pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/shells/zsh add security patches for CVE-2018-1071, CVE...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/50f128ac9fbc
branches:  trunk
changeset: 378097:50f128ac9fbc
user:      spz <spz%pkgsrc.org@localhost>
date:      Fri Mar 30 20:56:42 2018 +0000

description:
add security patches for CVE-2018-1071, CVE-2018-1083, CVE-2018-7548
and CVE-2018-7549 from the zsh repo. one pullup less, w00t. :-P

diffstat:

 shells/zsh/Makefile                    |   3 ++-
 shells/zsh/distinfo                    |   6 +++++-
 shells/zsh/patches/patch-CVE-2018-1071 |  32 ++++++++++++++++++++++++++++++++
 shells/zsh/patches/patch-CVE-2018-1083 |  34 ++++++++++++++++++++++++++++++++++
 shells/zsh/patches/patch-CVE-2018-7548 |  16 ++++++++++++++++
 shells/zsh/patches/patch-CVE-2018-7549 |  25 +++++++++++++++++++++++++
 6 files changed, 114 insertions(+), 2 deletions(-)

diffs (152 lines):

diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/Makefile
--- a/shells/zsh/Makefile       Fri Mar 30 19:17:01 2018 +0000
+++ b/shells/zsh/Makefile       Fri Mar 30 20:56:42 2018 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2017/12/12 23:57:29 minskim Exp $
+# $NetBSD: Makefile,v 1.83 2018/03/30 20:56:42 spz Exp $
 
 DISTNAME=      zsh-5.4.2
+PKGREVISION=   1
 CATEGORIES=    shells
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=zsh/}
 EXTRACT_SUFX=  .tar.xz
diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/distinfo
--- a/shells/zsh/distinfo       Fri Mar 30 19:17:01 2018 +0000
+++ b/shells/zsh/distinfo       Fri Mar 30 20:56:42 2018 +0000
@@ -1,8 +1,12 @@
-$NetBSD: distinfo,v 1.60 2017/10/13 09:35:19 jperkin Exp $
+$NetBSD: distinfo,v 1.61 2018/03/30 20:56:42 spz Exp $
 
 SHA1 (zsh-5.4.2.tar.xz) = f6f8e699b956c8881444e597b1fc5af41fef456b
 RMD160 (zsh-5.4.2.tar.xz) = 9cc8888760c06757332daa6dfbba4c5235474b5d
 SHA512 (zsh-5.4.2.tar.xz) = 7825e4101905b6bfbd14f00b2f94f512ced5b9820a4f7b24409d266ad2c3c25144edf6aa2629317394055c51312ba57bb01e20c26e2ced1aeb0be0ff1a4d3fbb
 Size (zsh-5.4.2.tar.xz) = 2983492 bytes
+SHA1 (patch-CVE-2018-1071) = 0aa14d3ee127d34ee841f6a3749f5572bfdb3114
+SHA1 (patch-CVE-2018-1083) = 09d6188d1f4e2efc72dfb2a75571a7f1c857a2a7
+SHA1 (patch-CVE-2018-7548) = 85a4aa35c30690908ecb70772cc2553a91c3545c
+SHA1 (patch-CVE-2018-7549) = f94df77c2fe5563af6b88727c04c43d74771105e
 SHA1 (patch-aczsh.m4) = 36c270d8d7cf727f48787ef889b2bd89cbf065e2
 SHA1 (patch-configure.ac) = 87ae3604e09948cd7b360f08031ef9c3f91f0aae
diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/patches/patch-CVE-2018-1071
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/zsh/patches/patch-CVE-2018-1071    Fri Mar 30 20:56:42 2018 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-CVE-2018-1071,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-1071 from
+https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4/
+
+--- Src/exec.c.orig    2017-08-27 19:28:43.000000000 +0000
++++ Src/exec.c 2018-03-30 20:10:46.000000000 +0000
+@@ -920,7 +920,7 @@
+     for (; *pp; pp++)
+       if (**pp == '/') {
+           s = buf;
+-          strucpy(&s, *pp);
++          struncpy(&s, *pp, PATH_MAX);
+           *s++ = '/';
+           if ((s - buf) + strlen(arg0) >= PATH_MAX)
+               continue;
+--- Src/utils.c.orig   2017-08-08 18:02:32.000000000 +0000
++++ Src/utils.c        2018-03-30 20:13:16.000000000 +0000
+@@ -2283,10 +2283,10 @@
+ {
+     char *u = *s;
+ 
+-    while (n--)
+-      *u++ = *t++;
++    while (n-- && (*u++ = *t++));
+     *s = u;
+-    *u = '\0';
++    if (n > 0) /* just one null-byte will do, unlike strncpy(3) */
++        *u = '\0';
+ }
+ 
+ /* Return the number of elements in an array of pointers. *
diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/patches/patch-CVE-2018-1083
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/zsh/patches/patch-CVE-2018-1083    Fri Mar 30 20:56:42 2018 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-CVE-2018-1083,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-1083 from
+https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
+
+--- Src/Zle/compctl.c.orig     2017-06-30 20:36:55.000000000 +0000
++++ Src/Zle/compctl.c  2018-03-30 20:07:25.000000000 +0000
+@@ -2176,6 +2176,8 @@
+     if (prpre && *prpre) {
+       pathpref = dupstring(prpre);
+       unmetafy(pathpref, &pathpreflen);
++      if (pathpreflen > PATH_MAX)
++          return;
+       /* system needs NULL termination, not provided by unmetafy */
+       pathpref[pathpreflen] = '\0';
+     } else {
+@@ -2218,6 +2220,8 @@
+                    * the path buffer by appending the filename.       */
+                   ums = dupstring(n);
+                   unmetafy(ums, &umlen);
++                  if (umlen + pathpreflen + 1 > PATH_MAX)
++                      continue;
+                   memcpy(q, ums, umlen);
+                   q[umlen] = '\0';
+                   /* And do the stat. */
+@@ -2232,6 +2236,8 @@
+                       /* We have to test for a path suffix. */
+                       int o = strlen(p), tt;
+ 
++                      if (o + strlen(psuf) > PATH_MAX)
++                          continue;
+                       /* Append it to the path buffer. */
+                       strcpy(p + o, psuf);
+ 
diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/patches/patch-CVE-2018-7548
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/zsh/patches/patch-CVE-2018-7548    Fri Mar 30 20:56:42 2018 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2018-7548,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-7548 from
+https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
+
+--- Src/subst.c.orig   2017-04-04 17:51:28.000000000 +0000
++++ Src/subst.c        2018-03-30 19:48:41.000000000 +0000
+@@ -2340,7 +2340,7 @@
+               val = aval[0];
+               isarr = 0;
+           }
+-          s = dyncat(val, s);
++          s = val ? dyncat(val, s) : dupstring(s);
+           /* Now behave po-faced as if it was always like that... */
+           subexp = 0;
+           /*
diff -r 9a9355059ef6 -r 50f128ac9fbc shells/zsh/patches/patch-CVE-2018-7549
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/shells/zsh/patches/patch-CVE-2018-7549    Fri Mar 30 20:56:42 2018 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-CVE-2018-7549,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+fix for CVE-2018-7549 from
+https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
+
+--- Src/params.c.orig  2017-06-11 19:34:06.000000000 +0000
++++ Src/params.c       2018-03-30 19:57:36.000000000 +0000
+@@ -535,10 +535,13 @@
+ HashTable
+ copyparamtable(HashTable ht, char *name)
+ {
+-    HashTable nht = newparamtable(ht->hsize, name);
+-    outtable = nht;
+-    scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
+-    outtable = NULL;
++    HashTable nht = 0;
++    if (ht) {
++        nht = newparamtable(ht->hsize, name);
++        outtable = nht;
++        scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
++        outtable = NULL;
++    }
+     return nht;
+ }
+ 



Home | Main Index | Thread Index | Old Index