[Pkg-zsh-commits] [zsh] 02/03: Drop cherry-picked patches for CVE-2018-1071 and CVE-2018-1083
Axel Beckert
abe at deuxchevaux.org
Sat Apr 7 13:39:46 UTC 2018
This is an automated email from the git hooks/post-receive script.
abe pushed a commit to branch debian
in repository zsh.
commit b54a7e5506f19208f8109fe90ef5dffd44ef2fad
Author: Axel Beckert <abe at deuxchevaux.org>
Date: Sat Apr 7 15:15:39 2018 +0200
Drop cherry-picked patches for CVE-2018-1071 and CVE-2018-1083
---
debian/patches/CVE-2018-1071.patch | 34 ----------------------------------
debian/patches/CVE-2018-1083.patch | 37 -------------------------------------
debian/patches/series | 2 --
3 files changed, 73 deletions(-)
diff --git a/debian/patches/CVE-2018-1071.patch b/debian/patches/CVE-2018-1071.patch
deleted file mode 100644
index 89ca585..0000000
--- a/debian/patches/CVE-2018-1071.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Description: CVE-2018-1071
- Check bounds when copying path in hashcmd().
-Origin: 679b71ec4d852037fe5f73d35bf557b0f406c8d4
-Author: Oliver Kiddle <okiddle at yahoo.co.uk>
-Bug-Debian: https://bugs.debian.org/894043
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
-
---- a/Src/exec.c
-+++ b/Src/exec.c
-@@ -920,7 +920,7 @@
- for (; *pp; pp++)
- if (**pp == '/') {
- s = buf;
-- strucpy(&s, *pp);
-+ struncpy(&s, *pp, PATH_MAX);
- *s++ = '/';
- if ((s - buf) + strlen(arg0) >= PATH_MAX)
- continue;
---- a/Src/utils.c
-+++ b/Src/utils.c
-@@ -2283,10 +2283,10 @@
- {
- char *u = *s;
-
-- while (n--)
-- *u++ = *t++;
-+ while (n-- && (*u++ = *t++));
- *s = u;
-- *u = '\0';
-+ if (n > 0) /* just one null-byte will do, unlike strncpy(3) */
-+ *u = '\0';
- }
-
- /* Return the number of elements in an array of pointers. *
diff --git a/debian/patches/CVE-2018-1083.patch b/debian/patches/CVE-2018-1083.patch
deleted file mode 100644
index 3e30c3c..0000000
--- a/debian/patches/CVE-2018-1083.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Description: CVE-2018-1083
- Check bounds on PATH_MAX-sized buffer used for file completion
- candidates.
-Origin: 259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
-Author: Oliver Kiddle <okiddle at yahoo.co.uk>
-Bug-Debian: https://bugs.debian.org/894043
-Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
-
---- a/Src/Zle/compctl.c
-+++ b/Src/Zle/compctl.c
-@@ -2176,6 +2176,8 @@ gen_matches_files(int dirs, int execs, int all)
- if (prpre && *prpre) {
- pathpref = dupstring(prpre);
- unmetafy(pathpref, &pathpreflen);
-+ if (pathpreflen > PATH_MAX)
-+ return;
- /* system needs NULL termination, not provided by unmetafy */
- pathpref[pathpreflen] = '\0';
- } else {
-@@ -2218,6 +2220,8 @@ gen_matches_files(int dirs, int execs, int all)
- * the path buffer by appending the filename. */
- ums = dupstring(n);
- unmetafy(ums, ¨en);
-+ if (umlen + pathpreflen + 1 > PATH_MAX)
-+ continue;
- memcpy(q, ums, umlen);
- q[umlen] = '\0';
- /* And do the stat. */
-@@ -2232,6 +2236,8 @@ gen_matches_files(int dirs, int execs, int all)
- /* We have to test for a path suffix. */
- int o = strlen(p), tt;
-
-+ if (o + strlen(psuf) > PATH_MAX)
-+ continue;
- /* Append it to the path buffer. */
- strcpy(p + o, psuf);
-
diff --git a/debian/patches/series b/debian/patches/series
index d05bc62..cb6fdac 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,2 @@
further-mitigate-test-suite-hangs.patch
update-debian-sections.patch
-CVE-2018-1071.patch
-CVE-2018-1083.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/zsh.git
More information about the Pkg-zsh-commits
mailing list