diff --git a/cgit-CVE-2012-4548-fix.diff b/cgit-CVE-2012-4548-fix.diff new file mode 100644 index 0000000..d4fa87c --- /dev/null +++ b/cgit-CVE-2012-4548-fix.diff @@ -0,0 +1,24 @@ +From 7ea35f9f8ecf61ab42be9947aae1176ab6e089bd Mon Sep 17 00:00:00 2001 +From: Jason A. Donenfeld +Date: Sun, 28 Oct 2012 02:03:41 +0000 +Subject: syntax-highlighting.sh: Fix command injection. + +By not quoting the argument, an attacker with the ability to add files +to the repository could pass arbitrary arguments to the highlight +command, in particular, the --plug-in argument which can lead to +arbitrary command execution. + +This patch adds simple argument quoting. +--- +--- + filters/syntax-highlighting.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/filters/syntax-highlighting.sh ++++ b/filters/syntax-highlighting.sh +@@ -31,4 +31,4 @@ EXTENSION="${BASENAME##*.}" + # map Makefile and Makefile.* to .mk + [ "${BASENAME%%.*}" == "Makefile" ] && EXTENSION=mk + +-exec highlight --force -f -I -X -S $EXTENSION 2>/dev/null ++exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null diff --git a/cgit.changes b/cgit.changes index e21bf3b..f33e0d9 100644 --- a/cgit.changes +++ b/cgit.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Oct 29 11:45:50 CET 2012 - tiwai@suse.de + +- cgit-CVE-2012-4548-fix.diff: + Fix VUL-0: cgit: arbitrary code / command execution via + improperly quoted arguments (CVE-2012-4548, bnc#787074) + ------------------------------------------------------------------- Wed Oct 10 15:22:03 CEST 2012 - tiwai@suse.de diff --git a/cgit.spec b/cgit.spec index b0fdbeb..4696412 100644 --- a/cgit.spec +++ b/cgit.spec @@ -36,6 +36,7 @@ Patch2: cgit-CVE-2011-2711-fix.diff Patch3: cgit-fix-print-tree.diff Patch4: cgit-fix-more-read_tree_recursive-invocations.diff Patch5: cgit-CVE-2012-4465-fix.diff +Patch6: cgit-CVE-2012-4548-fix.diff # Requirements for cgit BuildRequires: gnu-crypto libopenssl-devel libzip-devel # Requirements for cgitrc man page generation @@ -59,6 +60,7 @@ Authors: %patch3 %patch4 %patch5 -p1 +%patch6 -p1 rm -rf git mv git-%{git_version} git