diff options
-rw-r--r-- | main/memcached/APKBUILD | 12 | ||||
-rw-r--r-- | main/memcached/CVE-2011-4971.patch | 47 |
2 files changed, 4 insertions, 55 deletions
diff --git a/main/memcached/APKBUILD b/main/memcached/APKBUILD index c89e4c3dd4..6b655d57e0 100644 --- a/main/memcached/APKBUILD +++ b/main/memcached/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Jeff Bilyk <jbilyk@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=memcached -pkgver=1.4.24 +pkgver=1.4.25 pkgrel=0 pkgdesc="Distributed memory object caching system" url="http://memcached.org" @@ -13,7 +13,6 @@ makedepends="$depends_dev" install="$pkgname.pre-install" subpackages="$pkgname-dev $pkgname-doc" source="http://www.memcached.org/files/memcached-$pkgver.tar.gz - CVE-2011-4971.patch musl-includes.patch $pkgname.confd $pkgname.initd" @@ -49,18 +48,15 @@ package() { "$pkgdir/etc/conf.d/$pkgname" || return 1 } -md5sums="4d6e8c90e2068580526c7579dd7f37f6 memcached-1.4.24.tar.gz -e73c5651b37f54020bea00a4318cef2e CVE-2011-4971.patch +md5sums="55ca94e02639365fef3eac2b3f96de7c memcached-1.4.25.tar.gz 4b2e8c5e3ad147ed514ad7fcf1b2222a musl-includes.patch a7aa37e91d4237448124b79bd99a2649 memcached.confd 220c0331832edcef6a72601143d3172d memcached.initd" -sha256sums="08a426c504ecf64633151eec1058584754d2f54e62e5ed2d6808559401617e55 memcached-1.4.24.tar.gz -0dbb2a8425e051f21a4f767055b82b6294ecf1d22082aeb24f6688bbc9870aed CVE-2011-4971.patch +sha256sums="f058437b3c224d321919a9a6bb4e3eedb2312ed718c0caf087ff2f04ab795dda memcached-1.4.25.tar.gz 1b1df3a3b70469722a89135b361cf2c2a4b9835d3c9f3029aa73342fd4619cf5 musl-includes.patch c8f03585eeeb0e0acf4e8bb3c0f7062c2c7da5f89e763cf91a856bec4991a2c7 memcached.confd da8a0e9a580d2df053941f01ce430aa5b678270891b481c710758b81fb4d831c memcached.initd" -sha512sums="446676ae7b21d8d9246f38d3df06b167ea93a853f88ac70ae3a99b1a85a4de3d452ee266e77fac599660b9bc6e785bc89224f46e16ff6e216476d50e4706b9f6 memcached-1.4.24.tar.gz -a1f6ece8e3b07509aadbd24c3420cb4400a47c6f046282243a6e295d041ff8f84ff2de86e657cb233199259cca63360e03b173a5abff0d67789eef91847be5eb CVE-2011-4971.patch +sha512sums="e037c3bbb68c4077f814f855663501af418ce3b1f8bc20f8e7eba3249aea378e55b3291457952fa4511779ec3702496fdaab5799edae7d59bc64eb6fd54ee14e memcached-1.4.25.tar.gz 80c8719c254bc8b8d3d4256e9850c17f5e9ee9a76787b2d0fd7c6bb7780ee132257ff65d8397dc023216b3f541050295c4e1d7e675b12ab6dcc50d07c5e067b3 musl-includes.patch 31bd788433b8021ed332f86d291e7f03222ae234520e52ba673b581d5da2adf5656e8f73e8b985df73258dea9b2a1b8ef36195163fe47a92fda59825deedfed4 memcached.confd 9615769b14175a25b50c9871b48c0635b5397ebe45231b43ee29a603eceb7b16bfc5ac744017b89b19082209c09597b3038a03ed0d5d9b45c60454d5b2717a55 memcached.initd" diff --git a/main/memcached/CVE-2011-4971.patch b/main/memcached/CVE-2011-4971.patch deleted file mode 100644 index fc02be8686..0000000000 --- a/main/memcached/CVE-2011-4971.patch +++ /dev/null @@ -1,47 +0,0 @@ -Issue 192: Crash when sending specially crafted packet -Author: Christos Tsantilas <christos@chtsanti.net> - -This is an unsigned to signed integers conversion problem. -Inside the following functions: - process_bin_sasl_auth - process_bin_complete_sasl_auth - process_bin_update - process_bin_append_prepend - -there is the following or a similar statement: - int vlen = c->binary_header.request.bodylen - nkey; - -The c->binary_header.request.bodylen is an unsigned int which if it is bigger -than the INT_MAX and converted to a signed int will result to a negative number -causing segfaults to memcached. -The c->binary_header.request.bodylen is the request body length defined by -the client request. Random bytes sent to the memcached may interpeted -as a normal request with huge body data. -This patch just add a check and reject requests which report huge body data. - - ---- memcached-1.4.15.orig/memcached.c 2012-09-03 21:23:23.000000000 +0300 -+++ memcached-1.4.15/memcached.c 2013-11-26 14:22:28.206370577 +0200 -@@ -3446,6 +3446,22 @@ - return -1; - } - -+ /* -+ issue #192: -+ c->binary_header.request.bodylen is an unsigned int but it is -+ used in many places as a signed int. -+ Add a check here to avoid bad integer type conversions which -+ may cause crashes to memcached. -+ */ -+ if (c->binary_header.request.bodylen > INT_MAX) { -+ if (settings.verbose) { -+ fprintf(stderr, "Invalid request body length: %u\n", -+ c->binary_header.request.bodylen); -+ } -+ conn_set_state(c, conn_closing); -+ return -1; -+ } -+ - c->msgcurr = 0; - c->msgused = 0; - c->iovused = 0; |