gnu: zsh: Fix CVE-2018-{7548,7549}.
* gnu/packages/patches/zsh-CVE-2018-7548.patch, gnu/packages/patches/zsh-CVE-2018-7549.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/shells.scm (zsh)[source]: Use them.
This commit is contained in:
parent
488ea71ed8
commit
f55aa0c7b7
|
@ -1181,7 +1181,9 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/xinetd-CVE-2013-4342.patch \
|
%D%/packages/patches/xinetd-CVE-2013-4342.patch \
|
||||||
%D%/packages/patches/xmodmap-asprintf.patch \
|
%D%/packages/patches/xmodmap-asprintf.patch \
|
||||||
%D%/packages/patches/libyaml-CVE-2014-9130.patch \
|
%D%/packages/patches/libyaml-CVE-2014-9130.patch \
|
||||||
%D%/packages/patches/zathura-plugindir-environment-variable.patch
|
%D%/packages/patches/zathura-plugindir-environment-variable.patch \
|
||||||
|
%D%/packages/patches/zsh-CVE-2018-7548.patch \
|
||||||
|
%D%/packages/patches/zsh-CVE-2018-7549.patch
|
||||||
|
|
||||||
MISC_DISTRO_FILES = \
|
MISC_DISTRO_FILES = \
|
||||||
%D%/packages/ld-wrapper.in
|
%D%/packages/ld-wrapper.in
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
Fix CVE-2018-7548:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7548
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
|
||||||
|
|
||||||
|
From 110b13e1090bc31ac1352b28adc2d02b6d25a102 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joey Pabalinas <joeypabalinas@gmail.com>
|
||||||
|
Date: Tue, 23 Jan 2018 22:28:08 -0800
|
||||||
|
Subject: [PATCH] 42313: avoid null-pointer deref when using ${(PA)...} on an
|
||||||
|
empty array result
|
||||||
|
|
||||||
|
---
|
||||||
|
ChangeLog | 5 +++++
|
||||||
|
Src/subst.c | 2 +-
|
||||||
|
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
#diff --git a/ChangeLog b/ChangeLog
|
||||||
|
#index d2ba94afc..3037edda4 100644
|
||||||
|
#--- a/ChangeLog
|
||||||
|
#+++ b/ChangeLog
|
||||||
|
#@@ -1,3 +1,8 @@
|
||||||
|
#+2018-01-23 Barton E. Schaefer <schaefer@zsh.org>
|
||||||
|
#+
|
||||||
|
#+ * Joey Pabalinas: 42313: Src/subst.c: avoid null-pointer deref
|
||||||
|
#+ when using ${(PA)...} on an empty array result
|
||||||
|
#+
|
||||||
|
# 2018-01-23 Oliver Kiddle <okiddle@yahoo.co.uk>
|
||||||
|
#
|
||||||
|
# * 42317: Completion/Linux/Command/_cryptsetup,
|
||||||
|
diff --git a/Src/subst.c b/Src/subst.c
|
||||||
|
index d027e3d83..a265a187e 100644
|
||||||
|
--- a/Src/subst.c
|
||||||
|
+++ b/Src/subst.c
|
||||||
|
@@ -2430,7 +2430,7 @@ paramsubst(LinkList l, LinkNode n, char **str, int qt, int pf_flags,
|
||||||
|
val = aval[0];
|
||||||
|
isarr = 0;
|
||||||
|
}
|
||||||
|
- s = dyncat(val, s);
|
||||||
|
+ s = val ? dyncat(val, s) : dupstring(s);
|
||||||
|
/* Now behave po-faced as if it was always like that... */
|
||||||
|
subexp = 0;
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.16.2
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
Fix CVE-2018-7549:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
|
||||||
|
|
||||||
|
From c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephane Chazelas <stephane.chazelas@gmail.com>
|
||||||
|
Date: Fri, 22 Dec 2017 22:17:09 +0000
|
||||||
|
Subject: [PATCH] Avoid crash copying empty hash table.
|
||||||
|
|
||||||
|
Visible with typeset -p.
|
||||||
|
---
|
||||||
|
ChangeLog | 2 ++
|
||||||
|
Src/params.c | 11 +++++++----
|
||||||
|
2 files changed, 9 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
#diff --git a/ChangeLog b/ChangeLog
|
||||||
|
#index f74c26b88..e3628cfa7 100644
|
||||||
|
#--- a/ChangeLog
|
||||||
|
#+++ b/ChangeLog
|
||||||
|
#@@ -1,5 +1,7 @@
|
||||||
|
# 2018-01-04 Peter Stephenson <p.stephenson@samsung.com>
|
||||||
|
#
|
||||||
|
#+ * Stephane: 42159: Src/params.c: avoid crash copying empty hash table.
|
||||||
|
#+
|
||||||
|
# * Sebastian: 42188: Src/Modules/system.c: It is necessary to
|
||||||
|
# close the lock descriptor in some failure cases.
|
||||||
|
#
|
||||||
|
diff --git a/Src/params.c b/Src/params.c
|
||||||
|
index 31ff0445b..de7730ae7 100644
|
||||||
|
--- a/Src/params.c
|
||||||
|
+++ b/Src/params.c
|
||||||
|
@@ -549,10 +549,13 @@ scancopyparams(HashNode hn, UNUSED(int flags))
|
||||||
|
HashTable
|
||||||
|
copyparamtable(HashTable ht, char *name)
|
||||||
|
{
|
||||||
|
- HashTable nht = newparamtable(ht->hsize, name);
|
||||||
|
- outtable = nht;
|
||||||
|
- scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
|
||||||
|
- outtable = NULL;
|
||||||
|
+ HashTable nht = 0;
|
||||||
|
+ if (ht) {
|
||||||
|
+ nht = newparamtable(ht->hsize, name);
|
||||||
|
+ outtable = nht;
|
||||||
|
+ scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
|
||||||
|
+ outtable = NULL;
|
||||||
|
+ }
|
||||||
|
return nht;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.16.2
|
||||||
|
|
|
@ -300,6 +300,8 @@ history mechanism, job control and a C-like syntax.")
|
||||||
(string-append
|
(string-append
|
||||||
"http://www.zsh.org/pub/old/zsh-" version
|
"http://www.zsh.org/pub/old/zsh-" version
|
||||||
".tar.gz")))
|
".tar.gz")))
|
||||||
|
(patches (search-patches "zsh-CVE-2018-7548.patch"
|
||||||
|
"zsh-CVE-2018-7549.patch"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm"))))
|
"1jdcfinzmki2w963msvsanv29vqqfmdfm4rncwpw0r3zqnrcsywm"))))
|
||||||
|
|
Loading…
Reference in New Issue