main/pidgin: security fixes #7004 (CVE-2017-2640)

2 files changed, 54 insertions, 4 deletions

diff --git a/main/pidgin/APKBUILD b/main/pidgin/APKBUILD
index 238cf6650d..3a282966cd 100644
--- a/main/pidgin/APKBUILD
+++ b/main/pidgin/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=pidgin
 pkgver=2.10.11
-pkgrel=0
+pkgrel=1
 pkgdesc="graphical multi-protocol instant messaging client for X"
 url="http://pidgin.im/"
 arch="all"
@@ -15,9 +15,15 @@ subpackages="$pkgname-dev $pkgname-doc finch libpurple $pkgname-lang"
 source="http://downloads.sourceforge.net/pidgin/pidgin-$pkgver.tar.bz2
 	http://downloads.sourceforge.net/project/pidgin/Pidgin/$pkgver/pidgin-$pkgver.tar.bz2
 	pidgin-underlinking.patch
+	CVE-2017-2640.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
+
+# secfixes:
+#   2.10.11-r1:
+#     - CVE-2017-2640
+
 prepare() {
 	cd "$_builddir"
 	for i in $source; do
@@ -76,10 +82,13 @@ libpurple() {
 }
 md5sums="7c8bb6f997e05e7929104439872c2844  pidgin-2.10.11.tar.bz2
 7c8bb6f997e05e7929104439872c2844  pidgin-2.10.11.tar.bz2
-9e7f42f8bc4284009dff50e8128bf4f9  pidgin-underlinking.patch"
+9e7f42f8bc4284009dff50e8128bf4f9  pidgin-underlinking.patch
+eb2b0884d4a3b9724707ee0b309a7d47  CVE-2017-2640.patch"
 sha256sums="f2ae211341fc77efb9945d40e9932aa535cdf3a6c8993fe7919fca8cc1c04007  pidgin-2.10.11.tar.bz2
 f2ae211341fc77efb9945d40e9932aa535cdf3a6c8993fe7919fca8cc1c04007  pidgin-2.10.11.tar.bz2
-3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09  pidgin-underlinking.patch"
+3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09  pidgin-underlinking.patch
+e9582a317ff35f5aa62be663602ce024af198942430d60cb02be9c8fc223403a  CVE-2017-2640.patch"
 sha512sums="774710ab087cb56e349dc1d5e45dbfcbe06b9a8f792abe5d201b0860620d502009f31563cfe5316f4c815345427b6c273b8f9694deb600848957c825fd967029  pidgin-2.10.11.tar.bz2
 774710ab087cb56e349dc1d5e45dbfcbe06b9a8f792abe5d201b0860620d502009f31563cfe5316f4c815345427b6c273b8f9694deb600848957c825fd967029  pidgin-2.10.11.tar.bz2
-307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559  pidgin-underlinking.patch"
+307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559  pidgin-underlinking.patch
+715772d98cedf17958a93c3468cf1c59524f84c109ffc7ced7006303b8773608f2c135a473a3597567e92d409c4b92df7dee33c0170b21553aa32ab00fd6e966  CVE-2017-2640.patch"
diff --git a/main/pidgin/CVE-2017-2640.patch b/main/pidgin/CVE-2017-2640.patch
new file mode 100644
index 0000000000..51f66bb63b
--- /dev/null
+++ b/main/pidgin/CVE-2017-2640.patch
@@ -0,0 +1,41 @@
+--- a/libpurple/util.c
++++ b/libpurple/util.c
+@@ -978,18 +978,30 @@ purple_markup_unescape_entity(const char
+ 		pln = "\302\256";      /* or use g_unichar_to_utf8(0xae); */
+ 	else if(IS_ENTITY("&apos;"))
+ 		pln = "\'";
+-	else if(*(text+1) == '#' &&
+-			(sscanf(text, "&#%u%1[;]", &pound, temp) == 2 ||
+-			 sscanf(text, "&#x%x%1[;]", &pound, temp) == 2) &&
+-			pound != 0) {
++	else if(text[1] == '#' && g_ascii_isxdigit(text[2])) {
+ 		static char buf[7];
+-		int buflen = g_unichar_to_utf8((gunichar)pound, buf);
++		const char *start = text + 2;
++		char *end;
++		guint64 pound;
++		int base = 10;
++		int buflen;
++
++		if (*start == 'x') {
++			base = 16;
++			start++;
++		}
++
++		pound = g_ascii_strtoull(start, &end, base);
++		if (pound == 0 || pound > INT_MAX || *end != ';') {
++			return NULL;
++		}
++
++		len = (end - text) + 1;
++
++		buflen = g_unichar_to_utf8((gunichar)pound, buf);
+ 		buf[buflen] = '\0';
+ 		pln = buf;
+ 
+-		len = (*(text+2) == 'x' ? 3 : 2);
+-		while(isxdigit((gint) text[len])) len++;
+-		if(text[len] == ';') len++;
+ 	}
+ 	else
+ 		return NULL;