patch: fix CVE-2018-6951

* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 * upstream tracking: http://savannah.gnu.org/bugs/?53132 * Fix segfault with mangled rename patch - src/pch.c (intuit_diff_type): Ensure that two filenames are specified for renames and copies (fix the existing check). (From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jackie Huang <jackie.huang@windriver.com> 2018-04-11 14:56:09 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-13 16:58:07 +0100
commit: 31714674e4dc9c1196553be7363c8a1d08565b4c (patch)
tree: ce784db4358641add74a79f486a9976777990044 /meta/recipes-devtools
parent: 59e51d2ac877f4724cefeffcddba861e417783bf (diff)
download: poky-31714674e4dc9c1196553be7363c8a1d08565b4c.tar.gz
2 files changed, 38 insertions, 1 deletions
diff --git a/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
new file mode 100644
index 0000000000..b0bd6fa83a
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
@@ -0,0 +1,35 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: [PATCH] Fix segfault with mangled rename patch
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a]
+CVE: CVE-2018-6951
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
+++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+        && ! inname
+        && ! ((i == OLD || i == NEW) &&
+-             p_name[! reverse] &&
+             p_name[reverse] && p_name[! reverse] &&
+             name_is_valid (p_name[reverse]) &&
+              name_is_valid (p_name[! reverse])))
+       {
+        say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+-- 
+2.7.4
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb
index 576a2ac8fa..19ddf34981 100644
--- a/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -1,7 +1,9 @@
 require patch.inc
 LICENSE = "GPLv3"
-SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch"
+SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
+            file://0002-Fix-segfault-with-mangled-rename-patch.patch \
+"
 SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
 SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e"
author	Jackie Huang <jackie.huang@windriver.com>	2018-04-11 14:56:09 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-04-13 16:58:07 +0100
commit	31714674e4dc9c1196553be7363c8a1d08565b4c (patch)
tree	ce784db4358641add74a79f486a9976777990044 /meta/recipes-devtools
parent	59e51d2ac877f4724cefeffcddba861e417783bf (diff)
download	poky-31714674e4dc9c1196553be7363c8a1d08565b4c.tar.gz

diff --git a/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch new file mode 100644 index 0000000000..b0bd6fa83a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
@@ -0,0 +1,35 @@
		1	From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
		2	From: Andreas Gruenbacher <agruen@gnu.org>
		3	Date: Mon, 12 Feb 2018 16:48:24 +0100
		4	Subject: [PATCH] Fix segfault with mangled rename patch
		5
		6	http://savannah.gnu.org/bugs/?53132
		7	* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
		8	for renames and copies (fix the existing check).
		9
		10	Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a]
		11	CVE: CVE-2018-6951
		12
		13	Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
		14
		15	---
		16	src/pch.c \| 3 ++-
		17	1 file changed, 2 insertions(+), 1 deletion(-)
		18
		19	diff --git a/src/pch.c b/src/pch.c
		20	index ff9ed2c..bc6278c 100644
		21	--- a/src/pch.c
		22	+++ b/src/pch.c
		23	@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
		24	if ((pch_rename () \|\| pch_copy ())
		25	&& ! inname
		26	&& ! ((i == OLD \|\| i == NEW) &&
		27	- p_name[! reverse] &&
		28	+ p_name[reverse] && p_name[! reverse] &&
		29	+ name_is_valid (p_name[reverse]) &&
		30	name_is_valid (p_name[! reverse])))
		31	{
		32	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
		33	--
		34	2.7.4
		35


diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 576a2ac8fa..19ddf34981 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -1,7 +1,9 @@
1	require patch.inc	1	require patch.inc
2	LICENSE = "GPLv3"	2	LICENSE = "GPLv3"
3		3
4	SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch"	4	SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
		5	file://0002-Fix-segfault-with-mangled-rename-patch.patch \
		6	"
5		7
6	SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"	8	SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
7	SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e"	9	SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e"