Message ID | 20181015171729.4188-1-rosenp@gmail.com |
---|---|
State | Accepted |
Delegated to: | Kevin Darbyshire-Bryant |
Headers | show |
Series | [OpenWrt-Devel] patch: Add missing CVE | expand |
> On 15 Oct 2018, at 18:17, Rosen Penev <rosenp@gmail.com> wrote: > > uscan reports a new CVE now that PKG_CPE_ID was added. > > Reordered patches by date. > > Signed-off-by: Rosen Penev <rosenp@gmail.com> > --- > tools/patch/Makefile | 2 +- > tools/patch/patches/010-CVE-2018-6951.patch | 29 +++++++++++++++++++ > ...00156.patch => 020-CVE-2018-1000156.patch} | 20 +++++++------ > ...018-6952.patch => 030-CVE-2018-6952.patch} | 9 ++++-- > 4 files changed, 48 insertions(+), 12 deletions(-) > create mode 100644 tools/patch/patches/010-CVE-2018-6951.patch > rename tools/patch/patches/{010-CVE-2018-1000156.patch => 020-CVE-2018-1000156.patch} (89%) > rename tools/patch/patches/{020-CVE-2018-6952.patch => 030-CVE-2018-6952.patch} (78%) > > diff --git a/tools/patch/Makefile b/tools/patch/Makefile > index 0f4d7f0326..7323b5b2ab 100644 > --- a/tools/patch/Makefile > +++ b/tools/patch/Makefile > @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=patch > PKG_VERSION:=2.7.6 > -PKG_RELEASE:=2 > +PKG_RELEASE:=3 > PKG_CPE_ID:=cpe:/a:gnu:patch > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz > diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch > new file mode 100644 > index 0000000000..5dbcb35e29 > --- /dev/null > +++ b/tools/patch/patches/010-CVE-2018-6951.patch > @@ -0,0 +1,29 @@ > +From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001 > +From: Andreas Gruenbacher <agruen@gnu.org> > +Date: Mon, 12 Feb 2018 16:48:24 +0100 > +Subject: [PATCH] Fix segfault with mangled rename patch > + > +http://savannah.gnu.org/bugs/?53132 > +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified > +for renames and copies (fix the existing check). > +--- > + src/pch.c | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/src/pch.c b/src/pch.c > +index ff9ed2c..bc6278c 100644 > +--- a/src/pch.c > ++++ b/src/pch.c > +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) > + if ((pch_rename () || pch_copy ()) > + && ! inname > + && ! ((i == OLD || i == NEW) && > +- p_name[! reverse] && > ++ p_name[reverse] && p_name[! reverse] && > ++ name_is_valid (p_name[reverse]) && > + name_is_valid (p_name[! reverse]))) > + { > + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); > +-- > +2.19.1 > + > diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch > similarity index 89% > rename from tools/patch/patches/010-CVE-2018-1000156.patch > rename to tools/patch/patches/020-CVE-2018-1000156.patch > index 7114f82e8f..83b6d84637 100644 > --- a/tools/patch/patches/010-CVE-2018-1000156.patch > +++ b/tools/patch/patches/020-CVE-2018-1000156.patch > @@ -1,4 +1,4 @@ > -From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001 > +From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001 > From: Andreas Gruenbacher <agruen@gnu.org> > Date: Fri, 6 Apr 2018 12:14:49 +0200 > Subject: [PATCH] Fix arbitrary command execution in ed-style patches > @@ -10,12 +10,11 @@ instead of rejecting them and carrying on. > * tests/ed-style: New test case. > * tests/Makefile.am (TESTS): Add test case. > --- > - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ > - tests/Makefile.am | 1 + > - tests/ed-style | 41 ++++++++++++++++++++++ > - 3 files changed, 108 insertions(+), 23 deletions(-) > - create mode 100644 tests/ed-style > + src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++-------------- > + 1 file changed, 66 insertions(+), 23 deletions(-) > > +diff --git a/src/pch.c b/src/pch.c > +index bc6278c..4fd5a05 100644 > --- a/src/pch.c > +++ b/src/pch.c > @@ -33,6 +33,7 @@ > @@ -26,7 +25,7 @@ instead of rejecting them and carrying on. > > #define INITHUNKMAX 125 /* initial dynamic allocation size */ > > -@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c > +@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char const *outname, > static char const editor_program[] = EDITOR_PROGRAM; > > file_offset beginning_of_this_line; > @@ -69,7 +68,7 @@ instead of rejecting them and carrying on. > for (;;) { > char ed_command_letter; > beginning_of_this_line = file_tell (pfp); > -@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c > +@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, > } > ed_command_letter = get_ed_command_letter (buf); > if (ed_command_letter) { > @@ -88,7 +87,7 @@ instead of rejecting them and carrying on. > write_fatal (); > if (chars_read == 2 && strEQ (buf, ".\n")) > break; > -@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c > +@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, > break; > } > } > @@ -143,3 +142,6 @@ instead of rejecting them and carrying on. > > if (ofp) > { > +-- > +2.19.1 > + > diff --git a/tools/patch/patches/020-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch > similarity index 78% > rename from tools/patch/patches/020-CVE-2018-6952.patch > rename to tools/patch/patches/030-CVE-2018-6952.patch > index e72a8cbc27..f8e0bf04a8 100644 > --- a/tools/patch/patches/020-CVE-2018-6952.patch > +++ b/tools/patch/patches/030-CVE-2018-6952.patch > @@ -1,4 +1,4 @@ > -From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001 > +From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001 > From: Andreas Gruenbacher <agruen@gnu.org> > Date: Fri, 17 Aug 2018 13:35:40 +0200 > Subject: [PATCH] Fix swapping fake lines in pch_swap > @@ -12,9 +12,11 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 > src/pch.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > +diff --git a/src/pch.c b/src/pch.c > +index 4fd5a05..b0dd14d 100644 > --- a/src/pch.c > +++ b/src/pch.c > -@@ -2114,7 +2114,7 @@ pch_swap (void) > +@@ -2115,7 +2115,7 @@ pch_swap (void) > } > if (p_efake >= 0) { /* fix non-freeable ptr range */ > if (p_efake <= i) > @@ -23,3 +25,6 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 > else > n = -i; > p_efake += n; > +-- > +2.19.1 > + > -- > 2.19.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel Merged - with a couple of cosmetic changes Cheers, Kevin D-B 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
diff --git a/tools/patch/Makefile b/tools/patch/Makefile index 0f4d7f0326..7323b5b2ab 100644 --- a/tools/patch/Makefile +++ b/tools/patch/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=patch PKG_VERSION:=2.7.6 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_CPE_ID:=cpe:/a:gnu:patch PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch new file mode 100644 index 0000000000..5dbcb35e29 --- /dev/null +++ b/tools/patch/patches/010-CVE-2018-6951.patch @@ -0,0 +1,29 @@ +From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +2.19.1 + diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch similarity index 89% rename from tools/patch/patches/010-CVE-2018-1000156.patch rename to tools/patch/patches/020-CVE-2018-1000156.patch index 7114f82e8f..83b6d84637 100644 --- a/tools/patch/patches/010-CVE-2018-1000156.patch +++ b/tools/patch/patches/020-CVE-2018-1000156.patch @@ -1,4 +1,4 @@ -From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001 +From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruen@gnu.org> Date: Fri, 6 Apr 2018 12:14:49 +0200 Subject: [PATCH] Fix arbitrary command execution in ed-style patches @@ -10,12 +10,11 @@ instead of rejecting them and carrying on. * tests/ed-style: New test case. * tests/Makefile.am (TESTS): Add test case. --- - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ - tests/Makefile.am | 1 + - tests/ed-style | 41 ++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 tests/ed-style + src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 66 insertions(+), 23 deletions(-) +diff --git a/src/pch.c b/src/pch.c +index bc6278c..4fd5a05 100644 --- a/src/pch.c +++ b/src/pch.c @@ -33,6 +33,7 @@ @@ -26,7 +25,7 @@ instead of rejecting them and carrying on. #define INITHUNKMAX 125 /* initial dynamic allocation size */ -@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c +@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char const *outname, static char const editor_program[] = EDITOR_PROGRAM; file_offset beginning_of_this_line; @@ -69,7 +68,7 @@ instead of rejecting them and carrying on. for (;;) { char ed_command_letter; beginning_of_this_line = file_tell (pfp); -@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c +@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, } ed_command_letter = get_ed_command_letter (buf); if (ed_command_letter) { @@ -88,7 +87,7 @@ instead of rejecting them and carrying on. write_fatal (); if (chars_read == 2 && strEQ (buf, ".\n")) break; -@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c +@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, break; } } @@ -143,3 +142,6 @@ instead of rejecting them and carrying on. if (ofp) { +-- +2.19.1 + diff --git a/tools/patch/patches/020-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch similarity index 78% rename from tools/patch/patches/020-CVE-2018-6952.patch rename to tools/patch/patches/030-CVE-2018-6952.patch index e72a8cbc27..f8e0bf04a8 100644 --- a/tools/patch/patches/020-CVE-2018-6952.patch +++ b/tools/patch/patches/030-CVE-2018-6952.patch @@ -1,4 +1,4 @@ -From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001 +From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher <agruen@gnu.org> Date: Fri, 17 Aug 2018 13:35:40 +0200 Subject: [PATCH] Fix swapping fake lines in pch_swap @@ -12,9 +12,11 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 src/pch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/src/pch.c b/src/pch.c +index 4fd5a05..b0dd14d 100644 --- a/src/pch.c +++ b/src/pch.c -@@ -2114,7 +2114,7 @@ pch_swap (void) +@@ -2115,7 +2115,7 @@ pch_swap (void) } if (p_efake >= 0) { /* fix non-freeable ptr range */ if (p_efake <= i) @@ -23,3 +25,6 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 else n = -i; p_efake += n; +-- +2.19.1 +
uscan reports a new CVE now that PKG_CPE_ID was added. Reordered patches by date. Signed-off-by: Rosen Penev <rosenp@gmail.com> --- tools/patch/Makefile | 2 +- tools/patch/patches/010-CVE-2018-6951.patch | 29 +++++++++++++++++++ ...00156.patch => 020-CVE-2018-1000156.patch} | 20 +++++++------ ...018-6952.patch => 030-CVE-2018-6952.patch} | 9 ++++-- 4 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 tools/patch/patches/010-CVE-2018-6951.patch rename tools/patch/patches/{010-CVE-2018-1000156.patch => 020-CVE-2018-1000156.patch} (89%) rename tools/patch/patches/{020-CVE-2018-6952.patch => 030-CVE-2018-6952.patch} (78%)