aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-08-08 06:27:48 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-08-08 06:29:51 +0000
commit095fae596fc49100874f93b298316eb4f6d24f0f (patch)
tree7ff4c7105cc63b93b7b352cbc51cd11316f6efcf
parentc2c48f7368e24b9468874c9f0a654af0d78ec393 (diff)
main/patch: security fixes
CVE-2019-13638, CVE-2018-1000156 Fixes #10695 Update license, remove unsupported configure option
-rw-r--r--main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch33
-rw-r--r--main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch211
-rw-r--r--main/patch/APKBUILD28
-rw-r--r--main/patch/CVE-2019-13638.patch38
4 files changed, 301 insertions, 9 deletions
diff --git a/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch b/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
new file mode 100644
index 00000000000..b26651ab05e
--- /dev/null
+++ b/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
@@ -0,0 +1,33 @@
+From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 11:34:51 +0200
+Subject: [PATCH] Allow input files to be missing for ed-style patches
+
+* src/pch.c (do_ed_script): Allow input files to be missing so that new
+files will be created as with non-ed-style patches.
+---
+ src/pch.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+- assert (! inerrno);
+- *outname_needs_removal = true;
+- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ if (inerrno != ENOENT)
++ {
++ *outname_needs_removal = true;
++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ }
+ sprintf (buf, "%s %s%s", editor_program,
+ verbosity == VERBOSE ? "" : "- ",
+ outname);
+--
+2.22.0
+
diff --git a/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch b/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
new file mode 100644
index 00000000000..6b65e2dd486
--- /dev/null
+++ b/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
@@ -0,0 +1,211 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: [PATCH] Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+---
+ src/pch.c | 91 ++++++++++++++++++++++++++++++++++-------------
+ tests/Makefile.am | 1 +
+ tests/ed-style | 41 +++++++++++++++++++++
+ 3 files changed, 108 insertions(+), 25 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+
+ #define INITHUNKMAX 125 /* initial dynamic allocation size */
+
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+ static char const editor_program[] = EDITOR_PROGRAM;
+
+ file_offset beginning_of_this_line;
+- FILE *pipefp = 0;
+ size_t chars_read;
++ FILE *tmpfp = 0;
++ char const *tmpname;
++ int tmpfd;
++ pid_t pid;
++
++ if (! dry_run && ! skip_rest_of_patch)
++ {
++ /* Write ed script to a temporary file. This causes ed to abort on
++ invalid commands such as when line numbers or ranges exceed the
++ number of available lines. When ed reads from a pipe, it rejects
++ invalid commands and treats the next line as a new command, which
++ can lead to arbitrary command execution. */
++
++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++ if (tmpfd == -1)
++ pfatal ("Can't create temporary file %s", quotearg (tmpname));
++ tmpfp = fdopen (tmpfd, "w+b");
++ if (! tmpfp)
++ pfatal ("Can't open stream for file %s", quotearg (tmpname));
++ }
+
+- if (! dry_run && ! skip_rest_of_patch) {
+- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+- if (inerrno != ENOENT)
+- {
+- *outname_needs_removal = true;
+- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+- }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+- fflush (stdout);
+- pipefp = popen(buf, binary_transput ? "wb" : "w");
+- if (!pipefp)
+- pfatal ("Can't open pipe to %s", quotearg (buf));
+- }
+ for (;;) {
+ char ed_command_letter;
+ beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+ }
+ ed_command_letter = get_ed_command_letter (buf);
+ if (ed_command_letter) {
+- if (pipefp)
+- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++ if (tmpfp)
++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ write_fatal ();
+ if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ p_pass_comments_through = true;
+ while ((chars_read = get_line ()) != 0) {
+- if (pipefp)
+- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++ if (tmpfp)
++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ write_fatal ();
+ if (chars_read == 2 && strEQ (buf, ".\n"))
+ break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+ break;
+ }
+ }
+- if (!pipefp)
++ if (!tmpfp)
+ return;
+- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+- || fflush (pipefp) != 0)
++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++ || fflush (tmpfp) != 0)
+ write_fatal ();
+- if (pclose (pipefp) != 0)
+- fatal ("%s FAILED", editor_program);
++
++ if (lseek (tmpfd, 0, SEEK_SET) == -1)
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++ if (! dry_run && ! skip_rest_of_patch) {
++ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++ *outname_needs_removal = true;
++ if (inerrno != ENOENT)
++ {
++ *outname_needs_removal = true;
++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ }
++ sprintf (buf, "%s %s%s", editor_program,
++ verbosity == VERBOSE ? "" : "- ",
++ outname);
++ fflush (stdout);
++
++ pid = fork();
++ if (pid == -1)
++ pfatal ("Can't fork");
++ else if (pid == 0)
++ {
++ dup2 (tmpfd, 0);
++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ _exit (2);
++ }
++ else
++ {
++ int wstatus;
++ if (waitpid (pid, &wstatus, 0) == -1
++ || ! WIFEXITED (wstatus)
++ || WEXITSTATUS (wstatus) != 0)
++ fatal ("%s FAILED", editor_program);
++ }
++ }
++
++ fclose (tmpfp);
++ safe_unlink (tmpname);
+
+ if (ofp)
+ {
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..16f8693 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -32,6 +32,7 @@ TESTS = \
+ crlf-handling \
+ dash-o-append \
+ deep-directories \
++ ed-style \
+ empty-files \
+ false-match \
+ fifo \
+diff --git a/tests/ed-style b/tests/ed-style
+new file mode 100644
+index 0000000..d8c0689
+--- /dev/null
++++ b/tests/ed-style
+@@ -0,0 +1,41 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++?
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
+--
+2.22.0
+
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD
index ef3c04144c7..0e02115e46a 100644
--- a/main/patch/APKBUILD
+++ b/main/patch/APKBUILD
@@ -2,26 +2,31 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=patch
pkgver=2.7.6
-pkgrel=5
+pkgrel=6
pkgdesc="Utility to apply diffs to files"
url="https://www.gnu.org/software/patch/patch.html"
arch="all"
-license="GPL-3.0+"
+license="GPL-3.0-or-later"
depends=""
-makedepends=""
+makedepends="autoconf automake"
# testsuite needs coreutils due to bug in busybox `cat -ve`
# http://lists.busybox.net/pipermail/busybox/2018-April/086401.html
checkdepends="coreutils bash ed"
-install=""
subpackages="$pkgname-doc"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
CVE-2018-6951.patch
CVE-2018-6952.patch
+ 0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
+ 0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
CVE-2019-13636.patch
+ CVE-2019-13638.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
+# 2.7.6-r6:
+# - CVE-2018-1000156
+# - CVE-2019-13638
# 2.7.6-r5:
# - CVE-2019-13636
# 2.7.6-r2:
@@ -29,8 +34,12 @@ builddir="$srcdir"/$pkgname-$pkgver
# 2.7.6-r4:
# - CVE-2018-6952
+prepare() {
+ default_prepare
+ aclocal && autoheader && autoconf && automake --add-missing
+}
+
build() {
- cd "$builddir"
gl_cv_func_gettimeofday_clobber=no \
gl_cv_func_tzset_clobber=no \
./configure \
@@ -39,13 +48,11 @@ build() {
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
- --localstatedir=/var \
- --disable-nls
+ --localstatedir=/var
make
}
check() {
- cd "$builddir"
make SHELL=bash check
}
@@ -61,4 +68,7 @@ package() {
sha512sums="fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd patch-2.7.6.tar.xz
db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch
5d2eaef629bae92e5b4e5e57d140c24a73e2811306d5f2854858f846646b034d2da315071f478bcf6f8d856a065b9bb073f76322e8e3a42616bc212281ce6945 CVE-2018-6952.patch
-029b92bb899d0b1165cfe7f55b5a4c2d7090852f52e5c85a6bb1cf5913c914a5c68c6c34517e84f0a020a56d21814f8c18b934c8ebe059ba4eddece78a3a258c CVE-2019-13636.patch"
+33e8a82f5ee6b896fd434e7de1ca9e16e8d317941a021bea8c53afd5bf210774e8727df22f8d8f63f255de10de5a26428047bc710b033423d1e7a459cbbaf83a 0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
+d0d46e28c5fdcd5fe16826cbcf39d5a74fdf2593375d5206aa7bad759f16dbebeca3bf259239f99c13344579044a3de1000d705065cc19e917266bca6e5c0630 0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
+029b92bb899d0b1165cfe7f55b5a4c2d7090852f52e5c85a6bb1cf5913c914a5c68c6c34517e84f0a020a56d21814f8c18b934c8ebe059ba4eddece78a3a258c CVE-2019-13636.patch
+d60f8c2364fca9b73aa73b5914cfd6571d11528d13fa7703ccfa93730cbdf8a6e4c9ca04cb7d02a40d33c38075890790b490052d5217e728b0948991da937980 CVE-2019-13638.patch"
diff --git a/main/patch/CVE-2019-13638.patch b/main/patch/CVE-2019-13638.patch
new file mode 100644
index 00000000000..38caff628aa
--- /dev/null
+++ b/main/patch/CVE-2019-13638.patch
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
+ _exit (2);
+ }
+ else
+--
+cgit v1.0-41-gc330
+