diff options
author | Rosen Penev <rosenp@gmail.com> | 2018-10-15 10:17:29 -0700 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-12-18 17:22:06 +0100 |
commit | 27528d48e1f2a10b42ae6c9918f449b0c0911fa9 (patch) | |
tree | 891317c3b652cdbc7b4efecac8e5806383242ffc /tools/patch/patches | |
parent | a10c67b05727ec8b773771f60127cac39ffa90f8 (diff) | |
download | upstream-27528d48e1f2a10b42ae6c9918f449b0c0911fa9.tar.gz upstream-27528d48e1f2a10b42ae6c9918f449b0c0911fa9.tar.bz2 upstream-27528d48e1f2a10b42ae6c9918f449b0c0911fa9.zip |
tools: patch: Add missing CVE-2018-6951 fix
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from a6bd9d0cb652686453604b762e80a35d023908c4)
Diffstat (limited to 'tools/patch/patches')
-rw-r--r-- | tools/patch/patches/010-CVE-2018-6951.patch | 24 | ||||
-rw-r--r-- | tools/patch/patches/020-CVE-2018-1000156.patch (renamed from tools/patch/patches/010-CVE-2018-1000156.patch) | 15 | ||||
-rw-r--r-- | tools/patch/patches/030-CVE-2018-6952.patch (renamed from tools/patch/patches/020-CVE-2018-6952.patch) | 4 |
3 files changed, 32 insertions, 11 deletions
diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch new file mode 100644 index 0000000000..10dc568099 --- /dev/null +++ b/tools/patch/patches/010-CVE-2018-6951.patch @@ -0,0 +1,24 @@ +From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch index 7114f82e8f..99dfe54075 100644 --- a/tools/patch/patches/010-CVE-2018-1000156.patch +++ b/tools/patch/patches/020-CVE-2018-1000156.patch @@ -1,4 +1,4 @@ -From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001 +From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruen@gnu.org> Date: Fri, 6 Apr 2018 12:14:49 +0200 Subject: [PATCH] Fix arbitrary command execution in ed-style patches @@ -10,11 +10,8 @@ instead of rejecting them and carrying on. * tests/ed-style: New test case. * tests/Makefile.am (TESTS): Add test case. --- - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ - tests/Makefile.am | 1 + - tests/ed-style | 41 ++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 tests/ed-style + src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 66 insertions(+), 23 deletions(-) --- a/src/pch.c +++ b/src/pch.c @@ -26,7 +23,7 @@ instead of rejecting them and carrying on. #define INITHUNKMAX 125 /* initial dynamic allocation size */ -@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c +@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c static char const editor_program[] = EDITOR_PROGRAM; file_offset beginning_of_this_line; @@ -69,7 +66,7 @@ instead of rejecting them and carrying on. for (;;) { char ed_command_letter; beginning_of_this_line = file_tell (pfp); -@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c +@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c } ed_command_letter = get_ed_command_letter (buf); if (ed_command_letter) { @@ -88,7 +85,7 @@ instead of rejecting them and carrying on. write_fatal (); if (chars_read == 2 && strEQ (buf, ".\n")) break; -@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c +@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c break; } } diff --git a/tools/patch/patches/020-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch index e72a8cbc27..36b58c79dd 100644 --- a/tools/patch/patches/020-CVE-2018-6952.patch +++ b/tools/patch/patches/030-CVE-2018-6952.patch @@ -1,4 +1,4 @@ -From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001 +From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruen@gnu.org> Date: Fri, 17 Aug 2018 13:35:40 +0200 Subject: [PATCH] Fix swapping fake lines in pch_swap @@ -14,7 +14,7 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 --- a/src/pch.c +++ b/src/pch.c -@@ -2114,7 +2114,7 @@ pch_swap (void) +@@ -2115,7 +2115,7 @@ pch_swap (void) } if (p_efake >= 0) { /* fix non-freeable ptr range */ if (p_efake <= i) |