[openwrt/openwrt] tools/patch: bump version to v2.8
LEDE Commits
lede-commits at lists.infradead.org
Mon Apr 21 14:56:03 PDT 2025
robimarko pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/f45df2167ba6e7ae80fd0786fa4028a4263b2a6f
commit f45df2167ba6e7ae80fd0786fa4028a4263b2a6f
Author: Russell Senior <russell at personaltelco.net>
AuthorDate: Wed Apr 2 05:47:29 2025 -0700
tools/patch: bump version to v2.8
drop upstream patches
$ git log --no-merges --oneline v2.7.6..v2.8
48ceda8 Version 2.8
b3d0c93 Regression in commit abe92e8010ab affecting MariaDB tests
29fced6 Count traditional diff pattern lines correctly
b5d2124 patch: fix --no-backup-if-mismatch regression
86ac7e2 Fix dodgy assert with side-effects in insert_cached_dirfd
7d87652 Declare an expected test failure on Haiku.
86baf97 build: update gnulib submodule to latest
1ba2c1b Fix two test failures on Haiku.
1da6bf8 Check for newlines only when creating a file name
30ee610 Gnulib renamed some modules
6dbc381 maint: update bootstrap from gnulib
05ac924 build: update gnulib submodule to latest
95e0092 maint: make update-copyright
5bac274 Set --no-backup-if-mismatch when in --posix mode
910fecf Add missing feature tests to the test suite
be8b3c6 Disable release-prep
c61485b Fix "make release" to handle alpha releases
499916f Add announce-gen module for "make release"
adb1ebc Pacify gcc -fsanitize=address
6bdae94 Fix memory leak when malformed unidiff patch
72a146c Port to clang address sanitizer
e2e6820 Refactor argc+argv processing
606c091 Omit needless get_some_switches code
ee3cc40 Revert "Remove obsolete require_gnu_diff function"
8cae4fc Remove obsolete require_gnu_diff function
164b529 savebuf can return a null pointer
91c1e4f Spelling fixes
a03e1ba Port other reject-format test to non-GNU diff
9ba5eb0 Don’t be fooled by NUL bytes in diff directives
79dd5e7 Don’t be fooled by "\000" in file name
8492a6a Port to quasi-GNU diff
f6f2c6f In previous patch, make w_q static
0525681 Pacify -Wunterminated-string-initialization
301411d Spelling fixes
4615206 Remove double semicolon
923e0ef Prefer angle bracket headers
5d17ca0 Update more old copyright notices
5f4edd3 Simplify memory allocation of files to delete
802511c Report patch read errors more immediately
a93b50d Port fflush usage to OpenBSD 7.5
55e224b Update old copyright notices
33a7fd8 Fix gl_gcc_warnings typo in ‘configure’
2313b37 build: update gnulib submodule to latest
37fec39 Remove some dependencies no longer needed
cc87173 Update NEWS as per recent changes
7887622 Update POSIX citations
18f4dd6 Use “Gruenbacher” in international contexts
638675c Adjust libs to match recent Gnulib
53400a1 Pacify clang -Wbitwise-conditional-parentheses
e8e1bcb Remove “support” for nested critical sections
b963510 Simplify critical section code in util fns
85949fb Shrink critical sections
448ff9b Defer signals by hand with sigatomic_t
b95a603 output_file_later avoid a malloc+free pair
2663228 Defend against closed stdin/stdout/stderr
fc77964 Stop using Gnulib ‘execute’ module
470699c Move defer_signals up
f696e4e Make sigs, NUM_SIGS local
4d3a4ab Rename block_signals
b3bb925 Trade a bit of space for time in parse_c_string
070d859 Allocate first patchbuf statically
f46a90f Use bigger buffer size by default
2e64cfd Preinitialize fatal_act.sa_hander
45de0d9 Prefer EXIT_SUCCESS etc. to literal integers
82c4940 Fix some signal handling races
eceea61 Fix --set-utc TZ setting
9c55d3f Improve logic for when rename removes source
61c72f0 Fix signal race when renaming file
705c9bc Simplify traverse_another_path via last_component
77f21a6 Stop using Gnulib dirname module
fe8ffd9 Fix implausible overflow when reading symlinks
5e84bda Access checks should use effective, not real
8d4ca49 Don’t assume AT_FDCWD != -1
fe5d4a0 Copy input to output attributes via fd if possible
ca4c431 Simplify timestamp epoch checking
0ad4347 Check for ftello failures
c49a16d Remove format_linenum
22efdee Fix "with multiple words" line number
5a70a1b Drop Plan B
c0d465f Prefer ximemdup0 to xmemdup0
b91aab2 Refactor ifetch API
55c8a5c Do not attempt huge I/Os
e0e121e Use outfd when setting file attributes
241e57e Don’t assume Linux-like S_IFREG
0f8c628 Use STDOUT_FILENO etc
f2c3676 Fix unlikely glitch with ed diffs
cec6407 Use fds to copy attrs in create_backup_copy
6b7b01b Be more careful about (time_t) -1
0433553 X == -1 → X < 0
0a66dee Let set_file_attributes use fds not names
36ff2c9 Port to narrow unsigned uid_t
3951496 Check for output errors more systematically
6429630 Report input error right away
03cb187 Simplify EOF testing
cc7cde7 Prefer other types to ‘int’
4c6650b Detect unlikely integer overflow in size calcs
abe92e8 Prefer idx_t, ptrdiff_t to lin
30449e2 Fix compatibility issue with blanks in patches
9228a8c pch_swap return type cleanup
c1c438d Fix unlikely int overflow in hunk counts
5d3f41f Use char for char in plan_a
fb056f2 Cache cwd_is_root dev, ino
84b5f34 Avoid ‘unsigned’ in safe.c
d2e113e Simplify get_sha1
f73718b Avoid casts in patch.c
79eef3e Prefer idx_t in util.c
11588d0 Prefer idx_t in pch.c
e16037d Prefer idx_t in patch.c
388926f Prefer idx_t in list.h
3582fdb Prefer idx_t in inp.c
4a47c00 build: update gnulib submodule to latest
4f8c4b8 Don’t limit strip counts etc. to INT_MAX
0a810b6 Fix unlikely integer overflows in patch.c
bac3b6d Fix unlikely integer overflows in pch.c
8fb784b Fix unlikely integer overflows in inp.c
e10f3ca Promote minmax.h to common.h
57e2165 Avoid some memory allocation by not using ‘const’
eb18b39 Remove unnecessary char * casts in inp.c
d60cb72 Pacify gcc -Wunused-parameter when !USE_XATTR
05ef886 Pacify gcc -Wunused-parameter when !USE_XATTR
1f8d192 maint: stop using alloca
ba92722 Don’t assume O_RDONLY == 0
0f98e03 Avoid syscall when nested signal block
1235ccc Add signal comment
43ee674 build: update gnulib submodule to latest
e381947 Update NEWS, README-prereq
2c2a83b Omit _Noreturn when easy
a13c2ea Replace __attribute__ with attribute.h
6eb2d13 Switch from ctype.h to c-ctype.h
d1a6847 Simplify warning configuration
d6631b3 Prefer ATTRIBUTE_* to _GL_ATTRIBUTE_*
bc6899d Pacify gcc -Wno-unused-parameter
da25985 Improve ‘git diff’ output if desired
248ef13 Prefer strerror to perror
6cb321a A bit more long-string fixing
47bc09d Prefer nullptr to NULL
7608746 More fixing of printing of very long strings
323da0d Don’t assume string sizes fit in int when printing
53d1014 Avoid fprintf INT_MAX overflow when merging
59681c8 Avoid sprintf INT_MAX overflow
4278b91 Reject output file names containing '\n'
34b45bc Update man page a bit.
d18c05d Update copyright notices
af828e5 Fix some races involving signals
b3a6c95 Don’t attempt to remove files we didn’t create
9abc949 Omit goto in try_safe_open
90e62d5 Pacify clang re obsolete O_CREAT test
2b87c1e Allow nested block/unblock of signals
7aa1c3b Adjust to new Gnulib bootstrap post imports
99c0c0b maint: remove generated file lib/Makefile.am
1c087d6 Rely on Gnulib inttypes module
7214f8d Update main locals more consistently
6785b2c Use struct outfile * in function args
72d7ed0 Refactor temp names into struct
abf6fb1 Simplify by using Gnulib sigaction
d3816ac Avoid unnecessary freeing in output_files
346d3ac Clean up cleanup
ff2317b Port better to GNU/Hurd
c2d9792 Don’t say empty backups are unreadable
8c27a03 Spelling fixes
d46d729 Change manywarnings usage to be more like coreutils
924698b Pacify clang, which dislikes n + "y"
8939519 Pacify -Wstrict-overflow in pch.c
531cc2b Pacify -Wsuggest-attribute=format in util.c
ff13fea Port to non-VLA C compilers
3d5c0d1 Rename vars to pacify gcc -Wshadow
56788ce Stop including stdbool.h
c10da77 Recommend 64-bit time_t on 32-bit platforms
1e21767 Remove pch_sha1
39005cf Move skip_spaces
755712d Remove pch_timestamp function
04f0eeb Prefer extern inline to static inline for list.h
f06c123 maint: pacify gcc 14 -Wcast-align
aab6e7b maint: pacify -Wanalyzer-null-argument
d1d32c9 maint: work around GCC bug 109839
7575694 maint: pacify gcc -Wmissing-variable-declarations
8f78b09 maint: pacify gcc -Winline
bb841fd maint: port _FORTIFY_SOURCE to Ubuntu
4887683 maint: assume STDC_HEADERS
5b8ecde maint: spruce up our .m4 files a bit
009a424 maint: omit obsolete macro calls
299167f maint: simplify .gitignore
3ec44a4 build: update gnulib submodule to latest
68cb529 build: update gnulib submodule to latest
f144b35 build: Enable the 'subdir-objects' Automake option.
faafc79 build: update gnulib submodule to latest
c835ecc Pass the correct stat to backup files
24f81be maint: modernize README-{hacking,prereq}
7623b2d Fix test for presence of BASH_LINENO[0]
0993940 gnulib: update to latest
78ed9de Add missing-section tests to context-format test case
76e7758 Fix failed assertion 'outstate->after_newline'
15b158d Avoid invalid memory access in context format diffs
dce4683 Don't follow symlinks unless --follow-symlinks is given
61d7788 Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
b7b028a Abort when cleaning up fails
a5b442c Skip "ed" test when the ed utility is not installed
2b584ae Improve support for memory leak detection
9c98635 Fix swapping fake lines in pch_swap
ff81775 Make the (debug & 2) output more useful
369dccc Don't leak temporary file on failed multi-file ed-style patch
1959988 Don't leak temporary file on failed ed-style patch
f322a7e Request 'alloca' module from gnulib.
458ac51 Fix 'ed-style' test failure.
1e9104c Fix check of return value of fwrite().
ae81be0 maint: avoid warnings from GCC8
2a32bf0 Minor cleanups in do_ed_script
ff1d3a6 Use gnulib execute module
3fcd042 Invoke ed directly instead of using the shell
123eaff Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
b5a91a0 Allow input files to be missing for ed-style patches
f290f48 Fix segfault with mangled rename patch
074e239 Test suite: fix Korn shell incompatibility
f6bc5b1 Test suite compatibility fixes
3bbebbb Avoid set_file_attributes sign conversion warnings
Signed-off-by: Russell Senior <russell at personaltelco.net>
Link: https://github.com/openwrt/openwrt/pull/18479
Signed-off-by: Robert Marko <robimarko at gmail.com>
---
tools/patch/Makefile | 6 +-
tools/patch/patches/010-CVE-2018-6951.patch | 24 ----
tools/patch/patches/020-CVE-2018-1000156.patch | 142 ---------------------
tools/patch/patches/030-CVE-2018-6952.patch | 25 ----
...Fix-error-handling-with-git-style-patches.patch | 53 --------
tools/patch/patches/050-CVE-2019-13636.patch | 101 ---------------
tools/patch/patches/060-CVE-2019-13638.patch | 33 -----
...t-fail-hard-on-EACCES-when-copying-xattrs.patch | 33 -----
8 files changed, 3 insertions(+), 414 deletions(-)
diff --git a/tools/patch/Makefile b/tools/patch/Makefile
index f4cf588622..785793685c 100644
--- a/tools/patch/Makefile
+++ b/tools/patch/Makefile
@@ -7,13 +7,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=patch
-PKG_VERSION:=2.7.6
-PKG_RELEASE:=7
+PKG_VERSION:=2.8
+PKG_RELEASE:=1
PKG_CPE_ID:=cpe:/a:gnu:patch
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/patch
-PKG_HASH:=8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e
+PKG_HASH:=308a4983ff324521b9b21310bfc2398ca861798f02307c79eb99bb0e0d2bf980
HOST_BUILD_PARALLEL := 1
diff --git a/tools/patch/patches/010-CVE-2018-6951.patch b/tools/patch/patches/010-CVE-2018-6951.patch
deleted file mode 100644
index 10dc568099..0000000000
--- a/tools/patch/patches/010-CVE-2018-6951.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 1f7853c05f9949d81da9be7a02b90cc64284d1f8 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen at gnu.org>
-Date: Mon, 12 Feb 2018 16:48:24 +0100
-Subject: [PATCH] Fix segfault with mangled rename patch
-
-http://savannah.gnu.org/bugs/?53132
-* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
-for renames and copies (fix the existing check).
----
- src/pch.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode
- if ((pch_rename () || pch_copy ())
- && ! inname
- && ! ((i == OLD || i == NEW) &&
-- p_name[! reverse] &&
-+ p_name[reverse] && p_name[! reverse] &&
-+ name_is_valid (p_name[reverse]) &&
- name_is_valid (p_name[! reverse])))
- {
- say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
diff --git a/tools/patch/patches/020-CVE-2018-1000156.patch b/tools/patch/patches/020-CVE-2018-1000156.patch
deleted file mode 100644
index 99dfe54075..0000000000
--- a/tools/patch/patches/020-CVE-2018-1000156.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From b3a0ca3deed00334f9feece43f76776b6a168e47 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen at gnu.org>
-Date: Fri, 6 Apr 2018 12:14:49 +0200
-Subject: [PATCH] Fix arbitrary command execution in ed-style patches
- (CVE-2018-1000156)
-
-* src/pch.c (do_ed_script): Write ed script to a temporary file instead
-of piping it to ed: this will cause ed to abort on invalid commands
-instead of rejecting them and carrying on.
-* tests/ed-style: New test case.
-* tests/Makefile.am (TESTS): Add test case.
----
- src/pch.c | 89 +++++++++++++++++++++++++++++++++++++++++--------------
- 1 file changed, 66 insertions(+), 23 deletions(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -33,6 +33,7 @@
- # include <io.h>
- #endif
- #include <safe.h>
-+#include <sys/wait.h>
-
- #define INITHUNKMAX 125 /* initial dynamic allocation size */
-
-@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
- static char const editor_program[] = EDITOR_PROGRAM;
-
- file_offset beginning_of_this_line;
-- FILE *pipefp = 0;
- size_t chars_read;
-+ FILE *tmpfp = 0;
-+ char const *tmpname;
-+ int tmpfd;
-+ pid_t pid;
-+
-+ if (! dry_run && ! skip_rest_of_patch)
-+ {
-+ /* Write ed script to a temporary file. This causes ed to abort on
-+ invalid commands such as when line numbers or ranges exceed the
-+ number of available lines. When ed reads from a pipe, it rejects
-+ invalid commands and treats the next line as a new command, which
-+ can lead to arbitrary command execution. */
-+
-+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
-+ if (tmpfd == -1)
-+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
-+ tmpfp = fdopen (tmpfd, "w+b");
-+ if (! tmpfp)
-+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
-+ }
-
-- if (! dry_run && ! skip_rest_of_patch) {
-- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-- assert (! inerrno);
-- *outname_needs_removal = true;
-- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-- sprintf (buf, "%s %s%s", editor_program,
-- verbosity == VERBOSE ? "" : "- ",
-- outname);
-- fflush (stdout);
-- pipefp = popen(buf, binary_transput ? "wb" : "w");
-- if (!pipefp)
-- pfatal ("Can't open pipe to %s", quotearg (buf));
-- }
- for (;;) {
- char ed_command_letter;
- beginning_of_this_line = file_tell (pfp);
-@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
- }
- ed_command_letter = get_ed_command_letter (buf);
- if (ed_command_letter) {
-- if (pipefp)
-- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+ if (tmpfp)
-+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- write_fatal ();
- if (ed_command_letter != 'd' && ed_command_letter != 's') {
- p_pass_comments_through = true;
- while ((chars_read = get_line ()) != 0) {
-- if (pipefp)
-- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
-+ if (tmpfp)
-+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
- write_fatal ();
- if (chars_read == 2 && strEQ (buf, ".\n"))
- break;
-@@ -2435,13 +2442,49 @@ do_ed_script (char const *inname, char c
- break;
- }
- }
-- if (!pipefp)
-+ if (!tmpfp)
- return;
-- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
-- || fflush (pipefp) != 0)
-+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
-+ || fflush (tmpfp) != 0)
- write_fatal ();
-- if (pclose (pipefp) != 0)
-- fatal ("%s FAILED", editor_program);
-+
-+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
-+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
-+
-+ if (! dry_run && ! skip_rest_of_patch) {
-+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
-+ *outname_needs_removal = true;
-+ if (inerrno != ENOENT)
-+ {
-+ *outname_needs_removal = true;
-+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-+ }
-+ sprintf (buf, "%s %s%s", editor_program,
-+ verbosity == VERBOSE ? "" : "- ",
-+ outname);
-+ fflush (stdout);
-+
-+ pid = fork();
-+ if (pid == -1)
-+ pfatal ("Can't fork");
-+ else if (pid == 0)
-+ {
-+ dup2 (tmpfd, 0);
-+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+ _exit (2);
-+ }
-+ else
-+ {
-+ int wstatus;
-+ if (waitpid (pid, &wstatus, 0) == -1
-+ || ! WIFEXITED (wstatus)
-+ || WEXITSTATUS (wstatus) != 0)
-+ fatal ("%s FAILED", editor_program);
-+ }
-+ }
-+
-+ fclose (tmpfp);
-+ safe_unlink (tmpname);
-
- if (ofp)
- {
diff --git a/tools/patch/patches/030-CVE-2018-6952.patch b/tools/patch/patches/030-CVE-2018-6952.patch
deleted file mode 100644
index 36b58c79dd..0000000000
--- a/tools/patch/patches/030-CVE-2018-6952.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From df40f2ea17254de269a3624319a12a93a4e395ff Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen at gnu.org>
-Date: Fri, 17 Aug 2018 13:35:40 +0200
-Subject: [PATCH] Fix swapping fake lines in pch_swap
-
-* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
-blank line in the middle of a context-diff hunk: that empty line stays
-in the middle of the hunk and isn't swapped.
-
-Fixes: https://savannah.gnu.org/bugs/index.php?53133
----
- src/pch.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2115,7 +2115,7 @@ pch_swap (void)
- }
- if (p_efake >= 0) { /* fix non-freeable ptr range */
- if (p_efake <= i)
-- n = p_end - i + 1;
-+ n = p_end - p_ptrn_lines;
- else
- n = -i;
- p_efake += n;
diff --git a/tools/patch/patches/040-Fix-error-handling-with-git-style-patches.patch b/tools/patch/patches/040-Fix-error-handling-with-git-style-patches.patch
deleted file mode 100644
index 5cc958e746..0000000000
--- a/tools/patch/patches/040-Fix-error-handling-with-git-style-patches.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 424da221cec76ea200cff1fa9b08a6f3d94c28a7 Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak at v3.sk>
-Date: Wed, 31 Oct 2018 16:39:13 -0700
-Subject: [PATCH] Fix error handling with git-style patches
-
-When an error is encountered in output_files(), the subsequent call to
-cleanup() calls back into output_files() resulting in an infinte recursion.
-This is trivially reproduced with a git-style patch (which utilizes
-output_file_later()) that tries to patch a nonexistent or unreadable
-file (see attached test case).
-
-* src/patch.c: (output_files) clear the files_to_output list before
-iterating it, so that recursive calls won't iterate the same files.
----
- src/patch.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
---- a/src/patch.c
-+++ b/src/patch.c
-@@ -1938,8 +1938,12 @@ output_files (struct stat const *st)
- {
- gl_list_iterator_t iter;
- const void *elt;
-+ gl_list_t files;
-
-- iter = gl_list_iterator (files_to_output);
-+ files = files_to_output;
-+ init_files_to_output ();
-+
-+ iter = gl_list_iterator (files);
- while (gl_list_iterator_next (&iter, &elt, NULL))
- {
- const struct file_to_output *file_to_output = elt;
-@@ -1957,8 +1961,8 @@ output_files (struct stat const *st)
- /* Free the list up to here. */
- for (;;)
- {
-- const void *elt2 = gl_list_get_at (files_to_output, 0);
-- gl_list_remove_at (files_to_output, 0);
-+ const void *elt2 = gl_list_get_at (files, 0);
-+ gl_list_remove_at (files, 0);
- if (elt == elt2)
- break;
- }
-@@ -1967,7 +1971,7 @@ output_files (struct stat const *st)
- }
- }
- gl_list_iterator_free (&iter);
-- gl_list_clear (files_to_output);
-+ gl_list_clear (files);
- }
-
- /* Fatal exit with cleanup. */
diff --git a/tools/patch/patches/050-CVE-2019-13636.patch b/tools/patch/patches/050-CVE-2019-13636.patch
deleted file mode 100644
index d819838bba..0000000000
--- a/tools/patch/patches/050-CVE-2019-13636.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen at gnu.org>
-Date: Mon, 15 Jul 2019 16:21:48 +0200
-Subject: Don't follow symlinks unless --follow-symlinks is given
-
-* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
-append_to_file): Unless the --follow-symlinks option is given, open files with
-the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
-that consistently for input files.
-* src/util.c (create_backup): When creating empty backup files, (re)create them
-with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
----
- src/inp.c | 12 ++++++++++--
- src/util.c | 14 +++++++++++---
- 2 files changed, 21 insertions(+), 5 deletions(-)
-
---- a/src/inp.c
-+++ b/src/inp.c
-@@ -238,8 +238,13 @@ plan_a (char const *filename)
- {
- if (S_ISREG (instat.st_mode))
- {
-- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
-+ int flags = O_RDONLY | binary_transput;
- size_t buffered = 0, n;
-+ int ifd;
-+
-+ if (! follow_symlinks)
-+ flags |= O_NOFOLLOW;
-+ ifd = safe_open (filename, flags, 0);
- if (ifd < 0)
- pfatal ("can't open file %s", quotearg (filename));
-
-@@ -340,6 +345,7 @@ plan_a (char const *filename)
- static void
- plan_b (char const *filename)
- {
-+ int flags = O_RDONLY | binary_transput;
- int ifd;
- FILE *ifp;
- int c;
-@@ -353,7 +359,9 @@ plan_b (char const *filename)
-
- if (instat.st_size == 0)
- filename = NULL_DEVICE;
-- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
-+ if (! follow_symlinks)
-+ flags |= O_NOFOLLOW;
-+ if ((ifd = safe_open (filename, flags, 0)) < 0
- || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
- pfatal ("Can't open file %s", quotearg (filename));
- if (TMPINNAME_needs_removal)
---- a/src/util.c
-+++ b/src/util.c
-@@ -388,7 +388,7 @@ create_backup (char const *to, const str
-
- try_makedirs_errno = ENOENT;
- safe_unlink (bakname);
-- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
-+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
- {
- if (errno != try_makedirs_errno)
- pfatal ("Can't create file %s", quotearg (bakname));
-@@ -579,10 +579,13 @@ create_file (char const *file, int open_
- static void
- copy_to_fd (const char *from, int tofd)
- {
-+ int from_flags = O_RDONLY | O_BINARY;
- int fromfd;
- ssize_t i;
-
-- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
-+ if (! follow_symlinks)
-+ from_flags |= O_NOFOLLOW;
-+ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
- pfatal ("Can't reopen file %s", quotearg (from));
- while ((i = read (fromfd, buf, bufsize)) != 0)
- {
-@@ -625,6 +628,8 @@ copy_file (char const *from, char const
- else
- {
- assert (S_ISREG (mode));
-+ if (! follow_symlinks)
-+ to_flags |= O_NOFOLLOW;
- tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
- to_dir_known_to_exist);
- copy_to_fd (from, tofd);
-@@ -640,9 +645,12 @@ copy_file (char const *from, char const
- void
- append_to_file (char const *from, char const *to)
- {
-+ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
- int tofd;
-
-- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
-+ if (! follow_symlinks)
-+ to_flags |= O_NOFOLLOW;
-+ if ((tofd = safe_open (to, to_flags, 0)) < 0)
- pfatal ("Can't reopen file %s", quotearg (to));
- copy_to_fd (from, tofd);
- if (close (tofd) != 0)
diff --git a/tools/patch/patches/060-CVE-2019-13638.patch b/tools/patch/patches/060-CVE-2019-13638.patch
deleted file mode 100644
index 590cf186e7..0000000000
--- a/tools/patch/patches/060-CVE-2019-13638.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen at gnu.org>
-Date: Fri, 6 Apr 2018 19:36:15 +0200
-Subject: Invoke ed directly instead of using the shell
-
-* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
-command to avoid quoting vulnerabilities.
----
- src/pch.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
-- sprintf (buf, "%s %s%s", editor_program,
-- verbosity == VERBOSE ? "" : "- ",
-- outname);
- fflush (stdout);
-
- pid = fork();
-@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
- else if (pid == 0)
- {
- dup2 (tmpfd, 0);
-- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+ assert (outname[0] != '!' && outname[0] != '-');
-+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
- _exit (2);
- }
- else
diff --git a/tools/patch/patches/070-don-t-fail-hard-on-EACCES-when-copying-xattrs.patch b/tools/patch/patches/070-don-t-fail-hard-on-EACCES-when-copying-xattrs.patch
deleted file mode 100644
index e19a9c0845..0000000000
--- a/tools/patch/patches/070-don-t-fail-hard-on-EACCES-when-copying-xattrs.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From f42cbe1a91a3a6f79d1eec594ce7c72aec79179b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas at t-8ch.de>
-Date: Wed, 9 Nov 2022 05:08:22 +0100
-Subject: [PATCH] don't fail hard on EACCES when copying xattrs
-
-On btrfs the xattr "btrfs.compressed" requires privileges to set,
-otherwise EACCES is returned.
-When patch tries to do copy this attribute it receives the error and
-aborts.
----
- src/util.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/src/util.c
-+++ b/src/util.c
-@@ -182,7 +182,7 @@ copy_attr_error (struct error_context *c
- int err = errno;
- va_list ap;
-
-- if (err != ENOSYS && err != ENOTSUP && err != EPERM)
-+ if (err != ENOSYS && err != ENOTSUP && err != EPERM && err != EACCES)
- {
- /* use verror module to print error message */
- va_start (ap, fmt);
-@@ -284,7 +284,7 @@ set_file_attributes (char const *to, enu
- }
- if (attr & FA_XATTRS)
- if (copy_attr (from, to) != 0
-- && errno != ENOSYS && errno != ENOTSUP && errno != EPERM)
-+ && errno != ENOSYS && errno != ENOTSUP && errno != EPERM && errno != EACCES)
- fatal_exit (0);
- if (attr & FA_MODE)
- {
More information about the lede-commits
mailing list