diff options
-rw-r--r-- | main/apk-tools/0001-package-don-t-leak-signing-key-file-fd.patch | 27 | ||||
-rw-r--r-- | main/apk-tools/APKBUILD | 6 |
2 files changed, 31 insertions, 2 deletions
diff --git a/main/apk-tools/0001-package-don-t-leak-signing-key-file-fd.patch b/main/apk-tools/0001-package-don-t-leak-signing-key-file-fd.patch new file mode 100644 index 0000000000..6ff88a312c --- /dev/null +++ b/main/apk-tools/0001-package-don-t-leak-signing-key-file-fd.patch @@ -0,0 +1,27 @@ +From fe55da70741621f7bac2cd943b64cc13e25f9427 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 26 May 2010 14:30:08 +0300 +Subject: [PATCH] package: don't leak signing key file fd + +openssl BIO does not close the fd unless we explicitly tell it to +do so. +--- + src/package.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/package.c b/src/package.c +index b265468..b97c412 100644 +--- a/src/package.c ++++ b/src/package.c +@@ -441,7 +441,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, + if (fd < 0) + return 0; + +- bio = BIO_new_fp(fdopen(fd, "r"), 0); ++ bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE); + ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (ctx->signature.pkey != NULL) { + if (fi->name[6] == 'R') +-- +1.7.1 + diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD index 87d4d69949..edf083e885 100644 --- a/main/apk-tools/APKBUILD +++ b/main/apk-tools/APKBUILD @@ -1,13 +1,14 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apk-tools pkgver=2.0.2 -pkgrel=4 +pkgrel=5 pkgdesc="Alpine Package Keeper - package manager for alpine" subpackages="$pkgname-static" depends= makedepends="zlib-dev openssl-dev pkgconfig" source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 info-segfault.patch + 0001-package-don-t-leak-signing-key-file-fd.patch " @@ -45,4 +46,5 @@ static() { } md5sums="c87cb88f90eb8d7021d37e3b5386863d apk-tools-2.0.2.tar.bz2 -aeab86a00119f9945edd6d3c3a8bb9c1 info-segfault.patch" +aeab86a00119f9945edd6d3c3a8bb9c1 info-segfault.patch +ac2ddef3f82f700c9eb536a54050cca6 0001-package-don-t-leak-signing-key-file-fd.patch" |