diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-19 13:51:54 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-04-19 14:09:35 +0000 |
| commit | d5e04dc629fe4e4681aaefb867f716db5abf2170 (patch) | |
| tree | a691d98db670bc9200eb5e24ffe65a63651fe6f5 | |
| parent | a9eea283365cdd1c9b50afb6e1df09fcb491471c (diff) | |
| download | aports-d5e04dc629fe4e4681aaefb867f716db5abf2170.tar.bz2 aports-d5e04dc629fe4e4681aaefb867f716db5abf2170.tar.xz | |
main/mercurial: security fix (CVE-2016-3068). Fixes #5394
| -rw-r--r-- | main/mercurial/APKBUILD | 29 | ||||
| -rw-r--r-- | main/mercurial/CVE-2016-3630-1.patch | 45 | ||||
| -rw-r--r-- | main/mercurial/CVE-2016-3630-2.patch | 29 |
3 files changed, 101 insertions, 2 deletions
diff --git a/main/mercurial/APKBUILD b/main/mercurial/APKBUILD index e0abf89987..75a9b5ac39 100644 --- a/main/mercurial/APKBUILD +++ b/main/mercurial/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mercurial pkgver=3.2.2 -pkgrel=0 +pkgrel=1 pkgdesc="A scalable distributed SCM tool" url="http://www.selenic.com/mercurial" arch="all" @@ -9,9 +9,22 @@ license="GPL2+" depends="" makedepends="python-dev" subpackages="$pkgname-doc" -source="http://www.selenic.com/$pkgname/release/$pkgname-$pkgver.tar.gz" +source="http://www.selenic.com/$pkgname/release/$pkgname-$pkgver.tar.gz + CVE-2016-3630-1.patch + CVE-2016-3630-2.patch + " _builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build() { cd "$_builddir" python setup.py build || return 1 @@ -34,3 +47,15 @@ package() { md5sums="51305e11767a4c334a1e685c1f8f42b5 mercurial-3.2.2.tar.gz" sha256sums="afdef765e260d96f7a168d913ced15e0b0673fd7f7508dae3a81b5c7845a218c mercurial-3.2.2.tar.gz" sha512sums="a80d8a75f917b113634b581bea05616b16a8f8dc101b68cb06ea8ab4ac5c41dce66e166c7a67aa4b8cd1f0309e4e9a9654b85891ec0b231516c1fcf211a07c30 mercurial-3.2.2.tar.gz" +md5sums="4a2dcf2bd9fa11e758d44e481136eab7 mercurial-3.4.tar.gz +301fac6e294a7ae0d5ad8545467b8bb9 CVE-2016-3630-1.patch +859c242b441be8c9cff7242fdbe3c158 CVE-2016-3630-2.patch +ff54bcd5e64f195ee48bdc4e0b421770 CVE-2016-3068.patch" +sha256sums="ff1da0545cdd46ebcf473176d55937a22bb55fff51cdff9d4c2f900fc80baf10 mercurial-3.4.tar.gz +c05b92354bb2569aa4406cca7186e171a051df97d9db290413a7b1387d855365 CVE-2016-3630-1.patch +f6463b99c84fd7db8c501e4353bb74bb828fe6ea05edd4b3c3ab78beb47cf6b7 CVE-2016-3630-2.patch +a3b841a61088a9a339370dd3d40e8ea7706710f547d9300d5f4143242d17bd8e CVE-2016-3068.patch" +sha512sums="a61b0d4cf528136991243bb23ac972c11c50ab5681d09f8b2d12cf7d37d3a9d76262f7fe6e7a1834bf6d03e8dc0ebbd9231da982e049e09830341dabefe5d064 mercurial-3.4.tar.gz +5f861816ab1b73d4c5194c6b4af6e3a2e2d66c396801fd7450cd1248796aefa4f0fa99bc222e2ab87c1700b04fc59a4382538ef0b490e66d4dd57bc3731b66b6 CVE-2016-3630-1.patch +9f6c45e7393cab4bcbf91d3c80655d490edd2c27b537b8e4c850985a7410032ae7f7a0bed47116b2ad19197c55422ed15f65aa1cde6ead822941b3cf865cd023 CVE-2016-3630-2.patch +d9f0a115e21cf09f0cff7d4100fc68602ee978b36fc720ba56df7ff80bdf72b0b4ad653ee890f828b298fd5f2593798fe2399b98d7291bc4a2481f43c91e045f CVE-2016-3068.patch" diff --git a/main/mercurial/CVE-2016-3630-1.patch b/main/mercurial/CVE-2016-3630-1.patch new file mode 100644 index 0000000000..ab78761e40 --- /dev/null +++ b/main/mercurial/CVE-2016-3630-1.patch @@ -0,0 +1,45 @@ + +# HG changeset patch +# User Matt Mackall <mpm@selenic.com> +# Date 1458174569 25200 +# Node ID b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 +# Parent a2c2dd399f3b9fb84edd75a930e895f0c5e4ad5b +parsers: fix list sizing rounding error (SEC) + +CVE-2016-3630 (1/2) + +This addresses part of a vulnerability in application of binary +deltas. + +diff -r a2c2dd399f3b -r b6ed2505d6cf mercurial/mpatch.c +--- a/mercurial/mpatch.c Fri Mar 25 10:47:49 2016 -0700 ++++ b/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700 +@@ -205,7 +205,7 @@ + int pos = 0; + + /* assume worst case size, we won't have many of these lists */ +- l = lalloc(len / 12); ++ l = lalloc(len / 12 + 1); + if (!l) + return NULL; + +diff -r a2c2dd399f3b -r b6ed2505d6cf tests/test-revlog.t +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/tests/test-revlog.t Wed Mar 16 17:29:29 2016 -0700 +@@ -0,0 +1,15 @@ ++Test for CVE-2016-3630 ++ ++ $ hg init ++ ++ >>> open("a.i", "w").write( ++ ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD ++ ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA==""" ++ ... .decode("base64").decode("zlib")) ++ ++ $ hg debugindex a.i ++ rev offset length delta linkrev nodeid p1 p2 ++ 0 0 19 -1 2 99e0332bd498 000000000000 000000000000 ++ 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000 ++ $ hg debugdata a.i 1 2>&1 | grep decoded ++ mpatch.mpatchError: patch cannot be decoded + diff --git a/main/mercurial/CVE-2016-3630-2.patch b/main/mercurial/CVE-2016-3630-2.patch new file mode 100644 index 0000000000..f7deb97841 --- /dev/null +++ b/main/mercurial/CVE-2016-3630-2.patch @@ -0,0 +1,29 @@ + +# HG changeset patch +# User Matt Mackall <mpm@selenic.com> +# Date 1458174626 25200 +# Node ID b9714d958e89cd6ff1da46b46f39076c03325ac7 +# Parent b6ed2505d6cf1d73f7f5c62e7369c4ce65cd3732 +parsers: detect short records (SEC) + +CVE-2016-3630 (2/2) + +This addresses part of a vulnerability in binary delta application. + +diff -r b6ed2505d6cf -r b9714d958e89 mercurial/mpatch.c +--- a/mercurial/mpatch.c Wed Mar 16 17:29:29 2016 -0700 ++++ b/mercurial/mpatch.c Wed Mar 16 17:30:26 2016 -0700 +@@ -215,10 +215,10 @@ + lt->start = getbe32(bin + pos); + lt->end = getbe32(bin + pos + 4); + lt->len = getbe32(bin + pos + 8); +- if (lt->start > lt->end) +- break; /* sanity check */ + lt->data = bin + pos + 12; + pos += 12 + lt->len; ++ if (lt->start > lt->end || lt->len < 0) ++ break; /* sanity check */ + lt++; + } + + |