diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2015-04-08 17:00:11 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2015-04-08 17:01:18 +0300 |
| commit | 05194ff18a1a6820d6caa126c6fe46a0b3201331 (patch) | |
| tree | 8c1b96f38ca087e468d805a3188398204a34d673 | |
| parent | 7ca02ccb6c2174b2139293dcb09e40ca71947b1a (diff) | |
| download | aports-05194ff18a1a6820d6caa126c6fe46a0b3201331.tar.bz2 aports-05194ff18a1a6820d6caa126c6fe46a0b3201331.tar.xz | |
main/apk-tools: fix issue found by fortify
| -rw-r--r-- | main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch | 27 | ||||
| -rw-r--r-- | main/apk-tools/APKBUILD | 12 |
2 files changed, 35 insertions, 4 deletions
diff --git a/main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch b/main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch new file mode 100644 index 0000000000..079b00ab1b --- /dev/null +++ b/main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch @@ -0,0 +1,27 @@ +From 60dd5798c90f0032b5c477bd35a2e0d49c280c7c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 8 Apr 2015 16:58:20 +0300 +Subject: [PATCH] use memmove for copying buffer leftovers, as the ranges may + overlap + +issue cought by fortify +--- + src/io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/io.c b/src/io.c +index e9d95df..765afc5 100644 +--- a/src/io.c ++++ b/src/io.c +@@ -224,7 +224,7 @@ static apk_blob_t is_bs_read(void *stream, apk_blob_t token) + + /* We need more data */ + if (isbs->left.len != 0) +- memcpy(isbs->buffer, isbs->left.ptr, isbs->left.len); ++ memmove(isbs->buffer, isbs->left.ptr, isbs->left.len); + isbs->left.ptr = isbs->buffer; + size = isbs->is->read(isbs->is, isbs->buffer + isbs->left.len, + sizeof(isbs->buffer) - isbs->left.len); +-- +2.3.5 + diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD index e8016e30f5..cc83860060 100644 --- a/main/apk-tools/APKBUILD +++ b/main/apk-tools/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apk-tools pkgver=2.6.0_rc1 -pkgrel=0 +pkgrel=1 pkgdesc="Alpine Package Keeper - package manager for alpine" subpackages="$pkgname-static" depends= @@ -13,6 +13,7 @@ if [ "$CBUILD" = "$CHOST" ]; then makedepends="$makedepends lua5.2-dev" fi source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz + 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch " url="http://git.alpinelinux.org/cgit/apk-tools/" @@ -82,6 +83,9 @@ luaapk() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/ } -md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0 apk-tools-2.6.0_rc1.tar.xz" -sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba apk-tools-2.6.0_rc1.tar.xz" -sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105 apk-tools-2.6.0_rc1.tar.xz" +md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0 apk-tools-2.6.0_rc1.tar.xz +b6ad09951c806fa6d2ca5d1f3c316dff 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch" +sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba apk-tools-2.6.0_rc1.tar.xz +01cedfd97bcbbeee309a1293c65a0e734c0b894f65b543330d564c648f91f3c4 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch" +sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105 apk-tools-2.6.0_rc1.tar.xz +4e26becda63fd1664fb1625487eedc4cb1b7b8155a65ac317e7c0583e3e9f203fe7cab7498463e6f9552ac71d9dbac48c1eba5926dc1f29481cef7d9a691c1ed 0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch" |