From patchwork Mon Oct 15 17:17:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rosen Penev X-Patchwork-Id: 984292 X-Patchwork-Delegate: kevin@darbyshire-bryant.me.uk Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="iBXMkgne"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="oLmrgFN1"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42YlWl4d5Hz9s4s for ; Tue, 16 Oct 2018 04:18:11 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=xpHrbtwMi/s3EzTRX/8yi+JnTmZmHJJzufOEQaNp7bc=; b=iBXMkgneCH/j0C 0ds2Lr+m0wH5UhjviKUHduh5+dvbD6OFU6mtpR0xcTvo4MNF+aO/WjwGbUtXuGykRRHM5ElOJtnbE JlUynZLkN8XsuyvdKrKFNtINcYGDz3mmrctH+M2ZibniOoI20fB0NR36Ijymu8B0W8Yc9cH2s1f7D 0ScJbVXaFmcO0yUDN0C2djVr5oBLRs9SAJ151wRYrQ7cv1PByZi64Ua2iZ4MZj4wMOHf5DgiyjAfp nk93gcHPgy9WtHo8/g61irX+pOK9dZrVP7JLaxLzH0GfHixH8mGT7Hh4lzYANuztueDyQll4VSHvw 83tNKFze76jc1GqBg+gQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gC6VD-0002WV-B6; Mon, 15 Oct 2018 17:17:59 +0000 Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gC6V9-0002Vf-TM for openwrt-devel@lists.openwrt.org; Mon, 15 Oct 2018 17:17:57 +0000 Received: by mail-pl1-x633.google.com with SMTP id 1-v6so9617928plv.7 for ; Mon, 15 Oct 2018 10:17:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XZ52Z0XTx/7uaokrvWZdLlIyvG9jY/XJ320HBOHbDeg=; b=oLmrgFN1zcPYcDEseqgGo/snSmryCtuD7w6p7nXNKTOYMdVs1GMAduLHLbskh7MHk6 mZ+vPQlR1BA3EUsw8q+2257bRArQ42z4gjd2iAa3lDo/54A0eAvdKnyGuo12hreaIk2T aATjNfHc9wtRcrQtlM5qBsgYbtiqKTEd0C3RBnTPcNSLWJySZwBzW4X6OI6LxENK7mca hKqMuQpc8jLLFTSHi4/6124OyHzNgDztjYD5dpMCjKybPJHiqbYD1HHHySY8BQNGb+/w Xb8SLaGMpvJUN1qkenfr5ZO+RJ9pHNUl8QCkfThMPK7i5HsGpupLv4cBABvTVF+tuNVi /hfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XZ52Z0XTx/7uaokrvWZdLlIyvG9jY/XJ320HBOHbDeg=; b=evhyDAHZmY/Ym9QPoHhPP6p90CQDIdlaMjKiPrFOth2L/H7XoFViCey0Da2tgjy5lw 8/um3udJVNYpWswg2SSuxrj2TdT3ajgfN/aOdWAlvdNmFJ/c35rLCvGt+Szptik/7AqC 9tFCMMvNm+zCAj0YPahk4zGM3UFLvN1xmY8mnVX7U0j3XBBUa1TJf+svBFL71Q6V01WN Q2oT6yvAv/ZwdnJ1pXwVbkVsGlnjJscNlErYwrm5t+4kzhqpz75waXkCDc1DlDbpgzb2 yV6KakJ8R558jmqsul8a31JqQZHyx1sYVrgA/7O7LylJFMuqRou1iYUg/ozyRbdlYHNq TW+Q== X-Gm-Message-State: ABuFfoh0ZrEBFK+y/2JYZ8pmbgmECPAFu9dp88JSyuGbgG8OuHiJl2KD Mw+O1J9aph+lRqmmWHQpvpBzTAW/ X-Google-Smtp-Source: ACcGV61H8W8E+XzFwvH18r3+sD2zAo3N0SBaeO7GaV88OQ0Dj4NPpCNb14v1EXXmPfmN+vuPiTk3IQ== X-Received: by 2002:a17:902:d88b:: with SMTP id b11-v6mr17780376plz.136.1539623862967; Mon, 15 Oct 2018 10:17:42 -0700 (PDT) Received: from desktop.lan (astound-69-42-16-32.ca.astound.net. [69.42.16.32]) by smtp.gmail.com with ESMTPSA id l71-v6sm13759359pgd.31.2018.10.15.10.17.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 15 Oct 2018 10:17:42 -0700 (PDT) From: Rosen Penev To: openwrt-devel@lists.openwrt.org Date: Mon, 15 Oct 2018 10:17:29 -0700 Message-Id: <20181015171729.4188-1-rosenp@gmail.com> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181015_101756_007570_EC7B1AC3 X-CRM114-Status: GOOD ( 18.36 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:633 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (rosenp[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH] patch: Add missing CVE X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Rosen Penev Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org uscan reports a new CVE now that PKG_CPE_ID was added. Reordered patches by date. Signed-off-by: Rosen Penev --- tools/patch/Makefile | 2 +- tools/patch/patches/010-CVE-2018-6951.patch | 29 +++++++++++++++++++ ...00156.patch => 020-CVE-2018-1000156.patch} | 20 +++++++------ ...018-6952.patch => 030-CVE-2018-6952.patch} | 9 ++++-- 4 files changed, 48 insertions(+), 12 deletions(-) create mode 100644 tools/patch/patches/010-CVE-2018-6951.patch rename tools/patch/patches/{010-CVE-2018-1000156.patch => 020-CVE-2018-1000156.patch} (89%) rename tools/patch/patches/{020-CVE-2018-6952.patch => 030-CVE-2018-6952.patch} (78%) diff --git a/tools/patch/Makefile b/tools/patch/Makefile index 0f4d7f0326..7323b5b2ab 100644 --- a/tools/patch/Makefile +++ b/tools/patch/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=patch PKG_VERSION:=2.7.6 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_CPE_ID:=cpe:/a:gnu:patch PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch new file mode 100644 index 0000000000..5dbcb35e29 --- /dev/null +++ b/tools/patch/patches/010-CVE-2018-6951.patch @@ -0,0 +1,29 @@ +From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +2.19.1 + diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch similarity index 89% rename from tools/patch/patches/010-CVE-2018-1000156.patch rename to tools/patch/patches/020-CVE-2018-1000156.patch index 7114f82e8f..83b6d84637 100644 --- a/tools/patch/patches/010-CVE-2018-1000156.patch +++ b/tools/patch/patches/020-CVE-2018-1000156.patch @@ -1,4 +1,4 @@ -From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001 +From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Fri, 6 Apr 2018 12:14:49 +0200 Subject: [PATCH] Fix arbitrary command execution in ed-style patches @@ -10,12 +10,11 @@ instead of rejecting them and carrying on. * tests/ed-style: New test case. * tests/Makefile.am (TESTS): Add test case. --- - src/pch.c | 89 +++++++++++++++++++++++++++++++++++------------ - tests/Makefile.am | 1 + - tests/ed-style | 41 ++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 23 deletions(-) - create mode 100644 tests/ed-style + src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 66 insertions(+), 23 deletions(-) +diff --git a/src/pch.c b/src/pch.c +index bc6278c..4fd5a05 100644 --- a/src/pch.c +++ b/src/pch.c @@ -33,6 +33,7 @@ @@ -26,7 +25,7 @@ instead of rejecting them and carrying on. #define INITHUNKMAX 125 /* initial dynamic allocation size */ -@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char c +@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char const *outname, static char const editor_program[] = EDITOR_PROGRAM; file_offset beginning_of_this_line; @@ -69,7 +68,7 @@ instead of rejecting them and carrying on. for (;;) { char ed_command_letter; beginning_of_this_line = file_tell (pfp); -@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char c +@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, } ed_command_letter = get_ed_command_letter (buf); if (ed_command_letter) { @@ -88,7 +87,7 @@ instead of rejecting them and carrying on. write_fatal (); if (chars_read == 2 && strEQ (buf, ".\n")) break; -@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char c +@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, break; } } @@ -143,3 +142,6 @@ instead of rejecting them and carrying on. if (ofp) { +-- +2.19.1 + diff --git a/tools/patch/patches/020-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch similarity index 78% rename from tools/patch/patches/020-CVE-2018-6952.patch rename to tools/patch/patches/030-CVE-2018-6952.patch index e72a8cbc27..f8e0bf04a8 100644 --- a/tools/patch/patches/020-CVE-2018-6952.patch +++ b/tools/patch/patches/030-CVE-2018-6952.patch @@ -1,4 +1,4 @@ -From daa51e492049d9fe3ac049165ec19641bf19cd7f Mon Sep 17 00:00:00 2001 +From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Fri, 17 Aug 2018 13:35:40 +0200 Subject: [PATCH] Fix swapping fake lines in pch_swap @@ -12,9 +12,11 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 src/pch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/src/pch.c b/src/pch.c +index 4fd5a05..b0dd14d 100644 --- a/src/pch.c +++ b/src/pch.c -@@ -2114,7 +2114,7 @@ pch_swap (void) +@@ -2115,7 +2115,7 @@ pch_swap (void) } if (p_efake >= 0) { /* fix non-freeable ptr range */ if (p_efake <= i) @@ -23,3 +25,6 @@ Fixes: https://savannah.gnu.org/bugs/index.php?53133 else n = -i; p_efake += n; +-- +2.19.1 +