diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 15:03:23 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 18:13:51 +0000 |
commit | 7b7625a81b8571398c20ac7e40ff345e3dfe118c (patch) | |
tree | 62b31c96a608fd288dce4eaa418e67e82163e155 | |
parent | a03d4c39806e50ed74c534b897f798f29c0d4c8c (diff) | |
download | aports-7b7625a81b8571398c20ac7e40ff345e3dfe118c.tar.bz2 aports-7b7625a81b8571398c20ac7e40ff345e3dfe118c.tar.xz |
main/libmspack: fix CVE-2019-1010305
see #10814
-rw-r--r-- | main/libmspack/APKBUILD | 11 | ||||
-rw-r--r-- | main/libmspack/CVE-2019-1010305.patch | 39 |
2 files changed, 47 insertions, 3 deletions
diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD index 83f62b4eab..10fa5d6869 100644 --- a/main/libmspack/APKBUILD +++ b/main/libmspack/APKBUILD @@ -2,18 +2,22 @@ pkgname=libmspack pkgver=0.8_alpha _ver=${pkgver/_/} -pkgrel=0 +pkgrel=1 pkgdesc="Library for Microsoft CAB compression formats" url="https://www.cabextract.org.uk/libmspack/" arch="all" license="LGPL-2.1-only" makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-utils" -source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz" +source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz + CVE-2019-1010305.patch + " builddir="$srcdir"/libmspack-$_ver # secfixes: +# 0.8_alpha-r1: +# - CVE-2019-1010305 # 0.8_alpha-r0: # - CVE-2018-18584 # - CVE-2018-18585 @@ -58,4 +62,5 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr } -sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz" +sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz +4c5f5ab9d597538303ce2adf27014db715603afdde50904cd3cb363077f2ff883086cf9ccf1072fa516f73df4652bec3bddd81854aeac5f11c0698d1cfb59cdf CVE-2019-1010305.patch" diff --git a/main/libmspack/CVE-2019-1010305.patch b/main/libmspack/CVE-2019-1010305.patch new file mode 100644 index 0000000000..af113af2d3 --- /dev/null +++ b/main/libmspack/CVE-2019-1010305.patch @@ -0,0 +1,39 @@ +diff --git a/mspack/chmd.c b/mspack/chmd.c +index 1d198bf..26c1b18 100644 +--- a/mspack/chmd.c ++++ b/mspack/chmd.c +@@ -482,21 +482,19 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, + fi->filename[name_len] = '\0'; + + if (name[0] == ':' && name[1] == ':') { +- /* system file */ +- if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) { +- if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) { +- chm->sec1.content = fi; +- } +- else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) { +- chm->sec1.control = fi; +- } +- else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) { +- chm->sec1.spaninfo = fi; +- } +- else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) { +- chm->sec1.rtable = fi; +- } +- } ++ /* system file */ ++ if (name_len == 40 && memcmp(name, content_name, 40) == 0) { ++ chm->sec1.content = fi; ++ } ++ else if (name_len == 44 && memcmp(name, control_name, 44) == 0) { ++ chm->sec1.control = fi; ++ } ++ else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) { ++ chm->sec1.spaninfo = fi; ++ } ++ else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) { ++ chm->sec1.rtable = fi; ++ } + fi->next = chm->sysfiles; + chm->sysfiles = fi; + } |