Segmentation fault on tar_extract_all in 14.04/1.2.20-3

Funny; after three months, this bug was reported to both Debian and Ubuntu almost simultaneously. It should be fixed in 1.2.20-4 in Debian; hopefully someone will pull it from there.

Thanks for patch. I can see the version patched in Ubuntu Utopic but the bug is still present in the current version of Trusty (1.2.20-3):

 - http://packages.ubuntu.com/trusty/libtar0

Is there anything that stop the inclussion of the fix into the Trusty distribution?
Thanks.

Seems like a good candidate for a stable release update, not for backports.

As the current released version is crashing it does suggest it warrants a release into the regular repos.

What's the correct way to reopen this for trusty since it looks like all Affected elements are closed at the moment?

I've created a new bug to handle the process of backporting the fix:
https://bugs.launchpad.net/ubuntu/+source/libtar/+bug/1319809

As a part of the Stable Release Update process (https://wiki.ubuntu.com/StableReleaseUpdates#Procedure) this bug will need a test case so we can be verify that the bug is in fact fixed by the new version of the package. Could someone please provide a test case?

Thanks Brian, I've wrote a small testing case that should segfault with current libtar 1.2.20-3 but should work with the patch 1.2.20-4

 - Compile: gcc foo.c -ltar -o foo
 - Run ./foo <any_tarfile>

It will uncompress the contents in the /tmp directory.
Let me know if you need anything else.

We successfully aplied the following patch to generate an own version (1.2.20-4~osrf1) that fixes the problem.

I've uploaded the Utopic version of libtar to the Trusty proposed queue for review by an SRU team member.

Hello TimJ, or anyone else affected,

Accepted libtar into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libtar/1.2.20-3ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

I tested the new package for the amd64 arch and it fixes the bug for me.
Thanks Brian, Collin.

This bug was fixed in the package libtar - 1.2.20-3ubuntu0.1

---------------
libtar (1.2.20-3ubuntu0.1) trusty-proposed; urgency=high

  [ Magnus Holmgren ]
  * no_maxpathlen.patch: Half of the part of the patch modifying
    compat/dirname.c was missing, causing libtar's dirname to always
    return NULL (except in special circumstances). Actually make it work
    (Closes: #745352). (The reason that libtar doesn't use libc's
    dirname() and basename() on some or most platforms is that the code
    doesn't work with destructive versions of these functions). (LP: #1315742)
 -- Brian Murray <email address hidden> Thu, 19 Jun 2014 11:44:33 -0700

The verification of the Stable Release Update for libtar has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.