summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2018-03-30 20:56:42 +0000
committerspz <spz@pkgsrc.org>2018-03-30 20:56:42 +0000
commitc17b242f777aed92f3fea6ca8dc6b0fec9b21200 (patch)
tree6499e47595337c5982b6fe36862efdbd4dc23006
parent818b86a0b788068c22492c7f7b12a4236a8e24f3 (diff)
downloadpkgsrc-c17b242f777aed92f3fea6ca8dc6b0fec9b21200.tar.gz
add security patches for CVE-2018-1071, CVE-2018-1083, CVE-2018-7548
and CVE-2018-7549 from the zsh repo. one pullup less, w00t. :-P
-rw-r--r--shells/zsh/Makefile3
-rw-r--r--shells/zsh/distinfo6
-rw-r--r--shells/zsh/patches/patch-CVE-2018-107132
-rw-r--r--shells/zsh/patches/patch-CVE-2018-108334
-rw-r--r--shells/zsh/patches/patch-CVE-2018-754816
-rw-r--r--shells/zsh/patches/patch-CVE-2018-754925
6 files changed, 114 insertions, 2 deletions
diff --git a/shells/zsh/Makefile b/shells/zsh/Makefile
index bd1742fe17a..fc9a36f1a8c 100644
--- a/shells/zsh/Makefile
+++ b/shells/zsh/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2017/12/12 23:57:29 minskim Exp $
+# $NetBSD: Makefile,v 1.83 2018/03/30 20:56:42 spz Exp $
DISTNAME= zsh-5.4.2
+PKGREVISION= 1
CATEGORIES= shells
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=zsh/}
EXTRACT_SUFX= .tar.xz
diff --git a/shells/zsh/distinfo b/shells/zsh/distinfo
index 832d7ebe6c0..1a9fc7835da 100644
--- a/shells/zsh/distinfo
+++ b/shells/zsh/distinfo
@@ -1,8 +1,12 @@
-$NetBSD: distinfo,v 1.60 2017/10/13 09:35:19 jperkin Exp $
+$NetBSD: distinfo,v 1.61 2018/03/30 20:56:42 spz Exp $
SHA1 (zsh-5.4.2.tar.xz) = f6f8e699b956c8881444e597b1fc5af41fef456b
RMD160 (zsh-5.4.2.tar.xz) = 9cc8888760c06757332daa6dfbba4c5235474b5d
SHA512 (zsh-5.4.2.tar.xz) = 7825e4101905b6bfbd14f00b2f94f512ced5b9820a4f7b24409d266ad2c3c25144edf6aa2629317394055c51312ba57bb01e20c26e2ced1aeb0be0ff1a4d3fbb
Size (zsh-5.4.2.tar.xz) = 2983492 bytes
+SHA1 (patch-CVE-2018-1071) = 0aa14d3ee127d34ee841f6a3749f5572bfdb3114
+SHA1 (patch-CVE-2018-1083) = 09d6188d1f4e2efc72dfb2a75571a7f1c857a2a7
+SHA1 (patch-CVE-2018-7548) = 85a4aa35c30690908ecb70772cc2553a91c3545c
+SHA1 (patch-CVE-2018-7549) = f94df77c2fe5563af6b88727c04c43d74771105e
SHA1 (patch-aczsh.m4) = 36c270d8d7cf727f48787ef889b2bd89cbf065e2
SHA1 (patch-configure.ac) = 87ae3604e09948cd7b360f08031ef9c3f91f0aae
diff --git a/shells/zsh/patches/patch-CVE-2018-1071 b/shells/zsh/patches/patch-CVE-2018-1071
new file mode 100644
index 00000000000..867d46878da
--- /dev/null
+++ b/shells/zsh/patches/patch-CVE-2018-1071
@@ -0,0 +1,32 @@
+$NetBSD: patch-CVE-2018-1071,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-1071 from
+https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4/
+
+--- Src/exec.c.orig 2017-08-27 19:28:43.000000000 +0000
++++ Src/exec.c 2018-03-30 20:10:46.000000000 +0000
+@@ -920,7 +920,7 @@
+ for (; *pp; pp++)
+ if (**pp == '/') {
+ s = buf;
+- strucpy(&s, *pp);
++ struncpy(&s, *pp, PATH_MAX);
+ *s++ = '/';
+ if ((s - buf) + strlen(arg0) >= PATH_MAX)
+ continue;
+--- Src/utils.c.orig 2017-08-08 18:02:32.000000000 +0000
++++ Src/utils.c 2018-03-30 20:13:16.000000000 +0000
+@@ -2283,10 +2283,10 @@
+ {
+ char *u = *s;
+
+- while (n--)
+- *u++ = *t++;
++ while (n-- && (*u++ = *t++));
+ *s = u;
+- *u = '\0';
++ if (n > 0) /* just one null-byte will do, unlike strncpy(3) */
++ *u = '\0';
+ }
+
+ /* Return the number of elements in an array of pointers. *
diff --git a/shells/zsh/patches/patch-CVE-2018-1083 b/shells/zsh/patches/patch-CVE-2018-1083
new file mode 100644
index 00000000000..04ea16b9c71
--- /dev/null
+++ b/shells/zsh/patches/patch-CVE-2018-1083
@@ -0,0 +1,34 @@
+$NetBSD: patch-CVE-2018-1083,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-1083 from
+https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
+
+--- Src/Zle/compctl.c.orig 2017-06-30 20:36:55.000000000 +0000
++++ Src/Zle/compctl.c 2018-03-30 20:07:25.000000000 +0000
+@@ -2176,6 +2176,8 @@
+ if (prpre && *prpre) {
+ pathpref = dupstring(prpre);
+ unmetafy(pathpref, &pathpreflen);
++ if (pathpreflen > PATH_MAX)
++ return;
+ /* system needs NULL termination, not provided by unmetafy */
+ pathpref[pathpreflen] = '\0';
+ } else {
+@@ -2218,6 +2220,8 @@
+ * the path buffer by appending the filename. */
+ ums = dupstring(n);
+ unmetafy(ums, &umlen);
++ if (umlen + pathpreflen + 1 > PATH_MAX)
++ continue;
+ memcpy(q, ums, umlen);
+ q[umlen] = '\0';
+ /* And do the stat. */
+@@ -2232,6 +2236,8 @@
+ /* We have to test for a path suffix. */
+ int o = strlen(p), tt;
+
++ if (o + strlen(psuf) > PATH_MAX)
++ continue;
+ /* Append it to the path buffer. */
+ strcpy(p + o, psuf);
+
diff --git a/shells/zsh/patches/patch-CVE-2018-7548 b/shells/zsh/patches/patch-CVE-2018-7548
new file mode 100644
index 00000000000..c362bd3fce2
--- /dev/null
+++ b/shells/zsh/patches/patch-CVE-2018-7548
@@ -0,0 +1,16 @@
+$NetBSD: patch-CVE-2018-7548,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+patch for CVE-2018-7548 from
+https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
+
+--- Src/subst.c.orig 2017-04-04 17:51:28.000000000 +0000
++++ Src/subst.c 2018-03-30 19:48:41.000000000 +0000
+@@ -2340,7 +2340,7 @@
+ val = aval[0];
+ isarr = 0;
+ }
+- s = dyncat(val, s);
++ s = val ? dyncat(val, s) : dupstring(s);
+ /* Now behave po-faced as if it was always like that... */
+ subexp = 0;
+ /*
diff --git a/shells/zsh/patches/patch-CVE-2018-7549 b/shells/zsh/patches/patch-CVE-2018-7549
new file mode 100644
index 00000000000..9fb62c4a1d5
--- /dev/null
+++ b/shells/zsh/patches/patch-CVE-2018-7549
@@ -0,0 +1,25 @@
+$NetBSD: patch-CVE-2018-7549,v 1.1 2018/03/30 20:56:42 spz Exp $
+
+fix for CVE-2018-7549 from
+https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
+
+--- Src/params.c.orig 2017-06-11 19:34:06.000000000 +0000
++++ Src/params.c 2018-03-30 19:57:36.000000000 +0000
+@@ -535,10 +535,13 @@
+ HashTable
+ copyparamtable(HashTable ht, char *name)
+ {
+- HashTable nht = newparamtable(ht->hsize, name);
+- outtable = nht;
+- scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
+- outtable = NULL;
++ HashTable nht = 0;
++ if (ht) {
++ nht = newparamtable(ht->hsize, name);
++ outtable = nht;
++ scanhashtable(ht, 0, 0, 0, scancopyparams, 0);
++ outtable = NULL;
++ }
+ return nht;
+ }
+