Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Andreas K. Hüttel" <dilfridge@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-arch/sharutils/, app-arch/sharutils/files/
Date: Wed, 13 Mar 2019 12:03:26
Message-Id: 1552478566.648bdf9134d87d5d6ca086b742964b77c3da87d8.dilfridge@gentoo
1 commit: 648bdf9134d87d5d6ca086b742964b77c3da87d8
2 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 13 12:02:46 2019 +0000
4 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 13 12:02:46 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=648bdf91
7
8 app-arch/sharutils: Add patch for CVE-2018-1000097
9
10 Bug: https://bugs.gentoo.org/652686
11 Package-Manager: Portage-2.3.62, Repoman-2.3.12
12 Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
13
14 .../files/sharutils-4.15.2-CVE-2018-1000097.patch | 16 ++++++++++++++++
15 ...harutils-4.15.2.ebuild => sharutils-4.15.2-r1.ebuild} | 1 +
16 2 files changed, 17 insertions(+)
17
18 diff --git a/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch
19 new file mode 100644
20 index 00000000000..f61662040b6
21 --- /dev/null
22 +++ b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch
23 @@ -0,0 +1,16 @@
24 +From: Petr Pisar
25 +Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
26 +Bug-Debian: https://bugs.debian.org/893525
27 +X-Debian-version: 1:4.15.2-3
28 +
29 +--- a/src/unshar.c
30 ++++ b/src/unshar.c
31 +@@ -240,7 +240,7 @@
32 + off_t position = ftello (file);
33 +
34 + /* Read next line, fail if no more and no previous process. */
35 +- if (!fgets (rw_buffer, BUFSIZ, file))
36 ++ if (!fgets (rw_buffer, rw_base_size, file))
37 + {
38 + if (!start)
39 + error (0, 0, _("Found no shell commands in %s"), name);
40
41 diff --git a/app-arch/sharutils/sharutils-4.15.2.ebuild b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild
42 similarity index 94%
43 rename from app-arch/sharutils/sharutils-4.15.2.ebuild
44 rename to app-arch/sharutils/sharutils-4.15.2-r1.ebuild
45 index ab637e3cd24..2a7873196c5 100644
46 --- a/app-arch/sharutils/sharutils-4.15.2.ebuild
47 +++ b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild
48 @@ -25,6 +25,7 @@ src_prepare() {
49 default
50
51 epatch "${FILESDIR}/sharutils-4.15.2-glibc228.patch"
52 + epatch "${FILESDIR}/sharutils-4.15.2-CVE-2018-1000097.patch"
53
54 # Upstream is aware but thinks this isn't a bug/problem in sharutils itself
55 # See http://lists.gnu.org/archive/html/bug-gnu-utils/2013-10/msg00011.html
Report Message
Find on MARC Find on Google Groups