fix CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646

2022-07-29 10:05:32 +08:00 · 2022-07-29 10:05:32 +08:00 · 6380a2f9eb
commit 6380a2f9eb
parent 77163ca5f8
3 changed files with 6 additions and 3 deletions
--- a/libtar.spec
+++ b/libtar.spec
@ -1,6 +1,6 @@
 Name:           libtar
 Version:        1.2.20
-Release:        23
+Release:        24
 Summary:        Library for manipulating tar files from within C programs.
 License:        BSD
 URL:            http://repo.or.cz/libtar.git
@ -13,8 +13,8 @@ Patch3:         libtar-1.2.11-bz729009.patch
 Patch4:         libtar-1.2.20-no-static-buffer.patch
 Patch5:         CVE-2013-4420.patch

-Patch9000:      openEuler-Ensure-that-sz-is-greater-than-0.patch 
-Patch9001:      openEuler-fix-memory-leak.patch
+Patch9000:      openEuler-CVE-2021-33643-CVE-2021-33644.patch 
+Patch9001:      openEuler-CVE-2021-33645-CVE-2021-33646.patch

 BuildRequires:  libtool 

@ -73,6 +73,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_mandir}/man3/*.3*

 %changelog
+* Fri Jul 29 2022 shixuantong <shixuantong@h-partners.com> - 1.2.20-24
+- fix CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646
+
 * Sat May 07 2022 shixuantong <shixuantong@h-partners.com> - 1.2.20-23
 - fix memory leak

--- a/openEuler-Ensure-that-sz-is-greater-than-0.patch
+++ b/openEuler-Ensure-that-sz-is-greater-than-0.patch
--- a/openEuler-CVE-2021-33645-CVE-2021-33646.patch
+++ b/openEuler-CVE-2021-33645-CVE-2021-33646.patch