summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTrevor Gamblin <trevor.gamblin@windriver.com>2019-08-21 09:58:17 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-09-30 16:44:42 +0100
commit729064626e21f959659632279adbeff28decc679 (patch)
treef9c4ff8b93b9a9cf8fbda9ff741fbd6b2e2a4d42
parentc5463adc43bacaa0a8cbbeb32b4b02554186e3e1 (diff)
downloadpoky-729064626e21f959659632279adbeff28decc679.tar.gz
patch: fix CVE-2019-13638
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) (From OE-Core rev: 87106ff3f2d24b58a90767e288f783aa92c25748) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch44
-rw-r--r--meta/recipes-devtools/patch/patch_2.7.6.bb1
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
new file mode 100644
index 0000000000..f60dfe879a
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -0,0 +1,44 @@
1From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
2From: Andreas Gruenbacher <agruen@gnu.org>
3Date: Fri, 6 Apr 2018 19:36:15 +0200
4Subject: [PATCH] Invoke ed directly instead of using the shell
5
6* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
7command to avoid quoting vulnerabilities.
8
9CVE: CVE-2019-13638
10Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
11Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
12
13---
14 src/pch.c | 6 ++----
15 1 file changed, 2 insertions(+), 4 deletions(-)
16
17
18diff --git a/src/pch.c b/src/pch.c
19index 4fd5a05..16e001a 100644
20--- a/src/pch.c
21+++ b/src/pch.c
22@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
23 *outname_needs_removal = true;
24 copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
25 }
26- sprintf (buf, "%s %s%s", editor_program,
27- verbosity == VERBOSE ? "" : "- ",
28- outname);
29 fflush (stdout);
30
31 pid = fork();
32@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
33 else if (pid == 0)
34 {
35 dup2 (tmpfd, 0);
36- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
37+ assert (outname[0] != '!' && outname[0] != '-');
38+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
39 _exit (2);
40 }
41 else
42--
432.7.4
44
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb
index 8cf20a3597..8908910f74 100644
--- a/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
7 file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ 7 file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
8 file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ 8 file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
9 file://CVE-2019-13636.patch \ 9 file://CVE-2019-13636.patch \
10 file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
10" 11"
11 12
12SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" 13SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"