diff options
| author |   Trevor Gamblin <trevor.gamblin@windriver.com> | 2019-08-21 09:58:17 +0800 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-09-24 08:28:04 -0700 |
| commit | 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd (patch) | |
| tree | ef6e191d4fdc62f3123d2806790c0b83dc5c5f65 | |
| parent | 07cd0d606fea63e683c7de7ebfaa6a55170b8318 (diff) | |
| download | openembedded-core-contrib-308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd.tar.gz | |
patch: fix CVE-2019-13638
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch | 44 | ||||
| -rw-r--r-- | meta/recipes-devtools/patch/patch_2.7.6.bb | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch new file mode 100644 index 0000000000..f60dfe879a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch @@ -0,0 +1,44 @@ +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 6 Apr 2018 19:36:15 +0200 +Subject: [PATCH] Invoke ed directly instead of using the shell + +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell +command to avoid quoting vulnerabilities. + +CVE: CVE-2019-13638 +Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + +--- + src/pch.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + + +diff --git a/src/pch.c b/src/pch.c +index 4fd5a05..16e001a 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, + *outname_needs_removal = true; + copy_file (inname, outname, 0, exclusive, instat.st_mode, true); + } +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); + fflush (stdout); + + pid = fork(); +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, + else if (pid == 0) + { + dup2 (tmpfd, 0); +- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ assert (outname[0] != '!' && outname[0] != '-'); ++ execlp (editor_program, editor_program, "-", outname, (char *) NULL); + _exit (2); + } + else +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 8cf20a3597..8908910f74 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -7,6 +7,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ file://CVE-2019-13636.patch \ + file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ " SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" |