Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On 8/20/19 6:58 PM, Anuj Mittal wrote:
> From: Trevor Gamblin
>
> (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
>
> Signed-off-by: Trevor Gamblin
> Signed-off-by: Richard Purdie
never mind that was 636.
- armin
> ...-directly-instead-of-using-the-shell.patch | 44 +++
> meta/recipes-devtools/patch/patch_2.7.6.bb| 1 +
> 2 files changed, 45 insertions(+)
> create mode 100644
> meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
>
> diff --git
> a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
>
> b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
> new file mode 100644
> index 00..f60dfe879a
> --- /dev/null
> +++
> b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
> @@ -0,0 +1,44 @@
> +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
> +From: Andreas Gruenbacher
> +Date: Fri, 6 Apr 2018 19:36:15 +0200
> +Subject: [PATCH] Invoke ed directly instead of using the shell
> +
> +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
> +command to avoid quoting vulnerabilities.
> +
> +CVE: CVE-2019-13638
> +Upstream-Status:
> Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
> +Signed-off-by: Trevor Gamblin
> +
> +---
> + src/pch.c | 6 ++
> + 1 file changed, 2 insertions(+), 4 deletions(-)
> +
> +
> +diff --git a/src/pch.c b/src/pch.c
> +index 4fd5a05..16e001a 100644
> +--- a/src/pch.c
> b/src/pch.c
> +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
> + *outname_needs_removal = true;
> + copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
> + }
> +-sprintf (buf, "%s %s%s", editor_program,
> +- verbosity == VERBOSE ? "" : "- ",
> +- outname);
> + fflush (stdout);
> +
> + pid = fork();
> +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
> + else if (pid == 0)
> + {
> + dup2 (tmpfd, 0);
> +-execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
> ++assert (outname[0] != '!' && outname[0] != '-');
> ++execlp (editor_program, editor_program, "-", outname, (char *)
> NULL);
> + _exit (2);
> + }
> + else
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb
> b/meta/recipes-devtools/patch/patch_2.7.6.bb
> index 8cf20a3597..8908910f74 100644
> --- a/meta/recipes-devtools/patch/patch_2.7.6.bb
> +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
> @@ -7,6 +7,7 @@ SRC_URI +=
> "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
>
> file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
> file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
> file://CVE-2019-13636.patch \
> +file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
> "
>
> SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On Tue, 2019-08-20 at 20:08 -0700, akuster808 wrote: > On 8/20/19 6:58 PM, Anuj Mittal wrote: > > From: Trevor Gamblin > > > > (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) > > > > Signed-off-by: Trevor Gamblin > > Signed-off-by: Richard Purdie > > this one is already stagged in warrior-nmut > https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/warrior-nmut=e157d559d55ea95fd2db5726073e29de90348ec1 The one staged is CVE-2019-13636. This one is CVE-2019-13638 :) Thanks, Anuj -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
On 8/20/19 6:58 PM, Anuj Mittal wrote:
> From: Trevor Gamblin
>
> (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
>
> Signed-off-by: Trevor Gamblin
> Signed-off-by: Richard Purdie
this one is already stagged in warrior-nmut
https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/warrior-nmut=e157d559d55ea95fd2db5726073e29de90348ec1
> ---
> ...-directly-instead-of-using-the-shell.patch | 44 +++
> meta/recipes-devtools/patch/patch_2.7.6.bb| 1 +
> 2 files changed, 45 insertions(+)
> create mode 100644
> meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
>
> diff --git
> a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
>
> b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
> new file mode 100644
> index 00..f60dfe879a
> --- /dev/null
> +++
> b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
> @@ -0,0 +1,44 @@
> +From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
> +From: Andreas Gruenbacher
> +Date: Fri, 6 Apr 2018 19:36:15 +0200
> +Subject: [PATCH] Invoke ed directly instead of using the shell
> +
> +* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
> +command to avoid quoting vulnerabilities.
> +
> +CVE: CVE-2019-13638
> +Upstream-Status:
> Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
> +Signed-off-by: Trevor Gamblin
> +
> +---
> + src/pch.c | 6 ++
> + 1 file changed, 2 insertions(+), 4 deletions(-)
> +
> +
> +diff --git a/src/pch.c b/src/pch.c
> +index 4fd5a05..16e001a 100644
> +--- a/src/pch.c
> b/src/pch.c
> +@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
> + *outname_needs_removal = true;
> + copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
> + }
> +-sprintf (buf, "%s %s%s", editor_program,
> +- verbosity == VERBOSE ? "" : "- ",
> +- outname);
> + fflush (stdout);
> +
> + pid = fork();
> +@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
> + else if (pid == 0)
> + {
> + dup2 (tmpfd, 0);
> +-execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
> ++assert (outname[0] != '!' && outname[0] != '-');
> ++execlp (editor_program, editor_program, "-", outname, (char *)
> NULL);
> + _exit (2);
> + }
> + else
> +--
> +2.7.4
> +
> diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb
> b/meta/recipes-devtools/patch/patch_2.7.6.bb
> index 8cf20a3597..8908910f74 100644
> --- a/meta/recipes-devtools/patch/patch_2.7.6.bb
> +++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
> @@ -7,6 +7,7 @@ SRC_URI +=
> "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
>
> file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
> file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
> file://CVE-2019-13636.patch \
> +file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
> "
>
> SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [warrior][PATCH 2/3] patch: fix CVE-2019-13638
From: Trevor Gamblin
(From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781)
Signed-off-by: Trevor Gamblin
Signed-off-by: Richard Purdie
---
...-directly-instead-of-using-the-shell.patch | 44 +++
meta/recipes-devtools/patch/patch_2.7.6.bb| 1 +
2 files changed, 45 insertions(+)
create mode 100644
meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
diff --git
a/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
new file mode 100644
index 00..f60dfe879a
--- /dev/null
+++
b/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -0,0 +1,44 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: [PATCH] Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+
+CVE: CVE-2019-13638
+Upstream-Status:
Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+Signed-off-by: Trevor Gamblin
+
+---
+ src/pch.c | 6 ++
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *)
NULL);
+ _exit (2);
+ }
+ else
+--
+2.7.4
+
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb
b/meta/recipes-devtools/patch/patch_2.7.6.bb
index 8cf20a3597..8908910f74 100644
--- a/meta/recipes-devtools/patch/patch_2.7.6.bb
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -7,6 +7,7 @@ SRC_URI +=
"file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
file://CVE-2019-13636.patch \
+file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \
"
SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
--
2.21.0
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
