app-arch/sharutils: Add patch for CVE-2018-1000097

Bug: https://bugs.gentoo.org/652686 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <[email protected]>
hanetzer · Mar 13, 2019 · 648bdf9 · 648bdf9
1 parent 8fb4282
commit 648bdf9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch
@@ -0,0 +1,16 @@
+From: Petr Pisar
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
+Bug-Debian: https://bugs.debian.org/893525
+X-Debian-version: 1:4.15.2-3
+
+--- a/src/unshar.c
++++ b/src/unshar.c
+@@ -240,7 +240,7 @@
+ off_t position = ftello (file);
+
+ /* Read next line, fail if no more and no previous process. */
+- if (!fgets (rw_buffer, BUFSIZ, file))
++ if (!fgets (rw_buffer, rw_base_size, file))
+ {
+ if (!start)
+ error (0, 0, _("Found no shell commands in %s"), name);
diff --git a/app-arch/sharutils/sharutils-4.15.2.ebuild → ...arch/sharutils/sharutils-4.15.2-r1.ebuild b/app-arch/sharutils/sharutils-4.15.2.ebuild → ...arch/sharutils/sharutils-4.15.2-r1.ebuild
@@ -25,6 +25,7 @@ src_prepare() {
  default
 
  epatch "${FILESDIR}/sharutils-4.15.2-glibc228.patch"
+ epatch "${FILESDIR}/sharutils-4.15.2-CVE-2018-1000097.patch"
 
  # Upstream is aware but thinks this isn't a bug/problem in sharutils itself
  # See http://lists.gnu.org/archive/html/bug-gnu-utils/2013-10/msg00011.html