From 37987729eac05178565a84059fad4f393a8faeee Mon Sep 17 00:00:00 2001
From: pluskalm <>
Date: Mar 22 2023 21:40:04 +0000
Subject: Update amanda to version 3.5.3 / rev 7 via SR 1073619


https://build.opensuse.org/request/show/1073619
by user pluskalm + dimstar_suse

---

diff --git a/.files b/.files
index d825393..59faa87 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index c3bf433..5b32492 100644
--- a/.rev
+++ b/.rev
@@ -48,4 +48,12 @@ aware of the risks and this is still in usage</comment>
     <comment></comment>
     <requestid>1066332</requestid>
   </revision>
+  <revision rev="7" vrev="1">
+    <srcmd5>a251f86fc25383036b8df6b24a251688</srcmd5>
+    <version>3.5.3</version>
+    <time>1679520643</time>
+    <user>dimstar_suse</user>
+    <comment></comment>
+    <requestid>1073619</requestid>
+  </revision>
 </revisionlist>
diff --git a/CVE-2022-37705.patch b/CVE-2022-37705.patch
deleted file mode 100644
index 1785943..0000000
--- a/CVE-2022-37705.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: amanda-tag-community-3.5.2/client-src/runtar.c
-===================================================================
---- amanda-tag-community-3.5.2.orig/client-src/runtar.c
-+++ amanda-tag-community-3.5.2/client-src/runtar.c
-@@ -191,9 +191,9 @@ main(
- 		g_str_has_prefix(argv[i],"--newer") ||
- 		g_str_has_prefix(argv[i],"--exclude-from") ||
- 		g_str_has_prefix(argv[i],"--files-from")) {
--		/* Accept theses options with the following argument */
--		good_option += 2;
-+		good_option++;
- 	    } else if (argv[i][0] != '-') {
-+		/* argument values are accounted for here */
- 		good_option++;
- 	    }
- 	}
diff --git a/amanda-3.5.1-GCC10_extern.patch b/amanda-3.5.1-GCC10_extern.patch
deleted file mode 100644
index a036343..0000000
--- a/amanda-3.5.1-GCC10_extern.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/common-src/testutils.h b/common-src/testutils.h
-index 31f89737..2e9bb0b3 100644
---- a/common-src/testutils.h
-+++ b/common-src/testutils.h
-@@ -75,7 +75,7 @@ typedef struct TestUtilsTest {
- #define tu_dbg(...) if (tu_debugging_enabled) { g_fprintf(stderr, __VA_ARGS__); }
- 
- /* Is debugging enabled for this test run? (set internally) */
--int tu_debugging_enabled;
-+extern gboolean tu_debugging_enabled;
- 
- /*
-  * Main loop
diff --git a/amanda-3.5.2-fix-tests.patch b/amanda-3.5.2-fix-tests.patch
deleted file mode 100644
index b9fd40a..0000000
--- a/amanda-3.5.2-fix-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 262c05b20c7de243542e7502e00152cdafb573d4 Mon Sep 17 00:00:00 2001
-From: Peter Bieringer <pb@bieringer.de>
-Date: Wed, 6 Jul 2022 22:53:12 +0200
-Subject: [PATCH] fix for https://github.com/zmanda/amanda/issues/167
-
----
- common-src/amutil.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/common-src/amutil.c b/common-src/amutil.c
-index 20454ab73c..371d38e433 100644
---- a/common-src/amutil.c
-+++ b/common-src/amutil.c
-@@ -1132,6 +1132,12 @@ char *hexdecode_string(const char *str, GError **err)
-     new_len = orig_len = strlen(str);
-     for (i = 0; i < orig_len; i++) {
-         if (str[i] == '%') {
-+            if (new_len < 2) {
-+                g_set_error(err, am_util_error_quark(), AM_UTIL_ERROR_HEXDECODEINVAL,
-+                    "Invalid hexcode string: %s", str);
-+                s = g_string_sized_new(0);
-+                goto cleanup;
-+            }
-             new_len -= 2;
-         }
-     }
diff --git a/amanda-3.5.2.tar.gz b/amanda-3.5.2.tar.gz
deleted file mode 120000
index 96cabca..0000000
--- a/amanda-3.5.2.tar.gz
+++ /dev/null
@@ -1 +0,0 @@
-/ipfs/bafybeig7ro3ky2yn4zreufqor5gu3biaief3tb2k5tzqhpkg4rw2zaheyq
\ No newline at end of file
diff --git a/amanda-3.5.3.tar.gz b/amanda-3.5.3.tar.gz
new file mode 120000
index 0000000..f408939
--- /dev/null
+++ b/amanda-3.5.3.tar.gz
@@ -0,0 +1 @@
+/ipfs/bafybeif2gdy4c4z7lwfttkyw7vn6ifazmmbfyp7hc5aqnabj4hduyydjim
\ No newline at end of file
diff --git a/amanda.changes b/amanda.changes
index 30849bc..d0fff09 100644
--- a/amanda.changes
+++ b/amanda.changes
@@ -1,4 +1,27 @@
 -------------------------------------------------------------------
+Tue Mar 21 16:16:06 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to version 3.5.3:
+  * Fixed: removed vulnerable jQuery dependency
+  * Fixed: fix suppressed 1st char of error message in
+    common-src/bsdtcp-security.c
+  * docs: improved README with Markdown
+  * docs: updated README file name for docs in Debian builds
+  * Fixed: post_inst_functions.sh to create amkey
+  * Fixed: added extern keyword for tu_debugging_enabled declaration in
+    testutils.h
+  * Fixed: https://sogis.eu complaint symmetric encryption key derivation algorithm
+  * Fixed: removed perror to fix information leak vulnerability found in the
+    calcsize SUID binary. (CVE-2022-37703, bsc#1203390)
+  * Fixed: added filter for RSH environment settings in rundump to fix
+    privilege escalation vulnerability (CVE-2022-37704, bsc#1208033)
+  * Fixed: arg checking for runtar.c (CVE-2022-37705, bsc#1208032)
+- Remove upstreamed patches:
+  * CVE-2022-37705.patch
+  * amanda-3.5.1-GCC10_extern.patch
+  * amanda-3.5.2-fix-tests.patch
+
+-------------------------------------------------------------------
 Thu Feb 16 11:03:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
 
 - Add CVE-2022-37705.patch to fix privilege scalation
diff --git a/amanda.spec b/amanda.spec
index 3fc47ad..feb662f 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -19,7 +19,7 @@
 %define amanda_group amanda
 %define upstreamver tag-community-%{version}
 Name:           amanda
-Version:        3.5.2
+Version:        3.5.3
 Release:        0
 Summary:        Network Disk Archiver
 License:        GPL-3.0-or-later
@@ -34,11 +34,6 @@ Patch3:         amanda-2.6.1p1-avoid-perl-provides.patch
 Patch4:         amanda-3.3.2-returnvalues.patch
 Patch6:         amanda-3.5-no_return_in_nonvoid_fnc.patch
 Patch7:         amanda-libnsl.patch
-Patch8:         amanda-3.5.1-GCC10_extern.patch
-# PATCH-FIX-UPSTREAM amanda-3.5.2-fix-tests.patch -- gh#zmanda/amanda#167
-Patch9:         amanda-3.5.2-fix-tests.patch
-# PATCH-FIX-UPSTREAM CVE-2022-37705.patch -- boo#1208032, gh#zmanda/amanda#194
-Patch10:        CVE-2022-37705.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -95,9 +90,6 @@ running multiple versions of Linux or Unix.
 %patch4 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
 
 %build
 ./autogen
@@ -132,7 +124,7 @@ install -d %{buildroot}/%{_sysconfdir}/amanda \
            %{buildroot}%{_localstatedir}/lib/amanda/lbl-templ \
            %{buildroot}/%{_docdir}/%{name} \
            %{buildroot}/%{_sysconfdir}/xinetd.d
-install NEWS README README.SUSE example/{amanda.conf,chg-multi.conf,disklist} %{buildroot}/%{_docdir}/%{name}
+install NEWS README.md README.SUSE example/{amanda.conf,chg-multi.conf,disklist} %{buildroot}/%{_docdir}/%{name}
 install -m 644 %{buildroot}%{_sysconfdir}/amanda/amanda-security.conf %{buildroot}%{_sysconfdir}/amanda-security.conf
 chmod 644 %{buildroot}/%{_docdir}/%{name}/* %{buildroot}/%{_mandir}/*/*
 cp -a SUSE/* %{buildroot}
@@ -194,7 +186,7 @@ ln -s amrecover.8.gz %{buildroot}%{_mandir}/man8/amoldrecover.8
 %verify_permissions -f %{_libexecdir}/amanda/suidlist
 
 %files
-%doc amanda-howto-collection.pdf ChangeLog NEWS AUTHORS COPYRIGHT README ReleaseNotes README.SUSE
+%doc amanda-howto-collection.pdf ChangeLog NEWS AUTHORS COPYRIGHT README.md ReleaseNotes README.SUSE
 %doc %attr(755,root,root) %dir %{_docdir}/%{name}
 %{_docdir}/%{name}/*
 %{_mandir}/man*/*