diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-10-23 20:34:42 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-10-23 21:34:49 +0200 |
| commit | 4e5130b47a0ced3613bc1d8abf615d91c27800de (patch) | |
| tree | eb1bff38bf8407b73325002b7fdebeccba2fb59c | |
| parent | 5706cf042f60dbbf3003137408d7d929abb384d6 (diff) | |
| download | aports-4e5130b47a0ced3613bc1d8abf615d91c27800de.tar.bz2 aports-4e5130b47a0ced3613bc1d8abf615d91c27800de.tar.xz | |
main/musl: fix CVE-2017-15650
fixes #8035
| -rw-r--r-- | main/musl/APKBUILD | 12 | ||||
| -rw-r--r-- | main/musl/CVE-2017-15650.patch | 32 |
2 files changed, 43 insertions, 1 deletions
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index c059085839..ce96327e0b 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.11 -pkgrel=4 +pkgrel=5 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -22,6 +22,7 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz 0008-fix-uninitialized-scopeid-in-lookups-from-hosts-file.patch 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch + CVE-2017-15650.patch ldconfig __stack_chk_fail_local.c @@ -30,6 +31,12 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz iconv.c " +# secfixes: +# 1.1.11-r3: +# - CVE-2016-8859 +# 1.1.11-r5: +# - CVE-2017-15650 + _builddir="$srcdir"/musl-$pkgver prepare() { local i @@ -148,6 +155,7 @@ b6f8dbcfe6fb6e25ae30a16bf6485795 0006-remove-unused-and-invalid-C-version-of-si a68989df58c9af8ded55aeaace6f3993 0008-fix-uninitialized-scopeid-in-lookups-from-hosts-file.patch fe6de41e930775994f64b772f1fdc45c 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 2e3d961d3d50438f42683d2dbf6f2b91 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +d4ca72c487880e6389ee5638ec00f0c5 CVE-2017-15650.patch 830d01f7821b978df770b06db3790921 ldconfig 0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c 57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c @@ -164,6 +172,7 @@ d15e48f74f760651394dd460ebbb3356c42e56027b2708992b4db7c92e1c40a2 0005-fix-break f1e47791bb59bbfcb07a6f4b8c4bb9d1680acdaa00ad202b9e03a218b25fe288 0008-fix-uninitialized-scopeid-in-lookups-from-hosts-file.patch cec3fdd3a90f153a2c5a5d22ffd7429c14ecb105259a9c2540e46db6cfe71b55 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 31700cb0c3bdbeebb78aafbce4cee7d058c9c8d1a37d576ee95c5c598c488912 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +a25e35436a6ac67c01add006327068a210636ddbbdaffd7be364bd08bdf41a11 CVE-2017-15650.patch b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c @@ -180,6 +189,7 @@ ef12fed5f595ebfafe948225eab7fde24ff11384ddd3f5542a092df264a6d6459fc3d0998e5ed98b 828ded1a37a6818b28a944b4eda5d2a5e06615b3c21eaeebf600b66e304efd4c2883e755adcee735cc9a19d24acc49de6a8f997e9804a54c463491cbe41c5d53 0008-fix-uninitialized-scopeid-in-lookups-from-hosts-file.patch 6376167c67fdd22c0c4476fc38ff89ae3ce46435f72d7c506460944dd8f7d9153eed9696738dff5b320f09b474964f2a57394530eb40197ad58a6956e87e68ff 0001-fix-missing-integer-overflow-checks-in-regexec-buffe.patch 99f4c7e09860978f5a15fdfc6b8786e24bf763b838c623cbb91dbc27ebcdfa4fd0ed9fd02ad38cff1c903b0e2dc0a021d8786c938e990e8cc8d4475a13bf3c57 1001-add-support-for-pthread_-get-set-attr_default_np-GNU.patch +ff3bbaf43e2202db570377836782c8b2f95db39bbf2b09ef0891d9f1b25b3160e0ff6b16e055745b72357b1cf99a486b70a689b4928ed1cc6b78b4d4f0bbea32 CVE-2017-15650.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/CVE-2017-15650.patch b/main/musl/CVE-2017-15650.patch new file mode 100644 index 0000000000..7ac52fccd5 --- /dev/null +++ b/main/musl/CVE-2017-15650.patch @@ -0,0 +1,32 @@ +From 45ca5d3fcb6f874bf5ba55d0e9651cef68515395 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Wed, 18 Oct 2017 14:50:03 -0400 +Subject: in dns parsing callback, enforce MAXADDRS to preclude overflow + +MAXADDRS was chosen not to need enforcement, but the logic used to +compute it assumes the answers received match the RR types of the +queries. specifically, it assumes that only one replu contains A +record answers. if the replies to both the A and the AAAA query have +their answer sections filled with A records, MAXADDRS can be exceeded +and clobber the stack of the calling function. + +this bug was found and reported by Felix Wilhelm. +--- + src/network/lookup_name.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/network/lookup_name.c b/src/network/lookup_name.c +index 066be4d..209c20f 100644 +--- a/src/network/lookup_name.c ++++ b/src/network/lookup_name.c +@@ -111,6 +111,7 @@ static int dns_parse_callback(void *c, int rr, const void *data, int len, const + { + char tmp[256]; + struct dpc_ctx *ctx = c; ++ if (ctx->cnt >= MAXADDRS) return -1; + switch (rr) { + case RR_A: + if (len != 4) return -1; +-- +cgit v0.11.2 + |