From cdf74e1c67698b2d44a7460ff7d365d6da7b7b96 Mon Sep 17 00:00:00 2001 From: Jackie Huang Date: Wed, 11 Apr 2018 14:56:09 +0800 Subject: patch: fix CVE-2018-6951 * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 * upstream tracking: http://savannah.gnu.org/bugs/?53132 * Fix segfault with mangled rename patch - src/pch.c (intuit_diff_type): Ensure that two filenames are specified for renames and copies (fix the existing check). Signed-off-by: Jackie Huang Signed-off-by: Ross Burton --- ...02-Fix-segfault-with-mangled-rename-patch.patch | 35 ++++++++++++++++++++++ meta/recipes-devtools/patch/patch_2.7.6.bb | 4 ++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch diff --git a/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch new file mode 100644 index 0000000000..b0bd6fa83a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch @@ -0,0 +1,35 @@ +From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a] +CVE: CVE-2018-6951 + +Signed-off-by: Jackie Huang + +--- + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2c..bc6278c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 576a2ac8fa..19ddf34981 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -1,7 +1,9 @@ require patch.inc LICENSE = "GPLv3" -SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch" +SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ + file://0002-Fix-segfault-with-mangled-rename-patch.patch \ +" SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e" -- cgit 1.2.3-korg