[arch-commits] Commit in patch/trunk (4 files)
Levente Polyak
anthraxx at archlinux.org
Tue Nov 13 23:43:21 UTC 2018
Date: Tuesday, November 13, 2018 @ 23:43:21
Author: anthraxx
Revision: 339661
upgpkg: patch 2.7.6-7 (fix patches for real)
remove unneeded local patches and use only upstream patches
where possible.
19599883ffb6a450d2884f081f8ecf68edbed7ee requres a tiny context
fix in a single hunk, so we carry that patch around. Its easy
to verify against the upstream commit.
All changes in all patches are exactly like the upstream changes
not fiddling with mixups and not undoing CVE-2018-6952.
The autoreconf was added so we get a new Makefile that respects
the newly added tests/ed-style so we can ensure it still works.
Modified:
patch/trunk/19599883ffb6a450d2884f081f8ecf68edbed7ee.patch
patch/trunk/PKGBUILD
Deleted:
patch/trunk/123eaff0d5d1aebe128295959435b9ca5909c26d.patch
patch/trunk/369dcccdfa6336e5a873d6d63705cfbe04c55727.patch
------------------------------------------------+
123eaff0d5d1aebe128295959435b9ca5909c26d.patch | 150 -----------------------
19599883ffb6a450d2884f081f8ecf68edbed7ee.patch | 47 ++++++-
369dcccdfa6336e5a873d6d63705cfbe04c55727.patch | 102 ---------------
PKGBUILD | 30 ++--
4 files changed, 57 insertions(+), 272 deletions(-)
Deleted: 123eaff0d5d1aebe128295959435b9ca5909c26d.patch
===================================================================
--- 123eaff0d5d1aebe128295959435b9ca5909c26d.patch 2018-11-13 23:13:41 UTC (rev 339660)
+++ 123eaff0d5d1aebe128295959435b9ca5909c26d.patch 2018-11-13 23:43:21 UTC (rev 339661)
@@ -1,150 +0,0 @@
-diff --git a/src/pch.c b/src/pch.c
-index c8ec983..4fd5a05 100644
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -33,6 +33,7 @@
- # include <io.h>
- #endif
- #include <safe.h>
-+#include <sys/wait.h>
-
- #define INITHUNKMAX 125 /* initial dynamic allocation size */
-
-@@ -2114,7 +2115,7 @@ pch_swap (void)
- }
- if (p_efake >= 0) { /* fix non-freeable ptr range */
- if (p_efake <= i)
-- n = p_end - p_ptrn_lines;
-+ n = p_end - i + 1;
- else
- n = -i;
- p_efake += n;
-@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
- static char const editor_program[] = EDITOR_PROGRAM;
-
- file_offset beginning_of_this_line;
-- FILE *pipefp = 0;
- size_t chars_read;
-+ FILE *tmpfp = 0;
-+ char const *tmpname;
-+ int tmpfd;
-+ pid_t pid;
-+
-+ if (! dry_run && ! skip_rest_of_patch)
-+ {
-+ /* Write ed script to a temporary file. This causes ed to abort on
-+ invalid commands such as when line numbers or ranges exceed the
-+ number of available lines. When ed reads from a pipe, it rejects
-+ invalid commands and treats the next line as a new command, which
-+ can lead to arbitrary command execution. */
-+
-+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
-+ if (tmpfd == -1)
-+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
-+ tmpfp = fdopen (tmpfd, "w+b");
-+ if (! tmpfp)
-+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
-+ }
-
-- if (! dry_run && ! skip_rest_of_patch) {
-- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-- assert (! inerrno);
-- *outname_needs_removal = true;
-- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-- sprintf (buf, "%s %s%s", editor_program,
-- verbosity == VERBOSE ? "" : "- ",
-- outname);
-- fflush (stdout);
-- pipefp = popen(buf, binary_transput ? "wb" : "w");
-- if (!pipefp)
-- pfatal ("Can't open pipe to %s", quotearg (buf));
-- }
- for (;;) {
- char ed_command_letter;
- beginning_of_this_line = file_tell (pfp);
-@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
- }
- ed_command_letter = get_ed_command_letter (buf);
- if (ed_command_letter) {
-- if (pipefp)
-- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+ if (tmpfp)
-+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- write_fatal ();
- if (ed_command_letter != 'd' && ed_command_letter != 's') {
- p_pass_comments_through = true;
- while ((chars_read = get_line ()) != 0) {
-- if (pipefp)
-- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+ if (tmpfp)
-+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- write_fatal ();
- if (chars_read == 2 && strEQ (buf, ".\n"))
- break;
-@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
- break;
- }
- }
-- if (!pipefp)
-+ if (!tmpfp)
- return;
-- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
-- || fflush (pipefp) != 0)
-+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
-+ || fflush (tmpfp) != 0)
- write_fatal ();
-- if (pclose (pipefp) != 0)
-- fatal ("%s FAILED", editor_program);
-+
-+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
-+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
-+
-+ if (! dry_run && ! skip_rest_of_patch) {
-+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-+ *outname_needs_removal = true;
-+ if (inerrno != ENOENT)
-+ {
-+ *outname_needs_removal = true;
-+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-+ }
-+ sprintf (buf, "%s %s%s", editor_program,
-+ verbosity == VERBOSE ? "" : "- ",
-+ outname);
-+ fflush (stdout);
-+
-+ pid = fork();
-+ if (pid == -1)
-+ pfatal ("Can't fork");
-+ else if (pid == 0)
-+ {
-+ dup2 (tmpfd, 0);
-+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+ _exit (2);
-+ }
-+ else
-+ {
-+ int wstatus;
-+ if (waitpid (pid, &wstatus, 0) == -1
-+ || ! WIFEXITED (wstatus)
-+ || WEXITSTATUS (wstatus) != 0)
-+ fatal ("%s FAILED", editor_program);
-+ }
-+ }
-+
-+ fclose (tmpfp);
-+ safe_unlink (tmpname);
-
- if (ofp)
- {
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 6b6df63..16f8693 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -32,6 +32,7 @@ TESTS = \
- crlf-handling \
- dash-o-append \
- deep-directories \
-+ ed-style \
- empty-files \
- false-match \
- fifo \
Modified: 19599883ffb6a450d2884f081f8ecf68edbed7ee.patch
===================================================================
--- 19599883ffb6a450d2884f081f8ecf68edbed7ee.patch 2018-11-13 23:13:41 UTC (rev 339660)
+++ 19599883ffb6a450d2884f081f8ecf68edbed7ee.patch 2018-11-13 23:43:21 UTC (rev 339661)
@@ -1,5 +1,29 @@
+From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare at suse.de>
+Date: Thu, 3 May 2018 14:31:55 +0200
+Subject: [PATCH] Don't leak temporary file on failed ed-style patch
+
+Now that we write ed-style patches to a temporary file before we
+apply them, we need to ensure that the temporary file is removed
+before we leave, even on fatal error.
+
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+ tmpname. Don't unlink the file directly, instead tag it for removal
+ at exit time.
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+---
+ src/common.h | 2 ++
+ src/patch.c | 1 +
+ src/pch.c | 11 +++++------
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
diff --git a/src/common.h b/src/common.h
-index ec50b40..22238b5 100644
+index 904a3f8..53c5e32 100644
--- a/src/common.h
+++ b/src/common.h
@@ -94,10 +94,12 @@ XTERN char const *origsuff;
@@ -16,7 +40,7 @@
#ifdef DEBUGGING
XTERN int debug;
diff --git a/src/patch.c b/src/patch.c
-index 0fe6d72..30fa019 100644
+index 3fcaec5..9146597 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1999,6 +1999,7 @@ cleanup (void)
@@ -28,10 +52,10 @@
output_files (NULL);
}
diff --git a/src/pch.c b/src/pch.c
-index 4fd5a05..3223a55 100644
+index 79a3c99..1bb3153 100644
--- a/src/pch.c
+++ b/src/pch.c
-@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char const *outname,
+@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
file_offset beginning_of_this_line;
size_t chars_read;
FILE *tmpfp = 0;
@@ -38,8 +62,8 @@
- char const *tmpname;
int tmpfd;
pid_t pid;
-
-@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname,
+
+@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
invalid commands and treats the next line as a new command, which
can lead to arbitrary command execution. */
@@ -56,8 +80,17 @@
}
for (;;) {
+@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
+ write_fatal ();
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+
+ if (inerrno != ENOENT)
+ {
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
- }
+ pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
- safe_unlink (tmpname);
Deleted: 369dcccdfa6336e5a873d6d63705cfbe04c55727.patch
===================================================================
--- 369dcccdfa6336e5a873d6d63705cfbe04c55727.patch 2018-11-13 23:13:41 UTC (rev 339660)
+++ 369dcccdfa6336e5a873d6d63705cfbe04c55727.patch 2018-11-13 23:43:21 UTC (rev 339661)
@@ -1,102 +0,0 @@
-diff --git a/src/patch.c b/src/patch.c
-index 30fa019..026e992 100644
---- a/src/patch.c
-+++ b/src/patch.c
-@@ -236,6 +236,7 @@ main (int argc, char **argv)
- }
- remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
- }
-+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
-
- if (! skip_rest_of_patch && ! file_type)
- {
-diff --git a/src/pch.c b/src/pch.c
-index 3223a55..f5434b3 100644
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2449,7 +2449,7 @@ do_ed_script (char const *inname, char const *outname,
- write_fatal ();
-
- if (lseek (tmpfd, 0, SEEK_SET) == -1)
-- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
-+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
-
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-diff --git a/tests/ed-style b/tests/ed-style
-new file mode 100644
-index 0000000..504e6e5
---- /dev/null
-+++ b/tests/ed-style
-@@ -0,0 +1,71 @@
-+# Copyright (C) 2018 Free Software Foundation, Inc.
-+#
-+# Copying and distribution of this file, with or without modification,
-+# in any medium, are permitted without royalty provided the copyright
-+# notice and this notice are preserved.
-+
-+. $srcdir/test-lib.sh
-+
-+require cat
-+use_local_patch
-+use_tmpdir
-+
-+# ==============================================================
-+
-+cat > ed1.diff <<EOF
-+0a
-+foo
-+.
-+EOF
-+
-+check 'patch -e foo -i ed1.diff' <<EOF
-+EOF
-+
-+check 'cat foo' <<EOF
-+foo
-+EOF
-+
-+cat > ed2.diff <<EOF
-+1337a
-+r !echo bar
-+,p
-+EOF
-+
-+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
-+Status: 2
-+EOF
-+
-+check 'cat foo' <<EOF
-+foo
-+EOF
-+
-+# Test the case where one ed-style patch modifies several files
-+
-+cat > ed3.diff <<EOF
-+--- foo
-++++ foo
-+1c
-+bar
-+.
-+--- baz
-++++ baz
-+0a
-+baz
-+.
-+EOF
-+
-+# Apparently we can't create a file with such a patch, while it works fine
-+# when the file name is provided on the command line
-+cat > baz <<EOF
-+EOF
-+
-+check 'patch -e -i ed3.diff' <<EOF
-+EOF
-+
-+check 'cat foo' <<EOF
-+bar
-+EOF
-+
-+check 'cat baz' <<EOF
-+baz
-+EOF
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-11-13 23:13:41 UTC (rev 339660)
+++ PKGBUILD 2018-11-13 23:43:21 UTC (rev 339661)
@@ -1,10 +1,11 @@
# Maintainer: Sébastien Luttringer <seblu at archlinux.org>
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Allan McRae <allan at archlinux.org>
# Contributor: judd <jvinet at zeroflux.org>
pkgname=patch
pkgver=2.7.6
-pkgrel=6
+pkgrel=7
pkgdesc='A utility to apply patch files to original sources'
arch=('x86_64')
url='https://www.gnu.org/software/patch/'
@@ -16,20 +17,22 @@
validpgpkeys=('259B3792B3D6D319212CC4DCD5BF9FEB0313653A') # Andreas Gruenbacher
source=("https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
'https://github.com/mirror/patch/commit/f290f48a621867084884bfff87f8093c15195e6a.patch' # CVE-2018-6951
+ 'https://github.com/mirror/patch/commit/b5a91a01e5d0897facdd0f49d64b76b0f02b43e1.patch'
+ 'https://github.com/mirror/patch/commit/123eaff0d5d1aebe128295959435b9ca5909c26d.patch' # CVE-2018-1000156
+ 'https://github.com/mirror/patch/commit/3fcd042d26d70856e826a42b5f93dc4854d80bf0.patch'
+ '19599883ffb6a450d2884f081f8ecf68edbed7ee.patch' # Fix memory leaks introduced in CVE-2018-1000165
+ 'https://github.com/mirror/patch/commit/369dcccdfa6336e5a873d6d63705cfbe04c55727.patch'
'https://github.com/mirror/patch/commit/9c986353e420ead6e706262bf204d6e03322c300.patch' # CVE-2018-6952
- '123eaff0d5d1aebe128295959435b9ca5909c26d.patch' # CVE-2018-1000156
- '19599883ffb6a450d2884f081f8ecf68edbed7ee.patch' # Fix memory leaks introduced in CVE-2018-1000165
- '369dcccdfa6336e5a873d6d63705cfbe04c55727.patch'
- 'https://github.com/mirror/patch/commit/3fcd042d26d70856e826a42b5f93dc4854d80bf0.patch'
)
-md5sums=('78ad9937e4caadcba1526ef1853730d5'
- 'SKIP'
- '7e34fc859ccc07b235a8b01b043ff456'
- 'aa8ac1e3dccbd523143b01e9f60b06e8'
- '053db340c2f856b8e2cb0c4fecc64a17'
- '7b06474bfbf7863d4af9869fb9bd972c'
- '2a307f4854e2dbe3de3b0a3eb613602b'
- 'a93b8e4496f21091fab7a04995da7421')
+sha256sums=('ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd'
+ 'SKIP'
+ '38d28c34524c6ac4585d47e0fe8349508e9e4b014872798cb2bf2bc48e5af2d4'
+ 'b7829673090bcd74110ac040cc6e503113ef770e48d34758c04418cf9c8bfa87'
+ '9158cb3cd4bed0c4fe5a7f1254e0e2642e0ad583dc8b5df8ee296a13d695270d'
+ '473f8a7fa8152a3c7803633e2a3072dab545b74377ea618451ceda4283643364'
+ '6d64a8b8ddfb802ec0aa804388eb5ef51ac808c7a5c111d10490c270eb4fe727'
+ 'e1fc8a8aa2cad71b2a6207241ea71a33a7e3dacb8533ad54af35170c5a6562d1'
+ '4b9e81985ca057fa39daed34a4710eb113f08b3d1ce77a7121ddd8e3fae8007a')
prepare() {
cd $pkgname-$pkgver
@@ -42,6 +45,7 @@
msg2 "Applying patch $src..."
patch -Np1 < "../$src"
done
+ autoreconf -fiv
}
build() {
More information about the arch-commits
mailing list