Browse Source

initial transfer

master
artoo 8 months ago
parent
commit
73cf12a1fd

+ 99
- 0
patch/repos/core-x86_64/19599883ffb6a450d2884f081f8ecf68edbed7ee.patch View File

@@ -0,0 +1,99 @@
From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Thu, 3 May 2018 14:31:55 +0200
Subject: [PATCH] Don't leak temporary file on failed ed-style patch

Now that we write ed-style patches to a temporary file before we
apply them, we need to ensure that the temporary file is removed
before we leave, even on fatal error.

* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
tmpname. Don't unlink the file directly, instead tag it for removal
at exit time.
* src/patch.c (cleanup): Unlink TMPEDNAME at exit.

This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820

Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
---
src/common.h | 2 ++
src/patch.c | 1 +
src/pch.c | 11 +++++------
3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/common.h b/src/common.h
index 904a3f8..53c5e32 100644
--- a/src/common.h
+++ b/src/common.h
@@ -94,10 +94,12 @@ XTERN char const *origsuff;
XTERN char const * TMPINNAME;
XTERN char const * TMPOUTNAME;
XTERN char const * TMPPATNAME;
+XTERN char const * TMPEDNAME;
XTERN bool TMPINNAME_needs_removal;
XTERN bool TMPOUTNAME_needs_removal;
XTERN bool TMPPATNAME_needs_removal;
+XTERN bool TMPEDNAME_needs_removal;
#ifdef DEBUGGING
XTERN int debug;
diff --git a/src/patch.c b/src/patch.c
index 3fcaec5..9146597 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1999,6 +1999,7 @@ cleanup (void)
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
output_files (NULL);
}
diff --git a/src/pch.c b/src/pch.c
index 79a3c99..1bb3153 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
file_offset beginning_of_this_line;
size_t chars_read;
FILE *tmpfp = 0;
- char const *tmpname;
int tmpfd;
pid_t pid;

@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
invalid commands and treats the next line as a new command, which
can lead to arbitrary command execution. */
- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
if (tmpfd == -1)
- pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
+ TMPEDNAME_needs_removal = true;
tmpfp = fdopen (tmpfd, "w+b");
if (! tmpfp)
- pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
}
for (;;) {
@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
write_fatal ();
if (lseek (tmpfd, 0, SEEK_SET) == -1)
- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
if (inerrno != ENOENT)
{
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
- safe_unlink (tmpname);
if (ofp)
{

+ 67
- 0
patch/repos/core-x86_64/PKGBUILD View File

@@ -0,0 +1,67 @@
# Maintainer: Sébastien Luttringer <seblu@archlinux.org>
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Allan McRae <allan@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>

pkgname=patch
pkgver=2.7.6
pkgrel=7
pkgdesc='A utility to apply patch files to original sources'
arch=('x86_64')
url='https://www.gnu.org/software/patch/'
license=('GPL')
groups=('base-devel')
depends=('glibc' 'attr')
makedepends=('ed')
optdepends=('ed: for patch -e functionality')
validpgpkeys=('259B3792B3D6D319212CC4DCD5BF9FEB0313653A') # Andreas Gruenbacher
source=("https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
'https://github.com/mirror/patch/commit/f290f48a621867084884bfff87f8093c15195e6a.patch' # CVE-2018-6951
'https://github.com/mirror/patch/commit/b5a91a01e5d0897facdd0f49d64b76b0f02b43e1.patch'
'https://github.com/mirror/patch/commit/123eaff0d5d1aebe128295959435b9ca5909c26d.patch' # CVE-2018-1000156
'https://github.com/mirror/patch/commit/3fcd042d26d70856e826a42b5f93dc4854d80bf0.patch'
'19599883ffb6a450d2884f081f8ecf68edbed7ee.patch' # Fix memory leaks introduced in CVE-2018-1000165
'https://github.com/mirror/patch/commit/369dcccdfa6336e5a873d6d63705cfbe04c55727.patch'
'https://github.com/mirror/patch/commit/9c986353e420ead6e706262bf204d6e03322c300.patch' # CVE-2018-6952
)
sha256sums=('ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd'
'SKIP'
'38d28c34524c6ac4585d47e0fe8349508e9e4b014872798cb2bf2bc48e5af2d4'
'b7829673090bcd74110ac040cc6e503113ef770e48d34758c04418cf9c8bfa87'
'9158cb3cd4bed0c4fe5a7f1254e0e2642e0ad583dc8b5df8ee296a13d695270d'
'473f8a7fa8152a3c7803633e2a3072dab545b74377ea618451ceda4283643364'
'6d64a8b8ddfb802ec0aa804388eb5ef51ac808c7a5c111d10490c270eb4fe727'
'e1fc8a8aa2cad71b2a6207241ea71a33a7e3dacb8533ad54af35170c5a6562d1'
'4b9e81985ca057fa39daed34a4710eb113f08b3d1ce77a7121ddd8e3fae8007a')

prepare() {
cd $pkgname-$pkgver
# apply patch from the source array (should be a pacman feature)
local src
for src in "${source[@]}"; do
src="${src%%::*}"
src="${src##*/}"
[[ $src = *.patch ]] || continue
msg2 "Applying patch $src..."
patch -Np1 < "../$src"
done
autoreconf -fiv
}

build() {
cd $pkgname-$pkgver
./configure --prefix=/usr
make
}

check() {
cd $pkgname-$pkgver
make check
}

package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
}

# vim:set ts=2 sw=2 et:

+ 99
- 0
patch/trunk/19599883ffb6a450d2884f081f8ecf68edbed7ee.patch View File

@@ -0,0 +1,99 @@
From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Thu, 3 May 2018 14:31:55 +0200
Subject: [PATCH] Don't leak temporary file on failed ed-style patch

Now that we write ed-style patches to a temporary file before we
apply them, we need to ensure that the temporary file is removed
before we leave, even on fatal error.

* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
tmpname. Don't unlink the file directly, instead tag it for removal
at exit time.
* src/patch.c (cleanup): Unlink TMPEDNAME at exit.

This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820

Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
---
src/common.h | 2 ++
src/patch.c | 1 +
src/pch.c | 11 +++++------
3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/common.h b/src/common.h
index 904a3f8..53c5e32 100644
--- a/src/common.h
+++ b/src/common.h
@@ -94,10 +94,12 @@ XTERN char const *origsuff;
XTERN char const * TMPINNAME;
XTERN char const * TMPOUTNAME;
XTERN char const * TMPPATNAME;
+XTERN char const * TMPEDNAME;
XTERN bool TMPINNAME_needs_removal;
XTERN bool TMPOUTNAME_needs_removal;
XTERN bool TMPPATNAME_needs_removal;
+XTERN bool TMPEDNAME_needs_removal;
#ifdef DEBUGGING
XTERN int debug;
diff --git a/src/patch.c b/src/patch.c
index 3fcaec5..9146597 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1999,6 +1999,7 @@ cleanup (void)
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
output_files (NULL);
}
diff --git a/src/pch.c b/src/pch.c
index 79a3c99..1bb3153 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
file_offset beginning_of_this_line;
size_t chars_read;
FILE *tmpfp = 0;
- char const *tmpname;
int tmpfd;
pid_t pid;

@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
invalid commands and treats the next line as a new command, which
can lead to arbitrary command execution. */
- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
if (tmpfd == -1)
- pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
+ TMPEDNAME_needs_removal = true;
tmpfp = fdopen (tmpfd, "w+b");
if (! tmpfp)
- pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
}
for (;;) {
@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
write_fatal ();
if (lseek (tmpfd, 0, SEEK_SET) == -1)
- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
if (inerrno != ENOENT)
{
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
- safe_unlink (tmpname);
if (ofp)
{

+ 67
- 0
patch/trunk/PKGBUILD View File

@@ -0,0 +1,67 @@
# Maintainer: Sébastien Luttringer <seblu@archlinux.org>
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Allan McRae <allan@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>

pkgname=patch
pkgver=2.7.6
pkgrel=7
pkgdesc='A utility to apply patch files to original sources'
arch=('x86_64')
url='https://www.gnu.org/software/patch/'
license=('GPL')
groups=('base-devel')
depends=('glibc' 'attr')
makedepends=('ed')
optdepends=('ed: for patch -e functionality')
validpgpkeys=('259B3792B3D6D319212CC4DCD5BF9FEB0313653A') # Andreas Gruenbacher
source=("https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
'https://github.com/mirror/patch/commit/f290f48a621867084884bfff87f8093c15195e6a.patch' # CVE-2018-6951
'https://github.com/mirror/patch/commit/b5a91a01e5d0897facdd0f49d64b76b0f02b43e1.patch'
'https://github.com/mirror/patch/commit/123eaff0d5d1aebe128295959435b9ca5909c26d.patch' # CVE-2018-1000156
'https://github.com/mirror/patch/commit/3fcd042d26d70856e826a42b5f93dc4854d80bf0.patch'
'19599883ffb6a450d2884f081f8ecf68edbed7ee.patch' # Fix memory leaks introduced in CVE-2018-1000165
'https://github.com/mirror/patch/commit/369dcccdfa6336e5a873d6d63705cfbe04c55727.patch'
'https://github.com/mirror/patch/commit/9c986353e420ead6e706262bf204d6e03322c300.patch' # CVE-2018-6952
)
sha256sums=('ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd'
'SKIP'
'38d28c34524c6ac4585d47e0fe8349508e9e4b014872798cb2bf2bc48e5af2d4'
'b7829673090bcd74110ac040cc6e503113ef770e48d34758c04418cf9c8bfa87'
'9158cb3cd4bed0c4fe5a7f1254e0e2642e0ad583dc8b5df8ee296a13d695270d'
'473f8a7fa8152a3c7803633e2a3072dab545b74377ea618451ceda4283643364'
'6d64a8b8ddfb802ec0aa804388eb5ef51ac808c7a5c111d10490c270eb4fe727'
'e1fc8a8aa2cad71b2a6207241ea71a33a7e3dacb8533ad54af35170c5a6562d1'
'4b9e81985ca057fa39daed34a4710eb113f08b3d1ce77a7121ddd8e3fae8007a')

prepare() {
cd $pkgname-$pkgver
# apply patch from the source array (should be a pacman feature)
local src
for src in "${source[@]}"; do
src="${src%%::*}"
src="${src##*/}"
[[ $src = *.patch ]] || continue
msg2 "Applying patch $src..."
patch -Np1 < "../$src"
done
autoreconf -fiv
}

build() {
cd $pkgname-$pkgver
./configure --prefix=/usr
make
}

check() {
cd $pkgname-$pkgver
make check
}

package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
}

# vim:set ts=2 sw=2 et:

Loading…
Cancel
Save