test suite,
closes: #308815, #310830
* patch for de.po from Jens Seidel, closes: #313900
* fix amanda upstream URL in the info pages, closes: #310158
@@ -517,7 +515,7 @@ tar (1.15.1-2) unstable; urgency=low
tar (1.15.1-1) unstable; urgency=low
* new upstream version, closes: #292255, #287251, #255067
- * fetch tests/append.at from CVS since it was omitted from the 1.15.1
+ * fetch tests/append.at from CVS since it was omitted from the 1.15.1
tarball, and update the regression test invocation in debian/rules
* tweaks to man page, closes: #265615
* add --libexecdir definition to configure call, closes: #307070, #291068
@@ -529,7 +527,7 @@ tar (1.15.1-1) unstable; urgency=low
tar (1.14-2) unstable; urgency=low
- * patch from Paul Eggert that does a better job of eliminating the
+ * patch from Paul Eggert that does a better job of eliminating the
dependency on (buggy) valloc, closes: #234422, #248897
* patch for typo in upstream po/de.po, closes: #154511
* switch from dh_installmanpages to dh_installman
@@ -556,7 +554,7 @@ tar (1.13.93-4) unstable; urgency=high
tar (1.13.93-3) unstable; urgency=high
- * patch from upstream converts lone zero block errors to warnings,
+ * patch from upstream converts lone zero block errors to warnings,
closes: #235821
-- Bdale Garbee <bdale@gag.com> Fri, 12 Mar 2004 17:02:47 -0700
@@ -576,7 +574,7 @@ tar (1.13.93-1) unstable; urgency=low
tar (1.13.92-5) unstable; urgency=low
- * patch from Paul Eggert to revert bogus behavior where POSIXLY_CORRECT
+ * patch from Paul Eggert to revert bogus behavior where POSIXLY_CORRECT
set in the environment forced 'pax' format archives, closes: #230872
* add a lintian override for rmt's man page, since delivering it as an
alternative makes the filename no longer match the script and symlink
@@ -617,7 +615,7 @@ tar (1.13.92-1) unstable; urgency=low
tar (1.13.25-6) unstable; urgency=low
- * accept patch from Goswin Brederlow to hard-code RSH definition in rules
+ * accept patch from Goswin Brederlow to hard-code RSH definition in rules
file, eliminating rsh-client from build deps, closes: #185594, #200042
* patch from Marc SCHAEFER <schaefer@alphanet.ch> to fix symlink extraction
as empty files, closes: #149532
@@ -687,11 +685,11 @@ tar (1.13.22-1) unstable; urgency=medium
58890 Fixed, I think -- at least, I can't reproduce it now.
65719 Not a bug? last message in that bug report says it works for him.
77664 Not a bug. In that context FOO:BAR means 'file BAR on host FOO'.
- 78179 Sorry, I don't follow this report. Tar does strip leading '/'s
+ 78179 Sorry, I don't follow this report. Tar does strip leading '/'s
for me.
83458 Fixed.
83735 Fixed.
- 85400 Fixed for the info page only. The man page is not part of
+ 85400 Fixed for the info page only. The man page is not part of
tar-1.13.20.
90794 This partly seems to be a Debian packaging problem; see 94257.
94287 Fixed.
@@ -741,7 +739,7 @@ tar (1.13.17-2) frozen unstable; urgency=low
tar (1.13.17-1) unstable; urgency=low
* new upstream source from alpha.gnu.org recommended by uptream maintainer
- Paul Eggert.
+ Paul Eggert.
* this version should handle multibyte encoded filenames, closes: #25140
* upstream says the problem reported with -g is unreproducible in this
version, closes: #23511
@@ -879,7 +877,7 @@ tar (1.12-6) frozen unstable; urgency=low
tar (1.12-5) frozen unstable; urgency=low
- * fix for erroneous time reports from --totals from Rob Browning,
+ * fix for erroneous time reports from --totals from Rob Browning,
closes 18345
* add --numeric-owner to man page, closes 20801
* add some examples to the man page, closes 20290
@@ -967,7 +965,7 @@ Sun Apr 14 21:50:21 MDT 1996 Bdale Garbee <bdale@gag.com>
Wed Dec 27 00:29:37 MST 1995 Bdale Garbee <bdale@gag.com>
* fixed a null pointer dereference when the username on a remote
- tape reference was omitted... this closes several essentially
+ tape reference was omitted... this closes several essentially
duplicate bug reports about segmentation violation core dumps.
Sun Dec 3 01:13:19 MST 1995 Bdale Garbee <bdale@gag.com>
diff --git a/debian/control b/debian/control
index 0c795534e7ff6300a4cbc4ef391da202f308371a..b0d2ad4ba8f1f7b91508317cccc4fd5ec49fb3e5 100644
--- a/debian/control
+++ b/debian/control
@@ -32,4 +32,4 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, tar (>= 1.26+dfsg-9)
Conflicts: dump, openafs-client, tar (<< 1.26+dfsg-9)
Description: optional scripts for GNU version of the tar archiving utility
This package provides the backup, restore, backup.sh, and dump-remind
- scripts that are mentioned in the tar documentation.
+ scripts that are mentioned in the tar documentation.
diff --git a/debian/patches/Fix-CVE-2018-20482.patch b/debian/patches/Fix-CVE-2018-20482.patch
new file mode 100644
index 0000000000000000000000000000000000000000..83040133cc318bf65d9970499354056d9a0a8e8b
--- /dev/null
+++ b/debian/patches/Fix-CVE-2018-20482.patch
@@ -0,0 +1,377 @@
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Thu, 27 Dec 2018 17:48:57 +0200
+Subject: Fix CVE-2018-20482
+Origin: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42ccd1e2377945fd0414eca1a49294bff454
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-20482
+Bug: https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
+Bug-Debian: https://bugs.debian.org/917377
+
+* NEWS: Update.
+* src/sparse.c (sparse_dump_region): Handle short read condition.
+(sparse_extract_region,check_data_region): Fix dumped_size calculation.
+Handle short read condition.
+(pax_decode_header): Fix dumped_size calculation.
+* tests/Makefile.am: Add new testcases.
+* tests/testsuite.at: Likewise.
+
+* tests/sptrcreat.at: New file.
+* tests/sptrdiff00.at: New file.
+* tests/sptrdiff01.at: New file.
+---
+ NEWS | 8 +++++-
+ src/sparse.c | 50 +++++++++++++++++++++++++++++++-----
+ tests/Makefile.am | 5 +++-
+ tests/sptrcreat.at | 62 +++++++++++++++++++++++++++++++++++++++++++++
+ tests/sptrdiff00.at | 55 ++++++++++++++++++++++++++++++++++++++++
+ tests/sptrdiff01.at | 55 ++++++++++++++++++++++++++++++++++++++++
+ tests/testsuite.at | 5 +++-
+ 7 files changed, 231 insertions(+), 9 deletions(-)
+ create mode 100644 tests/sptrcreat.at
+ create mode 100644 tests/sptrdiff00.at
+ create mode 100644 tests/sptrdiff01.at
+
+diff --git a/src/sparse.c b/src/sparse.c
+index d41c0eacd1f3..f611200a2fc5 100644
+--- a/src/sparse.c
++++ b/src/sparse.c
+@@ -427,6 +427,30 @@ sparse_dump_region (struct tar_sparse_file *file, size_t i)
+ bufsize);
+ return false;
+ }
++ else if (bytes_read == 0)
++ {
++ char buf[UINTMAX_STRSIZE_BOUND];
++ struct stat st;
++ size_t n;
++ if (fstat (file->fd, &st) == 0)
++ n = file->stat_info->stat.st_size - st.st_size;
++ else
++ n = file->stat_info->stat.st_size
++ - (file->stat_info->sparse_map[i].offset
++ + file->stat_info->sparse_map[i].numbytes
++ - bytes_left);
++
++ WARNOPT (WARN_FILE_SHRANK,
++ (0, 0,
++ ngettext ("%s: File shrank by %s byte; padding with zeros",
++ "%s: File shrank by %s bytes; padding with zeros",
++ n),
++ quotearg_colon (file->stat_info->orig_file_name),
++ STRINGIFY_BIGINT (n, buf)));
++ if (! ignore_failed_read_option)
++ set_exit_status (TAREXIT_DIFFERS);
++ return false;
++ }
+
+ memset (blk->buffer + bytes_read, 0, BLOCKSIZE - bytes_read);
+ bytes_left -= bytes_read;
+@@ -464,9 +488,9 @@ sparse_extract_region (struct tar_sparse_file *file, size_t i)
+ return false;
+ }
+ set_next_block_after (blk);
++ file->dumped_size += BLOCKSIZE;
+ count = blocking_write (file->fd, blk->buffer, wrbytes);
+ write_size -= count;
+- file->dumped_size += count;
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size);
+ file->offset += count;
+ if (count != wrbytes)
+@@ -598,6 +622,12 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end)
+ rdsize);
+ return false;
+ }
++ else if (bytes_read == 0)
++ {
++ report_difference (file->stat_info, _("Size differs"));
++ return false;
++ }
++
+ if (!zero_block_p (diff_buffer, bytes_read))
+ {
+ char begbuf[INT_BUFSIZE_BOUND (off_t)];
+@@ -609,6 +639,7 @@ check_sparse_region (struct tar_sparse_file *file, off_t beg, off_t end)
+
+ beg += bytes_read;
+ }
++
+ return true;
+ }
+
+@@ -635,6 +666,7 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+ return false;
+ }
+ set_next_block_after (blk);
++ file->dumped_size += BLOCKSIZE;
+ bytes_read = safe_read (file->fd, diff_buffer, rdsize);
+ if (bytes_read == SAFE_READ_ERROR)
+ {
+@@ -645,7 +677,11 @@ check_data_region (struct tar_sparse_file *file, size_t i)
+ rdsize);
+ return false;
+ }
+- file->dumped_size += bytes_read;
++ else if (bytes_read == 0)
++ {
++ report_difference (¤t_stat_info, _("Size differs"));
++ return false;
++ }
+ size_left -= bytes_read;
+ mv_size_left (file->stat_info->archive_file_size - file->dumped_size);
+ if (memcmp (blk->buffer, diff_buffer, rdsize))
+@@ -1213,7 +1249,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ union block *blk;
+ char *p;
+ size_t i;
+-
++ off_t start;
++
+ #define COPY_BUF(b,buf,src) do \
+ { \
+ char *endp = b->buffer + BLOCKSIZE; \
+@@ -1229,7 +1266,6 @@ pax_decode_header (struct tar_sparse_file *file)
+ if (src == endp) \
+ { \
+ set_next_block_after (b); \
+- file->dumped_size += BLOCKSIZE; \
+ b = find_next_block (); \
+ src = b->buffer; \
+ endp = b->buffer + BLOCKSIZE; \
+@@ -1240,8 +1276,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ dst[-1] = 0; \
+ } while (0)
+
++ start = current_block_ordinal ();
+ set_next_block_after (current_header);
+- file->dumped_size += BLOCKSIZE;
+ blk = find_next_block ();
+ p = blk->buffer;
+ COPY_BUF (blk,nbuf,p);
+@@ -1278,6 +1314,8 @@ pax_decode_header (struct tar_sparse_file *file)
+ sparse_add_map (file->stat_info, &sp);
+ }
+ set_next_block_after (blk);
++
++ file->dumped_size += BLOCKSIZE * (current_block_ordinal () - start);
+ }
+
+ return true;
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index fb463252f554..7f9294f0c446 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -238,6 +238,9 @@ TESTSUITE_AT = \
+ spmvp00.at\
+ spmvp01.at\
+ spmvp10.at\
++ sptrcreat.at\
++ sptrdiff00.at\
++ sptrdiff01.at\
+ time01.at\
+ time02.at\
+ truncate.at\
+diff --git a/tests/sptrcreat.at b/tests/sptrcreat.at
+new file mode 100644
+index 000000000000..8e28f0e000f6
+--- /dev/null
++++ b/tests/sptrcreat.at
+@@ -0,0 +1,62 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++
++# This file is part of GNU tar.
++
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# Tar up to 1.30 would loop endlessly if a sparse file had been truncated
++# while being archived (with --sparse flag).
++#
++# The bug has been assigned id CVE-2018-20482 (on the grounds that it is a
++# denial of service possibility).
++#
++# Reported by: Chris Siebenmann <cks.gnutar-01@cs.toronto.edu>
++# References: <20181226223948.781EB32008E@apps1.cs.toronto.edu>,
++# <http://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html>
++# <https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug>
++# <https://nvd.nist.gov/vuln/detail/CVE-2018-20482>
++
++AT_SETUP([sparse file truncated while archiving])
++AT_KEYWORDS([truncate filechange sparse sptr sptrcreat])
++
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++genfile --run --checkpoint 3 --length 200m --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo \
++ --checkpoint-action=sleep=1 \
++ --sparse -vcf bar foo baz
++echo Exit status: $?
++echo separator
++genfile --file foo --seek 200m --length 11575296 --pattern=zeros
++tar dvf bar],
++[1],
++[foo
++baz
++Exit status: 1
++separator
++foo
++foo: Mod time differs
++baz
++],
++[tar: foo: File shrank by 11575296 bytes; padding with zeros
++],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/sptrdiff00.at b/tests/sptrdiff00.at
+new file mode 100644
+index 000000000000..c41056108eae
+--- /dev/null
++++ b/tests/sptrdiff00.at
+@@ -0,0 +1,55 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++#
++# This file is part of GNU tar.
++#
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# While fixing CVE-2018-20482 (see sptrcreat.at) it has been discovered
++# that similar bug exists in file checking code (tar d).
++# This test case checks if tar correctly handles a short read condition
++# appearing in check_sparse_region.
++
++AT_SETUP([file truncated in sparse region while comparing])
++AT_KEYWORDS([truncate filechange sparse sptr sptrdiff diff])
++
++# This triggers short read in check_sparse_region.
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++echo creating
++tar --sparse -vcf bar foo baz
++echo comparing
++genfile --run --checkpoint 3 --length 200m --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo='Write checkpoint %u' \
++ --checkpoint-action=sleep=1 \
++ --sparse -vdf bar
++],
++[1],
++[creating
++foo
++baz
++comparing
++foo
++foo: Size differs
++baz
++],
++[],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/sptrdiff01.at b/tests/sptrdiff01.at
+new file mode 100644
+index 000000000000..2da226793d25
+--- /dev/null
++++ b/tests/sptrdiff01.at
+@@ -0,0 +1,55 @@
++# Process this file with autom4te to create testsuite. -*- Autotest -*-
++#
++# Test suite for GNU tar.
++# Copyright 2018 Free Software Foundation, Inc.
++#
++# This file is part of GNU tar.
++#
++# GNU tar is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 3 of the License, or
++# (at your option) any later version.
++#
++# GNU tar is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++# While fixing CVE-2018-20482 (see sptrcreat.at) it has been discovered
++# that similar bug exists in file checking code (tar d).
++# This test case checks if tar correctly handles a short read condition
++# appearing in check_data_region.
++
++AT_SETUP([file truncated in data region while comparing])
++AT_KEYWORDS([truncate filechange sparse sptr sptrdiff diff])
++
++# This triggers short read in check_data_region.
++AT_TAR_CHECK([
++genfile --sparse --block-size=1024 --file foo \
++ 0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
++genfile --file baz
++echo creating
++tar --sparse -vcf bar foo baz
++echo comparing
++genfile --run --checkpoint 5 --length 221278210 --truncate foo -- \
++ tar --checkpoint=1 \
++ --checkpoint-action=echo='Write checkpoint %u' \
++ --checkpoint-action=sleep=1 \
++ --sparse -vdf bar
++],
++[1],
++[creating
++foo
++baz
++comparing
++foo
++foo: Size differs
++baz
++],
++[],
++[],[],[posix, gnu, oldgnu])
++
++AT_CLEANUP
+diff --git a/tests/testsuite.at b/tests/testsuite.at
+index dcccc7b17337..0f5cca3c865f 100644
+--- a/tests/testsuite.at
++++ b/tests/testsuite.at
+@@ -416,6 +416,9 @@ m4_include([sparsemv.at])
+ m4_include([spmvp00.at])
+ m4_include([spmvp01.at])
+ m4_include([spmvp10.at])
++m4_include([sptrcreat.at])
++m4_include([sptrdiff00.at])
++m4_include([sptrdiff01.at])
+
+ AT_BANNER([Updates])
+ m4_include([update.at])
+--
+2.20.1
diff --git a/debian/patches/series b/debian/patches/series
index befdf0646edea779c485804e370efc2fdf386182..b619259ace466bc9185aa585a2e4e1a77d8933db 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ elide-reference-to-section-5-manpage.diff
oldgnu-unknown-mode-bits.patch
zstd.patch
proper_it_translation.patch
+Fix-CVE-2018-20482.patch
diff --git a/debian/patches/zstd.patch b/debian/patches/zstd.patch
index d8325b6b7a04ae008248d108e01819b821a2efd1..beecfa13c38c49b754ae519e2d8fcf5f4e7e88dc 100644
--- a/debian/patches/zstd.patch
+++ b/debian/patches/zstd.patch
@@ -2,8 +2,8 @@ Description: zstd support
Accept .tar.zst and .tzst, including magic sniffing.
Forwarded: accepted upstream
---- tar-1.30+dfsg.orig/configure.ac
-+++ tar-1.30+dfsg/configure.ac
+--- tar-1.29b.orig/configure.ac
++++ tar-1.29b/configure.ac
@@ -250,6 +250,7 @@ TAR_COMPR_PROGRAM(lzip)
TAR_COMPR_PROGRAM(lzma)
TAR_COMPR_PROGRAM(lzop)
@@ -12,9 +12,9 @@ Forwarded: accepted upstream
AC_MSG_CHECKING(for default archive format)
---- tar-1.30+dfsg.orig/doc/tar.1
-+++ tar-1.30+dfsg/doc/tar.1
-@@ -831,6 +831,10 @@ Filter the archive through
+--- tar-1.29b.orig/doc/tar.1
++++ tar-1.29b/doc/tar.1
+@@ -825,6 +825,10 @@ Filter the archive through
\fB\-Z\fR, \fB\-\-compress\fR, \fB\-\-uncompress\fR
Filter the archive through
.BR compress (1).
@@ -25,9 +25,9 @@ Forwarded: accepted upstream
.SS Local file selection
.TP
\fB\-\-add\-file\fR=\fIFILE\fR
---- tar-1.30+dfsg.orig/src/buffer.c
-+++ tar-1.30+dfsg/src/buffer.c
-@@ -281,7 +281,8 @@ enum compress_type {
+--- tar-1.29b.orig/src/buffer.c
++++ tar-1.29b/src/buffer.c
+@@ -270,7 +270,8 @@ enum compress_type {
ct_lzip,
ct_lzma,
ct_lzop,
@@ -37,7 +37,7 @@ Forwarded: accepted upstream
};
static enum compress_type archive_compression_type = ct_none;
-@@ -310,6 +311,7 @@ static struct zip_magic const magic[] =
+@@ -299,6 +300,7 @@ static struct zip_magic const magic[] =
{ ct_lzma, 6, "\xFFLZMA" },
{ ct_lzop, 4, "\211LZO" },
{ ct_xz, 6, "\xFD" "7zXZ" },
@@ -45,7 +45,7 @@ Forwarded: accepted upstream
};
#define NMAGIC (sizeof(magic)/sizeof(magic[0]))
-@@ -325,6 +327,7 @@ static struct zip_program zip_program[]
+@@ -314,6 +316,7 @@ static struct zip_program zip_program[]
{ ct_lzma, XZ_PROGRAM, "-J" },
{ ct_lzop, LZOP_PROGRAM, "--lzop" },
{ ct_xz, XZ_PROGRAM, "-J" },
@@ -53,9 +53,9 @@ Forwarded: accepted upstream
{ ct_none }
};
---- tar-1.30+dfsg.orig/src/suffix.c
-+++ tar-1.30+dfsg/src/suffix.c
-@@ -46,6 +46,7 @@ static struct compression_suffix compres
+--- tar-1.29b.orig/src/suffix.c
++++ tar-1.29b/src/suffix.c
+@@ -45,6 +45,7 @@ static struct compression_suffix compres
{ S(lzo, LZOP) },
{ S(xz, XZ) },
{ S(txz, XZ) }, /* Slackware */
@@ -63,8 +63,8 @@ Forwarded: accepted upstream
{ NULL }
#undef S
#undef __CAT2__
---- tar-1.30+dfsg.orig/src/tar.c
-+++ tar-1.30+dfsg/src/tar.c
+--- tar-1.29b.orig/src/tar.c
++++ tar-1.29b/src/tar.c
@@ -348,7 +348,8 @@ enum
WARNING_OPTION,
XATTR_OPTION,
@@ -94,7 +94,7 @@ Forwarded: accepted upstream
case ARGP_KEY_HELP_EXTRA:
{
const char *tstr;
-@@ -1670,6 +1676,10 @@ parse_opt (int key, char *arg, struct ar
+@@ -1673,6 +1679,10 @@ parse_opt (int key, char *arg, struct ar
set_use_compress_program_option (COMPRESS_PROGRAM, args->loc);
break;
diff --git a/debian/rules b/debian/rules
index 938726fd8dd0530571618066ecd825099f867a13..da1b9861ad75b0d075d31f36e430c270c8ba13fe 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,7 +30,7 @@ configure-stamp:
--enable-backup-scripts \
--with-lzma=xz \
--disable-silent-rules \
- $(CONFARGS)
+ $(CONFARGS)
touch configure-stamp
build: build-arch build-indep
@@ -69,7 +69,7 @@ install: build
dh_installdirs
make install bindir=`pwd`/debian/tar/bin prefix=`pwd`/debian/tar/usr \
- libexecdir=`pwd`/debian/tar/usr/lib/tar
+ libexecdir=`pwd`/debian/tar/usr/lib/tar
ln -s /usr/sbin/rmt debian/tar/etc/rmt
mv debian/tar/usr/lib/tar/rmt debian/tar/usr/sbin/rmt-tar
install -m 755 debian/tarcat debian/tar/usr/sbin/tarcat