import patch-2.7.6-9.el8_0

This commit is contained in:
CentOS Sources 2019-09-17 04:44:46 -04:00 committed by Andrew Lukoshko
parent 916db99c72
commit cb3ef76d81
2 changed files with 31 additions and 1 deletions

View File

@ -0,0 +1,23 @@
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else

View File

@ -3,7 +3,7 @@
Summary: Utility for modifying/upgrading files Summary: Utility for modifying/upgrading files
Name: patch Name: patch
Version: 2.7.6 Version: 2.7.6
Release: 8%{?dist} Release: 9%{?dist}
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html URL: http://www.gnu.org/software/patch/patch.html
Group: Development/Tools Group: Development/Tools
@ -12,6 +12,7 @@ Patch1: patch-2.7.6-CVE-2018-6951.patch
Patch2: patch-CVE-2018-1000156.patch Patch2: patch-CVE-2018-1000156.patch
Patch3: patch-2.7.6-gcc8.patch Patch3: patch-2.7.6-gcc8.patch
Patch4: patch-2.7.6-CVE-2018-6952.patch Patch4: patch-2.7.6-CVE-2018-6952.patch
Patch5: patch-2.7.6-CVE-2018-20969.patch
Patch100: patch-selinux.patch Patch100: patch-selinux.patch
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
@ -45,6 +46,9 @@ applications.
# CVE-2018-6952, Double free of memory # CVE-2018-6952, Double free of memory
%patch4 -p1 -b .CVE-2018-6952 %patch4 -p1 -b .CVE-2018-6952
# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
%patch5 -p1 -b .CVE-2018-20969
# SELinux support. # SELinux support.
%patch100 -p1 -b .selinux %patch100 -p1 -b .selinux
@ -71,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
- CVE-2018-20969, invoke ed directly instead of using the shell
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8 * Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
- Added virtual provides for bundled gnulib library - Added virtual provides for bundled gnulib library