Commit 84c727e6 authored by Leonardo Arena's avatar Leonardo Arena

main/patch: security fix (CVE-2016-10713)

Partially fixes #8565
parent 28c10738
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=patch
pkgver=2.7.5
pkgrel=2
pkgrel=3
pkgdesc="Utility to apply diffs to files"
url="http://www.gnu.org/software/patch/patch.html"
arch="all"
......@@ -13,6 +13,7 @@ makedepends=""
install=""
subpackages="$pkgname-doc"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
CVE-2016-10713.patch
CVE-2018-6951.patch
"
......@@ -21,6 +22,8 @@ _builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 2.7.5-r2:
# - CVE-2018-6951
# 2.7.5-r3:
# - CVE-2016-10713
build() {
cd "$_builddir"
......@@ -46,4 +49,5 @@ package() {
}
sha512sums="6620ac8101f60c0b456ce339fa5e371f40be0b391e2e9728f34f3625f9907e516de61dac2f91bc76e6fd28a9bd1224efc3ba827cfaa606d857730c1af4195a0f patch-2.7.5.tar.xz
b34c295562f2246a00078efc6b1c035fd73a62fe8c8dde7844de5a716093f9e914dbde31e87065c04c97ec84cbc816766aceea90c220f94250fcded74224b014 CVE-2016-10713.patch
db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch"
diff --git a/src/pch.c b/src/pch.c
index 94a0ac1..3ba5394 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2276,7 +2276,7 @@ pfetch (lin line)
bool
pch_write_line (lin line, FILE *file)
{
- bool after_newline = p_line[line][p_len[line] - 1] == '\n';
+ bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
write_fatal ();
return after_newline;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment