Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package amanda for openSUSE:Factory checked in at 2023-02-17 16:45:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/amanda (Old) and /work/SRC/openSUSE:Factory/.amanda.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "amanda" Fri Feb 17 16:45:36 2023 rev:6 rq:1066332 version:3.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/amanda/amanda.changes 2022-10-12 18:28:25.134182191 +0200 +++ /work/SRC/openSUSE:Factory/.amanda.new.22824/amanda.changes 2023-02-17 16:45:57.903187026 +0100 @@ -1,0 +2,6 @@ +Thu Feb 16 11:03:29 UTC 2023 - Daniel Garcia <daniel.gar...@suse.com> + +- Add CVE-2022-37705.patch to fix privilege scalation + (boo#1208032, gh#zmanda/amanda#194) + +------------------------------------------------------------------- New: ---- CVE-2022-37705.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ amanda.spec ++++++ --- /var/tmp/diff_new_pack.HO8ecx/_old 2023-02-17 16:45:58.639191171 +0100 +++ /var/tmp/diff_new_pack.HO8ecx/_new 2023-02-17 16:45:58.643191193 +0100 @@ -1,7 +1,7 @@ # # spec file for package amanda # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,6 +37,8 @@ Patch8: amanda-3.5.1-GCC10_extern.patch # PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167 Patch9: amanda-3.5.2-fix-tests.patch +# PATCH-FIX-UPSTREAM CVE-2022-37705.patch -- boo#1208032, gh#zmanda/amanda#194 +Patch10: CVE-2022-37705.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison @@ -95,6 +97,7 @@ %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build ./autogen ++++++ CVE-2022-37705.patch ++++++ Index: amanda-tag-community-3.5.2/client-src/runtar.c =================================================================== --- amanda-tag-community-3.5.2.orig/client-src/runtar.c +++ amanda-tag-community-3.5.2/client-src/runtar.c @@ -191,9 +191,9 @@ main( g_str_has_prefix(argv[i],"--newer") || g_str_has_prefix(argv[i],"--exclude-from") || g_str_has_prefix(argv[i],"--files-from")) { - /* Accept theses options with the following argument */ - good_option += 2; + good_option++; } else if (argv[i][0] != '-') { + /* argument values are accounted for here */ good_option++; } }