diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:41:48 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:41:48 +0000 |
commit | 473d40bbb88f98d74f074adb5a1a05e5c168aac2 (patch) | |
tree | 7c9ab4b707cd15c07e72796b361efc5ad817142a | |
parent | b2d7566437b898c68bec55b901e110c89f34e6dd (diff) | |
download | alpine_aports-473d40bbb88f98d74f074adb5a1a05e5c168aac2.tar.bz2 alpine_aports-473d40bbb88f98d74f074adb5a1a05e5c168aac2.tar.xz alpine_aports-473d40bbb88f98d74f074adb5a1a05e5c168aac2.zip |
main/libtirpc: fix CVE-2013-1950
fixes #2034
-rw-r--r-- | main/libtirpc/APKBUILD | 15 | ||||
-rw-r--r-- | main/libtirpc/CVE-2013-1950.patch | 37 |
2 files changed, 47 insertions, 5 deletions
diff --git a/main/libtirpc/APKBUILD b/main/libtirpc/APKBUILD index 029d7d33de..5feacaa564 100644 --- a/main/libtirpc/APKBUILD +++ b/main/libtirpc/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libtirpc | 2 | pkgname=libtirpc |
3 | pkgver=0.2.3 | 3 | pkgver=0.2.3 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | pkgdesc="Transport Independent RPC library (SunRPC replacement)" | 5 | pkgdesc="Transport Independent RPC library (SunRPC replacement)" |
6 | url="http://libtirpc.sourceforge.net/" | 6 | url="http://libtirpc.sourceforge.net/" |
7 | arch="all" | 7 | arch="all" |
@@ -14,7 +14,9 @@ source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.t | |||
14 | nis.h | 14 | nis.h |
15 | gssglue.patch | 15 | gssglue.patch |
16 | libtirpc-no-des.patch | 16 | libtirpc-no-des.patch |
17 | automake.patch" | 17 | automake.patch |
18 | CVE-2013-1950.patch | ||
19 | " | ||
18 | 20 | ||
19 | prepare() { | 21 | prepare() { |
20 | cd "$srcdir"/$pkgname-$pkgver | 22 | cd "$srcdir"/$pkgname-$pkgver |
@@ -52,14 +54,17 @@ md5sums="b70e6c12a369a91e69fcc3b9feb23d61 libtirpc-0.2.3.tar.bz2 | |||
52 | 082dff1bc78bdcbac6d305c1534fe3c0 nis.h | 54 | 082dff1bc78bdcbac6d305c1534fe3c0 nis.h |
53 | 7c50e2381f103cc9b84a86fad9b8eac5 gssglue.patch | 55 | 7c50e2381f103cc9b84a86fad9b8eac5 gssglue.patch |
54 | 80e8f54aab0f5bed37e58ad79fe4ff2b libtirpc-no-des.patch | 56 | 80e8f54aab0f5bed37e58ad79fe4ff2b libtirpc-no-des.patch |
55 | 5cac96c765922f33de61a215aa264a7f automake.patch" | 57 | 5cac96c765922f33de61a215aa264a7f automake.patch |
58 | ee3685a9c3168c0585580023ed01b43b CVE-2013-1950.patch" | ||
56 | sha256sums="4f29ea0491b4ca4c29f95f3c34191b857757873bbbf4b069f9dd4da01a6a923c libtirpc-0.2.3.tar.bz2 | 59 | sha256sums="4f29ea0491b4ca4c29f95f3c34191b857757873bbbf4b069f9dd4da01a6a923c libtirpc-0.2.3.tar.bz2 |
57 | 7149d53da167168cbad9e75cbab302768f659e59e208763b1bf5df2a6ff3bfdb nis.h | 60 | 7149d53da167168cbad9e75cbab302768f659e59e208763b1bf5df2a6ff3bfdb nis.h |
58 | 02658756777563dccb3904a00e87fa562eddeab0fe15ef0c6c21893b2d8619aa gssglue.patch | 61 | 02658756777563dccb3904a00e87fa562eddeab0fe15ef0c6c21893b2d8619aa gssglue.patch |
59 | 5b7c8f6d19f17541902dfd1b1132f2b07e4cc0987152d4e8007243e776d4d47f libtirpc-no-des.patch | 62 | 5b7c8f6d19f17541902dfd1b1132f2b07e4cc0987152d4e8007243e776d4d47f libtirpc-no-des.patch |
60 | 6188b7236b1f9088ad09749eed6407bd7b75fe37d1569a19977f44d15ec6a10c automake.patch" | 63 | 6188b7236b1f9088ad09749eed6407bd7b75fe37d1569a19977f44d15ec6a10c automake.patch |
64 | 76024a88dc30c7486cad46834eee8f4682fd29a4b18f7b8763cad8c1b415dfe6 CVE-2013-1950.patch" | ||
61 | sha512sums="dd480fcb6feda4a2bba7e5a5dc9b1f523697a39ddaa44a5742405f66d202996d99a562a31dbf6daf06e9b7ce5d82dfd1cce7b76a34466b92f84176e77498163d libtirpc-0.2.3.tar.bz2 | 65 | sha512sums="dd480fcb6feda4a2bba7e5a5dc9b1f523697a39ddaa44a5742405f66d202996d99a562a31dbf6daf06e9b7ce5d82dfd1cce7b76a34466b92f84176e77498163d libtirpc-0.2.3.tar.bz2 |
62 | 15edac1e30cc1aa65ca495bae14c6c7455d65ca539b7e5c865c3fbd5a51c76966b37dd34e9a6483aadcaea3602aefb0b48cdb46f877dae1c65dfa6840dfd8c54 nis.h | 66 | 15edac1e30cc1aa65ca495bae14c6c7455d65ca539b7e5c865c3fbd5a51c76966b37dd34e9a6483aadcaea3602aefb0b48cdb46f877dae1c65dfa6840dfd8c54 nis.h |
63 | 3dd3d4a082b1b9bb82c358a5b74e6c5f23fdd522ea2875fc27a7b1035e04b14aeec30db08aa3ce5c0168df325e540799bf6f55c3a67226e05cf52de11968ad86 gssglue.patch | 67 | 3dd3d4a082b1b9bb82c358a5b74e6c5f23fdd522ea2875fc27a7b1035e04b14aeec30db08aa3ce5c0168df325e540799bf6f55c3a67226e05cf52de11968ad86 gssglue.patch |
64 | 9a984a7741deb943f92cd8a9f23d1a0e09a01e91aa88268456ccbb7998b24f50ad431e26400def3a8ba9d6cd345e5abccf5acf9c59708ce8f0653275c2ea5d61 libtirpc-no-des.patch | 68 | 9a984a7741deb943f92cd8a9f23d1a0e09a01e91aa88268456ccbb7998b24f50ad431e26400def3a8ba9d6cd345e5abccf5acf9c59708ce8f0653275c2ea5d61 libtirpc-no-des.patch |
65 | dcbc55ed5551703799e6a690e65dbdbd9cc0293c0392a1a3c2d52bc9e91e8b0e18b89fa146f78fea8476c04409b766b6cdbde38a5f226d32043987ca1471634c automake.patch" | 69 | dcbc55ed5551703799e6a690e65dbdbd9cc0293c0392a1a3c2d52bc9e91e8b0e18b89fa146f78fea8476c04409b766b6cdbde38a5f226d32043987ca1471634c automake.patch |
70 | 43813e1d2b8cf3107c3144f742c8de6833dd2462b43c94f6d8444b90eb6671f2fe1329f533eee1e7ce1cd507d3c5962a47793e1354107da18340faf34d2b1644 CVE-2013-1950.patch" | ||
diff --git a/main/libtirpc/CVE-2013-1950.patch b/main/libtirpc/CVE-2013-1950.patch new file mode 100644 index 0000000000..e61be9e265 --- /dev/null +++ b/main/libtirpc/CVE-2013-1950.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From a9f437119d79a438cb12e510f3cadd4060102c9f Mon Sep 17 00:00:00 2001 | ||
2 | From: Steve Dickson <steved@redhat.com> | ||
3 | Date: Thu, 18 Apr 2013 14:29:58 -0400 | ||
4 | Subject: [PATCH] svc_getargs(): Should not be freeing arg pointers on failures | ||
5 | |||
6 | commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression | ||
7 | that causes callers of svc_getargs() to crash when svc_freeargs() frees | ||
8 | args points that are allocated on the stack. | ||
9 | |||
10 | svc_getargs() should let the callers do the freeing and not make any | ||
11 | assumptions on the type of memory passed in. | ||
12 | |||
13 | Also see: | ||
14 | https://bugzilla.redhat.com/show_bug.cgi?id=948378 | ||
15 | and | ||
16 | CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash | ||
17 | |||
18 | Signed-off-by: Steve Dickson <steved@redhat.com> | ||
19 | --- | ||
20 | src/svc_dg.c | 1 - | ||
21 | 1 file changed, 1 deletion(-) | ||
22 | |||
23 | diff --git a/src/svc_dg.c b/src/svc_dg.c | ||
24 | index b1ac462..6e00191 100644 | ||
25 | --- a/src/svc_dg.c | ||
26 | +++ b/src/svc_dg.c | ||
27 | @@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) | ||
28 | { | ||
29 | if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), | ||
30 | xdr_args, args_ptr)) { | ||
31 | - (void)svc_freeargs(xprt, xdr_args, args_ptr); | ||
32 | return FALSE; | ||
33 | } | ||
34 | return TRUE; | ||
35 | -- | ||
36 | 1.8.1.4 | ||
37 | |||