diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:41:48 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-03 13:41:48 +0000 |
| commit | 473d40bbb88f98d74f074adb5a1a05e5c168aac2 (patch) | |
| tree | 7c9ab4b707cd15c07e72796b361efc5ad817142a /main/libtirpc | |
| parent | b2d7566437b898c68bec55b901e110c89f34e6dd (diff) | |
| download | aports-473d40bbb88f98d74f074adb5a1a05e5c168aac2.tar.bz2 aports-473d40bbb88f98d74f074adb5a1a05e5c168aac2.tar.xz | |
main/libtirpc: fix CVE-2013-1950
fixes #2034
Diffstat (limited to 'main/libtirpc')
| -rw-r--r-- | main/libtirpc/APKBUILD | 15 | ||||
| -rw-r--r-- | main/libtirpc/CVE-2013-1950.patch | 37 |
2 files changed, 47 insertions, 5 deletions
diff --git a/main/libtirpc/APKBUILD b/main/libtirpc/APKBUILD index 029d7d33de..5feacaa564 100644 --- a/main/libtirpc/APKBUILD +++ b/main/libtirpc/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libtirpc pkgver=0.2.3 -pkgrel=0 +pkgrel=1 pkgdesc="Transport Independent RPC library (SunRPC replacement)" url="http://libtirpc.sourceforge.net/" arch="all" @@ -14,7 +14,9 @@ source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.t nis.h gssglue.patch libtirpc-no-des.patch - automake.patch" + automake.patch + CVE-2013-1950.patch + " prepare() { cd "$srcdir"/$pkgname-$pkgver @@ -52,14 +54,17 @@ md5sums="b70e6c12a369a91e69fcc3b9feb23d61 libtirpc-0.2.3.tar.bz2 082dff1bc78bdcbac6d305c1534fe3c0 nis.h 7c50e2381f103cc9b84a86fad9b8eac5 gssglue.patch 80e8f54aab0f5bed37e58ad79fe4ff2b libtirpc-no-des.patch -5cac96c765922f33de61a215aa264a7f automake.patch" +5cac96c765922f33de61a215aa264a7f automake.patch +ee3685a9c3168c0585580023ed01b43b CVE-2013-1950.patch" sha256sums="4f29ea0491b4ca4c29f95f3c34191b857757873bbbf4b069f9dd4da01a6a923c libtirpc-0.2.3.tar.bz2 7149d53da167168cbad9e75cbab302768f659e59e208763b1bf5df2a6ff3bfdb nis.h 02658756777563dccb3904a00e87fa562eddeab0fe15ef0c6c21893b2d8619aa gssglue.patch 5b7c8f6d19f17541902dfd1b1132f2b07e4cc0987152d4e8007243e776d4d47f libtirpc-no-des.patch -6188b7236b1f9088ad09749eed6407bd7b75fe37d1569a19977f44d15ec6a10c automake.patch" +6188b7236b1f9088ad09749eed6407bd7b75fe37d1569a19977f44d15ec6a10c automake.patch +76024a88dc30c7486cad46834eee8f4682fd29a4b18f7b8763cad8c1b415dfe6 CVE-2013-1950.patch" sha512sums="dd480fcb6feda4a2bba7e5a5dc9b1f523697a39ddaa44a5742405f66d202996d99a562a31dbf6daf06e9b7ce5d82dfd1cce7b76a34466b92f84176e77498163d libtirpc-0.2.3.tar.bz2 15edac1e30cc1aa65ca495bae14c6c7455d65ca539b7e5c865c3fbd5a51c76966b37dd34e9a6483aadcaea3602aefb0b48cdb46f877dae1c65dfa6840dfd8c54 nis.h 3dd3d4a082b1b9bb82c358a5b74e6c5f23fdd522ea2875fc27a7b1035e04b14aeec30db08aa3ce5c0168df325e540799bf6f55c3a67226e05cf52de11968ad86 gssglue.patch 9a984a7741deb943f92cd8a9f23d1a0e09a01e91aa88268456ccbb7998b24f50ad431e26400def3a8ba9d6cd345e5abccf5acf9c59708ce8f0653275c2ea5d61 libtirpc-no-des.patch -dcbc55ed5551703799e6a690e65dbdbd9cc0293c0392a1a3c2d52bc9e91e8b0e18b89fa146f78fea8476c04409b766b6cdbde38a5f226d32043987ca1471634c automake.patch" +dcbc55ed5551703799e6a690e65dbdbd9cc0293c0392a1a3c2d52bc9e91e8b0e18b89fa146f78fea8476c04409b766b6cdbde38a5f226d32043987ca1471634c automake.patch +43813e1d2b8cf3107c3144f742c8de6833dd2462b43c94f6d8444b90eb6671f2fe1329f533eee1e7ce1cd507d3c5962a47793e1354107da18340faf34d2b1644 CVE-2013-1950.patch" diff --git a/main/libtirpc/CVE-2013-1950.patch b/main/libtirpc/CVE-2013-1950.patch new file mode 100644 index 0000000000..e61be9e265 --- /dev/null +++ b/main/libtirpc/CVE-2013-1950.patch @@ -0,0 +1,37 @@ +From a9f437119d79a438cb12e510f3cadd4060102c9f Mon Sep 17 00:00:00 2001 +From: Steve Dickson <steved@redhat.com> +Date: Thu, 18 Apr 2013 14:29:58 -0400 +Subject: [PATCH] svc_getargs(): Should not be freeing arg pointers on failures + +commit 82cc2e61 (SVCAUTH_WRAP/SVCAUTH_UNWRAP) introduce a regression +that causes callers of svc_getargs() to crash when svc_freeargs() frees +args points that are allocated on the stack. + +svc_getargs() should let the callers do the freeing and not make any +assumptions on the type of memory passed in. + +Also see: + https://bugzilla.redhat.com/show_bug.cgi?id=948378 +and + CVE-2013-1950 EMBARGOED rpcbind: invalid pointer free leads to crash + +Signed-off-by: Steve Dickson <steved@redhat.com> +--- + src/svc_dg.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/svc_dg.c b/src/svc_dg.c +index b1ac462..6e00191 100644 +--- a/src/svc_dg.c ++++ b/src/svc_dg.c +@@ -284,7 +284,6 @@ svc_dg_getargs(xprt, xdr_args, args_ptr) + { + if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs), + xdr_args, args_ptr)) { +- (void)svc_freeargs(xprt, xdr_args, args_ptr); + return FALSE; + } + return TRUE; +-- +1.8.1.4 + |