| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The last case to call output_file() in the main loop is
output_file (outname, NULL, &tmpoutst, NULL, NULL,
file_type | 0, backup);
and this essentially means to create a backup file (where to=NULL)
only if backup=true, and does nothing else.
And, in the current code, the passed file stat (&tmpoutst) is a file
stat of the temporary file that has been processed, not the original
file (outname) to be backed up. When the backup is performed
immediately, this is no big problem. However, output_file() may
schedule the deferred handling, and the given file may be backed up at
a later point. The problem is that create_backup() tries to avoid the
backup of the same file twice, and it checks the given stat i-node
number in the hash list. Since it's a stat of a temporary file, the
same i-node number may be reused once a temp file is deleted and
another is created. This results in a false-positive detection of the
already existing file, eventually missing a backup file.
This patch attempts to address the issue:
- Modify the condition for better understanding, clearly indicating
that the code there is for creating a backup file
- Pass the stat of the original file instead of a temporary file
BugLink: https://bugzilla.opensuse.org/show_bug.cgi?id=1198106
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
eval is not some sort of magical sandbox for executing code that might cause
the shell's parser to take exception. Render the test resilient by carrying
it out within a subshell. While at it, position the redirection so that
STDERR is, in fact, muted.
Signed-off-by: Kerin Millar <kfm@plushkava.net>
Reported-by: Paolo Pedroni <paolo.pedroni@iol.it>
Closes: https://bugs.gentoo.org/738810
|
| |
|
|
|
|
|
|
|
|
| |
* bootstrap: Update.
* bootstrap.conf (gnulib_modules): Replace getdate with parse-datetime, malloc
with malloc-gnu, and realloc with realloc-gnu.
* src/patch.c (main): Function find_backup_file_name has gained a new dir_fd
argument.
* src/util.c (create_backup): Likewise.
(fetchname): Function get_date has been renamed to parse_datetime.
|
| |
|
|
|
|
| |
* tests/context-format: Add tests with a missing pattern and a missing
replacement section in a hunk. Patch should fill in the missing
sections from the existing sections.
|
| |
|
|
|
|
|
| |
The assertion triggers when the -o FILE option is used, more than one output
file is written into FILE, and one of those files (except the last one) ends in
the middle of a line.
* src/patch.c (main): Fix the case described above.
|
| |
|
|
|
| |
* src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
|
| |
|
|
|
|
|
|
|
| |
* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
append_to_file): Unless the --follow-symlinks option is given, open files with
the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
that consistently for input files.
* src/util.c (create_backup): When creating empty backup files, (re)create them
with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* src/safe.c (min_cached_fds): Define minimum number of cached dir file
descriptors.
(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
hash table will usually suffice; if needed, the hash table will grow.
(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
RLIM_INFINITY.
|
| |
|
|
|
|
|
|
|
| |
When a fatal error triggers during cleanup, another attempt will be made to
clean up, which will likely lead to the same fatal error. So instead, bail out
when that happens.
src/patch.c (cleanup): Bail out when called recursively.
(main): There is no need to call output_files() before cleanup() as cleanup()
already does that.
|
| |
|
|
| |
* tests/ed-style: Require ed.
|
| |
|
|
|
|
|
| |
When building with the address sanitizer on, free some more resources before
exiting. (This is unnecessary when not looking for memory leaks.)
* src/patch.c (init_files_to_delete): Add dispose function for freeing
filenames.
|
| |
|
|
|
|
|
|
| |
* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
blank line in the middle of a context-diff hunk: that empty line stays
in the middle of the hunk and isn't swapped.
Fixes: https://savannah.gnu.org/bugs/index.php?53133
|
| |
|
|
|
|
| |
* src/pch.c (another_hunk): In the (debug & 2) output, fix how empty
lines that are not part of the patch context are printed. Also, add
newlines to lines that are missing them to keep the output readable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous fix worked fine with single-file ed-style patches, but
would still leak temporary files in the case of multi-file ed-style
patch. Fix that case as well, and extend the test case to check for
it.
* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
the next file in a patch.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we write ed-style patches to a temporary file before we
apply them, we need to ensure that the temporary file is removed
before we leave, even on fatal error.
* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
tmpname. Don't unlink the file directly, instead tag it for removal
at exit time.
* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
|
| |
|
|
| |
* bootstrap.conf (gnulib_modules): Add 'alloca'.
|
| |
|
|
| |
* tests/ed-style: Remove '?' line from expected output.
|
| |
|
|
|
| |
* src/patch.c (copy_till): Consider incomplete fwrite() write as an error.
* src/pch.c (pch_write_line, do_ed_script): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi Andreas,
I configured with --enable-gcc-warnings and bleeding-edge gcc
(version 8.0.1 20180406) and hit some warning-escalated-to-errors.
This fixes them:
>From a71ddb200dbe7ac0f9258796b5a51979b2740e88 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Fri, 6 Apr 2018 16:47:00 -0700
Subject: [PATCH] maint: avoid warnings from GCC8
* src/common.h (FALLTHROUGH): Define.
* src/patch.c (abort_hunk_context): Use FALLTHROUGH macro in place of
a comment. This avoids a warning from -Wimplicit-fallthrough=.
* src/pch.c (do_ed_script): Add otherwise unnecessary initialization
to avoid warning from -Wmaybe-uninitialized.
(another_hunk): Use FALLTHROUGH macro here, too, twice.
|
| |
|
|
| |
* src/pch.c (do_ed_script): Minor cleanups.
|
| |
|
|
|
| |
* bootstrap.conf (gnulib_modules): Add execute.
* src/pch.c (do_ed_script): Switch from fork + execlp to execute.
|
| |
|
|
|
| |
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
|
| |
|
|
|
|
|
|
| |
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
|
| |
|
|
|
| |
* src/pch.c (do_ed_script): Allow input files to be missing so that new
files will be created as with non-ed-style patches.
|
| |
|
|
|
|
| |
http://savannah.gnu.org/bugs/?53132
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
|
| |
|
|
| |
tests/merge: In a Korn shell, shift apparently fails when $# is 0.
|
| |
|
|
|
|
|
| |
* tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
instead of echo -e / echo -n for compatibility with systems that don't
support these echo options.
* tests/merge: Minor other cleanups.
|
| |
|
|
|
| |
* src/util.c (set_file_attributes): Avoid sign conversion warnings when
assigning -1 to uid_t / gid_t.
|
| |
|
|
| |
* NEWS: Update.
|
| |
|
|
| |
* README: Fix typo.
|
| |
|
|
|
|
| |
* bootstrap.conf: use gnupload module.
* (RELEASE_TYPE): Define, as maint.mk expects it to be defined.
(tell-upload): Remove obsolete target.
|
| |
|
|
| |
* Makefile.am (EXTRA_DIST): Remove stale reference to m4/utimbuf.m4.
|
| |
|
|
| |
* bootstrap: Update from gnulib.
|
| |
|
|
|
| |
* src/pch.c (another_hunk): Clarify the error messages for malformed
normal diff patches.
|
| |
|
|
|
|
|
|
|
|
| |
* src/patch.c (main): Create git diff files with indicated mode.
* tests/file-create-modes: New test case.
* tests/Makefile.am (TESTS): Add test case.
This fixes building current Linux 4.14.x from the signed tarball and
patch file, where the patch creates a script with the executable bit
set.
|
| | |
|
| |
|
|
| |
* configure.ac: Use AC_CONFIG_HEADERS instead of AC_CONFIG_HEADER.
|
| |
|
|
|
|
| |
* src/patch.c (locate_hunk): Don't allow a hunk to overlap with the
previous one.
* tests/false-match: Add regression test.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/common.h, src/merge.c (context_matches_file), src/patch.c
(get_some_switches, patch_match), src/pch.c(another_hunk): Rename the
global variable 'canonicalize' to 'canonicalize_ws'.
Patch uses a global variable 'canonicalize' as part of its
implementation of the --ignore-whitespace flag.
In glibc there is a function canonicalize():
https://www.gnu.org/software/libc/manual/html_node/FP-Bit-Twiddling.html#index-canonicalize
Rename the global variable so that it will not conflict.
Original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1422463
|
| |
|
|
|
| |
* src/util.c (parse_name): parse_c_string() can fail and return NULL.
Check for that so that we won't access the NULL pointer here.
|
| |
|
|
|
|
| |
This bug can trigger with malformed patches.
* src/pch.c (pch_write_line): Avoid out-of-bounds access to
p_line[line][p_len[line] - 1] when p_len[line] is 0.
|
| |
|
|
| |
* tests/git-cleanup: Don't hard-code program name.
|
| |
|
|
|
|
| |
* src/pch.c (set_hunkmax): Don't cast return value of xmalloc.
(grow_hunkmax): Likewise for two uses of realloc that the syntax-check
rule did not detect.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When configured with --enable-gcc-warnings and gcc-6.1, ...
* src/safe.c (count_path_components): Use _GL_ATTRIBUTE_PURE,
to avoid an error from -Werror=suggest-attribute=pure.
* src/util.h (filename_is_safe): Likewise.
* src/patch.c (main): Placate -Werror=format= by casting
pch_mode's mode_t return type to the "unsigned int" required
to match the %o format string.
* src/patch.c (delete_files): Correct indentation, to avoid
this error from -Werror=misleading-indentation:
patch.c: In function 'delete_files':
patch.c:1816:4: error: this 'if' clause does not guard...
if (verbosity == VERBOSE)
^~
patch.c:1820:6: note: ...this statement, but the latter is
misleadingly indented as if it is guarded by the 'if'
move_file (0, 0, 0, file_to_delete->name, mode,
^~~~~~~~~
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a git-syle patch is applied, all file modifications are done to
temporary files which are put in place when the patch ends. When a
patch fails, GNU patch was trying to "roll back" to the start. A bug in
that code that lead to accidental file deletion was recently discovered
by Richard Weinberger <richard@nod.at>. Even worse though, GNU patch
should not exhibit this "rollback" behavior in the first place; that's
not what people expect. Instead, the files modified so far should be put
in place.
* src/patch.c (cleanup): Put output files processed successfully
in place instead of trying to "roll back" to the start.
(forget_output_files): Remove obsolete (and broken) function.
* tests/git-cleanup: New broken git-style patch test case that exercises
the cleanup path.
* tests/Makefile.am (TESTS): Add new test case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* src/safe.h (unsafe): New flag to allow turning off safe file
operations.
* src/safe.c (safe_xstat, safe_open, safe_rename, safe_mkdir,
safe_rmdir, safe_unlink, safe_symlink, safe_chmod, safe_lchown,
safe_lutimens, safe_readlink, safe_access): When safe file operations
are turned off, skip safe path traversal. Any symlink checks of the
last path component are still done though.
* src/patch.c (main): When the file to patch is specified on the command
line, turn off safe file operations.
* tests/inname: Fix typo in test.
|
