From 8dc38ebaea189e1ada9a64ef29baba9e91e57799 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
Date: Fri, 17 Apr 2020 12:44:08 +0200
Subject: main/mcpp: fix CVE-2019-14274

Patch taken from Debian.
---
 main/mcpp/APKBUILD             | 18 +++++++--------
 main/mcpp/CVE-2019-14274.patch | 52 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 9 deletions(-)
 create mode 100644 main/mcpp/CVE-2019-14274.patch

diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD
index 85aaff93b3..f102d1dc8e 100644
--- a/main/mcpp/APKBUILD
+++ b/main/mcpp/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
 pkgname=mcpp
 pkgver=2.7.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A portable C preprocessor"
 url="http://mcpp.sourceforge.net"
 arch="all"
@@ -13,7 +13,12 @@ makedepends=""
 subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
 source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
 	01-zeroc-fixes.patch
-	02-gniibe-fixes.patch"
+	02-gniibe-fixes.patch
+	CVE-2019-14274.patch"
+
+# secfixes:
+#   2.7.2-r2:
+#     - CVE-2019-14274
 
 prepare() {
 	cd "$builddir"
@@ -45,12 +50,7 @@ package() {
 		"$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
 }
 
-md5sums="512de48c87ab023a69250edc7a0c7b05  mcpp-2.7.2.tar.gz
-e231a2c976ccf14b548deaee840faeb7  01-zeroc-fixes.patch
-1801827678e80d0ef73655a88064a35b  02-gniibe-fixes.patch"
-sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864  mcpp-2.7.2.tar.gz
-6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c  01-zeroc-fixes.patch
-30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504  02-gniibe-fixes.patch"
 sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235  mcpp-2.7.2.tar.gz
 86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad  01-zeroc-fixes.patch
-a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d  02-gniibe-fixes.patch"
+a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d  02-gniibe-fixes.patch
+12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882  CVE-2019-14274.patch"
diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch
new file mode 100644
index 0000000000..717b16fe9d
--- /dev/null
+++ b/main/mcpp/CVE-2019-14274.patch
@@ -0,0 +1,52 @@
+Description: Fix for a bug reported to sourceforge.net #13
+   by fixing error messages.
+   Also, fix erroneous messages.
+Author: NIIBE Yutaka
+
+Index: mcpp/src/support.c
+===================================================================
+--- mcpp.orig/src/support.c
++++ mcpp/src/support.c
+@@ -822,7 +822,7 @@ escape:
+         if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
+                 && (warn_level & 1))
+             cwarn(
+-            "Illegal control character %.0s0lx%02x in quotation"    /* _W1_ */
++            "Illegal control character %.0s0x%02x in quotation"    /* _W1_ */
+                     , NULL, (long) c, NULL);
+         *out_p++ = c;
+ chk_limit:
+@@ -861,10 +861,10 @@ chk_limit:
+                 if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                     /* STD, KR      */
+                     if (warn_level & 1)
+-                        cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
++                        cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
+                     goto  done;
+                 } else {
+-                    cerror( unterm_char, out, 0L, skip);    /* _E_  */
++                    cerror( unterm_char, NULL, (long)delim, skip);    /* _E_  */
+                 }
+             } else {
+                 cerror( "Unterminated header name %s%.0ld%s"        /* _E_  */
+@@ -875,9 +875,9 @@ chk_limit:
+             if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+                 /* STD, KR      */
+                 if (warn_level & 1)
+-                    cwarn( empty_const, out, 0L, skip);     /* _W1_ */
++                    cwarn( empty_const, NULL, (long)delim, skip);     /* _W1_ */
+             } else {
+-                cerror( empty_const, out, 0L, skip);        /* _E_  */
++                cerror( empty_const, NULL, (long)delim, skip);        /* _E_  */
+                 out_p = NULL;
+                 goto  done;
+             }
+@@ -1774,7 +1774,7 @@ not_comment:
+         default:
+             if (iscntrl( c)) {
+                 cerror(             /* Skip the control character   */
+-    "Illegal control character %.0s0x%lx, skipped the character"    /* _E_  */
++    "Illegal control character %.0s0x%02x, skipped the character"    /* _E_  */
+                         , NULL, (long) c, NULL);
+             } else {                        /* Any valid character  */
+                 *tp++ = c;
-- 
cgit v1.2.3