sharutils: add patch for CVE-2018-1000097

2018-04-10 12:35:06 +02:00 · 2018-04-10 12:35:06 +02:00 · f4ae478fa2
parent bbfe8e1c82
commit f4ae478fa2
2 changed files with 16 additions and 1 deletions
--- a/srcpkgs/sharutils/patches/CVE-2018-1000097.patch
+++ b/srcpkgs/sharutils/patches/CVE-2018-1000097.patch
@ -0,0 +1,15 @@
+From: Petr Pisar
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
+Bug-Debian: https://bugs.debian.org/893525
+
+--- src/unshar.c
+++ src/unshar.c
+@@ -240,7 +240,7 @@
+       off_t position = ftello (file);
+ 
+       /* Read next line, fail if no more and no previous process.  */
+-      if (!fgets (rw_buffer, BUFSIZ, file))
+      if (!fgets (rw_buffer, rw_base_size, file))
+ 	{
+ 	  if (!start)
+ 	    error (0, 0, _("Found no shell commands in %s"), name);
--- a/srcpkgs/sharutils/template
+++ b/srcpkgs/sharutils/template
@ -1,7 +1,7 @@
 # Template file for 'sharutils'
 pkgname=sharutils
 version=4.15.2
-revision=1
+revision=2
 build_style=gnu-configure
 hostmakedepends="perl"
 short_desc="Makes so-called shell archives out of many files"