patch: rename CVE-2019-13638 patch to mollify uscan 9904/head
authorRussell Senior <russell@personaltelco.net>
Sun, 1 Sep 2019 22:50:25 +0000 (15:50 -0700)
committerRussell Senior <russell@personaltelco.net>
Mon, 2 Sep 2019 06:39:22 +0000 (23:39 -0700)
Signed-off-by: Russell Senior <russell@personaltelco.net>
devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch [new file with mode: 0644]
devel/patch/patches/060-CVE-2019-13638.patch [deleted file]

diff --git a/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch b/devel/patch/patches/060-CVE-2018-20969-CVE-2019-13638.patch
new file mode 100644 (file)
index 0000000..38caff6
--- /dev/null
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+           *outname_needs_removal = true;
+           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+         }
+-      sprintf (buf, "%s %s%s", editor_program,
+-               verbosity == VERBOSE ? "" : "- ",
+-               outname);
+       fflush (stdout);
+       pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+       else if (pid == 0)
+         {
+           dup2 (tmpfd, 0);
+-          execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++          assert (outname[0] != '!' && outname[0] != '-');
++          execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+           _exit (2);
+         }
+       else
+-- 
+cgit v1.0-41-gc330
+
diff --git a/devel/patch/patches/060-CVE-2019-13638.patch b/devel/patch/patches/060-CVE-2019-13638.patch
deleted file mode 100644 (file)
index 38caff6..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
-From: Andreas Gruenbacher <agruen@gnu.org>
-Date: Fri, 6 Apr 2018 19:36:15 +0200
-Subject: Invoke ed directly instead of using the shell
-
-* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
-command to avoid quoting vulnerabilities.
----
- src/pch.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/pch.c b/src/pch.c
-index 4fd5a05..16e001a 100644
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
-           *outname_needs_removal = true;
-           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
-         }
--      sprintf (buf, "%s %s%s", editor_program,
--               verbosity == VERBOSE ? "" : "- ",
--               outname);
-       fflush (stdout);
-       pid = fork();
-@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
-       else if (pid == 0)
-         {
-           dup2 (tmpfd, 0);
--          execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+          assert (outname[0] != '!' && outname[0] != '-');
-+          execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
-           _exit (2);
-         }
-       else
--- 
-cgit v1.0-41-gc330
-