main/libmspack: fix CVE-2019-1010305

see #10814
author: Leo <thinkabit.ukim@gmail.com> 2020-03-26 15:03:23 -0300
committer: Leo <thinkabit.ukim@gmail.com> 2020-03-26 18:13:45 +0000
commit: a80261c4dde42201d0c53b6f7297c02b2b441827 (patch)
tree: 6c8b9154ab8f13ca2bdc4622fbdaf75ab1315df9
parent: c352863a011aa92c700a861de9b92c6f7a923964 (diff)
download: alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.tar.bz2
alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.tar.xz
alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.zip
2 files changed, 47 insertions, 3 deletions
diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD
index 83f62b4eab..10fa5d6869 100644
--- a/main/libmspack/APKBUILD
+++ b/main/libmspack/APKBUILD
@@ -2,18 +2,22 @@
 pkgname=libmspack
 pkgver=0.8_alpha
 _ver=${pkgver/_/}
-pkgrel=0
+pkgrel=1
 pkgdesc="Library for Microsoft CAB compression formats"
 url="https://www.cabextract.org.uk/libmspack/"
 arch="all"
 license="LGPL-2.1-only"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-utils"
-source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz"
+source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz
+        CVE-2019-1010305.patch
+        "
 builddir="$srcdir"/libmspack-$_ver
 # secfixes:
+#   0.8_alpha-r1:
+#     - CVE-2019-1010305
 #   0.8_alpha-r0:
 #     - CVE-2018-18584
 #     - CVE-2018-18585
@@ -58,4 +62,5 @@ utils() {
        mv "$pkgdir"/usr/bin "$subpkgdir"/usr
 }
-sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a  libmspack-0.8alpha.tar.gz"
+sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a  libmspack-0.8alpha.tar.gz
+4c5f5ab9d597538303ce2adf27014db715603afdde50904cd3cb363077f2ff883086cf9ccf1072fa516f73df4652bec3bddd81854aeac5f11c0698d1cfb59cdf  CVE-2019-1010305.patch"
diff --git a/main/libmspack/CVE-2019-1010305.patch b/main/libmspack/CVE-2019-1010305.patch
new file mode 100644
index 0000000000..af113af2d3
--- /dev/null
+++ b/main/libmspack/CVE-2019-1010305.patch
@@ -0,0 +1,39 @@
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index 1d198bf..26c1b18 100644
+--- a/mspack/chmd.c
+++ b/mspack/chmd.c
+@@ -482,21 +482,19 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+       fi->filename[name_len] = '\0';
+ 
+       if (name[0] == ':' && name[1] == ':') {
+-       /* system file */
+-       if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
+-         if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
+-           chm->sec1.content = fi;
+-         }
+-         else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
+-           chm->sec1.control = fi;
+-         }
+-         else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
+-           chm->sec1.spaninfo = fi;
+-         }
+-         else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+-           chm->sec1.rtable = fi;
+-         }
+-       }
+           /* system file */
+        if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
+          chm->sec1.content = fi;
+        }
+        else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
+          chm->sec1.control = fi;
+        }
+        else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
+          chm->sec1.spaninfo = fi;
+        }
+        else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
+          chm->sec1.rtable = fi;
+        }
+        fi->next = chm->sysfiles;
+        chm->sysfiles = fi;
+       }
author	Leo <thinkabit.ukim@gmail.com>	2020-03-26 15:03:23 -0300
committer	Leo <thinkabit.ukim@gmail.com>	2020-03-26 18:13:45 +0000
commit	a80261c4dde42201d0c53b6f7297c02b2b441827 (patch)
tree	6c8b9154ab8f13ca2bdc4622fbdaf75ab1315df9
parent	c352863a011aa92c700a861de9b92c6f7a923964 (diff)
download	alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.tar.bz2 alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.tar.xz alpine_aports-a80261c4dde42201d0c53b6f7297c02b2b441827.zip

diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD index 83f62b4eab..10fa5d6869 100644 --- a/main/libmspack/APKBUILD +++ b/main/libmspack/APKBUILD
@@ -2,18 +2,22 @@
2	pkgname=libmspack	2	pkgname=libmspack
3	pkgver=0.8_alpha	3	pkgver=0.8_alpha
4	_ver=${pkgver/_/}	4	_ver=${pkgver/_/}
5	pkgrel=0	5	pkgrel=1
6	pkgdesc="Library for Microsoft CAB compression formats"	6	pkgdesc="Library for Microsoft CAB compression formats"
7	url="https://www.cabextract.org.uk/libmspack/"	7	url="https://www.cabextract.org.uk/libmspack/"
8	arch="all"	8	arch="all"
9	license="LGPL-2.1-only"	9	license="LGPL-2.1-only"
10	makedepends="$depends_dev"	10	makedepends="$depends_dev"
11	subpackages="$pkgname-dev $pkgname-utils"	11	subpackages="$pkgname-dev $pkgname-utils"
12	source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz"	12	source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz
		13	CVE-2019-1010305.patch
		14	"
13		15
14	builddir="$srcdir"/libmspack-$_ver	16	builddir="$srcdir"/libmspack-$_ver
15		17
16	# secfixes:	18	# secfixes:
		19	# 0.8_alpha-r1:
		20	# - CVE-2019-1010305
17	# 0.8_alpha-r0:	21	# 0.8_alpha-r0:
18	# - CVE-2018-18584	22	# - CVE-2018-18584
19	# - CVE-2018-18585	23	# - CVE-2018-18585
@@ -58,4 +62,5 @@ utils() {
58	mv "$pkgdir"/usr/bin "$subpkgdir"/usr	62	mv "$pkgdir"/usr/bin "$subpkgdir"/usr
59	}	63	}
60		64
61	sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz"	65	sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz
		66	4c5f5ab9d597538303ce2adf27014db715603afdde50904cd3cb363077f2ff883086cf9ccf1072fa516f73df4652bec3bddd81854aeac5f11c0698d1cfb59cdf CVE-2019-1010305.patch"


diff --git a/main/libmspack/CVE-2019-1010305.patch b/main/libmspack/CVE-2019-1010305.patch new file mode 100644 index 0000000000..af113af2d3 --- /dev/null +++ b/main/libmspack/CVE-2019-1010305.patch
@@ -0,0 +1,39 @@
		1	diff --git a/mspack/chmd.c b/mspack/chmd.c
		2	index 1d198bf..26c1b18 100644
		3	--- a/mspack/chmd.c
		4	+++ b/mspack/chmd.c
		5	@@ -482,21 +482,19 @@ static int chmd_read_headers(struct mspack_system sys, struct mspack_file fh,
		6	fi->filename[name_len] = '\0';
		7
		8	if (name[0] == ':' && name[1] == ':') {
		9	- /* system file */
		10	- if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
		11	- if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
		12	- chm->sec1.content = fi;
		13	- }
		14	- else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
		15	- chm->sec1.control = fi;
		16	- }
		17	- else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
		18	- chm->sec1.spaninfo = fi;
		19	- }
		20	- else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
		21	- chm->sec1.rtable = fi;
		22	- }
		23	- }
		24	+ /* system file */
		25	+ if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
		26	+ chm->sec1.content = fi;
		27	+ }
		28	+ else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
		29	+ chm->sec1.control = fi;
		30	+ }
		31	+ else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
		32	+ chm->sec1.spaninfo = fi;
		33	+ }
		34	+ else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
		35	+ chm->sec1.rtable = fi;
		36	+ }
		37	fi->next = chm->sysfiles;
		38	chm->sysfiles = fi;
		39	}