[OpenWrt-Devel] [PATCH] patch: Add missing CVE
Rosen Penev
rosenp at gmail.com
Mon Oct 15 13:17:29 EDT 2018
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
tools/patch/Makefile | 2 +-
tools/patch/patches/010-CVE-2018-6951.patch | 29 +++++++++++++++++++
...00156.patch => 020-CVE-2018-1000156.patch} | 20 +++++++------
...018-6952.patch => 030-CVE-2018-6952.patch} | 9 ++++--
4 files changed, 48 insertions(+), 12 deletions(-)
create mode 100644 tools/patch/patches/010-CVE-2018-6951.patch
rename tools/patch/patches/{010-CVE-2018-1000156.patch => 020-CVE-2018-1000156.patch} (89%)
rename tools/patch/patches/{020-CVE-2018-6952.patch => 030-CVE-2018-6952.patch} (78%)
diff --git a/tools/patch/Makefile b/tools/patch/Makefile
index 0f4d7f0326..7323b5b2ab 100644
--- a/tools/patch/Makefile
+++ b/tools/patch/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=patch
PKG_VERSION:=2.7.6
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_CPE_ID:=cpe:/a:gnu:patch
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch
new file mode 100644
index 0000000000..5dbcb35e29
--- /dev/null
+++ b/tools/patch/patches/010-CVE-2018-6951.patch
@@ -0,0 +1,29 @@
+From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen at gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: [PATCH] Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+ if ((pch_rename () || pch_copy ())
+ && ! inname
+ && ! ((i == OLD || i == NEW) &&
+- p_name[! reverse] &&
++ p_name[reverse] && p_name[! reverse] &&
++ name_is_valid (p_name[reverse]) &&
+ name_is_valid (p_name[! reverse])))
+ {
+ say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+--
+2.19.1
+
diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch
similarity index 89%
rename from tools/patch/patches/010-CVE-2018-1000156.patch
rename to tools/patch/patches/020-CVE-2018-1000156.patch
index 7114f82e8f..83b6d84637 100644
--- a/tools/patch/patches/010-CVE-2018-1000156.patch
+++ b/tools/patch/patches/020-CVE-2018-1000156.patch
@@ -1,4 +1,4 @@
-From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001
+From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen at gnu.org>
Date: Fri, 6 Apr 2018 12:14:49 +0200
Subject: [PATCH] Fix arbitrary command execution in ed-style patches
@@ -10,12 +10,11 @@ instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
---
- src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------
- tests/Makefile.am | 1 +
- tests/ed-style | 41 ++++++++++++++++++++++
- 3 files changed, 108 insertions(+), 23 deletions(-)
- create mode 100644 tests/ed-style
+ src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++--------------
+ 1 file changed, 66 insertions(+), 23 deletions(-)
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..4fd5a05 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -33,6 +33,7 @@
@@ -26,7 +25,7 @@ instead of rejecting them and carrying on.
#define INITHUNKMAX 125 /* initial dynamic allocation size */
-@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c
+@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
static char const editor_program[] = EDITOR_PROGRAM;
file_offset beginning_of_this_line;
@@ -69,7 +68,7 @@ instead of rejecting them and carrying on.
for (;;) {
char ed_command_letter;
beginning_of_this_line = file_tell (pfp);
-@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c
+@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
}
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
@@ -88,7 +87,7 @@ instead of rejecting them and carrying on.
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
-@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c
+@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
@@ -143,3 +142,6 @@ instead of rejecting them and carrying on.
if (ofp)
{
+--
+2.19.1
+
diff --git a/tools/patch/patches/020-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch
similarity index 78%
rename from tools/patch/patches/020-CVE-2018-6952.patch
rename to tools/patch/patches/030-CVE-2018-6952.patch
index e72a8cbc27..f8e0bf04a8 100644
--- a/tools/patch/patches/020-CVE-2018-6952.patch
+++ b/tools/patch/patches/030-CVE-2018-6952.patch
@@ -1,4 +1,4 @@
-From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001
+From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen at gnu.org>
Date: Fri, 17 Aug 2018 13:35:40 +0200
Subject: [PATCH] Fix swapping fake lines in pch_swap
@@ -12,9 +12,11 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133
src/pch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..b0dd14d 100644
--- a/src/pch.c
+++ b/src/pch.c
-@@ -2114,7 +2114,7 @@ pch_swap (void)
+@@ -2115,7 +2115,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
@@ -23,3 +25,6 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133
else
n = -i;
p_efake += n;
+--
+2.19.1
+
--
2.19.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list