diff options
author | Trevor Gamblin <trevor.gamblin@windriver.com> | 2019-08-21 09:58:17 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-30 16:44:42 +0100 |
commit | 729064626e21f959659632279adbeff28decc679 (patch) | |
tree | f9c4ff8b93b9a9cf8fbda9ff741fbd6b2e2a4d42 | |
parent | c5463adc43bacaa0a8cbbeb32b4b02554186e3e1 (diff) | |
download | poky-729064626e21f959659632279adbeff28decc679.tar.gz |
patch: fix CVE-2019-13638
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
(From OE-Core rev: 87106ff3f2d24b58a90767e288f783aa92c25748)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch | 44 | ||||
-rw-r--r-- | meta/recipes-devtools/patch/patch_2.7.6.bb | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch new file mode 100644 index 0000000000..f60dfe879a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Gruenbacher <agruen@gnu.org> | ||
3 | Date: Fri, 6 Apr 2018 19:36:15 +0200 | ||
4 | Subject: [PATCH] Invoke ed directly instead of using the shell | ||
5 | |||
6 | * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell | ||
7 | command to avoid quoting vulnerabilities. | ||
8 | |||
9 | CVE: CVE-2019-13638 | ||
10 | Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] | ||
11 | Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> | ||
12 | |||
13 | --- | ||
14 | src/pch.c | 6 ++---- | ||
15 | 1 file changed, 2 insertions(+), 4 deletions(-) | ||
16 | |||
17 | |||
18 | diff --git a/src/pch.c b/src/pch.c | ||
19 | index 4fd5a05..16e001a 100644 | ||
20 | --- a/src/pch.c | ||
21 | +++ b/src/pch.c | ||
22 | @@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, | ||
23 | *outname_needs_removal = true; | ||
24 | copy_file (inname, outname, 0, exclusive, instat.st_mode, true); | ||
25 | } | ||
26 | - sprintf (buf, "%s %s%s", editor_program, | ||
27 | - verbosity == VERBOSE ? "" : "- ", | ||
28 | - outname); | ||
29 | fflush (stdout); | ||
30 | |||
31 | pid = fork(); | ||
32 | @@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, | ||
33 | else if (pid == 0) | ||
34 | { | ||
35 | dup2 (tmpfd, 0); | ||
36 | - execl ("/bin/sh", "sh", "-c", buf, (char *) 0); | ||
37 | + assert (outname[0] != '!' && outname[0] != '-'); | ||
38 | + execlp (editor_program, editor_program, "-", outname, (char *) NULL); | ||
39 | _exit (2); | ||
40 | } | ||
41 | else | ||
42 | -- | ||
43 | 2.7.4 | ||
44 | |||
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 8cf20a3597..8908910f74 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb | |||
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ | |||
7 | file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ | 7 | file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ |
8 | file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ | 8 | file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ |
9 | file://CVE-2019-13636.patch \ | 9 | file://CVE-2019-13636.patch \ |
10 | file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ | ||
10 | " | 11 | " |
11 | 12 | ||
12 | SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" | 13 | SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" |