3 files changed, 206 insertions, 12 deletions
diff --git a/source/a/patch/0001-Refuse-to-apply-ed-scripts-by-default.patch b/source/a/patch/0001-Refuse-to-apply-ed-scripts-by-default.patch
new file mode 100644
index 00000000..c8257479
--- /dev/null
+++ b/source/a/patch/0001-Refuse-to-apply-ed-scripts-by-default.patch
@@ -0,0 +1,178 @@
+From 5046e5605cf7420d9a11de49bd9fe4851a4ca1d2 Mon Sep 17 00:00:00 2001
+From: Saleem Rashid <dev@saleemrashid.com>
+Date: Thu, 5 Apr 2018 22:48:25 +0100
+Subject: [PATCH] Refuse to apply ed scripts by default
+
+* src/patch.c, src/pch.c: Warn that ed scripts are potentially
+dangerous, unless patch is invoked with --force
+* tests/dangerous-ed-scripts: New test case
+* tests/crlf-handling, tests/need-filename: Add -f to patch invokation to
+avoid ed scripts warning
+
+This fixes an issue where ed scripts could be included in a patch, executing
+arbitrary shell commands without the user's knowledge.
+
+Original bug report:
+https://savannah.gnu.org/bugs/index.php?53566
+---
+ src/patch.c                | 13 +++++++++++--
+ src/pch.c                  | 11 +++++++++++
+ tests/Makefile.am          |  1 +
+ tests/crlf-handling        |  4 ++--
+ tests/dangerous-ed-scripts | 36 ++++++++++++++++++++++++++++++++++++
+ tests/need-filename        |  2 +-
+ 6 files changed, 62 insertions(+), 5 deletions(-)
+ create mode 100644 tests/dangerous-ed-scripts
+
+diff --git a/src/patch.c b/src/patch.c
+index 0fe6d72..e14a9c4 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -781,7 +781,7 @@ static char const *const option_help[] =
+ "  -l  --ignore-whitespace  Ignore white space changes between patch and input.",
+ "",
+ "  -c  --context  Interpret the patch as a context difference.",
+-"  -e  --ed  Interpret the patch as an ed script.",
++"  -e  --ed  Interpret the patch as a potentially dangerous ed script.  This could allow arbitrary command execution!",
+ "  -n  --normal  Interpret the patch as a normal difference.",
+ "  -u  --unified  Interpret the patch as a unified difference.",
+ "",
+@@ -825,7 +825,7 @@ static char const *const option_help[] =
+ "Miscellaneous options:",
+ "",
+ "  -t  --batch  Ask no questions; skip bad-Prereq patches; assume reversed.",
+-"  -f  --force  Like -t, but ignore bad-Prereq patches, and assume unreversed.",
++"  -f  --force  Like -t, but ignore bad-Prereq patches, apply potentially dangerous ed scripts, and assume unreversed.",
+ "  -s  --quiet  --silent  Work silently unless an error occurs.",
+ "  --verbose  Output extra information about the work being done.",
+ "  --dry-run  Do not actually change any files; just print what would happen.",
+@@ -1068,6 +1068,15 @@ get_some_switches (void)
+ 	}
+     }
+ 
++    if (! force && diff_type == ED_DIFF)
++     {
++      ask ("Apply potentially dangerous ed script?  This could allow arbitrary command execution!  [n] ");
++      if (*buf != 'y')
++       {
++	  fatal ("Refusing to apply potentially dangerous ed script.");
++       }
++     }
++
+     /* Process any filename args.  */
+     if (optind < Argc)
+       {
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..ab34dd4 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1001,6 +1001,17 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+ 	instat = st[i];
+       }
+ 
++    if (! force && retval == ED_DIFF)
++     {
++      ask ("Apply potentially dangerous ed script?  This could allow arbitrary command execution!  [n] ");
++      if (*buf != 'y')
++       {
++	  if (verbosity != SILENT)
++	      say ("Skipping potentially dangerous ed script.\n");
++	  skip_rest_of_patch = true;
++       }
++     }
++
+     return retval;
+ }
+ 
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..d888804 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -30,6 +30,7 @@ TESTS = \
+ 	create-directory \
+ 	criss-cross \
+ 	crlf-handling \
++	dangerous-ed-scripts \
+ 	dash-o-append \
+ 	deep-directories \
+ 	empty-files \
+diff --git a/tests/crlf-handling b/tests/crlf-handling
+index c192cac..f9e654e 100644
+--- a/tests/crlf-handling
++++ b/tests/crlf-handling
+@@ -46,7 +46,7 @@ if ! have_ed ; then
+ else
+     diff -e a b > ab.ed | lf2crlf > ab.ed
+     echo 1 > c
+-    ncheck 'patch c < ab.ed'
++    ncheck 'patch -f c < ab.ed'
+ fi
+ 
+ # ==============================================================
+@@ -95,7 +95,7 @@ if ! have_ed ; then
+ else
+     diff -e a b > ab.diff
+     cp a c
+-    ncheck 'patch c < ab.diff'
++    ncheck 'patch -f c < ab.diff'
+ fi
+ 
+ check 'cat -ve c' <<EOF
+diff --git a/tests/dangerous-ed-scripts b/tests/dangerous-ed-scripts
+new file mode 100644
+index 0000000..3465d4e
+--- /dev/null
++++ b/tests/dangerous-ed-scripts
+@@ -0,0 +1,36 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++# Test for arbitrary command execution found in CVE-2018-0492 patch.
++# GNU patch bug report can be found at http://savannah.gnu.org/bugs/index.php?53566
++
++cat > beep.patch <<EOF
++--- /dev/null	2018-13-37 13:37:37.000000000 +0100
+++++ b/beep.c	2018-13-37 13:38:38.000000000 +0100
++1337a
++1,112d
++!id>~/pwn.lol;beep # 13-21 12:53:21.000000000 +0100
++.
++EOF
++
++check 'patch < beep.patch; echo "Status: $?"' <<EOF
++Apply potentially dangerous ed script?  This could allow arbitrary command execution!  [n] 
++Skipping potentially dangerous ed script.
++Status: 1
++EOF
++
++check 'patch -e; echo "Status: $?"' <<EOF
++Apply potentially dangerous ed script?  This could allow arbitrary command execution!  [n] $PATCH: **** Refusing to apply potentially dangerous ed script.
++
++Status: 2
++EOF
+diff --git a/tests/need-filename b/tests/need-filename
+index 8b92848..c15951f 100644
+--- a/tests/need-filename
++++ b/tests/need-filename
+@@ -61,7 +61,7 @@ EOF
+ 
+     rm -f f
+     touch f
+-    ncheck 'patch f < e.diff'
++    ncheck 'patch -f f < e.diff'
+ 
+     check 'cat f' <<EOF
+ one
+-- 
+2.16.3
+
diff --git a/source/a/patch/patch.SlackBuild b/source/a/patch/patch.SlackBuild
index 28880a27..8ee0d50a 100755
--- a/source/a/patch/patch.SlackBuild
+++ b/source/a/patch/patch.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
 
-# Copyright 2005-2009, 2010, 2012, 2015  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2005-2009, 2010, 2012, 2015, 2018  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -20,9 +20,11 @@
 #  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+cd $(dirname $0) ; CWD=$(pwd)
+
 PKGNAM=patch
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-3}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -34,7 +36,14 @@ if [ -z "$ARCH" ]; then
   esac
 fi
 
-CWD=$(pwd)
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-patch
 
@@ -53,7 +62,7 @@ fi
 
 cd $TMP
 rm -rf patch-${VERSION}
-tar xvf $CWD/patch-${VERSION}.tar.xz || exit 1
+tar xvf $CWD/patch-${VERSION}.tar.?z || exit 1
 cd patch-${VERSION} || exit 1
 
 chown -R root:root .
@@ -63,14 +72,21 @@ find . \
   \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
   -exec chmod 644 {} \;
 
+# Patch CVE-2018-1000156, arbitrary shell command execution by (obsolete)
+# ed patch format:
+zcat $CWD/0001-Refuse-to-apply-ed-scripts-by-default.patch.gz | patch -p1 --verbose || exit 1
+
+# This avoids failure in tests/ expecting an old automake:
+autoreconf -vif
+
 CFLAGS="$SLKCFLAGS" \
 ./configure \
   --prefix=/usr \
   --mandir=/usr/man \
-  --build=$ARCH-slackware-linux
+  --build=$ARCH-slackware-linux || exit 1
 
 make -j4 || make || exit 1
-make install DESTDIR=$PKG
+make install DESTDIR=$PKG || exit 1
 
 # Strip everything for good measure:
 ( cd $PKG
diff --git a/source/a/patch/slack-desc b/source/a/patch/slack-desc
index 5ddba89b..4603b715 100644
--- a/source/a/patch/slack-desc
+++ b/source/a/patch/slack-desc
@@ -1,8 +1,8 @@
 # HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description.  Line
+# The "handy ruler" below makes it easier to edit a package description. Line
 # up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in.  You must
-# make exactly 11 lines for the formatting to be correct.  It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
 # customary to leave one space after the ':'.
 
      |-----handy-ruler------------------------------------------------------|
@@ -11,7 +11,7 @@ patch:
 patch: Patch is a utility used to apply diffs (or patches) to files, which
 patch: are usually source code.
 patch:
-patch: Larry Wall wrote the original version of patch.  Paul Eggert removed
+patch: Larry Wall wrote the original version of patch. Paul Eggert removed
 patch: patch's arbitrary limits; added support for binary files, setting
 patch: file times, and deleting files; and made it conform better to POSIX.
 patch: Other  contributors include Wayne Davison, who added unidiff support,