From 0ac83544ed3ceaf814338fe9c4067a55e62eedc36c4e4435d674008b02ffa802 Mon Sep 17 00:00:00 2001
From: Martin Pluskal <mpluskal@suse.com>
Date: Fri, 17 Feb 2023 08:52:31 +0000
Subject: [PATCH] Accepting request 1066165 from
 home:dgarcia:branches:Archiving

- Add CVE-2022-37705.patch to fix privilege scalation
  (boo#1208032, gh#zmanda/amanda#194)

OBS-URL: https://build.opensuse.org/request/show/1066165
OBS-URL: https://build.opensuse.org/package/show/Archiving/amanda?expand=0&rev=86
---
 CVE-2022-37705.patch | 16 ++++++++++++++++
 amanda.changes       |  6 ++++++
 amanda.spec          |  5 ++++-
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-37705.patch

diff --git a/CVE-2022-37705.patch b/CVE-2022-37705.patch
new file mode 100644
index 0000000..02fec8e
--- /dev/null
+++ b/CVE-2022-37705.patch
@@ -0,0 +1,16 @@
+Index: amanda-tag-community-3.5.2/client-src/runtar.c
+===================================================================
+--- amanda-tag-community-3.5.2.orig/client-src/runtar.c
++++ amanda-tag-community-3.5.2/client-src/runtar.c
+@@ -191,9 +191,9 @@ main(
+ 		g_str_has_prefix(argv[i],"--newer") ||
+ 		g_str_has_prefix(argv[i],"--exclude-from") ||
+ 		g_str_has_prefix(argv[i],"--files-from")) {
+-		/* Accept theses options with the following argument */
+-		good_option += 2;
++		good_option++;
+ 	    } else if (argv[i][0] != '-') {
++		/* argument values are accounted for here */
+ 		good_option++;
+ 	    }
+ 	}
diff --git a/amanda.changes b/amanda.changes
index 3e38579..147acde 100644
--- a/amanda.changes
+++ b/amanda.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Feb 16 11:03:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add CVE-2022-37705.patch to fix privilege scalation
+  (boo#1208032, gh#zmanda/amanda#194)
+
 -------------------------------------------------------------------
 Fri Oct  7 12:43:58 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/amanda.spec b/amanda.spec
index 023b05a..7591fae 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package amanda
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,8 @@ Patch7:         amanda-libnsl.patch
 Patch8:         amanda-3.5.1-GCC10_extern.patch
 # PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167
 Patch9:         amanda-3.5.2-fix-tests.patch
+# PATCH-FIX-UPSTREAM CVE-2022-37705.patch -- boo#1208032, gh#zmanda/amanda#194
+Patch10:        CVE-2022-37705.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -95,6 +97,7 @@ running multiple versions of Linux or Unix.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %build
 ./autogen