Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On 8/20/19 6:58 PM, Anuj Mittal wrote: > From: Trevor Gamblin > > (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) > > Signed-off-by: Trevor Gamblin > Signed-off-by: Richard Purdie never mind that was 636. - armin > ...-directly-instead-of-using-the-shell.patch | 44 +++ > meta/recipes-devtools/patch/patch_2.7.6.bb| 1 + > 2 files changed, 45 insertions(+) > create mode 100644 > meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > > diff --git > a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > > b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > new file mode 100644 > index 00..f60dfe879a > --- /dev/null > +++ > b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > @@ -0,0 +1,44 @@ > +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 > +From: Andreas Gruenbacher > +Date: Fri, 6 Apr 2018 19:36:15 +0200 > +Subject: [PATCH] Invoke ed directly instead of using the shell > + > +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell > +command to avoid quoting vulnerabilities. > + > +CVE: CVE-2019-13638 > +Upstream-Status: > Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] > +Signed-off-by: Trevor Gamblin > + > +--- > + src/pch.c | 6 ++ > + 1 file changed, 2 insertions(+), 4 deletions(-) > + > + > +diff --git a/src/pch.c b/src/pch.c > +index 4fd5a05..16e001a 100644 > +--- a/src/pch.c > b/src/pch.c > +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, > + *outname_needs_removal = true; > + copy_file (inname, outname, 0, exclusive, instat.st_mode, true); > + } > +-sprintf (buf, "%s %s%s", editor_program, > +- verbosity == VERBOSE ? "" : "- ", > +- outname); > + fflush (stdout); > + > + pid = fork(); > +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, > + else if (pid == 0) > + { > + dup2 (tmpfd, 0); > +-execl ("/bin/sh", "sh", "-c", buf, (char *) 0); > ++assert (outname[0] != '!' && outname[0] != '-'); > ++execlp (editor_program, editor_program, "-", outname, (char *) > NULL); > + _exit (2); > + } > + else > +-- > +2.7.4 > + > diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb > b/meta/recipes-devtools/patch/patch_2.7.6.bb > index 8cf20a3597..8908910f74 100644 > --- a/meta/recipes-devtools/patch/patch_2.7.6.bb > +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb > @@ -7,6 +7,7 @@ SRC_URI += > "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ > > file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ > file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ > file://CVE-2019-13636.patch \ > +file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ > " > > SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On Tue, 2019-08-20 at 20:08 -0700, akuster808 wrote: > On 8/20/19 6:58 PM, Anuj Mittal wrote: > > From: Trevor Gamblin > > > > (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) > > > > Signed-off-by: Trevor Gamblin > > Signed-off-by: Richard Purdie > > this one is already stagged in warrior-nmut > https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/warrior-nmut=e157d559d55ea95fd2db5726073e29de90348ec1 The one staged is CVE-2019-13636. This one is CVE-2019-13638 :) Thanks, Anuj -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On 8/20/19 6:58 PM, Anuj Mittal wrote: > From: Trevor Gamblin > > (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) > > Signed-off-by: Trevor Gamblin > Signed-off-by: Richard Purdie this one is already stagged in warrior-nmut https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/warrior-nmut=e157d559d55ea95fd2db5726073e29de90348ec1 > --- > ...-directly-instead-of-using-the-shell.patch | 44 +++ > meta/recipes-devtools/patch/patch_2.7.6.bb| 1 + > 2 files changed, 45 insertions(+) > create mode 100644 > meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > > diff --git > a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > > b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > new file mode 100644 > index 00..f60dfe879a > --- /dev/null > +++ > b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch > @@ -0,0 +1,44 @@ > +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 > +From: Andreas Gruenbacher > +Date: Fri, 6 Apr 2018 19:36:15 +0200 > +Subject: [PATCH] Invoke ed directly instead of using the shell > + > +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell > +command to avoid quoting vulnerabilities. > + > +CVE: CVE-2019-13638 > +Upstream-Status: > Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] > +Signed-off-by: Trevor Gamblin > + > +--- > + src/pch.c | 6 ++ > + 1 file changed, 2 insertions(+), 4 deletions(-) > + > + > +diff --git a/src/pch.c b/src/pch.c > +index 4fd5a05..16e001a 100644 > +--- a/src/pch.c > b/src/pch.c > +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, > + *outname_needs_removal = true; > + copy_file (inname, outname, 0, exclusive, instat.st_mode, true); > + } > +-sprintf (buf, "%s %s%s", editor_program, > +- verbosity == VERBOSE ? "" : "- ", > +- outname); > + fflush (stdout); > + > + pid = fork(); > +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, > + else if (pid == 0) > + { > + dup2 (tmpfd, 0); > +-execl ("/bin/sh", "sh", "-c", buf, (char *) 0); > ++assert (outname[0] != '!' && outname[0] != '-'); > ++execlp (editor_program, editor_program, "-", outname, (char *) > NULL); > + _exit (2); > + } > + else > +-- > +2.7.4 > + > diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb > b/meta/recipes-devtools/patch/patch_2.7.6.bb > index 8cf20a3597..8908910f74 100644 > --- a/meta/recipes-devtools/patch/patch_2.7.6.bb > +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb > @@ -7,6 +7,7 @@ SRC_URI += > "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ > > file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ > file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ > file://CVE-2019-13636.patch \ > +file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ > " > > SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
From: Trevor Gamblin (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) Signed-off-by: Trevor Gamblin Signed-off-by: Richard Purdie --- ...-directly-instead-of-using-the-shell.patch | 44 +++ meta/recipes-devtools/patch/patch_2.7.6.bb| 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch diff --git a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch new file mode 100644 index 00..f60dfe879a --- /dev/null +++ b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch @@ -0,0 +1,44 @@ +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 6 Apr 2018 19:36:15 +0200 +Subject: [PATCH] Invoke ed directly instead of using the shell + +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell +command to avoid quoting vulnerabilities. + +CVE: CVE-2019-13638 +Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0] +Signed-off-by: Trevor Gamblin + +--- + src/pch.c | 6 ++ + 1 file changed, 2 insertions(+), 4 deletions(-) + + +diff --git a/src/pch.c b/src/pch.c +index 4fd5a05..16e001a 100644 +--- a/src/pch.c b/src/pch.c +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, + *outname_needs_removal = true; + copy_file (inname, outname, 0, exclusive, instat.st_mode, true); + } +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); + fflush (stdout); + + pid = fork(); +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, + else if (pid == 0) + { + dup2 (tmpfd, 0); +- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ assert (outname[0] != '!' && outname[0] != '-'); ++ execlp (editor_program, editor_program, "-", outname, (char *) NULL); + _exit (2); + } + else +-- +2.7.4 + diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb index 8cf20a3597..8908910f74 100644 --- a/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -7,6 +7,7 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \ file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ file://CVE-2019-13636.patch \ +file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ " SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" -- 2.21.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core