diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-10-28 09:11:32 -0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-29 11:25:46 +0000 |
| commit | 867138742023dde9397648e41743a9173432a7b2 (patch) | |
| tree | a5491b6bdf28349192443b96fed9bfa77f59f82c | |
| parent | ceff67c5d40cc138ae037f8aff6b1e3c3d00deb9 (diff) | |
| download | aports-867138742023dde9397648e41743a9173432a7b2.tar.bz2 aports-867138742023dde9397648e41743a9173432a7b2.tar.xz | |
main/file: fix CVE-2019-18218
ref #10911
Closes !887
| -rw-r--r-- | main/file/APKBUILD | 11 | ||||
| -rw-r--r-- | main/file/CVE-2019-18218.patch | 40 |
2 files changed, 48 insertions, 3 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD index 433245e420..d1b7fbbcca 100644 --- a/main/file/APKBUILD +++ b/main/file/APKBUILD @@ -2,17 +2,21 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=file pkgver=5.37 -pkgrel=0 +pkgrel=1 pkgdesc="File type identification utility" url="https://www.darwinsys.com/file" arch="all" license="BSD-2-Clause" makedepends="autoconf libtool automake" subpackages="$pkgname-dev $pkgname-doc libmagic" -source=$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz +source="$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz + CVE-2019-18218.patch + " builddir="$srcdir/$pkgname-FILE${pkgver/./_}" # secfixes: +# 5.37-r1: +# - CVE-2019-19218 # 5.36-r0: # - CVE-2019-1543 # - CVE-2019-8904 @@ -44,4 +48,5 @@ libmagic() { mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr } -sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz" +sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz +d70c5d298db7f70c45feaeebb077f076e6f1b5bcccb85926afeead64838436fd42681541d56f4fbe35b97dd76bfdbf3abf2665894c18999b37d2ca3fe2f2cf17 CVE-2019-18218.patch" diff --git a/main/file/CVE-2019-18218.patch b/main/file/CVE-2019-18218.patch new file mode 100644 index 0000000000..e7eba44922 --- /dev/null +++ b/main/file/CVE-2019-18218.patch @@ -0,0 +1,40 @@ +Source: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 + +diff --git a/src/cdf.c b/src/cdf.c +index 556a3ff..8bb0a6d 100644 +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +diff --git a/src/cdf.h b/src/cdf.h +index 2f7e554..0505666 100644 +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 + |