tjh.dev
gnupatch: add patch for CVE-2018-6952
Refs:
https://nvd.nist.gov/vuln/detail/CVE-2018-6952
https://savannah.gnu.org/bugs/index.php?53133
(cherry picked from commit 6a2a4e82c9b399e5c4f6362797eb91bd23b75d1d)
authored by
c0bw3b
and committed by
Vladimír Čunát
5820efe2
87b79be3
+28
pkgs/tools/text/gnupatch/CVE-2018-6952.patch
+28
pkgs/tools/text/gnupatch/CVE-2018-6952.patch
···
1
+
From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
2
+
From: Andreas Gruenbacher <agruen@gnu.org>
3
+
Date: Fri, 17 Aug 2018 13:35:40 +0200
4
+
Subject: Fix swapping fake lines in pch_swap
5
+
6
+
* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
7
+
blank line in the middle of a context-diff hunk: that empty line stays
8
+
in the middle of the hunk and isn't swapped.
9
+
10
+
Fixes: https://savannah.gnu.org/bugs/index.php?53133
11
+
---
12
+
src/pch.c | 2 +-
13
+
1 file changed, 1 insertion(+), 1 deletion(-)
14
+
15
+
diff --git a/src/pch.c b/src/pch.c
16
+
index e92bc64..a500ad9 100644
17
+
--- a/src/pch.c
18
+
+++ b/src/pch.c
19
+
@@ -2122,7 +2122,7 @@ pch_swap (void)
20
+
}
21
+
if (p_efake >= 0) { /* fix non-freeable ptr range */
22
+
if (p_efake <= i)
23
+
- n = p_end - i + 1;
24
+
+ n = p_end - p_ptrn_lines;
25
+
else
26
+
n = -i;
27
+
p_efake += n;
28
+
--
+2
pkgs/tools/text/gnupatch/default.nix
+2
pkgs/tools/text/gnupatch/default.nix
···
21
21
url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch;
22
22
sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
23
23
})
24
+
# https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
25
+
./CVE-2018-6952.patch
24
26
];
25
27
26
28
nativeBuildInputs = [ autoreconfHook ];