import patch-2.7.6-8.el8

This commit is contained in:
CentOS Sources 2019-05-07 03:31:45 -04:00 committed by Andrew Lukoshko
commit 916db99c72
8 changed files with 1023 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/patch-2.7.6.tar.xz

1
.patch.metadata Normal file
View File

@ -0,0 +1 @@
6f64fa75993bdb285ac4ed6eca6c9212725bff91 SOURCES/patch-2.7.6.tar.xz

View File

@ -0,0 +1,13 @@
diff -up patch-2.7.6/src/pch.c.than patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.than 2018-03-13 11:12:44.726307967 +0100
+++ patch-2.7.6/src/pch.c 2018-03-13 11:13:34.203449789 +0100
@@ -976,7 +976,8 @@ intuit_diff_type (bool need_header, mode
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

View File

@ -0,0 +1,13 @@
diff --git a/src/pch.c b/src/pch.c
index e92bc64..a500ad9 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2122,7 +2122,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
- n = p_end - i + 1;
+ n = p_end - p_ptrn_lines;
else
n = -i;
p_efake += n;

View File

@ -0,0 +1,58 @@
diff -up patch-2.7.6/.me.orig patch-2.7.6/.me
diff -up patch-2.7.6/src/common.h.orig patch-2.7.6/src/common.h
--- patch-2.7.6/src/common.h.orig 2018-06-18 17:20:49.661363500 +0200
+++ patch-2.7.6/src/common.h 2018-06-18 17:22:21.505841527 +0200
@@ -221,3 +221,11 @@ bool merge_hunk (int hunk, struct outsta
#else
# define merge_hunk(hunk, outstate, where, somefailed) false
#endif
+
+#ifndef FALLTHROUGH
+# if __GNUC__ < 7
+# define FALLTHROUGH ((void) 0)
+# else
+# define FALLTHROUGH __attribute__ ((__fallthrough__))
+# endif
+#endif
diff -up patch-2.7.6/src/patch.c.orig patch-2.7.6/src/patch.c
--- patch-2.7.6/src/patch.c.orig 2018-06-18 17:20:49.662363506 +0200
+++ patch-2.7.6/src/patch.c 2018-06-18 17:22:21.507841538 +0200
@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool re
break;
case ' ': case '-': case '+': case '!':
fprintf (rejfp, "%c ", pch_char (i));
- /* fall into */
+ FALLTHROUGH;
case '\n':
pch_write_line (i, rejfp);
break;
diff -up patch-2.7.6/src/pch.c.orig patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.orig 2018-06-18 17:20:49.662363506 +0200
+++ patch-2.7.6/src/pch.c 2018-06-18 17:24:00.694357762 +0200
@@ -1742,7 +1742,7 @@ another_hunk (enum diff difftype, bool r
break;
case '=':
ch = ' ';
- /* FALL THROUGH */
+ FALLTHROUGH;
case ' ':
if (fillsrc > p_ptrn_lines) {
free(s);
@@ -1763,7 +1763,7 @@ another_hunk (enum diff difftype, bool r
p_end = fillsrc-1;
return -1;
}
- /* FALL THROUGH */
+ FALLTHROUGH;
case '+':
if (filldst > p_end) {
free(s);
@@ -2401,7 +2401,7 @@ do_ed_script (char const *inname, char c
size_t chars_read;
FILE *tmpfp = 0;
char const *tmpname;
- int tmpfd;
+ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
pid_t pid;
if (! dry_run && ! skip_rest_of_patch)

View File

@ -0,0 +1,209 @@
diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.CVE-2018-1000156 2018-06-19 10:10:41.407826617 +0200
+++ patch-2.7.6/src/pch.c 2018-06-19 10:11:01.200927524 +0200
@@ -33,6 +33,7 @@
# include <io.h>
#endif
#include <safe.h>
+#include <sys/wait.h>
#define INITHUNKMAX 125 /* initial dynamic allocation size */
@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
static char const editor_program[] = EDITOR_PROGRAM;
file_offset beginning_of_this_line;
- FILE *pipefp = 0;
size_t chars_read;
+ FILE *tmpfp = 0;
+ char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+ if (! dry_run && ! skip_rest_of_patch)
+ {
+ /* Write ed script to a temporary file. This causes ed to abort on
+ invalid commands such as when line numbers or ranges exceed the
+ number of available lines. When ed reads from a pipe, it rejects
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ }
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- assert (! inerrno);
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
- fflush (stdout);
- pipefp = popen(buf, binary_transput ? "wb" : "w");
- if (!pipefp)
- pfatal ("Can't open pipe to %s", quotearg (buf));
- }
for (;;) {
char ed_command_letter;
beginning_of_this_line = file_tell (pfp);
@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
}
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (ed_command_letter != 'd' && ed_command_letter != 's') {
p_pass_comments_through = true;
while ((chars_read = get_line ()) != 0) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2435,13 +2442,50 @@ do_ed_script (char const *inname, char c
break;
}
}
- if (!pipefp)
+ if (!tmpfp)
return;
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
- || fflush (pipefp) != 0)
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ || fflush (tmpfp) != 0)
write_fatal ();
- if (pclose (pipefp) != 0)
- fatal ("%s FAILED", editor_program);
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ *outname_needs_removal = true;
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+ sprintf (buf, "%s %s%s", editor_program,
+ verbosity == VERBOSE ? "" : "- ",
+ outname);
+ fflush (stdout);
+
+ pid = fork();
+ if (pid == -1)
+ pfatal ("Can't fork");
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ _exit (2);
+ }
+ else
+ {
+ int wstatus;
+ if (waitpid (pid, &wstatus, 0) == -1
+ || ! WIFEXITED (wstatus)
+ || WEXITSTATUS (wstatus) != 0)
+ fatal ("%s FAILED", editor_program);
+ }
+ }
+
+ fclose (tmpfp);
+ safe_unlink (tmpname);
+ free((char*) tmpname);
if (ofp)
{
diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
--- patch-2.7.6/tests/ed-style.CVE-2018-1000156 2018-06-19 10:10:41.409826627 +0200
+++ patch-2.7.6/tests/ed-style 2018-06-19 11:28:43.354641294 +0200
@@ -0,0 +1,40 @@
+# Copyright (C) 2018 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+require cat
+use_local_patch
+use_tmpdir
+
+# ==============================================================
+
+cat > ed1.diff <<EOF
+0a
+foo
+.
+EOF
+
+check 'patch -e foo -i ed1.diff' <<EOF
+EOF
+
+check 'cat foo' <<EOF
+foo
+EOF
+
+cat > ed2.diff <<EOF
+1337a
+r !echo bar
+,p
+EOF
+
+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
+Status: 2
+EOF
+
+check 'cat foo' <<EOF
+foo
+EOF
diff -up patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 patch-2.7.6/tests/Makefile.am
--- patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 2018-02-03 13:41:49.000000000 +0100
+++ patch-2.7.6/tests/Makefile.am 2018-06-19 10:10:41.409826627 +0200
@@ -32,6 +32,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
diff -up patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 patch-2.7.6/tests/Makefile.in
--- patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 2018-02-03 14:33:56.000000000 +0100
+++ patch-2.7.6/tests/Makefile.in 2018-06-19 10:10:41.409826627 +0200
@@ -1308,6 +1308,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
@@ -1645,6 +1646,13 @@ empty-files.log: empty-files
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ed-style.log: empty-files
+ @p='ed-style'; \
+ b='ed-style'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
false-match.log: false-match
@p='false-match'; \

326
SOURCES/patch-selinux.patch Normal file
View File

@ -0,0 +1,326 @@
diff -up patch-2.7.6/src/common.h.selinux patch-2.7.6/src/common.h
--- patch-2.7.6/src/common.h.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/common.h 2018-02-12 12:29:44.415225377 +0000
@@ -30,6 +30,8 @@
#include <sys/types.h>
#include <time.h>
+#include <selinux/selinux.h>
+
#include <sys/stat.h>
#include <limits.h>
@@ -84,6 +86,7 @@ XTERN char *outfile;
XTERN int inerrno;
XTERN int invc;
XTERN struct stat instat;
+XTERN security_context_t incontext;
XTERN bool dry_run;
XTERN bool posixly_correct;
diff -up patch-2.7.6/src/inp.c.selinux patch-2.7.6/src/inp.c
--- patch-2.7.6/src/inp.c.selinux 2017-09-04 12:34:16.000000000 +0100
+++ patch-2.7.6/src/inp.c 2018-02-12 12:29:44.415225377 +0000
@@ -145,7 +145,7 @@ get_input_file (char const *filename, ch
char *getbuf;
if (inerrno == -1)
- inerrno = stat_file (filename, &instat);
+ inerrno = stat_file (filename, &instat, &incontext);
/* Perhaps look for RCS or SCCS versions. */
if (S_ISREG (file_type)
@@ -190,7 +190,7 @@ get_input_file (char const *filename, ch
}
if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
- &instat))
+ &instat, &incontext))
inerrno = 0;
free (getbuf);
@@ -201,6 +201,7 @@ get_input_file (char const *filename, ch
{
instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
instat.st_size = 0;
+ incontext = NULL;
}
else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
&& (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
diff -up patch-2.7.6/src/Makefile.am.selinux patch-2.7.6/src/Makefile.am
--- patch-2.7.6/src/Makefile.am.selinux 2017-09-04 12:34:16.000000000 +0100
+++ patch-2.7.6/src/Makefile.am 2018-02-12 12:29:44.415225377 +0000
@@ -37,7 +37,7 @@ patch_SOURCES = \
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
- $(LIB_XATTR) $(LIB_EACCESS)
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
if ENABLE_MERGE
patch_SOURCES += merge.c
diff -up patch-2.7.6/src/Makefile.in.selinux patch-2.7.6/src/Makefile.in
--- patch-2.7.6/src/Makefile.in.selinux 2018-02-03 13:33:56.000000000 +0000
+++ patch-2.7.6/src/Makefile.in 2018-02-12 12:29:44.415225377 +0000
@@ -1147,7 +1147,7 @@ patch_SOURCES = bestmatch.h common.h inp
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
$(am__append_2)
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
- $(LIB_XATTR) $(LIB_EACCESS)
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
all: all-am
diff -up patch-2.7.6/src/patch.c.selinux patch-2.7.6/src/patch.c
--- patch-2.7.6/src/patch.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/patch.c 2018-02-12 12:30:27.315164138 +0000
@@ -269,19 +269,19 @@ main (int argc, char **argv)
if (! strcmp (inname, outname))
{
if (inerrno == -1)
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, NULL);
outstat = instat;
outerrno = inerrno;
}
else
- outerrno = stat_file (outname, &outstat);
+ outerrno = stat_file (outname, &outstat, NULL);
if (! outerrno)
{
if (has_queued_output (&outstat))
{
output_files (&outstat);
- outerrno = stat_file (outname, &outstat);
+ outerrno = stat_file (outname, &outstat, NULL);
inerrno = -1;
}
if (! outerrno)
@@ -598,7 +598,7 @@ main (int argc, char **argv)
}
else
{
- attr |= FA_IDS | FA_MODE | FA_XATTRS;
+ attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT;
set_file_attributes (TMPOUTNAME, attr, inname, &instat,
mode, &new_time);
}
@@ -658,7 +658,7 @@ main (int argc, char **argv)
struct stat oldst;
int olderrno;
- olderrno = stat_file (rej, &oldst);
+ olderrno = stat_file (rej, &oldst, NULL);
if (olderrno && olderrno != ENOENT)
write_fatal ();
if (! olderrno && lookup_file_id (&oldst) == CREATED)
@@ -1790,7 +1790,7 @@ delete_file_later (const char *name, con
if (! st)
{
- if (stat_file (name, &st_tmp) != 0)
+ if (stat_file (name, &st_tmp, NULL) != 0)
pfatal ("Can't get file attributes of %s %s", "file", name);
st = &st_tmp;
}
diff -up patch-2.7.6/src/pch.c.selinux patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/pch.c 2018-02-12 12:29:44.416225375 +0000
@@ -1,6 +1,6 @@
/* reading patches */
-/* Copyright (C) 1986, 1987, 1988 Larry Wall
+/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall
Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
Foundation, Inc.
@@ -296,7 +296,7 @@ there_is_another_patch (bool need_header
if (t > buf + 1 && *(t - 1) == '\n')
{
inname = xmemdup0 (buf, t - buf - 1);
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, &incontext);
if (inerrno)
{
perror (inname);
@@ -433,6 +433,7 @@ intuit_diff_type (bool need_header, mode
bool extended_headers = false;
enum nametype i;
struct stat st[3];
+ security_context_t con[3];
int stat_errno[3];
int version_controlled[3];
enum diff retval;
@@ -473,6 +474,7 @@ intuit_diff_type (bool need_header, mode
version_controlled[OLD] = -1;
version_controlled[NEW] = -1;
version_controlled[INDEX] = -1;
+ con[OLD] = con[NEW] = con[INDEX] = NULL;
p_rfc934_nesting = 0;
p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
@@ -883,7 +885,7 @@ intuit_diff_type (bool need_header, mode
}
else
{
- stat_errno[i] = stat_file (p_name[i], &st[i]);
+ stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]);
if (! stat_errno[i])
{
if (lookup_file_id (&st[i]) == DELETE_LATER)
@@ -922,7 +924,7 @@ intuit_diff_type (bool need_header, mode
if (cs)
{
if (version_get (p_name[i], cs, false, readonly,
- getbuf, &st[i]))
+ getbuf, &st[i], &con[i]))
stat_errno[i] = 0;
else
version_controlled[i] = 0;
@@ -985,7 +987,7 @@ intuit_diff_type (bool need_header, mode
{
if (inname)
{
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, &incontext);
if (inerrno || (instat.st_mode & S_IFMT) == file_type)
maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
}
@@ -998,8 +1000,14 @@ intuit_diff_type (bool need_header, mode
inerrno = stat_errno[i];
invc = version_controlled[i];
instat = st[i];
+ incontext = con[i];
+ con[i] = NULL;
}
+ for (i = OLD; i <= INDEX; i++)
+ if (con[i])
+ freecon (con[i]);
+
return retval;
}
diff -up patch-2.7.6/src/util.c.selinux patch-2.7.6/src/util.c
--- patch-2.7.6/src/util.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/util.c 2018-02-12 12:29:44.417225374 +0000
@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu
S_ISLNK (mode) ? "symbolic link" : "file",
quotearg (to));
}
+ if (attr & FA_SECCONTEXT)
+ {
+ security_context_t outcontext;
+ if (incontext && getfilecon (to, &outcontext) != -1 && outcontext)
+ {
+ if (strcmp (outcontext, incontext) &&
+ setfilecon (to, incontext) != 0)
+ {
+ freecon (outcontext);
+ if (errno != ENOTSUP && errno != EPERM)
+ pfatal ("Can't set security context on file %s",
+ quotearg (to));
+ }
+ else
+ freecon (outcontext);
+ }
+ }
}
static void
@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_
struct stat to_st;
int to_errno;
- to_errno = stat_file (to, &to_st);
+ to_errno = stat_file (to, &to_st, NULL);
if (backup)
create_backup (to, to_errno ? NULL : &to_st, false);
if (! to_errno)
@@ -818,7 +835,8 @@ version_controller (char const *filename
Return true if successful. */
bool
version_get (char const *filename, char const *cs, bool exists, bool readonly,
- char const *getbuf, struct stat *filestat)
+ char const *getbuf, struct stat *filestat,
+ security_context_t *filecontext)
{
if (patch_get < 0)
{
@@ -843,6 +861,13 @@ version_get (char const *filename, char
fatal ("Can't get file %s from %s", quotearg (filename), cs);
if (safe_stat (filename, filestat) != 0)
pfatal ("%s", quotearg (filename));
+ if (filecontext && getfilecon (filename, filecontext) == -1)
+ {
+ if (errno == ENODATA || errno == ENOTSUP)
+ *filecontext = NULL;
+ else
+ pfatal ("%s", quotearg (filename));
+ }
}
return 1;
@@ -1670,12 +1695,28 @@ make_tempfile (char const **name, char l
return fd;
}
-int stat_file (char const *filename, struct stat *st)
+int stat_file (char const *filename, struct stat *st, security_context_t *con)
{
int (*xstat)(char const *, struct stat *) =
follow_symlinks ? safe_stat : safe_lstat;
+ int (*xgetfilecon)(char const *, security_context_t *) =
+ follow_symlinks ? getfilecon : lgetfilecon;
+
+ if (xstat (filename, st) == 0)
+ {
+ if (con)
+ {
+ if (xgetfilecon (filename, con) != -1 ||
+ errno == ENODATA || errno == ENOTSUP)
+ return 0;
- return xstat (filename, st) == 0 ? 0 : errno;
+ *con = NULL;
+ }
+ else
+ return 0;
+ }
+
+ return errno;
}
/* Check if a filename is relative and free of ".." components.
diff -up patch-2.7.6/src/util.h.selinux patch-2.7.6/src/util.h
--- patch-2.7.6/src/util.h.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/util.h 2018-02-12 12:30:08.533190949 +0000
@@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha
char *savebuf (char const *, size_t);
char *savestr (char const *);
char const *version_controller (char const *, bool, struct stat const *, char **, char **);
-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
+bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
int create_file (char const *, int, mode_t, bool);
int systemic (char const *);
char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin);
@@ -67,7 +67,7 @@ void insert_file_id (struct stat const *
enum file_id_type lookup_file_id (struct stat const *);
void set_queued_output (struct stat const *, bool);
bool has_queued_output (struct stat const *);
-int stat_file (char const *, struct stat *);
+int stat_file (char const *, struct stat *, security_context_t *);
bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE;
bool cwd_is_root (char const *);
@@ -75,7 +75,8 @@ enum file_attributes {
FA_TIMES = 1,
FA_IDS = 2,
FA_MODE = 4,
- FA_XATTRS = 8
+ FA_XATTRS = 8,
+ FA_SECCONTEXT = 16
};
void set_file_attributes (char const *, enum file_attributes, char const *,

402
SPECS/patch.spec Normal file
View File

@ -0,0 +1,402 @@
%global gnulib_ver 20180203
Summary: Utility for modifying/upgrading files
Name: patch
Version: 2.7.6
Release: 8%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html
Group: Development/Tools
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch1: patch-2.7.6-CVE-2018-6951.patch
Patch2: patch-CVE-2018-1000156.patch
Patch3: patch-2.7.6-gcc8.patch
Patch4: patch-2.7.6-CVE-2018-6952.patch
Patch100: patch-selinux.patch
BuildRequires: libselinux-devel
BuildRequires: libattr-devel
BuildRequires: ed
BuildRequires: automake autoconf
Provides: bundled(gnulib) = %{gnulib_ver}
%description
The patch program applies diff files to originals. The diff command
is used to compare an original to a changed file. Diff lists the
changes made to the file. A person who has the original file can then
use the patch command with the diff file to add the changes to their
original file (patching the file).
Patch should be installed because it is a common way of upgrading
applications.
%prep
%setup -q
# CVE-2018-6951, NULL pointer dereference causes a crash
%patch1 -p1 -b .CVE-2018-6951
# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
%patch2 -p1 -b .CVE-2018-1000156
# Fix to build with gcc8
%patch3 -p1 -b .gcc8
# CVE-2018-6952, Double free of memory
%patch4 -p1 -b .CVE-2018-6952
# SELinux support.
%patch100 -p1 -b .selinux
%build
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
%ifarch sparcv9
CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
%endif
%configure --disable-silent-rules
make %{?_smp_mflags}
%check
make check
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall
%files
%defattr(-,root,root,-)
%license COPYING
%doc NEWS README
%{_bindir}/*
%{_mandir}/*/*
%changelog
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
- Added virtual provides for bundled gnulib library
* Wed Sep 12 2018 Than Ngo <than@redhat.com> - 2.7.6-7
- Resolves: #1554752, CVE-2018-6952 Double free of memory
* Mon Jun 18 2018 Than Ngo <than@redhat.com> - 2.7.6-6
- avoid warnings from GCC8
* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.6-5
- fixed CVE-2018-1000156
* Tue Mar 13 2018 Than Ngo <than@redhat.com> - 2.7.6-4
- apply the patch for CVE-2018-6951
* Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Feb 01 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.7.5-4
- Add missing %%license macro
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Mar 9 2015 Tim Waugh <twaugh@redhat.com> - 2.7.5-1
- Fixed memory leak in selinux patch.
- 2.7.5, including an even better fix for CVE-2015-1196 that still
allows relative symlinks to be created/used.
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.4-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Sun Feb 1 2015 Tim Waugh <twaugh@redhat.com> - 2.7.4-1
- 2.7.4, including a better fix for CVE-2015-1196 that still allows
symlinks referencing ".." to be created.
* Fri Jan 23 2015 Tim Waugh <twaugh@redhat.com> - 2.7.3-1
- 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637).
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-12
- Apply upstream patch to fix line numbering integer overflow.
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-11
- Apply upstream patch to fix directory traversal via symlinks
(bug #1182157, CVE-2015-1196).
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 12 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-6
- Don't segfault when given bad arguments (bug #972330).
* Thu Apr 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-5
- Don't document unsupported -m option; document -x option (bug #948972).
* Mon Mar 25 2013 Ville Skyttä <ville.skytta@iki.fi> - 2.7.1-4
- Build with xattr support.
- Make build output more verbose.
- Fix bogus date in %%changelog.
* Mon Mar 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-3
- Upstream patch to fix removal of empty directories (bug #919489).
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7.1-1
- Fixed license (since 2.6 it has been GPLv3+).
- 2.7.1.
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7-1
- 2.7. No longer need sigsegv, get-arg, CVE-2010-4651,
backup-if-mismatch or coverity-leak patches.
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Nov 25 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-11
- Fixed NULL dereference in selinux patch.
* Mon May 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-10
- Applied Jiri Popelka's fixes from Coverity scan (bug #704554):
- Avoid unchecked return from getfilecon() in patch-selinux.patch.
- Fix memory leak.
* Wed Feb 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-9
- Let --posix cause --no-backup-if-mismatch (bug #678016).
* Thu Feb 10 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-8
- Incorporate upstream fix for CVE-2010-4651 patch so that a target
name given on the command line is not validated (bug #667529).
* Tue Feb 8 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-7
- Applied upstream patch to fix CVE-2010-4651 so that malicious
patches cannot create files above the current directory
(bug #667529).
* Tue Jan 4 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-6
- Use smp_mflags correctly (bug #665770).
* Mon Aug 16 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-5
- Another fix for the selinux patch (bug #618215).
* Fri Aug 6 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-4
- Fixed interpretation of return value from getfilecon().
- Fixed argument type for --get (bug #553624).
* Fri Aug 6 2010 Dennis Gilmore <dennis@ausil.us>
- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now
* Tue Jul 27 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-3
- Fixed argument type for --get (bug #553624).
* Wed Mar 3 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-2
- Added comments for all patches.
- Ship COPYING file.
- Removed sparc ifdefs in spec file.
* Mon Jan 4 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-1
- 2.6.1 (bug #551569). No longer need best-name patch.
* Thu Dec 24 2009 Tim Waugh <twaugh@redhat.com> 2.6-2
- Applied upstream patch to prevent incorrect filename being chosen
when adding a new file (bug #549122).
* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 2.6-1
- 2.6. No longer need stderr, suffix, stripcr, parse, allow-spaces,
ifdef, program_name, or posix-backup patches.
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Apr 29 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-39
- Fixed operation when SELinux is disabled (bug #498102). Patch from
Jan Kratochvil.
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Feb 17 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-37
- Don't set SELinux file context if it is already correct.
* Mon Nov 24 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-36
- Better summary.
* Mon Jun 30 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-35
- Don't fail if setfilecon() returns EPERM (bug #453365), although the
setfilecon man page suggests that ENOTSUP will be returned in this
case.
* Mon Jun 16 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-34
- Only write simple backups for each file once during a run
(bug #234822).
* Thu Jun 12 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-33
- Fix selinux patch and apply it. Build requires libselinux-devel.
* Fri Feb 8 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-32
- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887).
* Mon Dec 3 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-31
- Convert spec file to UTF-8 (bug #226233).
- Use _bindir macro in %%files (bug #226233).
- Parallel make (bug #226233).
- Better defattr declaration (bug #226233).
* Thu Oct 4 2007 Tim Waugh <twaugh@redhat.com>
- Beginnings of an SELinux patch (bug #165799); not applied yet.
* Wed Aug 29 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-30
- Added dist tag.
- More specific license tag.
- Fixed summary.
- Better buildroot tag.
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.2
- rebuild
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Sep 8 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-29
- Remove SELinux patch for now (bug #167822).
* Wed Sep 7 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-27
- Applied patch from Ulrich Drepper to fix string overread (bug #167675).
* Tue Sep 6 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-26
- Preserve SELinux file contexts (bug #165799).
* Thu Aug 11 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-25
- Fixed CRLF detection (bug #154283).
* Wed May 4 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-24
- Reverted last change (bug #154283, bug #156762).
* Fri Apr 29 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-23
- Applied patch from Toshio Kuratomi to avoid problems with DOS-format
newlines (bug #154283).
* Wed Mar 2 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-22
- Rebuild for new GCC.
* Wed Feb 9 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-21
- Rebuilt.
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Sat Oct 25 2003 Tim Waugh <twaugh@redhat.com> 2.5.4-18
- Rebuilt.
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Wed Nov 20 2002 Tim Powers <timp@redhat.com>
- rebuilt in current collinst
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Tue Apr 9 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-12
- Fix error reporting when given bad options (bug #62981).
* Tue Mar 5 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-11
- s/Copyright:/License:/.
- Fix -D behaviour (bug #60688).
* Tue May 29 2001 Tim Waugh <twaugh@redhat.com> 2.5.4-10
- Merge Mandrake patch:
- fix possible segfault
* Fri Dec 1 2000 Tim Waugh <twaugh@redhat.com>
- Rebuild because of fileutils bug.
* Thu Nov 2 2000 Tim Waugh <twaugh@redhat.com>
- use .orig as default suffix, as per man page and previous behaviour
(bug #20202).
- use better patch for this, from maintainer.
* Wed Oct 4 2000 Tim Waugh <twaugh@redhat.com>
- actually use the RPM_OPT_FLAGS
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Tue Jun 13 2000 Trond Eivind Glomsrød <teg@redhat.com>
- Use %%makeinstall, %%{_tmppath} and %%{_mandir}
* Fri May 12 2000 Trond Eivind Glomsrød <teg@redhat.com>
- added URL
* Wed Feb 16 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- 2.5.4
- Fix up LFS support on Alpha (Bug #5732)
* Mon Feb 7 2000 Bill Nottingham <notting@redhat.com>
- handle compressed manpages
* Sun Jun 06 1999 Alan Cox <alan@redhat.com>
- Fix the case where stderr isnt flushed for ask(). Now the 'no such file'
appears before the skip patch question, not at the very end, Doh!
* Mon Mar 22 1999 Jeff Johnson <jbj@redhat.com>
- (ultra?) sparc was getting large file system support.
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 7)
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- build against glibc 2.1
* Tue Sep 1 1998 Jeff Johnson <jbj@redhat.com>
- bump release to preserve newer than back-ported 4.2.
* Tue Jun 09 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr
* Tue Jun 9 1998 Jeff Johnson <jbj@redhat.com>
- Fix for problem #682 segfault.
* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr
* Tue Apr 07 1998 Cristian Gafton <gafton@redhat.com>
- added buildroot
* Tue Oct 21 1997 Cristian Gafton <gafton@redhat.com>
- updated to 2.5
* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
- built against glibc