diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-05-02 06:32:26 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-05-02 06:37:09 +0000 |
commit | 87a89a216aa5c2c1a6e5ec29c47e4c7d39117ff1 (patch) | |
tree | 87340b5c95b4eacbfe16ec3c85038179269f6e02 | |
parent | de51ff3dc809fd14f9e6d0780c79ab0ebd1f95d0 (diff) | |
download | aports-87a89a216aa5c2c1a6e5ec29c47e4c7d39117ff1.tar.bz2 aports-87a89a216aa5c2c1a6e5ec29c47e4c7d39117ff1.tar.xz |
main/pidgin: security fixes #7004 (CVE-2017-2640)
-rw-r--r-- | main/pidgin/APKBUILD | 17 | ||||
-rw-r--r-- | main/pidgin/CVE-2017-2640.patch | 41 |
2 files changed, 54 insertions, 4 deletions
diff --git a/main/pidgin/APKBUILD b/main/pidgin/APKBUILD index 238cf6650d..3a282966cd 100644 --- a/main/pidgin/APKBUILD +++ b/main/pidgin/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=pidgin pkgver=2.10.11 -pkgrel=0 +pkgrel=1 pkgdesc="graphical multi-protocol instant messaging client for X" url="http://pidgin.im/" arch="all" @@ -15,9 +15,15 @@ subpackages="$pkgname-dev $pkgname-doc finch libpurple $pkgname-lang" source="http://downloads.sourceforge.net/pidgin/pidgin-$pkgver.tar.bz2 http://downloads.sourceforge.net/project/pidgin/Pidgin/$pkgver/pidgin-$pkgver.tar.bz2 pidgin-underlinking.patch + CVE-2017-2640.patch " _builddir="$srcdir"/$pkgname-$pkgver + +# secfixes: +# 2.10.11-r1: +# - CVE-2017-2640 + prepare() { cd "$_builddir" for i in $source; do @@ -76,10 +82,13 @@ libpurple() { } md5sums="7c8bb6f997e05e7929104439872c2844 pidgin-2.10.11.tar.bz2 7c8bb6f997e05e7929104439872c2844 pidgin-2.10.11.tar.bz2 -9e7f42f8bc4284009dff50e8128bf4f9 pidgin-underlinking.patch" +9e7f42f8bc4284009dff50e8128bf4f9 pidgin-underlinking.patch +eb2b0884d4a3b9724707ee0b309a7d47 CVE-2017-2640.patch" sha256sums="f2ae211341fc77efb9945d40e9932aa535cdf3a6c8993fe7919fca8cc1c04007 pidgin-2.10.11.tar.bz2 f2ae211341fc77efb9945d40e9932aa535cdf3a6c8993fe7919fca8cc1c04007 pidgin-2.10.11.tar.bz2 -3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09 pidgin-underlinking.patch" +3f086cb668806f3b69af4c7decd6618a16dbfdcd120df984713adafc5bc0aa09 pidgin-underlinking.patch +e9582a317ff35f5aa62be663602ce024af198942430d60cb02be9c8fc223403a CVE-2017-2640.patch" sha512sums="774710ab087cb56e349dc1d5e45dbfcbe06b9a8f792abe5d201b0860620d502009f31563cfe5316f4c815345427b6c273b8f9694deb600848957c825fd967029 pidgin-2.10.11.tar.bz2 774710ab087cb56e349dc1d5e45dbfcbe06b9a8f792abe5d201b0860620d502009f31563cfe5316f4c815345427b6c273b8f9694deb600848957c825fd967029 pidgin-2.10.11.tar.bz2 -307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559 pidgin-underlinking.patch" +307f284a7d1ad5277b8d198d8ee56806f063a8b72356726f89f31fad67aad3e3cd43c597556e7dce1804d2e8d92b350a968fcc851a11d851f70c7a375ab29559 pidgin-underlinking.patch +715772d98cedf17958a93c3468cf1c59524f84c109ffc7ced7006303b8773608f2c135a473a3597567e92d409c4b92df7dee33c0170b21553aa32ab00fd6e966 CVE-2017-2640.patch" diff --git a/main/pidgin/CVE-2017-2640.patch b/main/pidgin/CVE-2017-2640.patch new file mode 100644 index 0000000000..51f66bb63b --- /dev/null +++ b/main/pidgin/CVE-2017-2640.patch @@ -0,0 +1,41 @@ +--- a/libpurple/util.c ++++ b/libpurple/util.c +@@ -978,18 +978,30 @@ purple_markup_unescape_entity(const char + pln = "\302\256"; /* or use g_unichar_to_utf8(0xae); */ + else if(IS_ENTITY("'")) + pln = "\'"; +- else if(*(text+1) == '#' && +- (sscanf(text, "&#%u%1[;]", £, temp) == 2 || +- sscanf(text, "&#x%x%1[;]", £, temp) == 2) && +- pound != 0) { ++ else if(text[1] == '#' && g_ascii_isxdigit(text[2])) { + static char buf[7]; +- int buflen = g_unichar_to_utf8((gunichar)pound, buf); ++ const char *start = text + 2; ++ char *end; ++ guint64 pound; ++ int base = 10; ++ int buflen; ++ ++ if (*start == 'x') { ++ base = 16; ++ start++; ++ } ++ ++ pound = g_ascii_strtoull(start, &end, base); ++ if (pound == 0 || pound > INT_MAX || *end != ';') { ++ return NULL; ++ } ++ ++ len = (end - text) + 1; ++ ++ buflen = g_unichar_to_utf8((gunichar)pound, buf); + buf[buflen] = '\0'; + pln = buf; + +- len = (*(text+2) == 'x' ? 3 : 2); +- while(isxdigit((gint) text[len])) len++; +- if(text[len] == ';') len++; + } + else + return NULL; |