Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

tools: patch: Add missing CVE-2018-6951 fix

uscan reports a new CVE now that PKG_CPE_ID was added.

Reordered patches by date.

Signed-off-by: Rosen Penev <[email protected]>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
Rosen Penev 7 years ago
parent
3e633bb370
commit
a6bd9d0cb6
4 changed files with 33 additions and 12 deletions
Unified View Show Diff Stats
  1. 1 1
      tools/patch/Makefile
  2. 24 0
      tools/patch/patches/010-CVE-2018-6951.patch
  3. 6 9
      tools/patch/patches/020-CVE-2018-1000156.patch
  4. 2 2
      tools/patch/patches/030-CVE-2018-6952.patch

+ 1 - 1
tools/patch/Makefile
View File 

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 
 
 PKG_NAME:=patch
 
 PKG_NAME:=patch
 
 PKG_VERSION:=2.7.6
 
 PKG_VERSION:=2.7.6
 
-PKG_RELEASE:=2
 
+PKG_RELEASE:=3
 
 PKG_CPE_ID:=cpe:/a:gnu:patch
 
 PKG_CPE_ID:=cpe:/a:gnu:patch
 
 
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz

+ 24 - 0
tools/patch/patches/010-CVE-2018-6951.patch
View File 

@@ -0,0 +1,24 @@
 
+From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001
 
+From: Andreas Gruenbacher <[email protected]>
 
+Date: Mon, 12 Feb 2018 16:48:24 +0100
 
+Subject: [PATCH] Fix segfault with mangled rename patch
 
+
 
+http://savannah.gnu.org/bugs/?53132
 
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
 
+for renames and copies (fix the existing check).
 
+---
 
+ src/pch.c | 3 ++-
 
+ 1 file changed, 2 insertions(+), 1 deletion(-)
 
+
 
+--- a/src/pch.c
 
++++ b/src/pch.c
 
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode
 
+     if ((pch_rename () || pch_copy ())
 
+ 	&& ! inname
 
+ 	&& ! ((i == OLD || i == NEW) &&
 
+-	      p_name[! reverse] &&
 
++	      p_name[reverse] && p_name[! reverse] &&
 
++	      name_is_valid (p_name[reverse]) &&
 
+ 	      name_is_valid (p_name[! reverse])))
 
+       {
 
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

+ 6 - 9
tools/patch/patches/010-CVE-2018-1000156.patch → tools/patch/patches/020-CVE-2018-1000156.patch
View File 

@@ -1,4 +1,4 @@
 
-From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001
 
+From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001
 
 From: Andreas Gruenbacher <[email protected]>
 
 From: Andreas Gruenbacher <[email protected]>
 
 Date: Fri, 6 Apr 2018 12:14:49 +0200
 
 Date: Fri, 6 Apr 2018 12:14:49 +0200
 
 Subject: [PATCH] Fix arbitrary command execution in ed-style patches
 
 Subject: [PATCH] Fix arbitrary command execution in ed-style patches
 
@@ -10,11 +10,8 @@ instead of rejecting them and carrying on.
 
 * tests/ed-style: New test case.
 
 * tests/ed-style: New test case.
 
 * tests/Makefile.am (TESTS): Add test case.
 
 * tests/Makefile.am (TESTS): Add test case.
 
 ---
 
 ---
 
- src/pch.c         | 89 +++++++++++++++++++++++++++++++++++------------
 
- tests/Makefile.am |  1 +
 
- tests/ed-style    | 41 ++++++++++++++++++++++
 
- 3 files changed, 108 insertions(+), 23 deletions(-)
 
- create mode 100644 tests/ed-style
 
+ src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++--------------
 
+ 1 file changed, 66 insertions(+), 23 deletions(-)
 
 
 
 --- a/src/pch.c
 
 --- a/src/pch.c
 
 +++ b/src/pch.c
 
 +++ b/src/pch.c
 
@@ -26,7 +23,7 @@ instead of rejecting them and carrying on.
 
  
  
  #define INITHUNKMAX 125			/* initial dynamic allocation size */
 
  #define INITHUNKMAX 125			/* initial dynamic allocation size */
 
  
  
-@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c
 
+@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
 
      static char const editor_program[] = EDITOR_PROGRAM;
 
      static char const editor_program[] = EDITOR_PROGRAM;
 
  
  
      file_offset beginning_of_this_line;
 
      file_offset beginning_of_this_line;
 
@@ -69,7 +66,7 @@ instead of rejecting them and carrying on.
 
      for (;;) {
 
      for (;;) {
 
  	char ed_command_letter;
 
  	char ed_command_letter;
 
  	beginning_of_this_line = file_tell (pfp);
 
  	beginning_of_this_line = file_tell (pfp);
 
-@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c
 
+@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
 
  	}
 
  	}
 
  	ed_command_letter = get_ed_command_letter (buf);
 
  	ed_command_letter = get_ed_command_letter (buf);
 
  	if (ed_command_letter) {
 
  	if (ed_command_letter) {
 
@@ -88,7 +85,7 @@ instead of rejecting them and carrying on.
 
  			    write_fatal ();
 
  			    write_fatal ();
 
  		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
 
  		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
 
  			break;
 
  			break;
 
-@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c
 
+@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c
 
  	    break;
 
  	    break;
 
  	}
 
  	}
 
      }
 
      }

+ 2 - 2
tools/patch/patches/020-CVE-2018-6952.patch → tools/patch/patches/030-CVE-2018-6952.patch
View File 

@@ -1,4 +1,4 @@
 
-From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001
 
+From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001
 
 From: Andreas Gruenbacher <[email protected]>
 
 From: Andreas Gruenbacher <[email protected]>
 
 Date: Fri, 17 Aug 2018 13:35:40 +0200
 
 Date: Fri, 17 Aug 2018 13:35:40 +0200
 
 Subject: [PATCH] Fix swapping fake lines in pch_swap
 
 Subject: [PATCH] Fix swapping fake lines in pch_swap
 
@@ -14,7 +14,7 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133
 
 
 
 --- a/src/pch.c
 
 --- a/src/pch.c
 
 +++ b/src/pch.c
 
 +++ b/src/pch.c
 
-@@ -2114,7 +2114,7 @@ pch_swap (void)
 
+@@ -2115,7 +2115,7 @@ pch_swap (void)
 
      }
 
      }
 
      if (p_efake >= 0) {			/* fix non-freeable ptr range */
 
      if (p_efake >= 0) {			/* fix non-freeable ptr range */
 
  	if (p_efake <= i)
 
  	if (p_efake <= i)