diff options
author | Leo <thinkabit.ukim@gmail.com> | 2019-07-16 15:50:16 -0300 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-07-17 07:08:38 +0200 |
commit | e417e312a2460b385bd5003089c29af549f19b14 (patch) | |
tree | 9e8bd590ed2edce8028da5183c3c20886b81f9fb /main | |
parent | d53ed0c4c1d95491577c154f337313ee72703ef8 (diff) | |
download | aports-e417e312a2460b385bd5003089c29af549f19b14.tar.bz2 aports-e417e312a2460b385bd5003089c29af549f19b14.tar.xz |
main/file: backport a few CVE fixes
Diffstat (limited to 'main')
-rw-r--r-- | main/file/APKBUILD | 17 | ||||
-rw-r--r-- | main/file/CVE-2019-8905-and-CVE-2019-8907.patch | 102 | ||||
-rw-r--r-- | main/file/CVE-2019-8906.patch | 14 |
3 files changed, 130 insertions, 3 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD index 58477ab711..ad6680b832 100644 --- a/main/file/APKBUILD +++ b/main/file/APKBUILD @@ -2,15 +2,24 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=file pkgver=5.32 -pkgrel=0 +pkgrel=1 pkgdesc="File type identification utility" url="http://www.darwinsys.com/file/" arch="all" license="BSD" subpackages="$pkgname-dev $pkgname-doc libmagic" -source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz" +source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2019-8906.patch + CVE-2019-8905-and-CVE-2019-8907.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 5.32-r1: +# - CVE-2019-8905 +# - CVE-2019-8906 +# - CVE-2019-8907 + build() { cd "$builddir" ./configure \ @@ -37,4 +46,6 @@ libmagic() { mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr } -sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f file-5.32.tar.gz" +sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f file-5.32.tar.gz +f54a16dbca2b5a490405e323924fb2657cc67f73648ad5203b41c13da1dc98e5ca64fc6c94415386538d3c2124f487fc3bf86082ce1571a24d05f5a5e213da08 CVE-2019-8906.patch +5b8058fd39d9f9d91c7d8377708068dc0161abdbbb7fdb3d1bd9358b297133e425252758b45cccec937a7c51226d4f6dd67f5a13ff935a4353a44f140f011a7e CVE-2019-8905-and-CVE-2019-8907.patch" diff --git a/main/file/CVE-2019-8905-and-CVE-2019-8907.patch b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch new file mode 100644 index 0000000000..d81c54636f --- /dev/null +++ b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch @@ -0,0 +1,102 @@ +diff --git a/src/file.h b/src/file.h +index eb9c054..6d9d204 100644 +--- a/src/file.h ++++ b/src/file.h +@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsigned char *, size_t, unichar *, + size_t *); + protected size_t file_pstring_length_size(const struct magic *); + protected size_t file_pstring_get_length(const struct magic *, const char *); +-protected char * file_printable(char *, size_t, const char *); ++protected char * file_printable(char *, size_t, const char *, size_t); + #ifdef __EMX__ + protected int file_os2_apptype(struct magic_set *, const char *, const void *, + size_t); +diff --git a/src/funcs.c b/src/funcs.c +index d7a18f4..eb44261 100644 +--- a/src/funcs.c ++++ b/src/funcs.c +@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb) + * convert string to ascii printable format. + */ + protected char * +-file_printable(char *buf, size_t bufsiz, const char *str) ++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen) + { +- char *ptr, *eptr; ++ char *ptr, *eptr = buf + bufsiz - 1; + const unsigned char *s = (const unsigned char *)str; ++ const unsigned char *es = s + slen; + +- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) { ++ for (ptr = buf; ptr < eptr && s < es && *s; s++) { + if (isprint(*s)) { + *ptr++ = *s; + continue; +diff --git a/src/readelf.c b/src/readelf.c +index 5f425c9..ee466fc 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -725,7 +725,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " + "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", + file_printable(sbuf, sizeof(sbuf), +- CAST(char *, pi.cpi_name)), ++ CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)), + elf_getu32(swap, pi.cpi_pid), + elf_getu32(swap, pi.cpi_euid), + elf_getu32(swap, pi.cpi_egid), +@@ -1563,7 +1563,8 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, + return -1; + if (interp[0]) + if (file_printf(ms, ", interpreter %s", +- file_printable(ibuf, sizeof(ibuf), interp)) == -1) ++ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp))) ++ == -1) + return -1; + return 0; + } +diff --git a/src/softmagic.c b/src/softmagic.c +index b9e9753..fa82d58 100644 +--- a/src/softmagic.c ++++ b/src/softmagic.c +@@ -544,8 +544,8 @@ mprint(struct magic_set *ms, struct magic *m) + case FILE_LESTRING16: + if (m->reln == '=' || m->reln == '!') { + if (file_printf(ms, F(ms, m, "%s"), +- file_printable(sbuf, sizeof(sbuf), m->value.s)) +- == -1) ++ file_printable(sbuf, sizeof(sbuf), m->value.s, ++ sizeof(m->value.s))) == -1) + return -1; + t = ms->offset + m->vallen; + } +@@ -572,7 +572,8 @@ mprint(struct magic_set *ms, struct magic *m) + } + + if (file_printf(ms, F(ms, m, "%s"), +- file_printable(sbuf, sizeof(sbuf), str)) == -1) ++ file_printable(sbuf, sizeof(sbuf), str, ++ sizeof(p->s) - (str - p->s))) == -1) + return -1; + + if (m->type == FILE_PSTRING) +@@ -678,7 +679,7 @@ mprint(struct magic_set *ms, struct magic *m) + return -1; + } + rval = file_printf(ms, F(ms, m, "%s"), +- file_printable(sbuf, sizeof(sbuf), cp)); ++ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len)); + free(cp); + + if (rval == -1) +@@ -705,7 +706,8 @@ mprint(struct magic_set *ms, struct magic *m) + break; + case FILE_DER: + if (file_printf(ms, F(ms, m, "%s"), +- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1) ++ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s, ++ sizeof(ms->ms_value.s))) == -1) + return -1; + t = ms->offset; + break; + diff --git a/main/file/CVE-2019-8906.patch b/main/file/CVE-2019-8906.patch new file mode 100644 index 0000000000..05ff2c73fd --- /dev/null +++ b/main/file/CVE-2019-8906.patch @@ -0,0 +1,14 @@ +diff --git a/src/readelf.c b/src/readelf.c +index 5f425c9..50883fe 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -720,7 +720,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + char sbuf[512]; + struct NetBSD_elfcore_procinfo pi; + memset(&pi, 0, sizeof(pi)); +- memcpy(&pi, nbuf + doff, descsz); ++ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi))); + + if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, " + "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)", + |