rpm/amanda
SHA256
1
0
Fork 0
forked from pool/amanda
Code Pull Requests Activity

Accepting request 1066165 from home:dgarcia:branches:Archiving

Browse Source 
- Add CVE-2022-37705.patch to fix privilege scalation
  (boo#1208032, gh#zmanda/amanda#194)

OBS-URL: https://build.opensuse.org/request/show/1066165
OBS-URL: https://build.opensuse.org/package/show/Archiving/amanda?expand=0&rev=86
This commit is contained in:
Martin Pluskal 2023-02-17 08:52:31 +00:00 committed by Git OBS Bridge
parent 542a96e5f9
commit 0ac83544ed
3 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2022-37705.patch Normal file
View File

@ -0,0 +1,16 @@
Index: amanda-tag-community-3.5.2/client-src/runtar.c
===================================================================
--- amanda-tag-community-3.5.2.orig/client-src/runtar.c
+++ amanda-tag-community-3.5.2/client-src/runtar.c
@@ -191,9 +191,9 @@ main(
g_str_has_prefix(argv[i],"--newer") ||
g_str_has_prefix(argv[i],"--exclude-from") ||
g_str_has_prefix(argv[i],"--files-from")) {
- /* Accept theses options with the following argument */
- good_option += 2;
+ good_option++;
} else if (argv[i][0] != '-') {
+ /* argument values are accounted for here */
good_option++;
}
}

6
amanda.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Feb 16 11:03:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2022-37705.patch to fix privilege scalation
(boo#1208032, gh#zmanda/amanda#194)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 7 12:43:58 UTC 2022 - Thorsten Kukuk <kukuk@suse.com> Fri Oct 7 12:43:58 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>

5
amanda.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package amanda # spec file for package amanda
# #
# Copyright (c) 2022 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -37,6 +37,8 @@ Patch7: amanda-libnsl.patch
Patch8: amanda-3.5.1-GCC10_extern.patch Patch8: amanda-3.5.1-GCC10_extern.patch
# PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167 # PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167
Patch9: amanda-3.5.2-fix-tests.patch Patch9: amanda-3.5.2-fix-tests.patch
# PATCH-FIX-UPSTREAM CVE-2022-37705.patch -- boo#1208032, gh#zmanda/amanda#194
Patch10: CVE-2022-37705.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: bison BuildRequires: bison
@ -95,6 +97,7 @@ running multiple versions of Linux or Unix.
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1
%build %build
./autogen ./autogen