diff options
author | Sören Tempel <soeren+git@soeren-tempel.net> | 2020-04-17 12:44:08 +0200 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2020-04-17 12:58:26 +0200 |
commit | cbfc4cf0fadb0829c55d8cff503be4e9e9e41006 (patch) | |
tree | 229734b3aa3627aed79c978d63e48cb530ceb877 | |
parent | ea3990cd0687edafc25536e68714ea13337c5e51 (diff) | |
download | alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.bz2 alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.tar.xz alpine_aports-cbfc4cf0fadb0829c55d8cff503be4e9e9e41006.zip |
main/mcpp: fix CVE-2019-14274
Patch taken from Debian.
-rw-r--r-- | main/mcpp/APKBUILD | 18 | ||||
-rw-r--r-- | main/mcpp/CVE-2019-14274.patch | 52 |
2 files changed, 61 insertions, 9 deletions
diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD index 85aaff93b3..f102d1dc8e 100644 --- a/main/mcpp/APKBUILD +++ b/main/mcpp/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> | 2 | # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> |
3 | pkgname=mcpp | 3 | pkgname=mcpp |
4 | pkgver=2.7.2 | 4 | pkgver=2.7.2 |
5 | pkgrel=1 | 5 | pkgrel=2 |
6 | pkgdesc="A portable C preprocessor" | 6 | pkgdesc="A portable C preprocessor" |
7 | url="http://mcpp.sourceforge.net" | 7 | url="http://mcpp.sourceforge.net" |
8 | arch="all" | 8 | arch="all" |
@@ -13,7 +13,12 @@ makedepends="" | |||
13 | subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" | 13 | subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" |
14 | source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz | 14 | source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz |
15 | 01-zeroc-fixes.patch | 15 | 01-zeroc-fixes.patch |
16 | 02-gniibe-fixes.patch" | 16 | 02-gniibe-fixes.patch |
17 | CVE-2019-14274.patch" | ||
18 | |||
19 | # secfixes: | ||
20 | # 2.7.2-r2: | ||
21 | # - CVE-2019-14274 | ||
17 | 22 | ||
18 | prepare() { | 23 | prepare() { |
19 | cd "$builddir" | 24 | cd "$builddir" |
@@ -45,12 +50,7 @@ package() { | |||
45 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1 | 50 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1 |
46 | } | 51 | } |
47 | 52 | ||
48 | md5sums="512de48c87ab023a69250edc7a0c7b05 mcpp-2.7.2.tar.gz | ||
49 | e231a2c976ccf14b548deaee840faeb7 01-zeroc-fixes.patch | ||
50 | 1801827678e80d0ef73655a88064a35b 02-gniibe-fixes.patch" | ||
51 | sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864 mcpp-2.7.2.tar.gz | ||
52 | 6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c 01-zeroc-fixes.patch | ||
53 | 30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504 02-gniibe-fixes.patch" | ||
54 | sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz | 53 | sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz |
55 | 86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch | 54 | 86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch |
56 | a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch" | 55 | a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch |
56 | 12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882 CVE-2019-14274.patch" | ||
diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch new file mode 100644 index 0000000000..717b16fe9d --- /dev/null +++ b/main/mcpp/CVE-2019-14274.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | Description: Fix for a bug reported to sourceforge.net #13 | ||
2 | by fixing error messages. | ||
3 | Also, fix erroneous messages. | ||
4 | Author: NIIBE Yutaka | ||
5 | |||
6 | Index: mcpp/src/support.c | ||
7 | =================================================================== | ||
8 | --- mcpp.orig/src/support.c | ||
9 | +++ mcpp/src/support.c | ||
10 | @@ -822,7 +822,7 @@ escape: | ||
11 | if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0) | ||
12 | && (warn_level & 1)) | ||
13 | cwarn( | ||
14 | - "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */ | ||
15 | + "Illegal control character %.0s0x%02x in quotation" /* _W1_ */ | ||
16 | , NULL, (long) c, NULL); | ||
17 | *out_p++ = c; | ||
18 | chk_limit: | ||
19 | @@ -861,10 +861,10 @@ chk_limit: | ||
20 | if (mcpp_mode != POST_STD && option_flags.lang_asm) { | ||
21 | /* STD, KR */ | ||
22 | if (warn_level & 1) | ||
23 | - cwarn( unterm_char, out, 0L, NULL); /* _W1_ */ | ||
24 | + cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */ | ||
25 | goto done; | ||
26 | } else { | ||
27 | - cerror( unterm_char, out, 0L, skip); /* _E_ */ | ||
28 | + cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */ | ||
29 | } | ||
30 | } else { | ||
31 | cerror( "Unterminated header name %s%.0ld%s" /* _E_ */ | ||
32 | @@ -875,9 +875,9 @@ chk_limit: | ||
33 | if (mcpp_mode != POST_STD && option_flags.lang_asm) { | ||
34 | /* STD, KR */ | ||
35 | if (warn_level & 1) | ||
36 | - cwarn( empty_const, out, 0L, skip); /* _W1_ */ | ||
37 | + cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */ | ||
38 | } else { | ||
39 | - cerror( empty_const, out, 0L, skip); /* _E_ */ | ||
40 | + cerror( empty_const, NULL, (long)delim, skip); /* _E_ */ | ||
41 | out_p = NULL; | ||
42 | goto done; | ||
43 | } | ||
44 | @@ -1774,7 +1774,7 @@ not_comment: | ||
45 | default: | ||
46 | if (iscntrl( c)) { | ||
47 | cerror( /* Skip the control character */ | ||
48 | - "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */ | ||
49 | + "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */ | ||
50 | , NULL, (long) c, NULL); | ||
51 | } else { /* Any valid character */ | ||
52 | *tp++ = c; | ||