diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-22 13:25:49 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-22 15:33:20 +0200 |
commit | babf8851105592d4bc46ac85ef56f396f9e76c9f (patch) | |
tree | 0624dcc6b04f3fd50352ff257006a36045214c72 | |
parent | c04db119f841cc84a86f7b8db44948c3b27513f9 (diff) | |
download | alpine_aports-babf8851105592d4bc46ac85ef56f396f9e76c9f.tar.bz2 alpine_aports-babf8851105592d4bc46ac85ef56f396f9e76c9f.tar.xz alpine_aports-babf8851105592d4bc46ac85ef56f396f9e76c9f.zip |
main/libmspack: security upgrade to 0.7.1alpha
fixes #9228
-rw-r--r-- | main/libmspack/APKBUILD | 27 | ||||
-rw-r--r-- | main/libmspack/CVE-2017-11423.patch | 20 | ||||
-rw-r--r-- | main/libmspack/CVE-2017-6419.patch | 78 |
3 files changed, 12 insertions, 113 deletions
diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD index 95bc28f146..ede81fb87a 100644 --- a/main/libmspack/APKBUILD +++ b/main/libmspack/APKBUILD | |||
@@ -1,8 +1,8 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libmspack | 2 | pkgname=libmspack |
3 | pkgver=0.5_alpha | 3 | pkgver=0.7.1_alpha |
4 | _ver=${pkgver/_/} | 4 | _ver=${pkgver/_/} |
5 | pkgrel=1 | 5 | pkgrel=0 |
6 | pkgdesc="Library for CAB and related files compression and decompression" | 6 | pkgdesc="Library for CAB and related files compression and decompression" |
7 | url="http://www.cabextract.org.uk/libmspack/" | 7 | url="http://www.cabextract.org.uk/libmspack/" |
8 | arch="all" | 8 | arch="all" |
@@ -12,13 +12,16 @@ depends_dev="" | |||
12 | makedepends="$depends_dev" | 12 | makedepends="$depends_dev" |
13 | install="" | 13 | install="" |
14 | subpackages="$pkgname-dev" | 14 | subpackages="$pkgname-dev" |
15 | source="http://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz | 15 | source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz" |
16 | CVE-2017-6419.patch | ||
17 | CVE-2017-11423.patch" | ||
18 | 16 | ||
19 | _builddir="$srcdir"/libmspack-$_ver | 17 | _builddir="$srcdir"/libmspack-$_ver |
20 | 18 | ||
21 | # secfixes: | 19 | # secfixes: |
20 | # 0.7.1_alpha-r0: | ||
21 | # - CVE-2018-14679 | ||
22 | # - CVE-2018-14680 | ||
23 | # - CVE-2018-14681 | ||
24 | # - CVE-2018-14682 | ||
22 | # 0.5_alpha-r1: | 25 | # 0.5_alpha-r1: |
23 | # - CVE-2017-6419 | 26 | # - CVE-2017-6419 |
24 | # - CVE-2017-11423 | 27 | # - CVE-2017-11423 |
@@ -44,7 +47,9 @@ build() { | |||
44 | --localstatedir=/var \ | 47 | --localstatedir=/var \ |
45 | --disable-static \ | 48 | --disable-static \ |
46 | || return 1 | 49 | || return 1 |
47 | make || return 1 | 50 | # parallel build workaround |
51 | make libmspack.la libmscabd.la libmschmd.la | ||
52 | make | ||
48 | } | 53 | } |
49 | 54 | ||
50 | package() { | 55 | package() { |
@@ -52,12 +57,4 @@ package() { | |||
52 | make DESTDIR="$pkgdir" install || return 1 | 57 | make DESTDIR="$pkgdir" install || return 1 |
53 | } | 58 | } |
54 | 59 | ||
55 | md5sums="3aa3f6b9ef101463270c085478fda1da libmspack-0.5alpha.tar.gz | 60 | sha512sums="e903629a34c29099a261a108e4eb9cda485ab999bbc3383e3cd6a39715077d00b26a1c641b0f3df0eef60d2e15a7ef623379df0cfe25b99d4eda080529ffec7b libmspack-0.7.1alpha.tar.gz" |
56 | a88236b4e1b9bb265945a455123648ed CVE-2017-6419.patch | ||
57 | e29cb11b947c191dbec80932f16b5d70 CVE-2017-11423.patch" | ||
58 | sha256sums="8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110 libmspack-0.5alpha.tar.gz | ||
59 | fed2f79b41b326ca0b5f1f968027ee320e9f3d14f14fc67a7b1bcf5650884dd8 CVE-2017-6419.patch | ||
60 | 164b7bbbc08abce0e7f995938b3b74084dcc71cc8871c9ab1e14dcadc8df6a58 CVE-2017-11423.patch" | ||
61 | sha512sums="6d4efa0f43c43185ef91c97c1518aa70f09109d7332cda7e12019e146ec9cb0f2065fb1b57683b48bae9a7eaf8e82eb94096644c6d25c56d45878f630b719231 libmspack-0.5alpha.tar.gz | ||
62 | 5b40a114c8449f0c9f38536cb148c684a94e51607ec806da1a4a4466550202d63edbcd26e4a6cdec7b20483f3384f732ba952945e752a975be2e9a6653e036e0 CVE-2017-6419.patch | ||
63 | b426584d967c53f61491f1d47205a8db0bab5ca0a9ba75868f0437d697f5c81df20652c6eedf7825d00851555ff10f4a388275024fdc41d638d1d6ee9387dad2 CVE-2017-11423.patch" | ||
diff --git a/main/libmspack/CVE-2017-11423.patch b/main/libmspack/CVE-2017-11423.patch deleted file mode 100644 index 868ff83482..0000000000 --- a/main/libmspack/CVE-2017-11423.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | diff --git a/mspack/cabd.c b/mspack/cabd.c | ||
2 | index 16021ee..8b10934 100644 | ||
3 | --- a/mspack/cabd.c | ||
4 | +++ b/mspack/cabd.c | ||
5 | @@ -521,10 +521,13 @@ static char *cabd_read_string(struct mspack_system *sys, | ||
6 | { | ||
7 | off_t base = sys->tell(fh); | ||
8 | char buf[256], *str; | ||
9 | - unsigned int len, i, ok; | ||
10 | + int len, i, ok; | ||
11 | |||
12 | /* read up to 256 bytes */ | ||
13 | - len = sys->read(fh, &buf[0], 256); | ||
14 | + if ((len = sys->read(fh, &buf[0], 256)) <= 0) { | ||
15 | + *error = MSPACK_ERR_READ; | ||
16 | + return NULL; | ||
17 | + } | ||
18 | |||
19 | /* search for a null terminator in the buffer */ | ||
20 | for (i = 0, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; } | ||
diff --git a/main/libmspack/CVE-2017-6419.patch b/main/libmspack/CVE-2017-6419.patch deleted file mode 100644 index 4945f5fba5..0000000000 --- a/main/libmspack/CVE-2017-6419.patch +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | diff --git a/mspack/chmd.c b/mspack/chmd.c | ||
2 | index 5a6ef54..1a486c8 100644 | ||
3 | --- a/mspack/chmd.c | ||
4 | +++ b/mspack/chmd.c | ||
5 | @@ -1269,9 +1269,15 @@ static int read_spaninfo(struct mschm_decompressor_p *self, | ||
6 | |||
7 | /* get the uncompressed length of the LZX stream */ | ||
8 | err = read_off64(length_ptr, data, sys, self->d->infh); | ||
9 | - | ||
10 | sys->free(data); | ||
11 | - return (err) ? MSPACK_ERR_DATAFORMAT : MSPACK_ERR_OK; | ||
12 | + if (err) return MSPACK_ERR_DATAFORMAT; | ||
13 | + | ||
14 | + if (*length_ptr <= 0) { | ||
15 | + D(("output length is invalid")) | ||
16 | + return MSPACK_ERR_DATAFORMAT; | ||
17 | + } | ||
18 | + | ||
19 | + return MSPACK_ERR_OK; | ||
20 | } | ||
21 | |||
22 | /*************************************** | ||
23 | diff --git a/mspack/lzxd.c b/mspack/lzxd.c | ||
24 | index 2281e7b..d164df9 100644 | ||
25 | --- a/mspack/lzxd.c | ||
26 | +++ b/mspack/lzxd.c | ||
27 | @@ -300,8 +300,14 @@ struct lzxd_stream *lzxd_init(struct mspack_system *system, | ||
28 | if (window_bits < 15 || window_bits > 21) return NULL; | ||
29 | } | ||
30 | |||
31 | + if (reset_interval < 0 || output_length < 0) { | ||
32 | + D(("reset interval or output length < 0")) | ||
33 | + return NULL; | ||
34 | + } | ||
35 | + | ||
36 | + /* round up input buffer size to multiple of two */ | ||
37 | input_buffer_size = (input_buffer_size + 1) & -2; | ||
38 | - if (!input_buffer_size) return NULL; | ||
39 | + if (input_buffer_size < 2) return NULL; | ||
40 | |||
41 | /* allocate decompression state */ | ||
42 | if (!(lzx = (struct lzxd_stream *) system->alloc(system, sizeof(struct lzxd_stream)))) { | ||
43 | @@ -382,7 +388,7 @@ int lzxd_set_reference_data(struct lzxd_stream *lzx, | ||
44 | } | ||
45 | |||
46 | void lzxd_set_output_length(struct lzxd_stream *lzx, off_t out_bytes) { | ||
47 | - if (lzx) lzx->length = out_bytes; | ||
48 | + if (lzx && out_bytes > 0) lzx->length = out_bytes; | ||
49 | } | ||
50 | |||
51 | int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) { | ||
52 | diff --git a/mspack/mszipd.c b/mspack/mszipd.c | ||
53 | index 5b4756d..6ecd96d 100644 | ||
54 | --- a/mspack/mszipd.c | ||
55 | +++ b/mspack/mszipd.c | ||
56 | @@ -349,8 +349,9 @@ struct mszipd_stream *mszipd_init(struct mspack_system *system, | ||
57 | |||
58 | if (!system) return NULL; | ||
59 | |||
60 | + /* round up input buffer size to multiple of two */ | ||
61 | input_buffer_size = (input_buffer_size + 1) & -2; | ||
62 | - if (!input_buffer_size) return NULL; | ||
63 | + if (input_buffer_size < 2) return NULL; | ||
64 | |||
65 | /* allocate decompression state */ | ||
66 | if (!(zip = (struct mszipd_stream *) system->alloc(system, sizeof(struct mszipd_stream)))) { | ||
67 | diff --git a/mspack/qtmd.c b/mspack/qtmd.c | ||
68 | index 12b27f5..5d2c76f 100644 | ||
69 | --- a/mspack/qtmd.c | ||
70 | +++ b/mspack/qtmd.c | ||
71 | @@ -197,6 +197,7 @@ struct qtmd_stream *qtmd_init(struct mspack_system *system, | ||
72 | /* Quantum supports window sizes of 2^10 (1Kb) through 2^21 (2Mb) */ | ||
73 | if (window_bits < 10 || window_bits > 21) return NULL; | ||
74 | |||
75 | + /* round up input buffer size to multiple of two */ | ||
76 | input_buffer_size = (input_buffer_size + 1) & -2; | ||
77 | if (input_buffer_size < 2) return NULL; | ||
78 | |||