f4a4df2084
Fixes CVE-2018-1000156: arbitrary command execution in ed-style patches. Depend on MMU for now, because the patch adds a fork() call. Upstream later switched to gnulib provided execute(), so this dependency can be dropped on the next version bump. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Gruenbacher <agruen@gnu.org>
|
|
Date: Fri, 6 Apr 2018 11:34:51 +0200
|
|
Subject: [PATCH] Allow input files to be missing for ed-style patches
|
|
|
|
* src/pch.c (do_ed_script): Allow input files to be missing so that new
|
|
files will be created as with non-ed-style patches.
|
|
|
|
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
|
---
|
|
Upstream status: commit b5a91a01e5d0
|
|
|
|
src/pch.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/pch.c b/src/pch.c
|
|
index bc6278c4032c..0c5cc2623079 100644
|
|
--- a/src/pch.c
|
|
+++ b/src/pch.c
|
|
@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
|
|
|
|
if (! dry_run && ! skip_rest_of_patch) {
|
|
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
|
- assert (! inerrno);
|
|
- *outname_needs_removal = true;
|
|
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
|
+ if (inerrno != ENOENT)
|
|
+ {
|
|
+ *outname_needs_removal = true;
|
|
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
|
+ }
|
|
sprintf (buf, "%s %s%s", editor_program,
|
|
verbosity == VERBOSE ? "" : "- ",
|
|
outname);
|
|
--
|
|
2.16.3
|
|
|