diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-02-23 07:22:31 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-02-23 09:08:48 +0100 |
| commit | 38d8d86d31147ef83d1d79f67b7ae90e4cefaaea (patch) | |
| tree | bca5f954f0f060baeed602a601b1357db33e2d05 /package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch | |
| parent | 3b7a59304a9c377b9aec1303d85a60d019b4b9b2 (diff) | |
| download | buildroot-38d8d86d31147ef83d1d79f67b7ae90e4cefaaea.tar.gz buildroot-38d8d86d31147ef83d1d79f67b7ae90e4cefaaea.zip | |
patch: security bump to version 2.7.6
Fixes CVE-2016-10713: Out-of-bounds access within pch_write_line() in
pch.c can possibly lead to DoS via a crafted input file.
Add upstream patch fixing CVE-2018-6951: There is a segmentation fault,
associated with a NULL pointer dereference, leading to a denial of
service in the intuit_diff_type function in pch.c, aka a "mangled
rename" issue.
This bump does NOT fix CVE-2018-6952. See upstream bug #53133
(https://savannah.gnu.org/bugs/index.php?53133).
Add license file hash.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch')
| -rw-r--r-- | package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch b/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch new file mode 100644 index 0000000000..19a67573c4 --- /dev/null +++ b/package/patch/0001-Fix-segfault-with-mangled-rename-patch.patch @@ -0,0 +1,33 @@ +From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher <agruen@gnu.org> +Date: Mon, 12 Feb 2018 16:48:24 +0100 +Subject: [PATCH] Fix segfault with mangled rename patch + +http://savannah.gnu.org/bugs/?53132 +* src/pch.c (intuit_diff_type): Ensure that two filenames are specified +for renames and copies (fix the existing check). + +Signed-off-by: Baruch Siach <baruch@tkos.co.il> +--- +Patch status: upstream commit f290f48a6218 + + src/pch.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index ff9ed2cebb8a..bc6278c4032c 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); +-- +2.16.1 + |
