diff options
| -rw-r--r-- | main/libmspack/APKBUILD | 27 | ||||
| -rw-r--r-- | main/libmspack/CVE-2017-11423.patch | 20 | ||||
| -rw-r--r-- | main/libmspack/CVE-2017-6419.patch | 78 |
3 files changed, 12 insertions, 113 deletions
diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD index afc0f38fad..2445406957 100644 --- a/main/libmspack/APKBUILD +++ b/main/libmspack/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libmspack -pkgver=0.5_alpha +pkgver=0.7.1_alpha _ver=${pkgver/_/} -pkgrel=1 +pkgrel=0 pkgdesc="Library for CAB and related files compression and decompression" url="https://www.cabextract.org.uk/libmspack/" arch="all" @@ -12,13 +12,16 @@ depends_dev="" makedepends="$depends_dev" install="" subpackages="$pkgname-dev" -source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz - CVE-2017-6419.patch - CVE-2017-11423.patch" +source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz" _builddir="$srcdir"/libmspack-$_ver # secfixes: +# 0.7.1_alpha-r0: +# - CVE-2018-14679 +# - CVE-2018-14680 +# - CVE-2018-14681 +# - CVE-2018-14682 # 0.5_alpha-r1: # - CVE-2017-6419 # - CVE-2017-11423 @@ -44,7 +47,9 @@ build() { --localstatedir=/var \ --disable-static \ || return 1 - make || return 1 + # parallel build workaround + make libmspack.la libmscabd.la libmschmd.la + make } package() { @@ -52,12 +57,4 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -md5sums="3aa3f6b9ef101463270c085478fda1da libmspack-0.5alpha.tar.gz -a88236b4e1b9bb265945a455123648ed CVE-2017-6419.patch -e29cb11b947c191dbec80932f16b5d70 CVE-2017-11423.patch" -sha256sums="8967f275525f5067b364cee43b73e44d0433668c39f9376dfff19f653d1c8110 libmspack-0.5alpha.tar.gz -fed2f79b41b326ca0b5f1f968027ee320e9f3d14f14fc67a7b1bcf5650884dd8 CVE-2017-6419.patch -164b7bbbc08abce0e7f995938b3b74084dcc71cc8871c9ab1e14dcadc8df6a58 CVE-2017-11423.patch" -sha512sums="6d4efa0f43c43185ef91c97c1518aa70f09109d7332cda7e12019e146ec9cb0f2065fb1b57683b48bae9a7eaf8e82eb94096644c6d25c56d45878f630b719231 libmspack-0.5alpha.tar.gz -5b40a114c8449f0c9f38536cb148c684a94e51607ec806da1a4a4466550202d63edbcd26e4a6cdec7b20483f3384f732ba952945e752a975be2e9a6653e036e0 CVE-2017-6419.patch -b426584d967c53f61491f1d47205a8db0bab5ca0a9ba75868f0437d697f5c81df20652c6eedf7825d00851555ff10f4a388275024fdc41d638d1d6ee9387dad2 CVE-2017-11423.patch" +sha512sums="e903629a34c29099a261a108e4eb9cda485ab999bbc3383e3cd6a39715077d00b26a1c641b0f3df0eef60d2e15a7ef623379df0cfe25b99d4eda080529ffec7b libmspack-0.7.1alpha.tar.gz" diff --git a/main/libmspack/CVE-2017-11423.patch b/main/libmspack/CVE-2017-11423.patch deleted file mode 100644 index 868ff83482..0000000000 --- a/main/libmspack/CVE-2017-11423.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/mspack/cabd.c b/mspack/cabd.c -index 16021ee..8b10934 100644 ---- a/mspack/cabd.c -+++ b/mspack/cabd.c -@@ -521,10 +521,13 @@ static char *cabd_read_string(struct mspack_system *sys, - { - off_t base = sys->tell(fh); - char buf[256], *str; -- unsigned int len, i, ok; -+ int len, i, ok; - - /* read up to 256 bytes */ -- len = sys->read(fh, &buf[0], 256); -+ if ((len = sys->read(fh, &buf[0], 256)) <= 0) { -+ *error = MSPACK_ERR_READ; -+ return NULL; -+ } - - /* search for a null terminator in the buffer */ - for (i = 0, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; } diff --git a/main/libmspack/CVE-2017-6419.patch b/main/libmspack/CVE-2017-6419.patch deleted file mode 100644 index 4945f5fba5..0000000000 --- a/main/libmspack/CVE-2017-6419.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff --git a/mspack/chmd.c b/mspack/chmd.c -index 5a6ef54..1a486c8 100644 ---- a/mspack/chmd.c -+++ b/mspack/chmd.c -@@ -1269,9 +1269,15 @@ static int read_spaninfo(struct mschm_decompressor_p *self, - - /* get the uncompressed length of the LZX stream */ - err = read_off64(length_ptr, data, sys, self->d->infh); -- - sys->free(data); -- return (err) ? MSPACK_ERR_DATAFORMAT : MSPACK_ERR_OK; -+ if (err) return MSPACK_ERR_DATAFORMAT; -+ -+ if (*length_ptr <= 0) { -+ D(("output length is invalid")) -+ return MSPACK_ERR_DATAFORMAT; -+ } -+ -+ return MSPACK_ERR_OK; - } - - /*************************************** -diff --git a/mspack/lzxd.c b/mspack/lzxd.c -index 2281e7b..d164df9 100644 ---- a/mspack/lzxd.c -+++ b/mspack/lzxd.c -@@ -300,8 +300,14 @@ struct lzxd_stream *lzxd_init(struct mspack_system *system, - if (window_bits < 15 || window_bits > 21) return NULL; - } - -+ if (reset_interval < 0 || output_length < 0) { -+ D(("reset interval or output length < 0")) -+ return NULL; -+ } -+ -+ /* round up input buffer size to multiple of two */ - input_buffer_size = (input_buffer_size + 1) & -2; -- if (!input_buffer_size) return NULL; -+ if (input_buffer_size < 2) return NULL; - - /* allocate decompression state */ - if (!(lzx = (struct lzxd_stream *) system->alloc(system, sizeof(struct lzxd_stream)))) { -@@ -382,7 +388,7 @@ int lzxd_set_reference_data(struct lzxd_stream *lzx, - } - - void lzxd_set_output_length(struct lzxd_stream *lzx, off_t out_bytes) { -- if (lzx) lzx->length = out_bytes; -+ if (lzx && out_bytes > 0) lzx->length = out_bytes; - } - - int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) { -diff --git a/mspack/mszipd.c b/mspack/mszipd.c -index 5b4756d..6ecd96d 100644 ---- a/mspack/mszipd.c -+++ b/mspack/mszipd.c -@@ -349,8 +349,9 @@ struct mszipd_stream *mszipd_init(struct mspack_system *system, - - if (!system) return NULL; - -+ /* round up input buffer size to multiple of two */ - input_buffer_size = (input_buffer_size + 1) & -2; -- if (!input_buffer_size) return NULL; -+ if (input_buffer_size < 2) return NULL; - - /* allocate decompression state */ - if (!(zip = (struct mszipd_stream *) system->alloc(system, sizeof(struct mszipd_stream)))) { -diff --git a/mspack/qtmd.c b/mspack/qtmd.c -index 12b27f5..5d2c76f 100644 ---- a/mspack/qtmd.c -+++ b/mspack/qtmd.c -@@ -197,6 +197,7 @@ struct qtmd_stream *qtmd_init(struct mspack_system *system, - /* Quantum supports window sizes of 2^10 (1Kb) through 2^21 (2Mb) */ - if (window_bits < 10 || window_bits > 21) return NULL; - -+ /* round up input buffer size to multiple of two */ - input_buffer_size = (input_buffer_size + 1) & -2; - if (input_buffer_size < 2) return NULL; - |