import patch-2.7.6-11.el8
This commit is contained in:
parent
6b89862020
commit
a4847dd0ba
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
|
||||||
|
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
|
||||||
|
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
|
||||||
|
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
|
||||||
|
*outname_needs_removal = true;
|
||||||
|
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||||
|
}
|
||||||
|
- sprintf (buf, "%s %s%s", editor_program,
|
||||||
|
- verbosity == VERBOSE ? "" : "- ",
|
||||||
|
- outname);
|
||||||
|
fflush (stdout);
|
||||||
|
|
||||||
|
pid = fork();
|
||||||
|
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
|
||||||
|
else if (pid == 0)
|
||||||
|
{
|
||||||
|
dup2 (tmpfd, 0);
|
||||||
|
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
||||||
|
+ assert (outname[0] != '!' && outname[0] != '-');
|
||||||
|
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
|
||||||
|
_exit (2);
|
||||||
|
}
|
||||||
|
else
|
102
SOURCES/patch-2.7.6-CVE-2019-13636-symlinks.patch
Normal file
102
SOURCES/patch-2.7.6-CVE-2019-13636-symlinks.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
commit dce4683cbbe107a95f1f0d45fabc304acfb5d71a
|
||||||
|
Author: Andreas Gruenbacher <agruen@gnu.org>
|
||||||
|
Date: Mon Jul 15 16:21:48 2019 +0200
|
||||||
|
|
||||||
|
Don't follow symlinks unless --follow-symlinks is given
|
||||||
|
|
||||||
|
* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
|
||||||
|
append_to_file): Unless the --follow-symlinks option is given, open files with
|
||||||
|
the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
|
||||||
|
that consistently for input files.
|
||||||
|
* src/util.c (create_backup): When creating empty backup files, (re)create them
|
||||||
|
with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
|
||||||
|
|
||||||
|
diff --git a/src/inp.c b/src/inp.c
|
||||||
|
index 32d0919..22d7473 100644
|
||||||
|
--- a/src/inp.c
|
||||||
|
+++ b/src/inp.c
|
||||||
|
@@ -238,8 +238,13 @@ plan_a (char const *filename)
|
||||||
|
{
|
||||||
|
if (S_ISREG (instat.st_mode))
|
||||||
|
{
|
||||||
|
- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
|
||||||
|
+ int flags = O_RDONLY | binary_transput;
|
||||||
|
size_t buffered = 0, n;
|
||||||
|
+ int ifd;
|
||||||
|
+
|
||||||
|
+ if (! follow_symlinks)
|
||||||
|
+ flags |= O_NOFOLLOW;
|
||||||
|
+ ifd = safe_open (filename, flags, 0);
|
||||||
|
if (ifd < 0)
|
||||||
|
pfatal ("can't open file %s", quotearg (filename));
|
||||||
|
|
||||||
|
@@ -340,6 +345,7 @@ plan_a (char const *filename)
|
||||||
|
static void
|
||||||
|
plan_b (char const *filename)
|
||||||
|
{
|
||||||
|
+ int flags = O_RDONLY | binary_transput;
|
||||||
|
int ifd;
|
||||||
|
FILE *ifp;
|
||||||
|
int c;
|
||||||
|
@@ -353,7 +359,9 @@ plan_b (char const *filename)
|
||||||
|
|
||||||
|
if (instat.st_size == 0)
|
||||||
|
filename = NULL_DEVICE;
|
||||||
|
- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
|
||||||
|
+ if (! follow_symlinks)
|
||||||
|
+ flags |= O_NOFOLLOW;
|
||||||
|
+ if ((ifd = safe_open (filename, flags, 0)) < 0
|
||||||
|
|| ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
|
||||||
|
pfatal ("Can't open file %s", quotearg (filename));
|
||||||
|
if (TMPINNAME_needs_removal)
|
||||||
|
diff --git a/src/util.c b/src/util.c
|
||||||
|
index 1cc08ba..fb38307 100644
|
||||||
|
--- a/src/util.c
|
||||||
|
+++ b/src/util.c
|
||||||
|
@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
|
||||||
|
|
||||||
|
try_makedirs_errno = ENOENT;
|
||||||
|
safe_unlink (bakname);
|
||||||
|
- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
|
||||||
|
+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
|
||||||
|
{
|
||||||
|
if (errno != try_makedirs_errno)
|
||||||
|
pfatal ("Can't create file %s", quotearg (bakname));
|
||||||
|
@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
|
||||||
|
static void
|
||||||
|
copy_to_fd (const char *from, int tofd)
|
||||||
|
{
|
||||||
|
+ int from_flags = O_RDONLY | O_BINARY;
|
||||||
|
int fromfd;
|
||||||
|
ssize_t i;
|
||||||
|
|
||||||
|
- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
|
||||||
|
+ if (! follow_symlinks)
|
||||||
|
+ from_flags |= O_NOFOLLOW;
|
||||||
|
+ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
|
||||||
|
pfatal ("Can't reopen file %s", quotearg (from));
|
||||||
|
while ((i = read (fromfd, buf, bufsize)) != 0)
|
||||||
|
{
|
||||||
|
@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
|
||||||
|
else
|
||||||
|
{
|
||||||
|
assert (S_ISREG (mode));
|
||||||
|
+ if (! follow_symlinks)
|
||||||
|
+ to_flags |= O_NOFOLLOW;
|
||||||
|
tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
|
||||||
|
to_dir_known_to_exist);
|
||||||
|
copy_to_fd (from, tofd);
|
||||||
|
@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
|
||||||
|
void
|
||||||
|
append_to_file (char const *from, char const *to)
|
||||||
|
{
|
||||||
|
+ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
|
||||||
|
int tofd;
|
||||||
|
|
||||||
|
- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
|
||||||
|
+ if (! follow_symlinks)
|
||||||
|
+ to_flags |= O_NOFOLLOW;
|
||||||
|
+ if ((tofd = safe_open (to, to_flags, 0)) < 0)
|
||||||
|
pfatal ("Can't reopen file %s", quotearg (to));
|
||||||
|
copy_to_fd (from, tofd);
|
||||||
|
if (close (tofd) != 0)
|
46
SOURCES/patch-2.7.x-abort_when_cleaning_up_fails.patch
Normal file
46
SOURCES/patch-2.7.x-abort_when_cleaning_up_fails.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
commit b7b028a77bd855f6f56b17c8837fc1cca77b469d
|
||||||
|
Author: Andreas Gruenbacher <agruen@gnu.org>
|
||||||
|
Date: Fri Jun 28 00:30:25 2019 +0200
|
||||||
|
|
||||||
|
Abort when cleaning up fails
|
||||||
|
|
||||||
|
When a fatal error triggers during cleanup, another attempt will be made to
|
||||||
|
clean up, which will likely lead to the same fatal error. So instead, bail out
|
||||||
|
when that happens.
|
||||||
|
src/patch.c (cleanup): Bail out when called recursively.
|
||||||
|
(main): There is no need to call output_files() before cleanup() as cleanup()
|
||||||
|
already does that.
|
||||||
|
|
||||||
|
diff --git a/src/patch.c b/src/patch.c
|
||||||
|
index 4616a48..02fd982 100644
|
||||||
|
--- a/src/patch.c
|
||||||
|
+++ b/src/patch.c
|
||||||
|
@@ -685,7 +685,6 @@ main (int argc, char **argv)
|
||||||
|
}
|
||||||
|
if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
|
||||||
|
write_fatal ();
|
||||||
|
- output_files (NULL);
|
||||||
|
cleanup ();
|
||||||
|
delete_files ();
|
||||||
|
if (somefailed)
|
||||||
|
@@ -1991,7 +1990,6 @@ void
|
||||||
|
fatal_exit (int sig)
|
||||||
|
{
|
||||||
|
cleanup ();
|
||||||
|
-
|
||||||
|
if (sig)
|
||||||
|
exit_with_signal (sig);
|
||||||
|
|
||||||
|
@@ -2011,6 +2009,12 @@ remove_if_needed (char const *name, bool *needs_removal)
|
||||||
|
static void
|
||||||
|
cleanup (void)
|
||||||
|
{
|
||||||
|
+ static bool already_cleaning_up;
|
||||||
|
+
|
||||||
|
+ if (already_cleaning_up)
|
||||||
|
+ return;
|
||||||
|
+ already_cleaning_up = true;
|
||||||
|
+
|
||||||
|
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
|
||||||
|
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
|
||||||
|
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
|
@ -3,7 +3,7 @@
|
|||||||
Summary: Utility for modifying/upgrading files
|
Summary: Utility for modifying/upgrading files
|
||||||
Name: patch
|
Name: patch
|
||||||
Version: 2.7.6
|
Version: 2.7.6
|
||||||
Release: 8%{?dist}
|
Release: 11%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://www.gnu.org/software/patch/patch.html
|
URL: http://www.gnu.org/software/patch/patch.html
|
||||||
Group: Development/Tools
|
Group: Development/Tools
|
||||||
@ -12,6 +12,9 @@ Patch1: patch-2.7.6-CVE-2018-6951.patch
|
|||||||
Patch2: patch-CVE-2018-1000156.patch
|
Patch2: patch-CVE-2018-1000156.patch
|
||||||
Patch3: patch-2.7.6-gcc8.patch
|
Patch3: patch-2.7.6-gcc8.patch
|
||||||
Patch4: patch-2.7.6-CVE-2018-6952.patch
|
Patch4: patch-2.7.6-CVE-2018-6952.patch
|
||||||
|
Patch5: patch-2.7.6-CVE-2018-20969.patch
|
||||||
|
Patch6: patch-2.7.6-CVE-2019-13636-symlinks.patch
|
||||||
|
Patch7: patch-2.7.x-abort_when_cleaning_up_fails.patch
|
||||||
Patch100: patch-selinux.patch
|
Patch100: patch-selinux.patch
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: libattr-devel
|
BuildRequires: libattr-devel
|
||||||
@ -45,6 +48,15 @@ applications.
|
|||||||
# CVE-2018-6952, Double free of memory
|
# CVE-2018-6952, Double free of memory
|
||||||
%patch4 -p1 -b .CVE-2018-6952
|
%patch4 -p1 -b .CVE-2018-6952
|
||||||
|
|
||||||
|
# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
|
||||||
|
%patch5 -p1 -b .CVE-2018-20969
|
||||||
|
|
||||||
|
# CVE-2019-13636, Don't follow symlinks unless --follow-symlinks is given
|
||||||
|
%patch6 -p1 -b .CVE-2019-13636
|
||||||
|
|
||||||
|
# bz#1665928, Abort when cleaning up fails
|
||||||
|
%patch7 -p1 -b .abort_when_cleaning_up_fails
|
||||||
|
|
||||||
# SELinux support.
|
# SELinux support.
|
||||||
%patch100 -p1 -b .selinux
|
%patch100 -p1 -b .selinux
|
||||||
|
|
||||||
@ -71,6 +83,16 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-11
|
||||||
|
- Related: #1733565, apply the patch correctly
|
||||||
|
|
||||||
|
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-10
|
||||||
|
- CVE-2019-13636 , Don't follow symlinks unless --follow-symlinks is given
|
||||||
|
- Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist
|
||||||
|
|
||||||
|
* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
|
||||||
|
- CVE-2018-20969, invoke ed directly instead of using the shell
|
||||||
|
|
||||||
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
|
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
|
||||||
- Added virtual provides for bundled gnulib library
|
- Added virtual provides for bundled gnulib library
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user