Compare commits

...

No commits in common. "c8" and "c9" have entirely different histories.
c8 ... c9

28 changed files with 2890 additions and 210 deletions

View File

@ -0,0 +1,14 @@
diff -up patch-2.7.6/lib/vasnprintf.c.me patch-2.7.6/lib/vasnprintf.c
--- patch-2.7.6/lib/vasnprintf.c.me 2018-11-26 14:02:03.401718842 +0100
+++ patch-2.7.6/lib/vasnprintf.c 2018-11-26 14:03:02.923913446 +0100
@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extr
size_t a_len = a.nlimbs;
/* 0.03345 is slightly larger than log(2)/(9*log(10)). */
size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
+ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
+ digits of a, followed by 1 byte for the terminating NUL. */
+ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
if (c_ptr != NULL)
{
char *d_ptr = c_ptr;

View File

@ -1,23 +0,0 @@
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else

View File

@ -1,13 +0,0 @@
diff -up patch-2.7.6/src/pch.c.than patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.than 2018-03-13 11:12:44.726307967 +0100
+++ patch-2.7.6/src/pch.c 2018-03-13 11:13:34.203449789 +0100
@@ -976,7 +976,8 @@ intuit_diff_type (bool need_header, mode
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

View File

@ -0,0 +1,25 @@
commit 9c986353e420ead6e706262bf204d6e03322c300
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Aug 17 13:35:40 2018 +0200
Fix swapping fake lines in pch_swap
* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
blank line in the middle of a context-diff hunk: that empty line stays
in the middle of the hunk and isn't swapped.
Fixes: https://savannah.gnu.org/bugs/index.php?53133
diff --git a/src/pch.c b/src/pch.c
index e92bc64..a500ad9 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2122,7 +2122,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
- n = p_end - i + 1;
+ n = p_end - p_ptrn_lines;
else
n = -i;
p_efake += n;

View File

@ -1,13 +0,0 @@
diff --git a/src/pch.c b/src/pch.c
index e92bc64..a500ad9 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2122,7 +2122,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
- n = p_end - i + 1;
+ n = p_end - p_ptrn_lines;
else
n = -i;
p_efake += n;

View File

@ -0,0 +1,33 @@
commit 3fcd042d26d70856e826a42b5f93dc4854d80bf0
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 19:36:15 2018 +0200
Invoke ed directly instead of using the shell
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
diff --git a/src/pch.c b/src/pch.c
index 4fd5a05..16e001a 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else

View File

@ -0,0 +1,28 @@
commit b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 11:34:51 2018 +0200
Allow input files to be missing for ed-style patches
* src/pch.c (do_ed_script): Allow input files to be missing so that new
files will be created as with non-ed-style patches.
diff --git a/src/pch.c b/src/pch.c
index bc6278c..0c5cc26 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
if (! dry_run && ! skip_rest_of_patch) {
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- assert (! inerrno);
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
sprintf (buf, "%s %s%s", editor_program,
verbosity == VERBOSE ? "" : "- ",
outname);

View File

@ -0,0 +1,21 @@
commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 19:10:02 2019 +0200
Avoid invalid memory access in context format diffs
* src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
diff --git a/src/pch.c b/src/pch.c
index a500ad9..cb54e03 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
ptrn_prefix_context = context;
ptrn_suffix_context = context;
if (repl_beginning
+ || p_end <= 0
|| (p_end
!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
{

View File

@ -0,0 +1,24 @@
commit 3bbebbb29f6fbbf2988b9f2e75695b7c0b1f1c9b
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 12:01:22 2018 +0100
Avoid set_file_attributes sign conversion warnings
* src/util.c (set_file_attributes): Avoid sign conversion warnings when
assigning -1 to uid_t / gid_t.
diff --git a/src/util.c b/src/util.c
index b1c7266..1cc08ba 100644
--- a/src/util.c
+++ b/src/util.c
@@ -256,8 +256,8 @@ set_file_attributes (char const *to, enum file_attributes attr,
}
if (attr & FA_IDS)
{
- static uid_t euid = -1;
- static gid_t egid = -1;
+ static uid_t euid = (uid_t)-1;
+ static gid_t egid = (gid_t)-1;
uid_t uid;
uid_t gid;

View File

@ -0,0 +1,85 @@
commit ae81be0024ea4eaf139b7ba57e9a8ce9e4a163ec
Author: Jim Meyering <jim@meyering.net>
Date: Fri Apr 6 17:17:11 2018 -0700
maint: avoid warnings from GCC8
Hi Andreas,
I configured with --enable-gcc-warnings and bleeding-edge gcc
(version 8.0.1 20180406) and hit some warning-escalated-to-errors.
This fixes them:
>From a71ddb200dbe7ac0f9258796b5a51979b2740e88 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Fri, 6 Apr 2018 16:47:00 -0700
Subject: [PATCH] maint: avoid warnings from GCC8
* src/common.h (FALLTHROUGH): Define.
* src/patch.c (abort_hunk_context): Use FALLTHROUGH macro in place of
a comment. This avoids a warning from -Wimplicit-fallthrough=.
* src/pch.c (do_ed_script): Add otherwise unnecessary initialization
to avoid warning from -Wmaybe-uninitialized.
(another_hunk): Use FALLTHROUGH macro here, too, twice.
diff --git a/src/common.h b/src/common.h
index ec50b40..904a3f8 100644
--- a/src/common.h
+++ b/src/common.h
@@ -218,3 +218,11 @@ bool merge_hunk (int hunk, struct outstate *, lin where, bool *);
#else
# define merge_hunk(hunk, outstate, where, somefailed) false
#endif
+
+#ifndef FALLTHROUGH
+# if __GNUC__ < 7
+# define FALLTHROUGH ((void) 0)
+# else
+# define FALLTHROUGH __attribute__ ((__fallthrough__))
+# endif
+#endif
diff --git a/src/patch.c b/src/patch.c
index 0fe6d72..1ae91d9 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool reverse)
break;
case ' ': case '-': case '+': case '!':
fprintf (rejfp, "%c ", pch_char (i));
- /* fall into */
+ FALLTHROUGH;
case '\n':
pch_write_line (i, rejfp);
break;
diff --git a/src/pch.c b/src/pch.c
index 1055542..cda3dfa 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1735,7 +1735,7 @@ another_hunk (enum diff difftype, bool rev)
break;
case '=':
ch = ' ';
- /* FALL THROUGH */
+ FALLTHROUGH;
case ' ':
if (fillsrc > p_ptrn_lines) {
free(s);
@@ -1756,7 +1756,7 @@ another_hunk (enum diff difftype, bool rev)
p_end = fillsrc-1;
return -1;
}
- /* FALL THROUGH */
+ FALLTHROUGH;
case '+':
if (filldst > p_end) {
free(s);
@@ -2394,8 +2394,7 @@ do_ed_script (char const *inname, char const *outname,
size_t chars_read;
FILE *tmpfp = 0;
char const *tmpname;
- int tmpfd;
- pid_t pid;
+ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
char const **ed_argv;
int stdin_dup, status;

View File

@ -0,0 +1,75 @@
commit 1e9104c18019e7dc6b5590aea4b1d4f9d8ecfd56
Author: Bruno Haible <bruno@clisp.org>
Date: Sat Apr 7 12:21:04 2018 +0200
Fix check of return value of fwrite().
* src/patch.c (copy_till): Consider incomplete fwrite() write as an error.
* src/pch.c (pch_write_line, do_ed_script): Likewise.
diff --git a/src/patch.c b/src/patch.c
index 1ae91d9..3fcaec5 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -2,7 +2,7 @@
/* Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall
- Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2012 Free Software
+ Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2018 Free Software
Foundation, Inc.
This program is free software: you can redistribute it and/or modify
@@ -1641,7 +1641,7 @@ copy_till (struct outstate *outstate, lin lastline)
if (size)
{
if ((! outstate->after_newline && putc ('\n', fp) == EOF)
- || ! fwrite (s, sizeof *s, size, fp))
+ || fwrite (s, sizeof *s, size, fp) < size)
write_fatal ();
outstate->after_newline = s[size - 1] == '\n';
outstate->zero_output = false;
diff --git a/src/pch.c b/src/pch.c
index cda3dfa..79a3c99 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2279,8 +2279,11 @@ pfetch (lin line)
bool
pch_write_line (lin line, FILE *file)
{
- bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
- if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
+ bool after_newline =
+ (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
+
+ if (fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)
+ < p_len[line])
write_fatal ();
return after_newline;
}
@@ -2427,13 +2430,14 @@ do_ed_script (char const *inname, char const *outname,
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
if (tmpfp)
- if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ if (fwrite (buf, sizeof *buf, chars_read, tmpfp) < chars_read)
write_fatal ();
if (ed_command_letter != 'd' && ed_command_letter != 's') {
p_pass_comments_through = true;
while ((chars_read = get_line ()) != 0) {
if (tmpfp)
- if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ if (fwrite (buf, sizeof *buf, chars_read, tmpfp)
+ < chars_read)
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2448,7 +2452,7 @@ do_ed_script (char const *inname, char const *outname,
}
if (dry_run || skip_rest_of_patch)
return;
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4
|| fflush (tmpfp) != 0)
write_fatal ();

View File

@ -0,0 +1,91 @@
commit 2a32bf09f5e9572da4be183bb0dbde8164351474
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 20:32:46 2018 +0200
Minor cleanups in do_ed_script
* src/pch.c (do_ed_script): Minor cleanups.
diff --git a/src/pch.c b/src/pch.c
index 1f14624..1055542 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,6 +2396,10 @@ do_ed_script (char const *inname, char const *outname,
char const *tmpname;
int tmpfd;
pid_t pid;
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ char const **ed_argv;
+ int stdin_dup, status;
+
if (! dry_run && ! skip_rest_of_patch)
{
@@ -2443,7 +2447,7 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
- if (!tmpfp)
+ if (dry_run || skip_rest_of_patch)
return;
if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
|| fflush (tmpfp) != 0)
@@ -2452,36 +2456,29 @@ do_ed_script (char const *inname, char const *outname,
if (lseek (tmpfd, 0, SEEK_SET) == -1)
pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- char const **ed_argv;
- int stdin_dup, status;
-
+ if (inerrno != ENOENT)
+ {
*outname_needs_removal = true;
- if (inerrno != ENOENT)
- {
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
- fflush (stdout);
-
- if ((stdin_dup = dup (0)) == -1
- || dup2 (tmpfd, 0) == -1)
- pfatal ("Failed to duplicate standard input");
- assert (outname[0] != '!' && outname[0] != '-');
- ed_argv = alloca (4 * sizeof * ed_argv);
- ed_argv[0] = editor_program;
- ed_argv[1] = "-";
- ed_argv[2] = outname;
- ed_argv[3] = (char *) NULL;
- status = execute (editor_program, editor_program, (char **)ed_argv,
- false, false, false, false, true, false, NULL);
- if (status)
- fatal ("%s FAILED", editor_program);
- if (dup2 (stdin_dup, 0) == -1
- || close (stdin_dup) == -1)
- pfatal ("Failed to duplicate standard input");
- }
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+ fflush (stdout);
+
+ if ((stdin_dup = dup (0)) == -1
+ || dup2 (tmpfd, 0) == -1)
+ pfatal ("Failed to duplicate standard input");
+ assert (outname[0] != '!' && outname[0] != '-');
+ ed_argv = alloca (4 * sizeof * ed_argv);
+ ed_argv[0] = editor_program;
+ ed_argv[1] = "-";
+ ed_argv[2] = outname;
+ ed_argv[3] = (char *) NULL;
+ status = execute (editor_program, editor_program, (char **)ed_argv,
+ false, false, false, false, true, false, NULL);
+ if (status)
+ fatal ("%s FAILED", editor_program);
+ if (dup2 (stdin_dup, 0) == -1
+ || close (stdin_dup) == -1)
+ pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
safe_unlink (tmpname);

View File

@ -0,0 +1,84 @@
commit 61d7788b83b302207a67b82786f4fd79e3538f30
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:10:43 2019 +0200
Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
* src/safe.c (min_cached_fds): Define minimum number of cached dir file
descriptors.
(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
hash table will usually suffice; if needed, the hash table will grow.
(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
RLIM_INFINITY.
diff --git a/src/safe.c b/src/safe.c
index 5a7202f..f147b0e 100644
--- a/src/safe.c
+++ b/src/safe.c
@@ -67,7 +67,8 @@ struct cached_dirfd {
};
static Hash_table *cached_dirfds = NULL;
-static size_t max_cached_fds;
+static rlim_t min_cached_fds = 8;
+static rlim_t max_cached_fds;
LIST_HEAD (lru_list);
static size_t hash_cached_dirfd (const void *entry, size_t table_size)
@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
{
struct rlimit nofile;
- max_cached_fds = 8;
if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
+ {
+ if (nofile.rlim_cur == RLIM_INFINITY)
+ max_cached_fds = RLIM_INFINITY;
+ else
+ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
+ }
+ else
+ max_cached_fds = min_cached_fds;
- cached_dirfds = hash_initialize (max_cached_fds,
+ cached_dirfds = hash_initialize (min_cached_fds,
NULL,
hash_cached_dirfd,
compare_cached_dirfds,
@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
if (cached_dirfds == NULL)
init_dirfd_cache ();
- /* Trim off the least recently used entries */
- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ if (max_cached_fds != RLIM_INFINITY)
{
- struct cached_dirfd *last =
- list_entry (lru_list.prev, struct cached_dirfd, lru_link);
- if (&last->lru_link == &lru_list)
- break;
- if (last->fd == keepfd)
+ /* Trim off the least recently used entries */
+ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
{
- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ struct cached_dirfd *last =
+ list_entry (lru_list.prev, struct cached_dirfd, lru_link);
if (&last->lru_link == &lru_list)
break;
+ if (last->fd == keepfd)
+ {
+ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ if (&last->lru_link == &lru_list)
+ break;
+ }
+ remove_cached_dirfd (last);
}
- remove_cached_dirfd (last);
}
/* Only insert if the parent still exists. */

View File

@ -0,0 +1,95 @@
commit 19599883ffb6a450d2884f081f8ecf68edbed7ee
Author: Jean Delvare <jdelvare@suse.de>
Date: Thu May 3 14:31:55 2018 +0200
Don't leak temporary file on failed ed-style patch
Now that we write ed-style patches to a temporary file before we
apply them, we need to ensure that the temporary file is removed
before we leave, even on fatal error.
* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
tmpname. Don't unlink the file directly, instead tag it for removal
at exit time.
* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
diff --git a/src/common.h b/src/common.h
index 904a3f8..53c5e32 100644
--- a/src/common.h
+++ b/src/common.h
@@ -94,10 +94,12 @@ XTERN char const *origsuff;
XTERN char const * TMPINNAME;
XTERN char const * TMPOUTNAME;
XTERN char const * TMPPATNAME;
+XTERN char const * TMPEDNAME;
XTERN bool TMPINNAME_needs_removal;
XTERN bool TMPOUTNAME_needs_removal;
XTERN bool TMPPATNAME_needs_removal;
+XTERN bool TMPEDNAME_needs_removal;
#ifdef DEBUGGING
XTERN int debug;
diff --git a/src/patch.c b/src/patch.c
index 3fcaec5..9146597 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1999,6 +1999,7 @@ cleanup (void)
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
output_files (NULL);
}
diff --git a/src/pch.c b/src/pch.c
index 79a3c99..1bb3153 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
file_offset beginning_of_this_line;
size_t chars_read;
FILE *tmpfp = 0;
- char const *tmpname;
int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
char const **ed_argv;
@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
invalid commands and treats the next line as a new command, which
can lead to arbitrary command execution. */
- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
if (tmpfd == -1)
- pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
+ TMPEDNAME_needs_removal = true;
tmpfp = fdopen (tmpfd, "w+b");
if (! tmpfp)
- pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
}
for (;;) {
@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
write_fatal ();
if (lseek (tmpfd, 0, SEEK_SET) == -1)
- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
if (inerrno != ENOENT)
{
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
- safe_unlink (tmpname);
if (ofp)
{

View File

@ -0,0 +1,71 @@
commit 369dcccdfa6336e5a873d6d63705cfbe04c55727
Author: Jean Delvare <jdelvare@suse.de>
Date: Mon May 7 15:14:45 2018 +0200
Don't leak temporary file on failed multi-file ed-style patch
The previous fix worked fine with single-file ed-style patches, but
would still leak temporary files in the case of multi-file ed-style
patch. Fix that case as well, and extend the test case to check for
it.
* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
the next file in a patch.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
diff --git a/src/patch.c b/src/patch.c
index 9146597..81c7a02 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -236,6 +236,7 @@ main (int argc, char **argv)
}
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
}
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
if (! skip_rest_of_patch && ! file_type)
{
diff --git a/tests/ed-style b/tests/ed-style
index 6b6ef9d..504e6e5 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -38,3 +38,34 @@ EOF
check 'cat foo' <<EOF
foo
EOF
+
+# Test the case where one ed-style patch modifies several files
+
+cat > ed3.diff <<EOF
+--- foo
++++ foo
+1c
+bar
+.
+--- baz
++++ baz
+0a
+baz
+.
+EOF
+
+# Apparently we can't create a file with such a patch, while it works fine
+# when the file name is provided on the command line
+cat > baz <<EOF
+EOF
+
+check 'patch -e -i ed3.diff' <<EOF
+EOF
+
+check 'cat foo' <<EOF
+bar
+EOF
+
+check 'cat baz' <<EOF
+baz
+EOF

View File

@ -0,0 +1,29 @@
commit 76e775847f4954b63dc72afe34d9d921c6688b31
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Tue Jul 16 01:16:28 2019 +0200
Fix failed assertion 'outstate->after_newline'
The assertion triggers when the -o FILE option is used, more than one output
file is written into FILE, and one of those files (except the last one) ends in
the middle of a line.
* src/patch.c (main): Fix the case described above.
diff --git a/src/patch.c b/src/patch.c
index 02fd982..3794319 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -369,6 +369,13 @@ main (int argc, char **argv)
/* outstate.ofp now owns the file descriptor */
outfd = -1;
}
+ else
+ {
+ /* When writing to a single output file (-o FILE), always pretend
+ that the output file ends in a newline. Otherwise, when another
+ file is written to the same output file, apply_hunk will fail. */
+ outstate.after_newline = true;
+ }
/* find out where all the lines are */
if (!skip_rest_of_patch) {

View File

@ -0,0 +1,22 @@
commit 458ac51a05426c1af9aa6bf1342ecf60728c19b4
Author: Bruno Haible <bruno@clisp.org>
Date: Sat Apr 7 12:34:03 2018 +0200
Fix 'ed-style' test failure.
* tests/ed-style: Remove '?' line from expected output.
diff --git a/tests/ed-style b/tests/ed-style
index d8c0689..6b6ef9d 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -31,8 +31,7 @@ r !echo bar
,p
EOF
-check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
-?
+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
Status: 2
EOF

View File

@ -0,0 +1,21 @@
commit 074e2395f81d0ecaa66b71a6c228c70b49db72e5
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 17:05:00 2018 +0100
Test suite: fix Korn shell incompatibility
tests/merge: In a Korn shell, shift apparently fails when $# is 0.
diff --git a/tests/merge b/tests/merge
index b628891..e950b92 100644
--- a/tests/merge
+++ b/tests/merge
@@ -32,7 +32,7 @@ x2() {
shift
done > b.sed
echo "$body" | sed -f b.sed > b
- shift
+ test $# -eq 0 || shift
while test $# -gt 0 ; do
echo "$1"
shift

View File

@ -0,0 +1,24 @@
commit f290f48a621867084884bfff87f8093c15195e6a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Feb 12 16:48:24 2018 +0100
Fix segfault with mangled rename patch
http://savannah.gnu.org/bugs/?53132
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
diff --git a/src/pch.c b/src/pch.c
index ff9ed2c..bc6278c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

View File

@ -1,58 +0,0 @@
diff -up patch-2.7.6/.me.orig patch-2.7.6/.me
diff -up patch-2.7.6/src/common.h.orig patch-2.7.6/src/common.h
--- patch-2.7.6/src/common.h.orig 2018-06-18 17:20:49.661363500 +0200
+++ patch-2.7.6/src/common.h 2018-06-18 17:22:21.505841527 +0200
@@ -221,3 +221,11 @@ bool merge_hunk (int hunk, struct outsta
#else
# define merge_hunk(hunk, outstate, where, somefailed) false
#endif
+
+#ifndef FALLTHROUGH
+# if __GNUC__ < 7
+# define FALLTHROUGH ((void) 0)
+# else
+# define FALLTHROUGH __attribute__ ((__fallthrough__))
+# endif
+#endif
diff -up patch-2.7.6/src/patch.c.orig patch-2.7.6/src/patch.c
--- patch-2.7.6/src/patch.c.orig 2018-06-18 17:20:49.662363506 +0200
+++ patch-2.7.6/src/patch.c 2018-06-18 17:22:21.507841538 +0200
@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool re
break;
case ' ': case '-': case '+': case '!':
fprintf (rejfp, "%c ", pch_char (i));
- /* fall into */
+ FALLTHROUGH;
case '\n':
pch_write_line (i, rejfp);
break;
diff -up patch-2.7.6/src/pch.c.orig patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.orig 2018-06-18 17:20:49.662363506 +0200
+++ patch-2.7.6/src/pch.c 2018-06-18 17:24:00.694357762 +0200
@@ -1742,7 +1742,7 @@ another_hunk (enum diff difftype, bool r
break;
case '=':
ch = ' ';
- /* FALL THROUGH */
+ FALLTHROUGH;
case ' ':
if (fillsrc > p_ptrn_lines) {
free(s);
@@ -1763,7 +1763,7 @@ another_hunk (enum diff difftype, bool r
p_end = fillsrc-1;
return -1;
}
- /* FALL THROUGH */
+ FALLTHROUGH;
case '+':
if (filldst > p_end) {
free(s);
@@ -2401,7 +2401,7 @@ do_ed_script (char const *inname, char c
size_t chars_read;
FILE *tmpfp = 0;
char const *tmpname;
- int tmpfd;
+ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
pid_t pid;
if (! dry_run && ! skip_rest_of_patch)

View File

@ -0,0 +1,48 @@
commit 2b584aec9e5f2806b1eccadcabe7e901fcfa0b0a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:02:02 2019 +0200
Improve support for memory leak detection
When building with the address sanitizer on, free some more resources before
exiting. (This is unnecessary when not looking for memory leaks.)
* src/patch.c (init_files_to_delete): Add dispose function for freeing
filenames.
diff --git a/src/patch.c b/src/patch.c
index 81c7a02..4616a48 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -36,6 +36,10 @@
#include <minmax.h>
#include <safe.h>
+#ifdef __SANITIZE_ADDRESS__
+# define FREE_BEFORE_EXIT
+#endif
+
/* procedures */
static FILE *create_output_file (char const *, int);
@@ -1777,10 +1781,20 @@ struct file_to_delete {
static gl_list_t files_to_delete;
+#ifdef FREE_BEFORE_EXIT
+void dispose_file_to_delete (const void *elt)
+{
+ free ((void *) elt);
+}
+#else
+#define dispose_file_to_delete NULL
+#endif
+
static void
init_files_to_delete (void)
{
- files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL, NULL, true);
+ files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL,
+ dispose_file_to_delete, true);
}
static void

View File

@ -0,0 +1,40 @@
commit ff81775f4eb6ab9a91b75e4031e8216654c0c76a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Aug 17 10:31:22 2018 +0200
Make the (debug & 2) output more useful
* src/pch.c (another_hunk): In the (debug & 2) output, fix how empty
lines that are not part of the patch context are printed. Also, add
newlines to lines that are missing them to keep the output readable.
diff --git a/src/pch.c b/src/pch.c
index 1bb3153..e92bc64 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1916,8 +1916,13 @@ another_hunk (enum diff difftype, bool rev)
lin i;
for (i = 0; i <= p_end + 1; i++) {
- fprintf (stderr, "%s %c",
- format_linenum (numbuf0, i),
+ fputs (format_linenum (numbuf0, i), stderr);
+ if (p_Char[i] == '\n')
+ {
+ fputc('\n', stderr);
+ continue;
+ }
+ fprintf (stderr, " %c",
p_Char[i]);
if (p_Char[i] == '*')
fprintf (stderr, " %s,%s\n",
@@ -1930,7 +1935,8 @@ another_hunk (enum diff difftype, bool rev)
else if (p_Char[i] != '^')
{
fputs(" |", stderr);
- pch_write_line (i, stderr);
+ if (! pch_write_line (i, stderr))
+ fputc('\n', stderr);
}
else
fputc('\n', stderr);

View File

@ -0,0 +1,20 @@
commit a5b442ce01b80a758606ede316f739426a12bc33
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:09:31 2019 +0200
Skip "ed" test when the ed utility is not installed
* tests/ed-style: Require ed.
diff --git a/tests/ed-style b/tests/ed-style
index 504e6e5..9907cb6 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -7,6 +7,7 @@
. $srcdir/test-lib.sh
require cat
+require ed
use_local_patch
use_tmpdir

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,124 @@
commit f6bc5b14bd193859851d15a049bafb1007acd288
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 12:10:41 2018 +0100
Test suite compatibility fixes
* tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
instead of echo -e / echo -n for compatibility with systems that don't
support these echo options.
* tests/merge: Minor other cleanups.
diff --git a/tests/crlf-handling b/tests/crlf-handling
index 239149c..c192cac 100644
--- a/tests/crlf-handling
+++ b/tests/crlf-handling
@@ -14,7 +14,7 @@ use_local_patch
use_tmpdir
lf2crlf() {
- while read l; do echo -e "$l\r"; done
+ while read l; do printf "%s\r\n" "$l"; done
}
echo 1 > a
diff --git a/tests/git-cleanup b/tests/git-cleanup
index 2e3e4c6..ca527a1 100644
--- a/tests/git-cleanup
+++ b/tests/git-cleanup
@@ -36,8 +36,8 @@ BAD PATCH
EOF
echo 1 > f
-echo -n '' > g
-echo -n '' > h
+printf '' > g
+printf '' > h
check 'patch -f -i 1.diff || echo status: $?' <<EOF
patching file f
diff --git a/tests/merge b/tests/merge
index 22d787b..b628891 100644
--- a/tests/merge
+++ b/tests/merge
@@ -30,30 +30,28 @@ x2() {
while test $# -gt 0 && test "$1" != -- ; do
echo "$1"
shift
- done > a.sed
- echo "$body" | sed -f a.sed > b
+ done > b.sed
+ echo "$body" | sed -f b.sed > b
shift
while test $# -gt 0 ; do
echo "$1"
shift
- done > b.sed
- echo "$body" | sed -f b.sed > c
- rm -f a.sed b.sed
+ done > c.sed
+ echo "$body" | sed -f c.sed > c
+ rm -f b.sed c.sed
output=`diff -u a b | patch $ARGS -f c`
status=$?
echo "$output" | sed -e '/^$/d' -e '/^patching file c$/d'
cat c
- test $status == 0 || echo "Status: $status"
+ test $status = 0 || echo "Status: $status"
}
x() {
- ARGS="$ARGS --merge" x2 "$@"
+ ARGS="--merge" x2 "$@"
echo
- ARGS="$ARGS --merge=diff3" x2 "$@"
+ ARGS="--merge=diff3" x2 "$@"
}
-unset ARGS
-
# ==============================================================
check 'x 3' <<EOF
diff --git a/tests/test-lib.sh b/tests/test-lib.sh
index be0d7e3..661da52 100644
--- a/tests/test-lib.sh
+++ b/tests/test-lib.sh
@@ -41,7 +41,7 @@ use_local_patch() {
eval 'patch() {
if test -n "$GDB" ; then
- echo -e "\n" >&3
+ printf "\n\n" >&3
gdbserver localhost:53153 $PATCH "$@" 2>&3
else
$PATCH "$@"
@@ -113,22 +113,15 @@ cleanup() {
exit $status
}
-if test -z "`echo -n`"; then
- if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
- eval '
- _start_test() {
- echo -n "[${BASH_LINENO[2]}] $* -- "
- }'
- else
- eval '
- _start_test() {
- echo -n "* $* -- "
- }'
- fi
+if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
+ eval '
+ _start_test() {
+ printf "[${BASH_LINENO[2]}] %s -- " "$*"
+ }'
else
eval '
_start_test() {
- echo "* $*"
+ printf "* %s -- " "$*"
}'
fi

View File

@ -1,6 +1,19 @@
diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.CVE-2018-1000156 2018-06-19 10:10:41.407826617 +0200
+++ patch-2.7.6/src/pch.c 2018-06-19 10:11:01.200927524 +0200
commit 123eaff0d5d1aebe128295959435b9ca5909c26d
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 12:14:49 2018 +0200
Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
diff --git a/src/pch.c b/src/pch.c
index 0c5cc26..4fd5a05 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -33,6 +33,7 @@
# include <io.h>
#endif
@ -9,7 +22,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
#define INITHUNKMAX 125 /* initial dynamic allocation size */
@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
static char const editor_program[] = EDITOR_PROGRAM;
file_offset beginning_of_this_line;
@ -38,9 +51,11 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- assert (! inerrno);
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- if (inerrno != ENOENT)
- {
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
@ -52,7 +67,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
for (;;) {
char ed_command_letter;
beginning_of_this_line = file_tell (pfp);
@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
}
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
@ -71,7 +86,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2435,13 +2442,50 @@ do_ed_script (char const *inname, char c
@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
@ -123,14 +138,27 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
+
+ fclose (tmpfp);
+ safe_unlink (tmpname);
+ free((char*) tmpname);
if (ofp)
{
diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
--- patch-2.7.6/tests/ed-style.CVE-2018-1000156 2018-06-19 10:10:41.409826627 +0200
+++ patch-2.7.6/tests/ed-style 2018-06-19 11:28:43.354641294 +0200
@@ -0,0 +1,40 @@
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6b6df63..16f8693 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -32,6 +32,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
diff --git a/tests/ed-style b/tests/ed-style
new file mode 100644
index 0000000..d8c0689
--- /dev/null
+++ b/tests/ed-style
@@ -0,0 +1,41 @@
+# Copyright (C) 2018 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
@ -164,46 +192,11 @@ diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
+,p
+EOF
+
+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
+check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
+?
+Status: 2
+EOF
+
+check 'cat foo' <<EOF
+foo
+EOF
diff -up patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 patch-2.7.6/tests/Makefile.am
--- patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 2018-02-03 13:41:49.000000000 +0100
+++ patch-2.7.6/tests/Makefile.am 2018-06-19 10:10:41.409826627 +0200
@@ -32,6 +32,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
diff -up patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 patch-2.7.6/tests/Makefile.in
--- patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 2018-02-03 14:33:56.000000000 +0100
+++ patch-2.7.6/tests/Makefile.in 2018-06-19 10:10:41.409826627 +0200
@@ -1308,6 +1308,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
@@ -1645,6 +1646,13 @@ empty-files.log: empty-files
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ed-style.log: empty-files
+ @p='ed-style'; \
+ b='ed-style'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
false-match.log: false-match
@p='false-match'; \

View File

@ -3,23 +3,44 @@
Summary: Utility for modifying/upgrading files
Name: patch
Version: 2.7.6
Release: 11%{?dist}
Release: 16%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html
Group: Development/Tools
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch1: patch-2.7.6-CVE-2018-6951.patch
Patch2: patch-CVE-2018-1000156.patch
Patch3: patch-2.7.6-gcc8.patch
Patch4: patch-2.7.6-CVE-2018-6952.patch
Patch5: patch-2.7.6-CVE-2018-20969.patch
Patch6: patch-2.7.6-CVE-2019-13636-symlinks.patch
Patch7: patch-2.7.x-abort_when_cleaning_up_fails.patch
URL: https://savannah.gnu.org/projects/patch/
Source: https://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch0: patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch
patch1: patch-2.7.6-test-suite-compatibility-fixes.patch
Patch2: patch-2.7.6-fix-korn-shell-incompatibility.patch
Patch3: patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch
Patch4: patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
Patch5: patch-CVE-2018-1000156.patch
Patch6: patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch
Patch7: patch-2.7.6-switch-from-fork-execlp-to-execute.patch
Patch8: patch-2.7.6-cleanups-in-do_ed_script.patch
Patch9: patch-2.7.6-avoid-warnings-gcc8.patch
Patch10: patch-2.7.6-check-of-return-value-of-fwrite.patch
Patch11: patch-2.7.6-fix-ed-style-test-failure.patch
Patch12: patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch
Patch13: patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch
Patch14: patch-2.7.6-make-debug-output-more-useful.patch
Patch15: patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch
Patch16: patch-2.7.6-improve_support_for_memory_leak_detection.patch
patch17: patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch
Patch18: patch-2.7.6-abort_when_cleaning_up_fails.patch
Patch19: patch-2.7.6-crash-RLIMIT_NOFILE.patch
Patch20: patch-2.7.6-CVE-2019-13636-symlinks.patch
Patch21: patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch
Patch22: patch-2.7.6-CVE-2018-17942.patch
Patch23: patch-2.7.6-failed_assertion.patch
Patch100: patch-selinux.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: libselinux-devel
BuildRequires: libattr-devel
BuildRequires: ed
BuildRequires: automake autoconf
BuildRequires: autoconf automake
Requires: ed
Provides: bundled(gnulib) = %{gnulib_ver}
@ -35,28 +56,32 @@ applications.
%prep
%setup -q
# CVE-2018-6951, NULL pointer dereference causes a crash
%patch1 -p1 -b .CVE-2018-6951
%patch0 -p1 -b .avoid-set_file_attributes-sign-conversion-warnings
%patch1 -p1 -b .test-suite-compatibility-fixes
%patch2 -p1 -b .fix-korn-shell-incompatibility
%patch3 -p1 -b .fix-segfault-with-mangled-rename-patch
%patch4 -p1 -b .allow-input-files-to-be-missing-for-ed-style-patches
# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
%patch2 -p1 -b .CVE-2018-1000156
# Fix to build with gcc8
%patch3 -p1 -b .gcc8
# CVE-2018-6952, Double free of memory
%patch4 -p1 -b .CVE-2018-6952
# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
%patch5 -p1 -b .CVE-2018-20969
# CVE-2019-13636, Don't follow symlinks unless --follow-symlinks is given
%patch6 -p1 -b .CVE-2019-13636
# bz#1665928, Abort when cleaning up fails
%patch7 -p1 -b .abort_when_cleaning_up_fails
%patch5 -p1 -b .CVE-2018-1000156
%patch6 -p1 -b .CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell
%patch7 -p1 -b .switch-from-fork-execlp-to-execute
%patch8 -p1 -b .cleanups-in-do_ed_script
%patch9 -p1 -b .avoid-warnings-gcc8
%patch10 -p1 -b .check-of-return-value-of-fwrite
%patch11 -p1 -b .fix-ed-style-test-failure
%patch12 -p1 -b .dont-leak-temporary-file-on-failed-ed-style-patch
%patch13 -p1 -b .dont-leak-temporary-file-on-failed-multi-file-ed-style-patch
%patch14 -p1 -b .make-debug-output-more-useful
%patch15 -p1 -b .CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap
%patch16 -p1 -b .improve_support_for_memory_leak_detection
%patch17 -p1 -b .skip-ed-test-when-the-ed-utility-is-not-installed
%patch18 -p1 -b .abort_when_cleaning_up_fails
%patch19 -p1 -b .crash-RLIMIT_NOFILE
%patch20 -p1 -b .CVE-2019-13636-symlinks
%patch21 -p1 -b .avoid-invalid-memory-access-in-context-format-diffs
# CVE-2018-17942 gnulib: heap-based buffer overflow
%patch22 -p1 -b .CVE-2018-17942-gnulib_buffer_overflow
%patch23 -p1 -b .failed_assertion
# SELinux support.
%patch100 -p1 -b .selinux
@ -65,48 +90,69 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
%ifarch sparcv9
CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
%endif
autoreconf
%configure --disable-silent-rules
make %{?_smp_mflags}
%make_build
%check
make check
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall
%files
%defattr(-,root,root,-)
%license COPYING
%doc NEWS README
%{_bindir}/*
%{_mandir}/*/*
%changelog
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-11
- Related: #1733565, apply the patch correctly
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-16
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-10
- CVE-2019-13636 , Don't follow symlinks unless --follow-symlinks is given
- Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-15
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
- CVE-2018-20969, invoke ed directly instead of using the shell
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jul 29 2019 Than Ngo <than@redhat.com> - 2.7.6-11
- fixed #1733917, CVE-2019-13638 patch: OS shell command injection when processing crafted patch files
* Wed Jul 24 2019 Than Ngo <than@redhat.com> - 2.7.6-10
- backported patch, abort when cleaning up fails
- backported patch, improve support for memory leak detection
- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
- backported patch, avoid invalid memory accessin context format diffs
- backported patch, fix failed assertion
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Nov 26 2018 Than Ngo <than@redhat.com> - 2.7.6-8
- Added virtual provides for bundled gnulib library
- Fixed CVE-2018-17942, gnulib: heap-based buffer overflow
* Wed Sep 12 2018 Than Ngo <than@redhat.com> - 2.7.6-7
- Resolves: #1554752, CVE-2018-6952 Double free of memory
* Thu Oct 11 2018 Than Ngo <than@redhat.com> - 2.7.6-7
- Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command
* Mon Jun 18 2018 Than Ngo <than@redhat.com> - 2.7.6-6
- avoid warnings from GCC8
* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
- Fixed #1554752 - Double free of memory, CVE-2018-6952
* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.6-5
- fixed CVE-2018-1000156
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Mar 13 2018 Than Ngo <than@redhat.com> - 2.7.6-4
- apply the patch for CVE-2018-6951
* Thu May 3 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-4
- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary
commands.
* Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).