main/mcpp: fix CVE-2019-14274

Patch taken from Debian.
author: Sören Tempel <soeren+git@soeren-tempel.net> 2020-04-17 12:44:08 +0200
committer: Sören Tempel <soeren+git@soeren-tempel.net> 2020-04-17 12:58:26 +0200
commit: cbfc4cf0fadb0829c55d8cff503be4e9e9e41006 (patch)
tree: 229734b3aa3627aed79c978d63e48cb530ceb877
parent: ea3990cd0687edafc25536e68714ea13337c5e51 (diff)
download: alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.bz2
alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.xz
alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.zip
2 files changed, 61 insertions, 9 deletions
diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD
index 85aaff93b3..f102d1dc8e 100644
--- a/main/mcpp/APKBUILD
+++ b/main/mcpp/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
 pkgname=mcpp
 pkgver=2.7.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A portable C preprocessor"
 url="http://mcpp.sourceforge.net"
 arch="all"
@@ -13,7 +13,12 @@ makedepends=""
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
 source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
        01-zeroc-fixes.patch
-        02-gniibe-fixes.patch"
+        02-gniibe-fixes.patch
+        CVE-2019-14274.patch"
+# secfixes:
+#   2.7.2-r2:
+#     - CVE-2019-14274
 prepare() {
        cd "$builddir"
@@ -45,12 +50,7 @@ package() {
                "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
 }
-md5sums="512de48c87ab023a69250edc7a0c7b05  mcpp-2.7.2.tar.gz
-e231a2c976ccf14b548deaee840faeb7  01-zeroc-fixes.patch
-1801827678e80d0ef73655a88064a35b  02-gniibe-fixes.patch"
-sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864  mcpp-2.7.2.tar.gz
-6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c  01-zeroc-fixes.patch
-30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504  02-gniibe-fixes.patch"
 sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235  mcpp-2.7.2.tar.gz
 86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad  01-zeroc-fixes.patch
-a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d  02-gniibe-fixes.patch"
+a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d  02-gniibe-fixes.patch
+12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882  CVE-2019-14274.patch"
diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch
new file mode 100644
index 0000000000..717b16fe9d
--- /dev/null
+++ b/main/mcpp/CVE-2019-14274.patch
@@ -0,0 +1,52 @@
+Description: Fix for a bug reported to sourceforge.net #13
+   by fixing error messages.
+   Also, fix erroneous messages.
+Author: NIIBE Yutaka
+Index: mcpp/src/support.c
+===================================================================
+--- mcpp.orig/src/support.c
+++ mcpp/src/support.c
+@@ -822,7 +822,7 @@ escape:
+         if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
+                 && (warn_level & 1))
+             cwarn(
+-            "Illegal control character %.0s0lx%02x in quotation"    /* _W1_ */
+            "Illegal control character %.0s0x%02x in quotation"    /* _W1_ */
+                     , NULL, (long) c, NULL);
+         *out_p++ = c;
+ chk_limit:
+@@ -861,10 +861,10 @@ chk_limit:
+                 if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                     /* STD, KR      */
+                     if (warn_level & 1)
+-                        cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
+                        cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
+                     goto  done;
+                 } else {
+-                    cerror( unterm_char, out, 0L, skip);    /* _E_  */
+                    cerror( unterm_char, NULL, (long)delim, skip);    /* _E_  */
+                 }
+             } else {
+                 cerror( "Unterminated header name %s%.0ld%s"        /* _E_  */
+@@ -875,9 +875,9 @@ chk_limit:
+             if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                 /* STD, KR      */
+                 if (warn_level & 1)
+-                    cwarn( empty_const, out, 0L, skip);     /* _W1_ */
+                    cwarn( empty_const, NULL, (long)delim, skip);     /* _W1_ */
+             } else {
+-                cerror( empty_const, out, 0L, skip);        /* _E_  */
+                cerror( empty_const, NULL, (long)delim, skip);        /* _E_  */
+                 out_p = NULL;
+                 goto  done;
+             }
+@@ -1774,7 +1774,7 @@ not_comment:
+         default:
+             if (iscntrl( c)) {
+                 cerror(             /* Skip the control character   */
+-    "Illegal control character %.0s0x%lx, skipped the character"    /* _E_  */
+    "Illegal control character %.0s0x%02x, skipped the character"    /* _E_  */
+                         , NULL, (long) c, NULL);
+             } else {                        /* Any valid character  */
+                 *tp++ = c;
author	Sören Tempel <soeren+git@soeren-tempel.net>	2020-04-17 12:44:08 +0200
committer	Sören Tempel <soeren+git@soeren-tempel.net>	2020-04-17 12:58:26 +0200
commit	cbfc4cf0fadb0829c55d8cff503be4e9e9e41006 (patch)
tree	229734b3aa3627aed79c978d63e48cb530ceb877
parent	ea3990cd0687edafc25536e68714ea13337c5e51 (diff)
download	alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.bz2 alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.xz alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.zip

diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD index 85aaff93b3..f102d1dc8e 100644 --- a/main/mcpp/APKBUILD +++ b/main/mcpp/APKBUILD
@@ -2,7 +2,7 @@
2	# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>	2	# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
3	pkgname=mcpp	3	pkgname=mcpp
4	pkgver=2.7.2	4	pkgver=2.7.2
5	pkgrel=1	5	pkgrel=2
6	pkgdesc="A portable C preprocessor"	6	pkgdesc="A portable C preprocessor"
7	url="http://mcpp.sourceforge.net"	7	url="http://mcpp.sourceforge.net"
8	arch="all"	8	arch="all"
@@ -13,7 +13,12 @@ makedepends=""
13	subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"	13	subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
14	source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz	14	source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
15	01-zeroc-fixes.patch	15	01-zeroc-fixes.patch
16	02-gniibe-fixes.patch"	16	02-gniibe-fixes.patch
		17	CVE-2019-14274.patch"
		18
		19	# secfixes:
		20	# 2.7.2-r2:
		21	# - CVE-2019-14274
17		22
18	prepare() {	23	prepare() {
19	cd "$builddir"	24	cd "$builddir"
@@ -45,12 +50,7 @@ package() {
45	"$pkgdir"/usr/share/licenses/$pkgname/LICENSE \|\| return 1	50	"$pkgdir"/usr/share/licenses/$pkgname/LICENSE \|\| return 1
46	}	51	}
47		52
48	md5sums="512de48c87ab023a69250edc7a0c7b05 mcpp-2.7.2.tar.gz
49	e231a2c976ccf14b548deaee840faeb7 01-zeroc-fixes.patch
50	1801827678e80d0ef73655a88064a35b 02-gniibe-fixes.patch"
51	sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864 mcpp-2.7.2.tar.gz
52	6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c 01-zeroc-fixes.patch
53	30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504 02-gniibe-fixes.patch"
54	sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz	53	sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz
55	86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch	54	86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch
56	a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch"	55	a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch
		56	12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882 CVE-2019-14274.patch"


diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch new file mode 100644 index 0000000000..717b16fe9d --- /dev/null +++ b/main/mcpp/CVE-2019-14274.patch
@@ -0,0 +1,52 @@
		1	Description: Fix for a bug reported to sourceforge.net #13
		2	by fixing error messages.
		3	Also, fix erroneous messages.
		4	Author: NIIBE Yutaka
		5
		6	Index: mcpp/src/support.c
		7	===================================================================
		8	--- mcpp.orig/src/support.c
		9	+++ mcpp/src/support.c
		10	@@ -822,7 +822,7 @@ escape:
		11	if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
		12	&& (warn_level & 1))
		13	cwarn(
		14	- "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */
		15	+ "Illegal control character %.0s0x%02x in quotation" /* _W1_ */
		16	, NULL, (long) c, NULL);
		17	*out_p++ = c;
		18	chk_limit:
		19	@@ -861,10 +861,10 @@ chk_limit:
		20	if (mcpp_mode != POST_STD && option_flags.lang_asm) {
		21	/* STD, KR */
		22	if (warn_level & 1)
		23	- cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
		24	+ cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
		25	goto done;
		26	} else {
		27	- cerror( unterm_char, out, 0L, skip); /* _E_ */
		28	+ cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */
		29	}
		30	} else {
		31	cerror( "Unterminated header name %s%.0ld%s" /* _E_ */
		32	@@ -875,9 +875,9 @@ chk_limit:
		33	if (mcpp_mode != POST_STD && option_flags.lang_asm) {
		34	/* STD, KR */
		35	if (warn_level & 1)
		36	- cwarn( empty_const, out, 0L, skip); /* _W1_ */
		37	+ cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */
		38	} else {
		39	- cerror( empty_const, out, 0L, skip); /* _E_ */
		40	+ cerror( empty_const, NULL, (long)delim, skip); /* _E_ */
		41	out_p = NULL;
		42	goto done;
		43	}
		44	@@ -1774,7 +1774,7 @@ not_comment:
		45	default:
		46	if (iscntrl( c)) {
		47	cerror( /* Skip the control character */
		48	- "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */
		49	+ "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */
		50	, NULL, (long) c, NULL);
		51	} else { /* Any valid character */
		52	*tp++ = c;