diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-23 12:48:48 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-23 12:48:48 +0000 |
commit | d031b70d32b89d1ced1b1d2a15195c0720915d5f (patch) | |
tree | 2508f133a67d9a6060fca42b81dbb4480e3a2e01 /community/zutils | |
parent | 1db02dd10f6540d325d5a754f39133d0560e5110 (diff) | |
download | aports-d031b70d32b89d1ced1b1d2a15195c0720915d5f.tar.bz2 aports-d031b70d32b89d1ced1b1d2a15195c0720915d5f.tar.xz |
community/zutils: security fix (CVE-2018-1000637)
fixes #9332
Diffstat (limited to 'community/zutils')
-rw-r--r-- | community/zutils/APKBUILD | 7 | ||||
-rw-r--r-- | community/zutils/CVE-2018-1000637.patch | 17 |
2 files changed, 22 insertions, 2 deletions
diff --git a/community/zutils/APKBUILD b/community/zutils/APKBUILD index 8ff0055985..ff679b9e4b 100644 --- a/community/zutils/APKBUILD +++ b/community/zutils/APKBUILD @@ -9,7 +9,9 @@ arch="all" license="GPL-2.0" subpackages="$pkgname-doc" checkdepends="bzip2" -source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz" +source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz + CVE-2018-1000637.patch + " builddir="$srcdir/$pkgname-$pkgver" build() { @@ -28,4 +30,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz" +sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz +de30e5458b294175cfb3ab9c2031e80c7a4269cf7cf5968e08690ea363bc057a4b052d3a6979d577e8e2182a0a74bc02997c1ba074baa97223b23057b73d6799 CVE-2018-1000637.patch" diff --git a/community/zutils/CVE-2018-1000637.patch b/community/zutils/CVE-2018-1000637.patch new file mode 100644 index 0000000000..8ddc02d5c2 --- /dev/null +++ b/community/zutils/CVE-2018-1000637.patch @@ -0,0 +1,17 @@ +--- zutils-1.7/zcat.cc 2018-02-13 19:10:41.000000000 +0000 ++++ zutils-1.8-pre2/zcat.cc 2018-07-31 21:49:02.000000000 +0000 +@@ -227,10 +230,11 @@ + const Cat_options & cat_options ) + { + enum { buffer_size = 4096 }; +- // buffer with space for sentinel newline at the end ++ // buffer with space for sentinel newline at the end + uint8_t * const inbuf = new uint8_t[buffer_size+1]; +- // buffer with space for character quoting and 255-digit line number +- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256]; ++ // buffer with space for character quoting, 255-digit line number and ++ // worst case flushing respect to inbuf. ++ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256]; + int retval = 0; + Children children; + if( !set_data_feeder( input_filename, &infd, children, format_index ) ) |