diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-02-28 13:56:09 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-02-28 13:58:01 +0000 |
| commit | 41a24dac7ccf8c69b0e3b4b4409a736aefb3dfd5 (patch) | |
| tree | 11c2fae2e34dff1c758f05470ba9c7e963d04cc7 | |
| parent | 7c67371afe718c4bf2e0d7175a1fc590fe7233b7 (diff) | |
| download | aports-41a24dac7ccf8c69b0e3b4b4409a736aefb3dfd5.tar.bz2 aports-41a24dac7ccf8c69b0e3b4b4409a736aefb3dfd5.tar.xz | |
main/patch: security fix (CVE-2016-10713)
Partially fixes #8566
| -rw-r--r-- | main/patch/APKBUILD | 6 | ||||
| -rw-r--r-- | main/patch/CVE-2016-10713.patch | 13 |
2 files changed, 18 insertions, 1 deletions
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD index a72bdda650..d50614c5de 100644 --- a/main/patch/APKBUILD +++ b/main/patch/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=patch pkgver=2.7.5 -pkgrel=2 +pkgrel=3 pkgdesc="Utility to apply diffs to files" url="http://www.gnu.org/software/patch/patch.html" arch="all" @@ -13,6 +13,7 @@ makedepends="" install="" subpackages="$pkgname-doc" source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz + CVE-2016-10713.patch CVE-2018-6951.patch " @@ -21,6 +22,8 @@ _builddir="$srcdir"/$pkgname-$pkgver # secfixes: # 2.7.5-r2: # - CVE-2018-6951 +# 2.7.5-r3: +# - CVE-2016-10713 build() { cd "$_builddir" @@ -46,4 +49,5 @@ package() { } sha512sums="6620ac8101f60c0b456ce339fa5e371f40be0b391e2e9728f34f3625f9907e516de61dac2f91bc76e6fd28a9bd1224efc3ba827cfaa606d857730c1af4195a0f patch-2.7.5.tar.xz +b34c295562f2246a00078efc6b1c035fd73a62fe8c8dde7844de5a716093f9e914dbde31e87065c04c97ec84cbc816766aceea90c220f94250fcded74224b014 CVE-2016-10713.patch db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch" diff --git a/main/patch/CVE-2016-10713.patch b/main/patch/CVE-2016-10713.patch new file mode 100644 index 0000000000..69dd15264c --- /dev/null +++ b/main/patch/CVE-2016-10713.patch @@ -0,0 +1,13 @@ +diff --git a/src/pch.c b/src/pch.c +index 94a0ac1..3ba5394 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2276,7 +2276,7 @@ pfetch (lin line) + bool + pch_write_line (lin line, FILE *file) + { +- bool after_newline = p_line[line][p_len[line] - 1] == '\n'; ++ bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n'); + if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)) + write_fatal (); + return after_newline; |