diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-14 10:00:17 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-14 10:00:35 +0000 |
| commit | 16649bcca066db87c70f1ddc537c58b5c76773e6 (patch) | |
| tree | 626dd7db0ccfd90f19a2b922fe889d2e220ce437 | |
| parent | a51f2d7593706eb38073b80df6192c6730f36c60 (diff) | |
| download | aports-16649bcca066db87c70f1ddc537c58b5c76773e6.tar.bz2 aports-16649bcca066db87c70f1ddc537c58b5c76773e6.tar.xz | |
main/libsoup: fix for CVE-2017-2885. Fixes #7680
| -rw-r--r-- | main/libsoup/APKBUILD | 18 | ||||
| -rw-r--r-- | main/libsoup/CVE-2017-2885.patch | 57 |
2 files changed, 70 insertions, 5 deletions
diff --git a/main/libsoup/APKBUILD b/main/libsoup/APKBUILD index 0daa1a9e81..4f64e7113a 100644 --- a/main/libsoup/APKBUILD +++ b/main/libsoup/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libsoup pkgver=2.52.2 -pkgrel=0 +pkgrel=1 pkgdesc="Gnome HTTP Library" url="ihttp://live.gnome.org/LibSoup" arch="all" @@ -11,7 +11,12 @@ depends="glib-networking" depends_dev="gnutls-dev sqlite-dev" makedepends="$depends_dev libgcrypt-dev libgpg-error-dev zlib-dev gobject-introspection-dev intltool vala" -source="http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz" +source="http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz + CVE-2017-2885.patch" + +# secfixes: +# 2.52.2-r1: +# - CVE-2017-2885 build() { cd "$srcdir"/$pkgname-$pkgver @@ -34,6 +39,9 @@ package() { cd "$srcdir"/$pkgname-$pkgver make DESTDIR="$pkgdir" install || return 1 } -md5sums="e4757d09012ed93822b1ee41435fec24 libsoup-2.52.2.tar.xz" -sha256sums="db55628b5c7d952945bb71b236469057c8dfb8dea0c271513579c6273c2093dc libsoup-2.52.2.tar.xz" -sha512sums="866942d8db43a19630f39db12b22058cf31ef0c56f337e6c5790f5b881aaa768d4dbece1d2fe0d9560a82ae0f362365c19aa9b0d05afeb45bc5774f6713f51b2 libsoup-2.52.2.tar.xz" +md5sums="e4757d09012ed93822b1ee41435fec24 libsoup-2.52.2.tar.xz +d64bec326fe5a317e415cd9c35d7a48c CVE-2017-2885.patch" +sha256sums="db55628b5c7d952945bb71b236469057c8dfb8dea0c271513579c6273c2093dc libsoup-2.52.2.tar.xz +0ec94352aa14b1d28718766bba5b21430be7ab94c60122c82459d66df69c71c8 CVE-2017-2885.patch" +sha512sums="866942d8db43a19630f39db12b22058cf31ef0c56f337e6c5790f5b881aaa768d4dbece1d2fe0d9560a82ae0f362365c19aa9b0d05afeb45bc5774f6713f51b2 libsoup-2.52.2.tar.xz +9a4a71d8ee253be41995ccabe2a70b29bb7b29282f33009ad52ba488995853d219af60841c1d5ffd4a3e74fe1435118359bfbe2ab72ebb1d078430c1db5c4a08 CVE-2017-2885.patch" diff --git a/main/libsoup/CVE-2017-2885.patch b/main/libsoup/CVE-2017-2885.patch new file mode 100644 index 0000000000..c22616ad5b --- /dev/null +++ b/main/libsoup/CVE-2017-2885.patch @@ -0,0 +1,57 @@ +From 03c91c76daf70ee227f38304c5e45a155f45073d Mon Sep 17 00:00:00 2001 +From: Dan Winship <danw@gnome.org> +Date: Thu, 3 Aug 2017 09:56:43 -0400 +Subject: Fix chunked decoding buffer overrun (CVE-2017-2885) + +https://bugzilla.gnome.org/show_bug.cgi?id=785774 +--- + libsoup/soup-filter-input-stream.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c +index cde4d12..2c30bf9 100644 +--- a/libsoup/soup-filter-input-stream.c ++++ b/libsoup/soup-filter-input-stream.c +@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, + GCancellable *cancellable, + GError **error) + { +- gssize nread; ++ gssize nread, read_length; + guint8 *p, *buf, *end; + gboolean eof = FALSE; + GError *my_error = NULL; +@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, + } else + buf = fstream->priv->buf->data; + +- /* Scan for the boundary */ +- end = buf + fstream->priv->buf->len; +- if (!eof) +- end -= boundary_length; ++ /* Scan for the boundary within the range we can possibly return. */ ++ if (include_boundary) ++ end = buf + MIN (fstream->priv->buf->len, length) - boundary_length; ++ else ++ end = buf + MIN (fstream->priv->buf->len - boundary_length, length); + for (p = buf; p <= end; p++) { + if (*p == *(guint8*)boundary && + !memcmp (p, boundary, boundary_length)) { +@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream, + if (!*got_boundary && fstream->priv->buf->len < length && !eof) + goto fill_buffer; + +- /* Return everything up to 'p' (which is either just after the boundary if +- * include_boundary is TRUE, just before the boundary if include_boundary is +- * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of- +- * file). +- */ +- return read_from_buf (fstream, buffer, p - buf); ++ if (eof && !*got_boundary) ++ read_length = MIN (fstream->priv->buf->len, length); ++ else ++ read_length = p - buf; ++ return read_from_buf (fstream, buffer, read_length); + } +-- +cgit v0.12 |