diff options
| author | Sören Tempel <soeren+git@soeren-tempel.net> | 2019-01-25 13:36:23 +0100 |
|---|---|---|
| committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2019-01-25 13:38:57 +0100 |
| commit | 49d0c3b8bdfe17d2b541938002f02c38e5c3855a (patch) | |
| tree | 9103d8002cbd1f98646fe3a9d3496b0115958276 /main/patch | |
| parent | 3458f47d69aaaf5de5d5fbbcd25fccb754d0ee16 (diff) | |
| download | aports-49d0c3b8bdfe17d2b541938002f02c38e5c3855a.tar.bz2 aports-49d0c3b8bdfe17d2b541938002f02c38e5c3855a.tar.xz | |
main/patch: security fix (CVE-2018-6952)
This is a follow up for 58fc65d2b14f59efea945f9dc2dc39d9db45d72e which
fixed CVE-2018-6951 but didn't fix CVE-2018-6952 as a patch for it
wasn't available back then.
Should probably fix #8563 (can't see the issues as it is confidential).
https://savannah.gnu.org/bugs/index.php?53133
Diffstat (limited to 'main/patch')
| -rw-r--r-- | main/patch/APKBUILD | 8 | ||||
| -rw-r--r-- | main/patch/CVE-2018-6952.patch | 27 |
2 files changed, 33 insertions, 2 deletions
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD index d07ce9abc8..c39397a51d 100644 --- a/main/patch/APKBUILD +++ b/main/patch/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=patch pkgver=2.7.6 -pkgrel=3 +pkgrel=4 pkgdesc="Utility to apply diffs to files" url="https://www.gnu.org/software/patch/patch.html" arch="all" @@ -16,12 +16,15 @@ install="" subpackages="$pkgname-doc" source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz CVE-2018-6951.patch + CVE-2018-6952.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: # 2.7.6-r2: # - CVE-2018-6951 +# 2.7.6-r4: +# - CVE-2018-6952 build() { cd "$builddir" @@ -53,4 +56,5 @@ package() { } sha512sums="fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd patch-2.7.6.tar.xz -db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch" +db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch +5d2eaef629bae92e5b4e5e57d140c24a73e2811306d5f2854858f846646b034d2da315071f478bcf6f8d856a065b9bb073f76322e8e3a42616bc212281ce6945 CVE-2018-6952.patch" diff --git a/main/patch/CVE-2018-6952.patch b/main/patch/CVE-2018-6952.patch new file mode 100644 index 0000000000..5f1511c7b1 --- /dev/null +++ b/main/patch/CVE-2018-6952.patch @@ -0,0 +1,27 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: [PATCH] Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; |