projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b7a593)
patch: security bump to version 2.7.6
authorBaruch Siach <baruch@tkos.co.il>
Fri, 23 Feb 2018 05:22:31 +0000 (07:22 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 23 Feb 2018 08:08:48 +0000 (09:08 +0100)
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.

Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.

This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch [new file with mode: 0644] patch | blob
package/patch/patch.hash patch | blob | history
package/patch/patch.mk patch | blob | history

diff --git a/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch b/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch
new file mode 100644 (file)
index 0000000..19a6757
--- /dev/null
+++ b/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch
@@ -0,0 +1,33 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: [PATCH] Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+---
+Patch status: upstream commit f290f48a6218
+
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2cebb8a..bc6278c4032c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+       && ! inname
+       && ! ((i == OLD || i == NEW) &&
+-            p_name[! reverse] &&
++            p_name[reverse] && p_name[! reverse] &&
++            name_is_valid (p_name[reverse]) &&
+             name_is_valid (p_name[! reverse])))
+       {
+       say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+-- 
+2.16.1
+
diff --git a/package/patch/patch.hash b/package/patch/patch.hash
index d6e3a2d2611849abd64aad8479d1fa582d0dcfa1..917d951a94d14e2d069765ab5d65015c3178b0b1 100644 (file)
--- a/package/patch/patch.hash
+++ b/package/patch/patch.hash
@@ -1,2 +1,4 @@
 # Locally calculated after checking pgp signature
-sha256 fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299        patch-2.7.5.tar.xz
+sha256 ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd        patch-2.7.6.tar.xz
+# Locally calculated
+sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903        COPYING
diff --git a/package/patch/patch.mk b/package/patch/patch.mk
index 4c76a3123ba711a2128162882c9759033c596c34..33f0039d60141e3d2df44bc160062c4fb32f1398 100644 (file)
--- a/package/patch/patch.mk
+++ b/package/patch/patch.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-PATCH_VERSION = 2.7.5
+PATCH_VERSION = 2.7.6
 PATCH_SOURCE = patch-$(PATCH_VERSION).tar.xz
 PATCH_SITE = $(BR2_GNU_MIRROR)/patch
 PATCH_LICENSE = GPL-3.0+