import patch-2.7.6-9.el8_0
This commit is contained in:
CentOS Sources
parent
916db99c72
commit
cb3ef76d81
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
|
||||
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
|
||||
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
|
||||
*outname_needs_removal = true;
|
||||
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||
}
|
||||
- sprintf (buf, "%s %s%s", editor_program,
|
||||
- verbosity == VERBOSE ? "" : "- ",
|
||||
- outname);
|
||||
fflush (stdout);
|
||||
|
||||
pid = fork();
|
||||
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
|
||||
else if (pid == 0)
|
||||
{
|
||||
dup2 (tmpfd, 0);
|
||||
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
||||
+ assert (outname[0] != '!' && outname[0] != '-');
|
||||
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
|
||||
_exit (2);
|
||||
}
|
||||
else
|
||||
@ -3,7 +3,7 @@
|
||||
Summary: Utility for modifying/upgrading files
|
||||
Name: patch
|
||||
Version: 2.7.6
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/patch/patch.html
|
||||
Group: Development/Tools
|
||||
@ -12,6 +12,7 @@ Patch1: patch-2.7.6-CVE-2018-6951.patch
|
||||
Patch2: patch-CVE-2018-1000156.patch
|
||||
Patch3: patch-2.7.6-gcc8.patch
|
||||
Patch4: patch-2.7.6-CVE-2018-6952.patch
|
||||
Patch5: patch-2.7.6-CVE-2018-20969.patch
|
||||
Patch100: patch-selinux.patch
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libattr-devel
|
||||
@ -45,6 +46,9 @@ applications.
|
||||
# CVE-2018-6952, Double free of memory
|
||||
%patch4 -p1 -b .CVE-2018-6952
|
||||
|
||||
# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
|
||||
%patch5 -p1 -b .CVE-2018-20969
|
||||
|
||||
# SELinux support.
|
||||
%patch100 -p1 -b .selinux
|
||||
|
||||
@ -71,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
|
||||
- CVE-2018-20969, invoke ed directly instead of using the shell
|
||||
|
||||
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
|
||||
- Added virtual provides for bundled gnulib library
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user