lang/chicken: backport security fix for CVE-2022-45145
Details: https://lists.nongnu.org/archive/html/chicken-announce/2022-11/msg00000.html > Vasilij found a security issue with the way egg-information > files are created during installation of an extension package. > Currently, escape characters in the .egg file may be used to > perform arbitrary OS command injection due to the method the > egg metadata is created and installed in the local egg repository > during the install-stage of an egg. diff from MAINTAINER Timo Myyrä, thanks!
This commit is contained in:
parent
5621316cc2
commit
da78065c76
|
@ -1,3 +1,5 @@
|
|||
REVISION= 0
|
||||
|
||||
SHARED_LIBS= chicken 8.0 # 11
|
||||
|
||||
TEST_TARGET= check
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
Fix CVE-2022-45145 by backporting commit a08f8f548d772ef410c672ba33a27108d8d434f3.
|
||||
|
||||
See: https://lists.nongnu.org/archive/html/chicken-announce/2022-11/msg00000.html
|
||||
|
||||
Index: egg-compile.scm
|
||||
--- egg-compile.scm.orig
|
||||
+++ egg-compile.scm
|
||||
@@ -1191,7 +1191,7 @@ EOF
|
||||
|
||||
~a ~a~a
|
||||
~a ~a~a
|
||||
-cat >~a~a <<ENDINFO
|
||||
+cat >~a~a <<'ENDINFO'
|
||||
~aENDINFO~%
|
||||
EOF
|
||||
mkdir ddir qdir
|
||||
@@ -1201,11 +1201,18 @@ EOF
|
||||
(printf #<<EOF
|
||||
|
||||
~a ~a~a
|
||||
-echo ~a >~a~a~%
|
||||
+copy /y nul ~a~a~%
|
||||
+~a
|
||||
EOF
|
||||
mkdir ddir qdir
|
||||
- (string-intersperse (string-split infostr "\n") "^\n\n")
|
||||
- ddir dest)))))
|
||||
+ ddir dest
|
||||
+ (string-intersperse (map (lambda (line)
|
||||
+ (ensure-line-limit
|
||||
+ (caretize (format "echo ~a >>~a~a"
|
||||
+ line ddir dest))
|
||||
+ 8191 ))
|
||||
+ (string-split infostr "\n"))
|
||||
+ "\n"))))))
|
||||
|
||||
;;; some utilities for mangling + quoting
|
||||
|
||||
@@ -1277,3 +1284,12 @@ EOF
|
||||
(define (joins strs) (string-intersperse strs " "))
|
||||
|
||||
(define (maybe f x) (if f (list x) '()))
|
||||
+
|
||||
+(define (caretize str)
|
||||
+ (string-translate* str '(("&" . "^&") ("^" . "^^") ("|" . "^|")
|
||||
+ ("<" . "^<") (">" . "^>"))))
|
||||
+
|
||||
+(define (ensure-line-limit str lim)
|
||||
+ (when (>= (string-length str) lim)
|
||||
+ (error "line length exceeds platform limit: " str))
|
||||
+ str)
|
Loading…
Reference in New Issue