Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package amanda for openSUSE:Factory checked 
in at 2023-02-17 16:45:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/amanda (Old)
 and      /work/SRC/openSUSE:Factory/.amanda.new.22824 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "amanda"

Fri Feb 17 16:45:36 2023 rev:6 rq:1066332 version:3.5.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/amanda/amanda.changes    2022-10-12 
18:28:25.134182191 +0200
+++ /work/SRC/openSUSE:Factory/.amanda.new.22824/amanda.changes 2023-02-17 
16:45:57.903187026 +0100
@@ -1,0 +2,6 @@
+Thu Feb 16 11:03:29 UTC 2023 - Daniel Garcia <daniel.gar...@suse.com>
+
+- Add CVE-2022-37705.patch to fix privilege scalation
+  (boo#1208032, gh#zmanda/amanda#194)
+
+-------------------------------------------------------------------

New:
----
  CVE-2022-37705.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ amanda.spec ++++++
--- /var/tmp/diff_new_pack.HO8ecx/_old  2023-02-17 16:45:58.639191171 +0100
+++ /var/tmp/diff_new_pack.HO8ecx/_new  2023-02-17 16:45:58.643191193 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package amanda
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,8 @@
 Patch8:         amanda-3.5.1-GCC10_extern.patch
 # PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167
 Patch9:         amanda-3.5.2-fix-tests.patch
+# PATCH-FIX-UPSTREAM CVE-2022-37705.patch -- boo#1208032, gh#zmanda/amanda#194
+Patch10:        CVE-2022-37705.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -95,6 +97,7 @@
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %build
 ./autogen

++++++ CVE-2022-37705.patch ++++++
Index: amanda-tag-community-3.5.2/client-src/runtar.c
===================================================================
--- amanda-tag-community-3.5.2.orig/client-src/runtar.c
+++ amanda-tag-community-3.5.2/client-src/runtar.c
@@ -191,9 +191,9 @@ main(
                g_str_has_prefix(argv[i],"--newer") ||
                g_str_has_prefix(argv[i],"--exclude-from") ||
                g_str_has_prefix(argv[i],"--files-from")) {
-               /* Accept theses options with the following argument */
-               good_option += 2;
+               good_option++;
            } else if (argv[i][0] != '-') {
+               /* argument values are accounted for here */
                good_option++;
            }
        }

Reply via email to