* [gentoo-commits] repo/gentoo:master commit in: sys-devel/patch/files/, sys-devel/patch/
@ 2018-08-26 14:32 Thomas Deutschmann
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Deutschmann @ 2018-08-26 14:32 UTC (permalink / raw
To: gentoo-commits
commit: dedeef3e8b0b5cb7010149efa4e92892fa74ed36
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 26 14:32:18 2018 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Aug 26 14:32:18 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dedeef3e
sys-devel/patch: fix error handling with git-style patches
Closes: https://bugs.gentoo.org/664640
Package-Manager: Portage-2.3.48, Repoman-2.3.10
...fix-error-handling-with-git-style-patches.patch | 125 +++++++++++++++++++++
sys-devel/patch/patch-2.7.6-r2.ebuild | 36 ++++++
2 files changed, 161 insertions(+)
diff --git a/sys-devel/patch/files/patch-2.7.6-fix-error-handling-with-git-style-patches.patch b/sys-devel/patch/files/patch-2.7.6-fix-error-handling-with-git-style-patches.patch
new file mode 100644
index 00000000000..a4f127dd7ce
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-fix-error-handling-with-git-style-patches.patch
@@ -0,0 +1,125 @@
+Backport for Gentoo patch-2.7.x.
+
+https://bugs.gentoo.org/664640
+
+
+Original patch:
+Author: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue Feb 27 16:52:00 2018 +0100
+Subject: Fix error handling with git-style patches
+
+When an error is encountered in output_files(), the subsequent call to
+cleanup() calls back into output_files() resulting in an infinte recursion.
+This is trivially reproduced with a git-style patch (which utilizes
+output_file_later()) that tries to patch a nonexistent or unreadable
+file (see attached test case).
+
+* src/patch.c: (output_files) clear the files_to_output list before
+iterating it, so that recursive calls won't iterate the same files.
+* tests/git-error: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+
+Origin: https://lists.gnu.org/archive/html/bug-patch/2018-02/msg00010.html
+
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -1938,8 +1938,12 @@ output_files (struct stat const *st)
+ {
+ gl_list_iterator_t iter;
+ const void *elt;
++ gl_list_t files;
+
+- iter = gl_list_iterator (files_to_output);
++ files = files_to_output;
++ init_files_to_output ();
++
++ iter = gl_list_iterator (files);
+ while (gl_list_iterator_next (&iter, &elt, NULL))
+ {
+ const struct file_to_output *file_to_output = elt;
+@@ -1957,8 +1961,8 @@ output_files (struct stat const *st)
+ /* Free the list up to here. */
+ for (;;)
+ {
+- const void *elt2 = gl_list_get_at (files_to_output, 0);
+- gl_list_remove_at (files_to_output, 0);
++ const void *elt2 = gl_list_get_at (files, 0);
++ gl_list_remove_at (files, 0);
+ if (elt == elt2)
+ break;
+ }
+@@ -1967,7 +1971,7 @@ output_files (struct stat const *st)
+ }
+ }
+ gl_list_iterator_free (&iter);
+- gl_list_clear (files_to_output);
++ gl_list_free (files);
+ }
+
+ /* Fatal exit with cleanup. */
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -40,6 +40,7 @@ TESTS = \
+ filename-choice \
+ git-binary-diff \
+ git-cleanup \
++ git-error \
+ garbage \
+ global-reject-files \
+ inname \
+--- a/tests/Makefile.in
++++ b/tests/Makefile.in
+@@ -1316,6 +1316,7 @@ TESTS = \
+ filename-choice \
+ git-binary-diff \
+ git-cleanup \
++ git-error \
+ garbage \
+ global-reject-files \
+ inname \
+@@ -1695,6 +1696,13 @@ git-cleanup.log: git-cleanup
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
++git-error.log: git-error
++ @p='git-error'; \
++ b='git-error'; \
++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
++ --log-file $$b.log --trs-file $$b.trs \
++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
++ "$$tst" $(AM_TESTS_FD_REDIRECT)
+ garbage.log: garbage
+ @p='garbage'; \
+ b='garbage'; \
+--- /dev/null
++++ b/tests/git-error
+@@ -0,0 +1,29 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++cat > f.diff <<EOF
++diff --git a/boo b/boo
++--- /dev/fd/63 2018-02-27 16:32:54.861266246 +0100
+++++ /dev/fd/62 2018-02-27 16:32:54.861266246 +0100
++@@ -1 +1 @@
++-abc
+++def
++
++EOF
++
++check 'patch .nonexistent < f.diff || echo "Status: $?"' <<EOF
++patching file .nonexistent
++Hunk #1 FAILED at 1.
++1 out of 1 hunk FAILED -- saving rejects to file .nonexistent.rej
++$PATCH: **** Can't reopen file .nonexistent : No such file or directory
++Status: 2
++EOF
diff --git a/sys-devel/patch/patch-2.7.6-r2.ebuild b/sys-devel/patch/patch-2.7.6-r2.ebuild
new file mode 100644
index 00000000000..9a973442432
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+ test? ( sys-apps/ed )"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-test-suite.patch
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+)
+
+src_configure() {
+ use static && append-ldflags -static
+
+ local myeconfargs=(
+ $(use_enable xattr)
+ --program-prefix="$(use userland_BSD && echo g)"
+ )
+ # Do not let $ED mess up the search for `ed` 470210.
+ ac_cv_path_ED=$(type -P ed) \
+ econf "${myeconfargs[@]}"
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-devel/patch/files/, sys-devel/patch/
@ 2019-03-28 0:33 Thomas Deutschmann
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Deutschmann @ 2019-03-28 0:33 UTC (permalink / raw
To: gentoo-commits
commit: 5c55ece4eee17a954740b8ecc03b1cb8ed58c123
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 28 00:32:30 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 28 00:33:05 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c55ece4
sys-devel/patch: add patches for CVE-2018-{6951,6952}, CVE-2018-1000156
Bug: https://bugs.gentoo.org/647792
Bug: https://bugs.gentoo.org/647794
Bug: https://bugs.gentoo.org/652710
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../patch/files/patch-2.7.6-CVE-2018-1000156.patch | 150 +++++++++++++++++++++
.../patch/files/patch-2.7.6-CVE-2018-6951.patch | 29 ++++
.../patch/files/patch-2.7.6-CVE-2018-6952.patch | 30 +++++
...-files-to-be-missing-for-ed-style-patches.patch | 25 ++++
sys-devel/patch/patch-2.7.6-r3.ebuild | 40 ++++++
5 files changed, 274 insertions(+)
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch
new file mode 100644
index 00000000000..c0324d082fc
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch
@@ -0,0 +1,150 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+
+
+Without test to avoid automake due to @system package.
+---
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+
+ #define INITHUNKMAX 125 /* initial dynamic allocation size */
+
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+ static char const editor_program[] = EDITOR_PROGRAM;
+
+ file_offset beginning_of_this_line;
+- FILE *pipefp = 0;
+ size_t chars_read;
++ FILE *tmpfp = 0;
++ char const *tmpname;
++ int tmpfd;
++ pid_t pid;
++
++ if (! dry_run && ! skip_rest_of_patch)
++ {
++ /* Write ed script to a temporary file. This causes ed to abort on
++ invalid commands such as when line numbers or ranges exceed the
++ number of available lines. When ed reads from a pipe, it rejects
++ invalid commands and treats the next line as a new command, which
++ can lead to arbitrary command execution. */
++
++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++ if (tmpfd == -1)
++ pfatal ("Can't create temporary file %s", quotearg (tmpname));
++ tmpfp = fdopen (tmpfd, "w+b");
++ if (! tmpfp)
++ pfatal ("Can't open stream for file %s", quotearg (tmpname));
++ }
+
+- if (! dry_run && ! skip_rest_of_patch) {
+- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+- if (inerrno != ENOENT)
+- {
+- *outname_needs_removal = true;
+- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+- }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+- fflush (stdout);
+- pipefp = popen(buf, binary_transput ? "wb" : "w");
+- if (!pipefp)
+- pfatal ("Can't open pipe to %s", quotearg (buf));
+- }
+ for (;;) {
+ char ed_command_letter;
+ beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+ }
+ ed_command_letter = get_ed_command_letter (buf);
+ if (ed_command_letter) {
+- if (pipefp)
+- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++ if (tmpfp)
++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ write_fatal ();
+ if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ p_pass_comments_through = true;
+ while ((chars_read = get_line ()) != 0) {
+- if (pipefp)
+- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++ if (tmpfp)
++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ write_fatal ();
+ if (chars_read == 2 && strEQ (buf, ".\n"))
+ break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+ break;
+ }
+ }
+- if (!pipefp)
++ if (!tmpfp)
+ return;
+- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+- || fflush (pipefp) != 0)
++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++ || fflush (tmpfp) != 0)
+ write_fatal ();
+- if (pclose (pipefp) != 0)
+- fatal ("%s FAILED", editor_program);
++
++ if (lseek (tmpfd, 0, SEEK_SET) == -1)
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++ if (! dry_run && ! skip_rest_of_patch) {
++ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++ *outname_needs_removal = true;
++ if (inerrno != ENOENT)
++ {
++ *outname_needs_removal = true;
++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ }
++ sprintf (buf, "%s %s%s", editor_program,
++ verbosity == VERBOSE ? "" : "- ",
++ outname);
++ fflush (stdout);
++
++ pid = fork();
++ if (pid == -1)
++ pfatal ("Can't fork");
++ else if (pid == 0)
++ {
++ dup2 (tmpfd, 0);
++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ _exit (2);
++ }
++ else
++ {
++ int wstatus;
++ if (waitpid (pid, &wstatus, 0) == -1
++ || ! WIFEXITED (wstatus)
++ || WEXITSTATUS (wstatus) != 0)
++ fatal ("%s FAILED", editor_program);
++ }
++ }
++
++ fclose (tmpfp);
++ safe_unlink (tmpname);
+
+ if (ofp)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch
new file mode 100644
index 00000000000..002d8ffd9d3
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch
@@ -0,0 +1,29 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+ if ((pch_rename () || pch_copy ())
+ && ! inname
+ && ! ((i == OLD || i == NEW) &&
+- p_name[! reverse] &&
++ p_name[reverse] && p_name[! reverse] &&
++ name_is_valid (p_name[reverse]) &&
+ name_is_valid (p_name[! reverse])))
+ {
+ say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch
new file mode 100644
index 00000000000..d9ad374a2ae
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch
@@ -0,0 +1,30 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+ }
+ if (p_efake >= 0) { /* fix non-freeable ptr range */
+ if (p_efake <= i)
+- n = p_end - i + 1;
++ n = p_end - p_ptrn_lines;
+ else
+ n = -i;
+ p_efake += n;
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
new file mode 100644
index 00000000000..2d2863c0ccf
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
@@ -0,0 +1,25 @@
+b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
+
+Allow input files to be missing for ed-style patches
+* src/pch.c (do_ed_script): Allow input files to be missing so that new
+files will be created as with non-ed-style patches.
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+- assert (! inerrno);
+- *outname_needs_removal = true;
+- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ if (inerrno != ENOENT)
++ {
++ *outname_needs_removal = true;
++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++ }
+ sprintf (buf, "%s %s%s", editor_program,
+ verbosity == VERBOSE ? "" : "- ",
+ outname);
diff --git a/sys-devel/patch/patch-2.7.6-r3.ebuild b/sys-devel/patch/patch-2.7.6-r3.ebuild
new file mode 100644
index 00000000000..0cc81c91981
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r3.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+ test? ( sys-apps/ed )"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-test-suite.patch
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch
+ "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch
+)
+
+src_configure() {
+ use static && append-ldflags -static
+
+ local myeconfargs=(
+ $(use_enable xattr)
+ --program-prefix="$(use userland_BSD && echo g)"
+ )
+ # Do not let $ED mess up the search for `ed` 470210.
+ ac_cv_path_ED=$(type -P ed) \
+ econf "${myeconfargs[@]}"
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-devel/patch/files/, sys-devel/patch/
@ 2019-08-16 12:40 Thomas Deutschmann
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Deutschmann @ 2019-08-16 12:40 UTC (permalink / raw
To: gentoo-commits
commit: b4e5bfd9d4c04c2f942bbecce62e4394d827de16
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 16 12:38:46 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 16 12:40:22 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4e5bfd9
sys-devel/patch: rev bump to add some patches
Bug: https://bugs.gentoo.org/690136
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
...lid-memory-access-in-context-format-diffs.patch | 26 +++++
.../files/patch-2.7.6-CVE-2018-1000156-fix1.patch | 102 +++++++++++++++++++
.../files/patch-2.7.6-CVE-2018-1000156-fix2.patch | 37 +++++++
.../patch/files/patch-2.7.6-CVE-2019-13636.patch | 108 +++++++++++++++++++++
.../patch/files/patch-2.7.6-CVE-2019-13638.patch | 38 ++++++++
...hen-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch | 89 +++++++++++++++++
sys-devel/patch/patch-2.7.6-r4.ebuild | 46 +++++++++
7 files changed, 446 insertions(+)
diff --git a/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
new file mode 100644
index 00000000000..5eef875b85d
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
@@ -0,0 +1,26 @@
+From 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 19:10:02 +0200
+Subject: Avoid invalid memory access in context format diffs
+
+* src/pch.c (another_hunk): Avoid invalid memory access in context format
+diffs.
+---
+ src/pch.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/pch.c b/src/pch.c
+index a500ad9..cb54e03 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
+ ptrn_prefix_context = context;
+ ptrn_suffix_context = context;
+ if (repl_beginning
++ || p_end <= 0
+ || (p_end
+ != p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch
new file mode 100644
index 00000000000..d2492f59317
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch
@@ -0,0 +1,102 @@
+From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Thu, 3 May 2018 14:31:55 +0200
+Subject: Don't leak temporary file on failed ed-style patch
+
+Now that we write ed-style patches to a temporary file before we
+apply them, we need to ensure that the temporary file is removed
+before we leave, even on fatal error.
+
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+ tmpname. Don't unlink the file directly, instead tag it for removal
+ at exit time.
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+---
+ src/common.h | 2 ++
+ src/patch.c | 1 +
+ src/pch.c | 11 +++++------
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/common.h b/src/common.h
+index 904a3f8..53c5e32 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/patch.c b/src/patch.c
+index 3fcaec5..9146597 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -2003,6 +2003,7 @@ cleanup (void)
+ remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+ remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
+ output_files (NULL);
+ }
+diff --git a/src/pch.c b/src/pch.c
+index 79a3c99..1bb3153 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char c
+ file_offset beginning_of_this_line;
+ size_t chars_read;
+ FILE *tmpfp = 0;
+- char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname,
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+- pfatal ("Can't create temporary file %s", quotearg (tmpname));
++ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++ TMPEDNAME_needs_removal = true;
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+- pfatal ("Can't open stream for file %s", quotearg (tmpname));
++ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+ }
+
+ for (;;) {
+@@ -2449,7 +2449,7 @@ do_ed_script (char const *inname, char c
+ write_fatal ();
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+@@ -2482,7 +2482,6 @@ do_ed_script (char const *inname, char c
+ }
+
+ fclose (tmpfp);
+- safe_unlink (tmpname);
+
+ if (ofp)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch
new file mode 100644
index 00000000000..7b74ff06c4b
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch
@@ -0,0 +1,37 @@
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 7 May 2018 15:14:45 +0200
+Subject: Don't leak temporary file on failed multi-file ed-style patch
+
+The previous fix worked fine with single-file ed-style patches, but
+would still leak temporary files in the case of multi-file ed-style
+patch. Fix that case as well, and extend the test case to check for
+it.
+
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+ the next file in a patch.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+---
+ src/patch.c | 1 +
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ }
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ }
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+
+ if (! skip_rest_of_patch && ! file_type)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch
new file mode 100644
index 00000000000..3515399f073
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch
@@ -0,0 +1,108 @@
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 16:21:48 +0200
+Subject: Don't follow symlinks unless --follow-symlinks is given
+
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+append_to_file): Unless the --follow-symlinks option is given, open files with
+the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
+that consistently for input files.
+* src/util.c (create_backup): When creating empty backup files, (re)create them
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+---
+ src/inp.c | 12 ++++++++++--
+ src/util.c | 14 +++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+ {
+ if (S_ISREG (instat.st_mode))
+ {
+- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++ int flags = O_RDONLY | binary_transput;
+ size_t buffered = 0, n;
++ int ifd;
++
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ ifd = safe_open (filename, flags, 0);
+ if (ifd < 0)
+ pfatal ("can't open file %s", quotearg (filename));
+
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++ int flags = O_RDONLY | binary_transput;
+ int ifd;
+ FILE *ifp;
+ int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+
+ if (instat.st_size == 0)
+ filename = NULL_DEVICE;
+- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ if ((ifd = safe_open (filename, flags, 0)) < 0
+ || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+ pfatal ("Can't open file %s", quotearg (filename));
+ if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -393,7 +393,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+
+ try_makedirs_errno = ENOENT;
+ safe_unlink (bakname);
+- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ {
+ if (errno != try_makedirs_errno)
+ pfatal ("Can't create file %s", quotearg (bakname));
+@@ -584,10 +584,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++ int from_flags = O_RDONLY | O_BINARY;
+ int fromfd;
+ ssize_t i;
+
+- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++ if (! follow_symlinks)
++ from_flags |= O_NOFOLLOW;
++ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (from));
+ while ((i = read (fromfd, buf, bufsize)) != 0)
+ {
+@@ -630,6 +633,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ else
+ {
+ assert (S_ISREG (mode));
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
+ tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ to_dir_known_to_exist);
+ copy_to_fd (from, tofd);
+@@ -645,9 +650,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+ int tofd;
+
+- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
++ if ((tofd = safe_open (to, to_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (to));
+ copy_to_fd (from, tofd);
+ if (close (tofd) != 0)
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch
new file mode 100644
index 00000000000..38caff628aa
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
+ _exit (2);
+ }
+ else
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
new file mode 100644
index 00000000000..961e5786138
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
@@ -0,0 +1,89 @@
+From 61d7788b83b302207a67b82786f4fd79e3538f30 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Thu, 27 Jun 2019 11:10:43 +0200
+Subject: Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+
+* src/safe.c (min_cached_fds): Define minimum number of cached dir file
+descriptors.
+(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
+(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
+RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
+of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
+hash table will usually suffice; if needed, the hash table will grow.
+(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
+RLIM_INFINITY.
+---
+ src/safe.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/src/safe.c b/src/safe.c
+index 5a7202f..f147b0e 100644
+--- a/src/safe.c
++++ b/src/safe.c
+@@ -67,7 +67,8 @@ struct cached_dirfd {
+ };
+
+ static Hash_table *cached_dirfds = NULL;
+-static size_t max_cached_fds;
++static rlim_t min_cached_fds = 8;
++static rlim_t max_cached_fds;
+ LIST_HEAD (lru_list);
+
+ static size_t hash_cached_dirfd (const void *entry, size_t table_size)
+@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
+ {
+ struct rlimit nofile;
+
+- max_cached_fds = 8;
+ if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
+- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
++ {
++ if (nofile.rlim_cur == RLIM_INFINITY)
++ max_cached_fds = RLIM_INFINITY;
++ else
++ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
++ }
++ else
++ max_cached_fds = min_cached_fds;
+
+- cached_dirfds = hash_initialize (max_cached_fds,
++ cached_dirfds = hash_initialize (min_cached_fds,
+ NULL,
+ hash_cached_dirfd,
+ compare_cached_dirfds,
+@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
+ if (cached_dirfds == NULL)
+ init_dirfd_cache ();
+
+- /* Trim off the least recently used entries */
+- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
++ if (max_cached_fds != RLIM_INFINITY)
+ {
+- struct cached_dirfd *last =
+- list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+- if (&last->lru_link == &lru_list)
+- break;
+- if (last->fd == keepfd)
++ /* Trim off the least recently used entries */
++ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ {
+- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++ struct cached_dirfd *last =
++ list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+ if (&last->lru_link == &lru_list)
+ break;
++ if (last->fd == keepfd)
++ {
++ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++ if (&last->lru_link == &lru_list)
++ break;
++ }
++ remove_cached_dirfd (last);
+ }
+- remove_cached_dirfd (last);
+ }
+
+ /* Only insert if the parent still exists. */
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/patch-2.7.6-r4.ebuild b/sys-devel/patch/patch-2.7.6-r4.ebuild
new file mode 100644
index 00000000000..cce90dd296d
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r4.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+ test? ( sys-apps/ed )"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-test-suite.patch
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch
+ "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch
+ "${FILESDIR}"/${PN}-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix1.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix2.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13636.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13638.patch
+ "${FILESDIR}"/${PN}-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
+)
+
+src_configure() {
+ use static && append-ldflags -static
+
+ local myeconfargs=(
+ $(use_enable xattr)
+ --program-prefix="$(use userland_BSD && echo g)"
+ )
+ # Do not let $ED mess up the search for `ed` 470210.
+ ac_cv_path_ED=$(type -P ed) \
+ econf "${myeconfargs[@]}"
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-devel/patch/files/, sys-devel/patch/
@ 2024-11-19 22:31 Andreas K. Hüttel
0 siblings, 0 replies; 4+ messages in thread
From: Andreas K. Hüttel @ 2024-11-19 22:31 UTC (permalink / raw
To: gentoo-commits
commit: 2f52e76ae543f555f598e2e786b434c0610584ca
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 19 22:29:42 2024 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Tue Nov 19 22:29:42 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f52e76a
sys-devel/patch: revbump, fix implicit mkdir in configure
This is a bit of a hack since I'm only patching configure but not
its gnulib source.
However, the bug is fixed upstream...
See-also: https://github.com/coreutils/gnulib/commit/3c136a2cc38d71083f123231a8b9ad4b01930789
Closes: https://bugs.gentoo.org/898598
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
.../patch/files/patch-2.7.6-configure-mkdir.patch | 14 ++++
sys-devel/patch/patch-2.7.6-r6.ebuild | 85 ++++++++++++++++++++++
2 files changed, 99 insertions(+)
diff --git a/sys-devel/patch/files/patch-2.7.6-configure-mkdir.patch b/sys-devel/patch/files/patch-2.7.6-configure-mkdir.patch
new file mode 100644
index 000000000000..b29d7b087538
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-configure-mkdir.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/898598
+https://github.com/coreutils/gnulib/commit/3c136a2cc38d71083f123231a8b9ad4b01930789
+
+diff '--color=auto' -ruN patch-2.7.6.orig/configure patch-2.7.6/configure
+--- patch-2.7.6.orig/configure 2018-02-03 14:41:50.000000000 +0100
++++ patch-2.7.6/configure 2024-11-19 23:19:08.710565121 +0100
+@@ -17130,6 +17130,7 @@
+ /* end confdefs.h. */
+ #include <unistd.h>
+ #include <fcntl.h>
++ #include <sys/stat.h>
+
+ int
+ main ()
diff --git a/sys-devel/patch/patch-2.7.6-r6.ebuild b/sys-devel/patch/patch-2.7.6-r6.ebuild
new file mode 100644
index 000000000000..25168b8c544b
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r6.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/patch.asc
+inherit flag-o-matic verify-sig
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://git.savannah.gnu.org/git/patch.git"
+ inherit git-r3
+else
+ SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+ SRC_URI+=" verify-sig? ( mirror://gnu/patch/${P}.tar.xz.sig )"
+
+ KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="GPL-3+"
+SLOT="0"
+IUSE="static test xattr"
+RESTRICT="!test? ( test )"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+ test? ( sys-apps/ed )
+ verify-sig? ( sec-keys/openpgp-keys-patch )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-test-suite.patch
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch
+ "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch
+ "${FILESDIR}"/${PN}-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix1.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix2.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13636.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13638.patch
+ "${FILESDIR}"/${PN}-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
+ "${FILESDIR}"/${PN}-2.7.6-configure-mkdir.patch
+)
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+
+ cd "${S}" || die
+ ./bootstrap || die
+ elif use verify-sig ; then
+ verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.sig}
+ fi
+
+ default
+}
+
+src_configure() {
+ use static && append-ldflags -static
+
+ local myeconfargs=(
+ $(use_enable xattr)
+ # rename to gpatch for better BSD compatibility
+ --program-prefix=g
+ )
+ # Do not let $ED mess up the search for `ed` 470210.
+ ac_cv_path_ED=$(type -P ed) \
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ emake check gl_public_submodule_commit=
+}
+
+src_install() {
+ default
+
+ # symlink to the standard name
+ dosym gpatch /usr/bin/patch
+ dosym gpatch.1 /usr/share/man/man1/patch.1
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-11-19 22:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-19 22:31 [gentoo-commits] repo/gentoo:master commit in: sys-devel/patch/files/, sys-devel/patch/ Andreas K. Hüttel
-- strict thread matches above, loose matches on Subject: below --
2019-08-16 12:40 Thomas Deutschmann
2019-03-28 0:33 Thomas Deutschmann
2018-08-26 14:32 Thomas Deutschmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox