2 files changed, 47 insertions, 4 deletions

diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD
index 6d69fd8cd3..04f38710b9 100644
--- a/main/libmspack/APKBUILD
+++ b/main/libmspack/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=libmspack
 pkgver=0.8_alpha
 _ver=${pkgver/_/}
-pkgrel=0
+pkgrel=1
 pkgdesc="Library for CAB and related files compression and decompression"
 url="https://www.cabextract.org.uk/libmspack/"
 arch="all"
@@ -10,13 +10,16 @@ license="LGPL-2.0"
 depends=""
 depends_dev=""
 makedepends="$depends_dev"
-install=""
 subpackages="$pkgname-dev"
-source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz"
+source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz
+	CVE-2019-1010305.patch
+	"
 
 _builddir="$srcdir"/libmspack-$_ver
 
 # secfixes:
+#   0.8_alpha-r1:
+#     - CVE-2019-1010305
 #   0.8_alpha-r0:
 #     - CVE-2018-18584
 #     - CVE-2018-18585
@@ -61,4 +64,5 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a  libmspack-0.8alpha.tar.gz"
+sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a  libmspack-0.8alpha.tar.gz
+4c5f5ab9d597538303ce2adf27014db715603afdde50904cd3cb363077f2ff883086cf9ccf1072fa516f73df4652bec3bddd81854aeac5f11c0698d1cfb59cdf  CVE-2019-1010305.patch"
diff --git a/main/libmspack/CVE-2019-1010305.patch b/main/libmspack/CVE-2019-1010305.patch
new file mode 100644
index 0000000000..af113af2d3
--- /dev/null
+++ b/main/libmspack/CVE-2019-1010305.patch
@@ -0,0 +1,39 @@
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index 1d198bf..26c1b18 100644
+--- a/mspack/chmd.c
++++ b/mspack/chmd.c
+@@ -482,21 +482,19 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+       fi->filename[name_len] = '\0';
+ 
+       if (name[0] == ':' && name[1] == ':') {
+-	/* system file */
+-	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
+-	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
+-	    chm->sec1.content = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
+-	    chm->sec1.control = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
+-	    chm->sec1.spaninfo = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+-	    chm->sec1.rtable = fi;
+-	  }
+-	}
++	    /* system file */
++        if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
++          chm->sec1.content = fi;
++        }
++        else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
++          chm->sec1.control = fi;
++        }
++        else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
++          chm->sec1.spaninfo = fi;
++        }
++        else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
++          chm->sec1.rtable = fi;
++        }
+ 	fi->next = chm->sysfiles;
+ 	chm->sysfiles = fi;
+       }