main/patch: security fixes

CVE-2019-13638, CVE-2018-1000156

Fixes #10695

Update license, remove unsupported configure option

4 files changed, 301 insertions, 9 deletions

diff --git a/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch b/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
new file mode 100644
index 0000000000..b26651ab05
--- /dev/null
+++ b/main/patch/0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
@@ -0,0 +1,33 @@
+From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 11:34:51 +0200
+Subject: [PATCH] Allow input files to be missing for ed-style patches
+
+* src/pch.c (do_ed_script): Allow input files to be missing so that new
+files will be created as with non-ed-style patches.
+---
+ src/pch.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+ 
+     if (! dry_run && ! skip_rest_of_patch) {
+        int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-       assert (! inerrno);
+-       *outname_needs_removal = true;
+-       copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++       if (inerrno != ENOENT)
++         {
++           *outname_needs_removal = true;
++           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++         }
+        sprintf (buf, "%s %s%s", editor_program,
+                 verbosity == VERBOSE ? "" : "- ",
+                 outname);
+-- 
+2.22.0
+
diff --git a/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch b/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
new file mode 100644
index 0000000000..6b65e2dd48
--- /dev/null
+++ b/main/patch/0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
@@ -0,0 +1,211 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: [PATCH] Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+---
+ src/pch.c         | 91 ++++++++++++++++++++++++++++++++++-------------
+ tests/Makefile.am |  1 +
+ tests/ed-style    | 41 +++++++++++++++++++++
+ 3 files changed, 108 insertions(+), 25 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125                        /* initial dynamic allocation size */
+ 
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++       /* Write ed script to a temporary file.  This causes ed to abort on
++          invalid commands such as when line numbers or ranges exceed the
++          number of available lines.  When ed reads from a pipe, it rejects
++          invalid commands and treats the next line as a new command, which
++          can lead to arbitrary command execution.  */
++
++       tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++       if (tmpfd == -1)
++         pfatal ("Can't create temporary file %s", quotearg (tmpname));
++       tmpfp = fdopen (tmpfd, "w+b");
++       if (! tmpfp)
++         pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-       int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-       if (inerrno != ENOENT)
+-         {
+-           *outname_needs_removal = true;
+-           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-         }
+-       sprintf (buf, "%s %s%s", editor_program,
+-                verbosity == VERBOSE ? "" : "- ",
+-                outname);
+-       fflush (stdout);
+-       pipefp = popen(buf, binary_transput ? "wb" : "w");
+-       if (!pipefp)
+-         pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+        char ed_command_letter;
+        beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+        }
+        ed_command_letter = get_ed_command_letter (buf);
+        if (ed_command_letter) {
+-           if (pipefp)
+-               if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++           if (tmpfp)
++               if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+                    write_fatal ();
+            if (ed_command_letter != 'd' && ed_command_letter != 's') {
+                p_pass_comments_through = true;
+                while ((chars_read = get_line ()) != 0) {
+-                   if (pipefp)
+-                       if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++                   if (tmpfp)
++                       if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+                            write_fatal ();
+                    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+                        break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+            break;
+        }
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-       || fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++       || fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++       int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++       *outname_needs_removal = true;
++       if (inerrno != ENOENT)
++         {
++           *outname_needs_removal = true;
++           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++         }
++       sprintf (buf, "%s %s%s", editor_program,
++                verbosity == VERBOSE ? "" : "- ",
++                outname);
++       fflush (stdout);
++
++       pid = fork();
++       if (pid == -1)
++         pfatal ("Can't fork");
++       else if (pid == 0)
++         {
++           dup2 (tmpfd, 0);
++           execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++           _exit (2);
++         }
++       else
++         {
++           int wstatus;
++           if (waitpid (pid, &wstatus, 0) == -1
++               || ! WIFEXITED (wstatus)
++               || WEXITSTATUS (wstatus) != 0)
++             fatal ("%s FAILED", editor_program);
++         }
++    }
++
++    fclose (tmpfp);
++    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..16f8693 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -32,6 +32,7 @@ TESTS = \
+        crlf-handling \
+        dash-o-append \
+        deep-directories \
++       ed-style \
+        empty-files \
+        false-match \
+        fifo \
+diff --git a/tests/ed-style b/tests/ed-style
+new file mode 100644
+index 0000000..d8c0689
+--- /dev/null
++++ b/tests/ed-style
+@@ -0,0 +1,41 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++?
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
+-- 
+2.22.0
+
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD
index ef3c04144c..0e02115e46 100644
--- a/main/patch/APKBUILD
+++ b/main/patch/APKBUILD
@@ -2,26 +2,31 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=patch
 pkgver=2.7.6
-pkgrel=5
+pkgrel=6
 pkgdesc="Utility to apply diffs to files"
 url="https://www.gnu.org/software/patch/patch.html"
 arch="all"
-license="GPL-3.0+"
+license="GPL-3.0-or-later"
 depends=""
-makedepends=""
+makedepends="autoconf automake"
 # testsuite needs coreutils due to bug in busybox `cat -ve`
 # http://lists.busybox.net/pipermail/busybox/2018-April/086401.html
 checkdepends="coreutils bash ed"
-install=""
 subpackages="$pkgname-doc"
 source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
         CVE-2018-6951.patch
         CVE-2018-6952.patch
+        0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
+        0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
         CVE-2019-13636.patch
+        CVE-2019-13638.patch
         "
 builddir="$srcdir"/$pkgname-$pkgver
 
 # secfixes:
+#   2.7.6-r6:
+#     - CVE-2018-1000156
+#     - CVE-2019-13638
 #   2.7.6-r5:
 #     - CVE-2019-13636
 #   2.7.6-r2:
@@ -29,8 +34,12 @@ builddir="$srcdir"/$pkgname-$pkgver
 #   2.7.6-r4:
 #     - CVE-2018-6952
 
+prepare() {
+        default_prepare
+        aclocal && autoheader && autoconf && automake --add-missing
+}
+
 build() {
-        cd "$builddir"
         gl_cv_func_gettimeofday_clobber=no \
         gl_cv_func_tzset_clobber=no \
         ./configure \
@@ -39,13 +48,11 @@ build() {
                 --prefix=/usr \
                 --sysconfdir=/etc \
                 --mandir=/usr/share/man \
-                --localstatedir=/var \
-                --disable-nls
+                --localstatedir=/var
         make
 }
 
 check() {
-        cd "$builddir"
         make SHELL=bash check
 }
 
@@ -61,4 +68,7 @@ package() {
 sha512sums="fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd  patch-2.7.6.tar.xz
 db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0  CVE-2018-6951.patch
 5d2eaef629bae92e5b4e5e57d140c24a73e2811306d5f2854858f846646b034d2da315071f478bcf6f8d856a065b9bb073f76322e8e3a42616bc212281ce6945  CVE-2018-6952.patch
-029b92bb899d0b1165cfe7f55b5a4c2d7090852f52e5c85a6bb1cf5913c914a5c68c6c34517e84f0a020a56d21814f8c18b934c8ebe059ba4eddece78a3a258c  CVE-2019-13636.patch"
+33e8a82f5ee6b896fd434e7de1ca9e16e8d317941a021bea8c53afd5bf210774e8727df22f8d8f63f255de10de5a26428047bc710b033423d1e7a459cbbaf83a  0001-Allow-input-files-to-be-missing-for-ed-style-patches.patch
+d0d46e28c5fdcd5fe16826cbcf39d5a74fdf2593375d5206aa7bad759f16dbebeca3bf259239f99c13344579044a3de1000d705065cc19e917266bca6e5c0630  0002-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
+029b92bb899d0b1165cfe7f55b5a4c2d7090852f52e5c85a6bb1cf5913c914a5c68c6c34517e84f0a020a56d21814f8c18b934c8ebe059ba4eddece78a3a258c  CVE-2019-13636.patch
+d60f8c2364fca9b73aa73b5914cfd6571d11528d13fa7703ccfa93730cbdf8a6e4c9ca04cb7d02a40d33c38075890790b490052d5217e728b0948991da937980  CVE-2019-13638.patch"
diff --git a/main/patch/CVE-2019-13638.patch b/main/patch/CVE-2019-13638.patch
new file mode 100644
index 0000000000..38caff628a
--- /dev/null
+++ b/main/patch/CVE-2019-13638.patch
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+            *outname_needs_removal = true;
+            copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+          }
+-       sprintf (buf, "%s %s%s", editor_program,
+-                verbosity == VERBOSE ? "" : "- ",
+-                outname);
+        fflush (stdout);
+ 
+        pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+        else if (pid == 0)
+          {
+            dup2 (tmpfd, 0);
+-           execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++           assert (outname[0] != '!' && outname[0] != '-');
++           execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+            _exit (2);
+          }
+        else
+-- 
+cgit v1.0-41-gc330
+