From 6a2a4e82c9b399e5c4f6362797eb91bd23b75d1d Mon Sep 17 00:00:00 2001 From: c0bw3b Date: Sat, 27 Apr 2019 02:50:54 +0200 Subject: [PATCH] gnupatch: add patch for CVE-2018-6952 Refs: https://nvd.nist.gov/vuln/detail/CVE-2018-6952 https://savannah.gnu.org/bugs/index.php?53133 --- pkgs/tools/text/gnupatch/CVE-2018-6952.patch | 28 ++++++++++++++++++++ pkgs/tools/text/gnupatch/default.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/tools/text/gnupatch/CVE-2018-6952.patch diff --git a/pkgs/tools/text/gnupatch/CVE-2018-6952.patch b/pkgs/tools/text/gnupatch/CVE-2018-6952.patch new file mode 100644 index 000000000000..2da323c69844 --- /dev/null +++ b/pkgs/tools/text/gnupatch/CVE-2018-6952.patch @@ -0,0 +1,28 @@ +From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Fri, 17 Aug 2018 13:35:40 +0200 +Subject: Fix swapping fake lines in pch_swap + +* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a +blank line in the middle of a context-diff hunk: that empty line stays +in the middle of the hunk and isn't swapped. + +Fixes: https://savannah.gnu.org/bugs/index.php?53133 +--- + src/pch.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; +-- diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix index edea95d7d691..1a5cda5799dc 100644 --- a/pkgs/tools/text/gnupatch/default.nix +++ b/pkgs/tools/text/gnupatch/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch; sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg"; }) + # https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300 + ./CVE-2018-6952.patch ]; nativeBuildInputs = [ autoreconfHook ];