mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

patch: fix CVE-2019-13638

Browse Source 
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)

(From OE-Core rev: 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd)

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Trevor Gamblin
2019-08-21 09:58:17 +08:00
committed by Richard Purdie
parent d59f2b0a74
commit 6fc3dc1af5
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
+44
View File
@@ -0,0 +1,44 @@
From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
From: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri, 6 Apr 2018 19:36:15 +0200
Subject: [PATCH] Invoke ed directly instead of using the shell
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
CVE: CVE-2019-13638
Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
---
src/pch.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/pch.c b/src/pch.c
index 4fd5a05..16e001a 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else
--
2.7.4
meta/recipes-devtools/patch/patch_2.7.6.bb
+1
View File
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
file://CVE-2019-13636.patch \ file://CVE-2019-13636.patch \
file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
" "
SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"