import patch-2.7.6-9.el8_0

2019-09-17 04:44:46 -04:00 · 2019-09-17 04:44:46 -04:00 · cb3ef76d81
parent 916db99c72
commit cb3ef76d81
2 changed files with 31 additions and 1 deletions
--- a/SOURCES/patch-2.7.6-CVE-2018-20969.patch
+++ b/SOURCES/patch-2.7.6-CVE-2018-20969.patch
@ -0,0 +1,23 @@
+diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
+--- patch-2.7.6/src/pch.c.CVE-2018-20969	2019-09-02 15:40:09.087994204 +0200
+++ patch-2.7.6/src/pch.c	2019-09-02 15:42:23.486485786 +0200
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
+ 	    *outname_needs_removal = true;
+ 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ 	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+ 	fflush (stdout);
+ 
+ 	pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
+ 	else if (pid == 0)
+ 	  {
+ 	    dup2 (tmpfd, 0);
+-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+	    assert (outname[0] != '!' && outname[0] != '-');
+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+ 	    _exit (2);
+ 	  }
+ 	else
--- a/SPECS/patch.spec
+++ b/SPECS/patch.spec
@ -3,7 +3,7 @@
 Summary: Utility for modifying/upgrading files
 Name: patch
 Version: 2.7.6
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/patch/patch.html
 Group: Development/Tools
@ -12,6 +12,7 @@ Patch1: patch-2.7.6-CVE-2018-6951.patch
 Patch2: patch-CVE-2018-1000156.patch
 Patch3: patch-2.7.6-gcc8.patch
 Patch4: patch-2.7.6-CVE-2018-6952.patch
+Patch5: patch-2.7.6-CVE-2018-20969.patch
 Patch100: patch-selinux.patch
 BuildRequires: libselinux-devel
 BuildRequires: libattr-devel
@ -45,6 +46,9 @@ applications.
 # CVE-2018-6952, Double free of memory
 %patch4 -p1 -b .CVE-2018-6952

+# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
+%patch5 -p1 -b .CVE-2018-20969
+
 # SELinux support.
 %patch100 -p1 -b .selinux

@ -71,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*

 %changelog
+* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
+- CVE-2018-20969, invoke ed directly instead of using the shell
+
 * Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
 - Added virtual provides for bundled gnulib library