diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-04-05 21:17:31 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-04-05 21:17:31 +0100 |
commit | dc7cbdfa65fd814b3b9aa3c56257da201109e807 (patch) | |
tree | c85d72f6f31f21f178069c9d41d41a7c1ff4b362 /sys-devel/patch | |
parent | 0706fc6986773f4e4d391deff4ad5143c464ea4e (diff) |
gentoo resync : 05.04.2019
Diffstat (limited to 'sys-devel/patch')
6 files changed, 279 insertions, 0 deletions
diff --git a/sys-devel/patch/Manifest b/sys-devel/patch/Manifest index ceaee11c8e5e..9dd4cac54b0d 100644 --- a/sys-devel/patch/Manifest +++ b/sys-devel/patch/Manifest @@ -1,5 +1,10 @@ +AUX patch-2.7.6-CVE-2018-1000156.patch 4525 BLAKE2B bc0a12de74f2089fc3141618ef2bf3242d5b1c47d8900c645f2612b84b75dc625260528bb64070b9514b5e55852aa2dd93204fdbc6dacf1df6a0f6d72b53f980 SHA512 82873743ea469c614c9250b78ddfe4e3e754692caede2eb79ac9d5ab991df3329fc6485643fc0d38410b1d5c163485058a2ea8d4ecc0992d0dc0727cc3c3425f +AUX patch-2.7.6-CVE-2018-6951.patch 981 BLAKE2B 585015980a4eecc28c427caf4f827a172f02165b291a8bbe87baea289bee25228d59ccbf7aec9938dfdc3c46865fd238c5c0e272796f59062ef73794e96851db SHA512 db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 +AUX patch-2.7.6-CVE-2018-6952.patch 851 BLAKE2B a7c73ed10a1f71557bf28a5ee9d9800a01d7a3dc61e78428779b93e3e01766289e427f8fef39027d7e65e0153cb4464c92a9a58af7ecbe5f2c7ca3a0ea8aaff3 SHA512 99df964d826d400f87e9b82bf2600d8663c59bb8f9bf4aec082adc8cf6261744f37d416e15492d6e883202ade521d4436cb41c91f516085c3e6ce8e01a8956fb +AUX patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch 860 BLAKE2B 3514ecd15b9c379efcb3cfcb0b1bcb389b63a5d6a108f889812498581c62f86655bb0acacc2a1e495a97613140770796030e82d050d12e502f0d3caadcf54097 SHA512 ced7714cba5f038affb29311aa42f112cea99882e38abc41106bed550ad9996fbc3df314fae5168ca305aaa39429f9d81dbf83469f93f7fe3736a044d41cecd9 AUX patch-2.7.6-fix-error-handling-with-git-style-patches.patch 3582 BLAKE2B c443abb5112283aeb20db4ccf57c0d1241bfa586ad8d54d0ff2e1ae9026174f560df37dda1fedfc39db8178db05f77a4f94827ede80982311f475f460e4ae57f SHA512 1c05cf05b7348b86c878bd464a3f2f978b3e97655bf4f9aa83732af8bfd1e82046b88db39b7ce70e33ffc00c7f09c28ba777fba3fbd9538fd76767bfc396f382 AUX patch-2.7.6-fix-test-suite.patch 2610 BLAKE2B e750283b85f0cb9d52324f28b8a03087980e8a61b16c3465914eeca65a3b800d8946a10c4dd0ab08b18c1cbc37810e55fb5c35314082a8c11e383b7d50d1bd3f SHA512 7ced1f9b937bf62131654d8a25c8d2a3f3cfe5fa8961e2e000542cce68061b10895bc0001ded898b9a43608af1f9c07903dc5c2f0a41662470d97188ed682115 DIST patch-2.7.6.tar.xz 783756 BLAKE2B e3dd2d155a94c39cb60eafc26677e84de14c3a6d5814dff69de091ded52f21862490970254297795f2c42a0c3203f7e88a8f65bb66968f8dfd6e066bf53f2dfb SHA512 fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd EBUILD patch-2.7.6-r2.ebuild 1064 BLAKE2B 75ecf02fb251c8e1947458e1b1f437a2a07d554be979bb97a587e75e8daba71cdd2781cfd596aa40d969450f8039b4c537fc71af2cf5bca866be8136aa576b77 SHA512 5cc7ee806c59197c0c86b7414232c731f7927d43ad995845daee701c629ce56aaf4f514bd7c60c0dd53f3573736e99e7ee37cb9c7dd49add60835e0526ac90e3 +EBUILD patch-2.7.6-r3.ebuild 1304 BLAKE2B 055b0664e91e922c3149f3b85c94d91c887e1a9bbbac5d1a33b29c3f22c08189786997509dec862b66763685147ccc7f9fe60249138fb607565f2c4028ea529f SHA512 3057d893fd5a48cca79224d535318f6c2a39fa7abcea48ec63723a9e99d0b24ed4609d6d13db2062ba2478391ee2503d6b4048a20998894d6330bca05c2136cc MISC metadata.xml 253 BLAKE2B 295e9d6d93aaa12af413972e1590c67087801cc09c9aa6b59d4606c0f4106d1dacf2baa9858559083b4c6d91beeef218d0729e8593a33788958da6d2897e8ce2 SHA512 54a9069aeb4165d2dff3d473c8001bc51613aac9dff3f7f5e9971a9891a737a31511ffa11cbd523febe581ac1d9de2bdf2f40410f0c4239138f2ccca3ef15555 diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch new file mode 100644 index 000000000000..c0324d082fcd --- /dev/null +++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch @@ -0,0 +1,150 @@ +From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 6 Apr 2018 12:14:49 +0200 +Subject: Fix arbitrary command execution in ed-style patches + (CVE-2018-1000156) + +* src/pch.c (do_ed_script): Write ed script to a temporary file instead +of piping it to ed: this will cause ed to abort on invalid commands +instead of rejecting them and carrying on. +* tests/ed-style: New test case. +* tests/Makefile.am (TESTS): Add test case. + + +Without test to avoid automake due to @system package. +--- + +diff --git a/src/pch.c b/src/pch.c +index 0c5cc26..4fd5a05 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -33,6 +33,7 @@ + # include <io.h> + #endif + #include <safe.h> ++#include <sys/wait.h> + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname, + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +- FILE *pipefp = 0; + size_t chars_read; ++ FILE *tmpfp = 0; ++ char const *tmpname; ++ int tmpfd; ++ pid_t pid; ++ ++ if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +- if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- if (inerrno != ENOENT) +- { +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- } +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +- } + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (ed_command_letter != 'd' && ed_command_letter != 's') { + p_pass_comments_through = true; + while ((chars_read = get_line ()) != 0) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (chars_read == 2 && strEQ (buf, ".\n")) + break; +@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, + break; + } + } +- if (!pipefp) ++ if (!tmpfp) + return; +- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 +- || fflush (pipefp) != 0) ++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 ++ || fflush (tmpfp) != 0) + write_fatal (); +- if (pclose (pipefp) != 0) +- fatal ("%s FAILED", editor_program); ++ ++ if (lseek (tmpfd, 0, SEEK_SET) == -1) ++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); ++ ++ if (! dry_run && ! skip_rest_of_patch) { ++ int exclusive = *outname_needs_removal ? 0 : O_EXCL; ++ *outname_needs_removal = true; ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } ++ sprintf (buf, "%s %s%s", editor_program, ++ verbosity == VERBOSE ? "" : "- ", ++ outname); ++ fflush (stdout); ++ ++ pid = fork(); ++ if (pid == -1) ++ pfatal ("Can't fork"); ++ else if (pid == 0) ++ { ++ dup2 (tmpfd, 0); ++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ _exit (2); ++ } ++ else ++ { ++ int wstatus; ++ if (waitpid (pid, &wstatus, 0) == -1 ++ || ! WIFEXITED (wstatus) ++ || WEXITSTATUS (wstatus) != 0) ++ fatal ("%s FAILED", editor_program); ++ } ++ } ++ ++ fclose (tmpfp); ++ safe_unlink (tmpname); + + if (ofp) + { +-- +cgit v1.0-41-gc330 + diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch new file mode 100644 index 000000000000..002d8ffd9d3a --- /dev/null +++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch @@ -0,0 +1,29 @@ +From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +cgit v1.0-41-gc330 + diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch new file mode 100644 index 000000000000..d9ad374a2ae7 --- /dev/null +++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch @@ -0,0 +1,30 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; +-- +cgit v1.0-41-gc330 + diff --git a/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch new file mode 100644 index 000000000000..2d2863c0ccf6 --- /dev/null +++ b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch @@ -0,0 +1,25 @@ +b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 + +Allow input files to be missing for ed-style patches +* src/pch.c (do_ed_script): Allow input files to be missing so that new +files will be created as with non-ed-style patches. + +diff --git a/src/pch.c b/src/pch.c +index bc6278c..0c5cc26 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname, + + if (! dry_run && ! skip_rest_of_patch) { + int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } + sprintf (buf, "%s %s%s", editor_program, + verbosity == VERBOSE ? "" : "- ", + outname); diff --git a/sys-devel/patch/patch-2.7.6-r3.ebuild b/sys-devel/patch/patch-2.7.6-r3.ebuild new file mode 100644 index 000000000000..0cc81c919810 --- /dev/null +++ b/sys-devel/patch/patch-2.7.6-r3.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit flag-o-matic + +DESCRIPTION="Utility to apply diffs to files" +HOMEPAGE="https://www.gnu.org/software/patch/patch.html" +SRC_URI="mirror://gnu/patch/${P}.tar.xz" + +LICENSE="GPL-3+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="static test xattr" + +RDEPEND="xattr? ( sys-apps/attr )" +DEPEND="${RDEPEND} + test? ( sys-apps/ed )" + +PATCHES=( + "${FILESDIR}"/${P}-fix-test-suite.patch + "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch + "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch + "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch + "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch + "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch +) + +src_configure() { + use static && append-ldflags -static + + local myeconfargs=( + $(use_enable xattr) + --program-prefix="$(use userland_BSD && echo g)" + ) + # Do not let $ED mess up the search for `ed` 470210. + ac_cv_path_ED=$(type -P ed) \ + econf "${myeconfargs[@]}" +} |