From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1077036-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 855F5138334
	for <garchives@archives.gentoo.org>; Wed, 13 Mar 2019 12:03:26 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8A202E0917;
	Wed, 13 Mar 2019 12:03:25 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 64F8DE0917
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Mar 2019 12:03:25 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 998E6335CF2
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Mar 2019 12:03:23 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 1387054D
	for <gentoo-commits@lists.gentoo.org>; Wed, 13 Mar 2019 12:03:22 +0000 (UTC)
From: "Andreas K. Hüttel" <dilfridge@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Andreas K. Hüttel" <dilfridge@gentoo.org>
Message-ID: <1552478566.648bdf9134d87d5d6ca086b742964b77c3da87d8.dilfridge@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-arch/sharutils/, app-arch/sharutils/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch app-arch/sharutils/sharutils-4.15.2-r1.ebuild app-arch/sharutils/sharutils-4.15.2.ebuild
X-VCS-Directories: app-arch/sharutils/ app-arch/sharutils/files/
X-VCS-Committer: dilfridge
X-VCS-Committer-Name: Andreas K. Hüttel
X-VCS-Revision: 648bdf9134d87d5d6ca086b742964b77c3da87d8
X-VCS-Branch: master
Date: Wed, 13 Mar 2019 12:03:22 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: e82b4359-965d-42ae-9c1f-9eadd978b65f
X-Archives-Hash: 73a45c9d7d79a8905c9f240c159a9ef2

commit:     648bdf9134d87d5d6ca086b742964b77c3da87d8
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 13 12:02:46 2019 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Wed Mar 13 12:02:46 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=648bdf91

app-arch/sharutils: Add patch for CVE-2018-1000097

Bug: https://bugs.gentoo.org/652686
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 .../files/sharutils-4.15.2-CVE-2018-1000097.patch        | 16 ++++++++++++++++
 ...harutils-4.15.2.ebuild => sharutils-4.15.2-r1.ebuild} |  1 +
 2 files changed, 17 insertions(+)

diff --git a/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch
new file mode 100644
index 00000000000..f61662040b6
--- /dev/null
+++ b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch
@@ -0,0 +1,16 @@
+From: Petr Pisar
+Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
+Bug-Debian: https://bugs.debian.org/893525
+X-Debian-version: 1:4.15.2-3
+
+--- a/src/unshar.c
++++ b/src/unshar.c
+@@ -240,7 +240,7 @@
+       off_t position = ftello (file);
+ 
+       /* Read next line, fail if no more and no previous process.  */
+-      if (!fgets (rw_buffer, BUFSIZ, file))
++      if (!fgets (rw_buffer, rw_base_size, file))
+ 	{
+ 	  if (!start)
+ 	    error (0, 0, _("Found no shell commands in %s"), name);

diff --git a/app-arch/sharutils/sharutils-4.15.2.ebuild b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild
similarity index 94%
rename from app-arch/sharutils/sharutils-4.15.2.ebuild
rename to app-arch/sharutils/sharutils-4.15.2-r1.ebuild
index ab637e3cd24..2a7873196c5 100644
--- a/app-arch/sharutils/sharutils-4.15.2.ebuild
+++ b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild
@@ -25,6 +25,7 @@ src_prepare() {
 	default
 
 	epatch "${FILESDIR}/sharutils-4.15.2-glibc228.patch"
+	epatch "${FILESDIR}/sharutils-4.15.2-CVE-2018-1000097.patch"
 
 	# Upstream is aware but thinks this isn't a bug/problem in sharutils itself
 	# See http://lists.gnu.org/archive/html/bug-gnu-utils/2013-10/msg00011.html