Bug#1033292: Subject:Re: Bug#1033292: unblock: amanda/1:3.5.1-11

Jose M Calhariz Sat, 25 Mar 2023 12:21:31 -0700

Hi,

I have updated the git repository on salsa abount amanda and created a
signed tag.  g...@salsa.debian.org:debian/amanda.git


As the debdiff amanda_3.5.1-10_source.changes
amanda_3.5.1-11_source.changes did not work as I expected I am 
doing a git diff:

diff --git a/debian/changelog b/debian/changelog
index d4e1821..498f6f9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+amanda (1:3.5.1-11) unstable; urgency=medium
+
+  * d/p/49-fix-CVE-2022-37705_part_2: 48-fix-CVE-2022-37705 broken one use
+    case at least, this patch fix it, fixing the following two bugs.
+  * Bug fix: "backups fail with the following summary &quot;FAILED [no
+    backup size line]&quot;", thanks to Norman Lyon (Closes: #1032330).
+  * Bug fix: "Amanda is unusable", thanks to Kamil Jonca (Closes:
+    #1032884).
+
+ -- Jose M Calhariz <calha...@debian.org>  Tue, 21 Mar 2023 17:35:47 +0000
+
 amanda (1:3.5.1-10) unstable; urgency=medium
 
   * d/p/48-fix-CVE-2022-37705: Fix CVE-2022-37705.
diff --git a/debian/patches/49-fix-CVE-2022-37705_part_2 
b/debian/patches/49-fix-CVE-2022-37705_part_2
new file mode 100644
index 0000000..74341a6
--- /dev/null
+++ b/debian/patches/49-fix-CVE-2022-37705_part_2
@@ -0,0 +1,24 @@
+Description: Fix the fix for CVE-2022-37705
+Author: pcahyna https://github.com/pcahyna
+
+Index: amanda.git/client-src/runtar.c
+===================================================================
+--- amanda.git.orig/client-src/runtar.c        2023-03-05 00:10:46.916884175 
+0000
++++ amanda.git/client-src/runtar.c     2023-03-05 00:15:52.189417756 +0000
+@@ -191,9 +191,13 @@ main(
+               g_str_has_prefix(argv[i],"--newer") ||
+               g_str_has_prefix(argv[i],"--exclude-from") ||
+               g_str_has_prefix(argv[i],"--files-from")) {
+-              good_option++;
+-          } else if (argv[i][0] != '-') {
+-              /* argument values are accounted for here */
++              if (strchr(argv[i], '=')) {
++                  good_option++;
++              } else {
++                  /* Accept theses options with the following argument */
++                  good_option += 2;
++              }
++            } else if (argv[i][0] != '-') {
+               good_option++;
+           }
+       }
diff --git a/debian/patches/series b/debian/patches/series
index 92dde9d..2be2df4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -45,6 +45,7 @@ reproducible-build
 ######################################################################
 # Patches to fix CVEs from 2022
 48-fix-CVE-2022-37705
+49-fix-CVE-2022-37705_part_2
 50-fix-CVE-2022-37704
 52-fix-CVE-2022-37704_part_2
 56-fix-CVE-2022-37703






I have attached the two patches for CVE-2022-37705 that I use in the
package, the one with the regression and the fix.

Kind regards
Jose M Calhariz





-- 
--
        Ha alguma coisa nos armarios que deixa os esqueletos
        inquietos.
                -- John Barrymore

Description: Fix CVE-2022-37705
Author: Prajwal T R https://github.com/prajwaltr93

Index: amanda.git/client-src/runtar.c
===================================================================
--- amanda.git.orig/client-src/runtar.c 2021-06-20 21:02:56.627301251 +0100
+++ amanda.git/client-src/runtar.c      2023-02-24 12:40:05.041286442 +0000
@@ -191,9 +191,9 @@ main(
                g_str_has_prefix(argv[i],"--newer") ||
                g_str_has_prefix(argv[i],"--exclude-from") ||
                g_str_has_prefix(argv[i],"--files-from")) {
-               /* Accept theses options with the following argument */
-               good_option += 2;
+               good_option++;
            } else if (argv[i][0] != '-') {
+               /* argument values are accounted for here */
                good_option++;
            }
        }

Description: Fix the fix for CVE-2022-37705
Author: pcahyna https://github.com/pcahyna

Index: amanda.git/client-src/runtar.c
===================================================================
--- amanda.git.orig/client-src/runtar.c 2023-03-05 00:10:46.916884175 +0000
+++ amanda.git/client-src/runtar.c      2023-03-05 00:15:52.189417756 +0000
@@ -191,9 +191,13 @@ main(
                g_str_has_prefix(argv[i],"--newer") ||
                g_str_has_prefix(argv[i],"--exclude-from") ||
                g_str_has_prefix(argv[i],"--files-from")) {
-               good_option++;
-           } else if (argv[i][0] != '-') {
-               /* argument values are accounted for here */
+               if (strchr(argv[i], '=')) {
+                   good_option++;
+               } else {
+                   /* Accept theses options with the following argument */
+                   good_option += 2;
+               }
+            } else if (argv[i][0] != '-') {
                good_option++;
            }
        }

signature.asc
Description: PGP signature

Bug#1033292: Subject:Re: Bug#1033292: unblock: amanda/1:3.5.1-11

Reply via email to