pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/sysutils/amanda-common
Module Name: pkgsrc
Committed By: kikadf
Date: Fri Oct 17 07:55:17 UTC 2025
Modified Files:
pkgsrc/sysutils/amanda-common: distinfo
Added Files:
pkgsrc/sysutils/amanda-common/patches: patch-client-src_calcsize.c
patch-client-src_rundump.c patch-client-src_runtar.c
Log Message:
sysutils/amanda-client: add patches to fix CVEs
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/sysutils/amanda-common/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/amanda-common/patches/patch-client-src_calcsize.c \
pkgsrc/sysutils/amanda-common/patches/patch-client-src_rundump.c \
pkgsrc/sysutils/amanda-common/patches/patch-client-src_runtar.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/sysutils/amanda-common/distinfo
diff -u pkgsrc/sysutils/amanda-common/distinfo:1.26 pkgsrc/sysutils/amanda-common/distinfo:1.27
--- pkgsrc/sysutils/amanda-common/distinfo:1.26 Fri Apr 14 22:58:24 2023
+++ pkgsrc/sysutils/amanda-common/distinfo Fri Oct 17 07:55:17 2025
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2023/04/14 22:58:24 nia Exp $
+$NetBSD: distinfo,v 1.27 2025/10/17 07:55:17 kikadf Exp $
BLAKE2s (amanda-3.3.9.tar.gz) = 2177c4b698edf1c9a7c8328a3423a7f75321e922107b54cac4d6823e91d855bc
SHA512 (amanda-3.3.9.tar.gz) = 345670a20cff335453e8dcbf457d1fcdb9f266e4a03d729c2b1ba762f4fac323de4a87713d0fd54c11ca244a08dc97fb8c641625f7fa81cb241b3c17748b1b7e
@@ -7,7 +7,10 @@ SHA1 (patch-Makefile.am) = 172dc9b2419c0
SHA1 (patch-amandad-src_Makefile.am) = bdff2c06da0ee6c88237c56568fe20c5cefedd7a
SHA1 (patch-application-src_Makefile.am) = 8b448d2c7dbda4d731d6985374e2a6786b0ac8d1
SHA1 (patch-client-src_Makefile.am) = 641ef76fd1ea413b416704e1e52e25a93a596442
+SHA1 (patch-client-src_calcsize.c) = 1a0f802d14d854de12cffd08d4fa88b6085a887d
SHA1 (patch-client-src_getfsent.c) = 903a921b8679ddcff1fdd838ffdce16a6d8da46f
+SHA1 (patch-client-src_rundump.c) = 4261c0cce67674a8333c4d7e48fbf8484d4d3650
+SHA1 (patch-client-src_runtar.c) = a8035529c5aaf1e42c0d212921f4f3e394516230
SHA1 (patch-client-src_sendbackup-dump.c) = aea1aca0bbcdab0c393b012a592cbc5ca458acec
SHA1 (patch-client-src_sendsize.c) = 32a1627c250b6413e4695a610bba59796c6e7ed6
SHA1 (patch-common-src_Makefile.am) = 0dd6cbd5707e08d3d0eb219e4a1bb002f8053e82
Added files:
Index: pkgsrc/sysutils/amanda-common/patches/patch-client-src_calcsize.c
diff -u /dev/null pkgsrc/sysutils/amanda-common/patches/patch-client-src_calcsize.c:1.1
--- /dev/null Fri Oct 17 07:55:17 2025
+++ pkgsrc/sysutils/amanda-common/patches/patch-client-src_calcsize.c Fri Oct 17 07:55:17 2025
@@ -0,0 +1,15 @@
+$NetBSD: patch-client-src_calcsize.c,v 1.1 2025/10/17 07:55:17 kikadf Exp $
+
+* Fix CVE-2022-37703,
+ https://github.com/zmanda/amanda/commit/cf01041d34b830fc8bfe87346a9a1aa092d76820
+
+--- client-src/calcsize.c.orig 2025-10-17 07:36:29.435296433 +0000
++++ client-src/calcsize.c
+@@ -434,7 +434,6 @@ traverse_dirs(
+ continue;
+ }
+ if((d = opendir(dirname)) == NULL) {
+- perror(dirname);
+ continue;
+ }
+
Index: pkgsrc/sysutils/amanda-common/patches/patch-client-src_rundump.c
diff -u /dev/null pkgsrc/sysutils/amanda-common/patches/patch-client-src_rundump.c:1.1
--- /dev/null Fri Oct 17 07:55:17 2025
+++ pkgsrc/sysutils/amanda-common/patches/patch-client-src_rundump.c Fri Oct 17 07:55:17 2025
@@ -0,0 +1,168 @@
+$NetBSD: patch-client-src_rundump.c,v 1.1 2025/10/17 07:55:17 kikadf Exp $
+
+* Fix CVE-2022-37704,
+ https://github.com/zmanda/amanda/commit/ee766efdd77acd2e08f646bf2f9028944cdb9d06
+
+--- client-src/rundump.c.orig 2025-10-17 07:37:52.952255055 +0000
++++ client-src/rundump.c
+@@ -39,6 +39,8 @@
+ #include "conffile.h"
+
+ int main(int argc, char **argv);
++static void validate_dump_option(int argc, char ** argv);
++static void validate_xfsdump_options(int argc, char ** argv);
+
+ #if defined(VDUMP) || defined(XFSDUMP)
+ # undef USE_RUNDUMP
+@@ -154,14 +156,17 @@ main(
+
+ #if defined(DUMP)
+ dump_program = DUMP;
++ validate_dump_option(argc, argv);
+ #else
+ # if defined(XFSDUMP)
+ dump_program = XFSDUMP;
++ validate_xfsdump_options(argc, argv);
+ # else
+ # if defined(VXDUMP)
+ dump_program = VXDUMP;
+ # else
+ dump_program = "dump";
++ validate_dump_option(argc, argv);
+ # endif
+ # endif
+ #endif
+@@ -187,3 +192,133 @@ main(
+ return 1;
+ #endif /* } */
+ }
++
++void validate_dump_option(int argc, char ** argv)
++{
++ int c;
++ int numargs = argc;
++ while (numargs > 0)
++ {
++ c = getopt(argc, argv, "0123456789ab:cd:e:f:h:j:kmnqs:uvwyz:A:B:D:I:L:MQ:ST:W");
++ switch (c) {
++ case -1:
++ optind++;
++ break;
++ case '?':
++ //option is not valid
++ error("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]);
++ break;
++ // All this options takes another argument
++ case 'b':
++ case 'd':
++ case 'e':
++ case 'f':
++ case 'h':
++ case 'j':
++ case 's':
++ case 'z':
++ case 'A':
++ case 'B':
++ case 'D':
++ case 'I':
++ case 'L':
++ case 'Q':
++ case 'T':
++ {
++ // get optarg and check it against NULL. If it is null, then return error.
++ if (optarg == NULL) {
++ error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c);
++ }
++ break;
++ }
++ case '0':
++ case '1':
++ case '2':
++ case '3':
++ case '4':
++ case '5':
++ case '6':
++ case '7':
++ case '8':
++ case '9':
++ case 'a':
++ case 'c':
++ case 'k':
++ case 'm':
++ case 'n':
++ case 'q':
++ case 'u':
++ case 'v':
++ case 'w':
++ case 'y':
++ case 'M':
++ case 'S':
++ case 'W':
++ {
++ break;
++ }
++ default:
++ error ("error [%s invalid option: %c]\n", get_pname(), c);
++ break;
++ }
++ numargs--;
++ }
++}
++
++void validate_xfsdump_options(int argc, char ** argv)
++{
++ int c;
++ int numargs = argc;
++ while (numargs > 0)
++ {
++ c = getopt(argc, argv, "ab:d:ef:l:mop:qs:t:v:z:AB:DFI:JL:M:RT");
++ switch (c) {
++ case -1:
++ optind++;
++ break;
++ case '?':
++ //option is not valid
++ error ("error [%s invalid option: %s]\n", get_pname(), argv[optind-1]);
++ break;
++ // All this options takes another argument
++ case 'b':
++ case 'd':
++ case 'f':
++ case 'l':
++ case 'p':
++ case 's':
++ case 't':
++ case 'v':
++ case 'z':
++ case 'B':
++ case 'I':
++ case 'L':
++ case 'M':
++ {
++ // get optarg and check it against NULL. If it is null, then return error.
++ if (optarg == NULL) {
++ error ("error [%s additional parameter is missing for option: %c]\n", get_pname(), c);
++ }
++ break;
++ }
++ case 'a':
++ case 'e':
++ case 'm':
++ case 'o':
++ case 'q':
++ case 'A':
++ case 'D':
++ case 'F':
++ case 'J':
++ case 'R':
++ case 'T':
++ {
++ break;
++ }
++ default:
++ error ("error [%s invalid option: %c]\n", get_pname(), c);
++ break;
++ }
++ numargs--;
++ }
++}
Index: pkgsrc/sysutils/amanda-common/patches/patch-client-src_runtar.c
diff -u /dev/null pkgsrc/sysutils/amanda-common/patches/patch-client-src_runtar.c:1.1
--- /dev/null Fri Oct 17 07:55:17 2025
+++ pkgsrc/sysutils/amanda-common/patches/patch-client-src_runtar.c Fri Oct 17 07:55:17 2025
@@ -0,0 +1,19 @@
+$NetBSD: patch-client-src_runtar.c,v 1.1 2025/10/17 07:55:17 kikadf Exp $
+
+* Fix CVE-2022-37705,
+ https://github.com/zmanda/amanda/commit/497410c7555376795f324e5bd2cbed7742219099
+
+--- client-src/runtar.c.orig 2025-10-17 07:41:49.922060195 +0000
++++ client-src/runtar.c
+@@ -183,9 +183,9 @@ main(
+ g_str_has_prefix(argv[i],"--newer") ||
+ g_str_has_prefix(argv[i],"--exclude-from") ||
+ g_str_has_prefix(argv[i],"--files-from")) {
+- /* Accept theses options with the following argument */
+- good_option += 2;
++ good_option++;
+ } else if (argv[i][0] != '-') {
++ /* argument values are accounted for here */
+ good_option++;
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index