add upstream patch for CVE-2022-1271
ok naddy
This commit is contained in:
parent
88762bd16a
commit
1b4aebfc69
@ -1,7 +1,7 @@
|
||||
COMMENT= LZMA compression and decompression tools
|
||||
|
||||
DISTNAME= xz-5.2.5
|
||||
REVISION= 0
|
||||
REVISION= 1
|
||||
SHARED_LIBS= lzma 2.1 # 7.5
|
||||
CATEGORIES= archivers
|
||||
DPB_PROPERTIES= parallel
|
||||
|
42
archivers/xz/patches/patch-src_scripts_xzgrep_in
Normal file
42
archivers/xz/patches/patch-src_scripts_xzgrep_in
Normal file
@ -0,0 +1,42 @@
|
||||
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
|
||||
|
||||
CVE-2022-1271
|
||||
|
||||
Index: src/scripts/xzgrep.in
|
||||
--- src/scripts/xzgrep.in.orig
|
||||
+++ src/scripts/xzgrep.in
|
||||
@@ -179,22 +179,26 @@ for i; do
|
||||
{ test $# -eq 1 || test $no_filename -eq 1; }; then
|
||||
eval "$grep"
|
||||
else
|
||||
+ # Append a colon so that the last character will never be a newline
|
||||
+ # which would otherwise get lost in shell command substitution.
|
||||
+ i="$i:"
|
||||
+
|
||||
+ # Escape & \ | and newlines only if such characters are present
|
||||
+ # (speed optimization).
|
||||
case $i in
|
||||
(*'
|
||||
'* | *'&'* | *'\'* | *'|'*)
|
||||
- i=$(printf '%s\n' "$i" |
|
||||
- sed '
|
||||
- $!N
|
||||
- $s/[&\|]/\\&/g
|
||||
- $s/\n/\\n/g
|
||||
- ');;
|
||||
+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
|
||||
esac
|
||||
- sed_script="s|^|$i:|"
|
||||
|
||||
+ # $i already ends with a colon so don't add it here.
|
||||
+ sed_script="s|^|$i|"
|
||||
+
|
||||
# Fail if grep or sed fails.
|
||||
r=$(
|
||||
exec 4>&1
|
||||
- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
|
||||
+ (eval "$grep" 4>&-; echo $? >&4) 3>&- |
|
||||
+ LC_ALL=C sed "$sed_script" >&3 4>&-
|
||||
) || r=2
|
||||
exit $r
|
||||
fi >&3 5>&-
|
Loading…
Reference in New Issue
Block a user