1 |
commit: 648bdf9134d87d5d6ca086b742964b77c3da87d8 |
2 |
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 13 12:02:46 2019 +0000 |
4 |
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 13 12:02:46 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=648bdf91 |
7 |
|
8 |
app-arch/sharutils: Add patch for CVE-2018-1000097 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/652686 |
11 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
12 |
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> |
13 |
|
14 |
.../files/sharutils-4.15.2-CVE-2018-1000097.patch | 16 ++++++++++++++++ |
15 |
...harutils-4.15.2.ebuild => sharutils-4.15.2-r1.ebuild} | 1 + |
16 |
2 files changed, 17 insertions(+) |
17 |
|
18 |
diff --git a/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..f61662040b6 |
21 |
--- /dev/null |
22 |
+++ b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch |
23 |
@@ -0,0 +1,16 @@ |
24 |
+From: Petr Pisar |
25 |
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar |
26 |
+Bug-Debian: https://bugs.debian.org/893525 |
27 |
+X-Debian-version: 1:4.15.2-3 |
28 |
+ |
29 |
+--- a/src/unshar.c |
30 |
++++ b/src/unshar.c |
31 |
+@@ -240,7 +240,7 @@ |
32 |
+ off_t position = ftello (file); |
33 |
+ |
34 |
+ /* Read next line, fail if no more and no previous process. */ |
35 |
+- if (!fgets (rw_buffer, BUFSIZ, file)) |
36 |
++ if (!fgets (rw_buffer, rw_base_size, file)) |
37 |
+ { |
38 |
+ if (!start) |
39 |
+ error (0, 0, _("Found no shell commands in %s"), name); |
40 |
|
41 |
diff --git a/app-arch/sharutils/sharutils-4.15.2.ebuild b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild |
42 |
similarity index 94% |
43 |
rename from app-arch/sharutils/sharutils-4.15.2.ebuild |
44 |
rename to app-arch/sharutils/sharutils-4.15.2-r1.ebuild |
45 |
index ab637e3cd24..2a7873196c5 100644 |
46 |
--- a/app-arch/sharutils/sharutils-4.15.2.ebuild |
47 |
+++ b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild |
48 |
@@ -25,6 +25,7 @@ src_prepare() { |
49 |
default |
50 |
|
51 |
epatch "${FILESDIR}/sharutils-4.15.2-glibc228.patch" |
52 |
+ epatch "${FILESDIR}/sharutils-4.15.2-CVE-2018-1000097.patch" |
53 |
|
54 |
# Upstream is aware but thinks this isn't a bug/problem in sharutils itself |
55 |
# See http://lists.gnu.org/archive/html/bug-gnu-utils/2013-10/msg00011.html |