From d031b70d32b89d1ced1b1d2a15195c0720915d5f Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 23 Aug 2018 12:48:48 +0000 Subject: community/zutils: security fix (CVE-2018-1000637) fixes #9332 --- community/zutils/APKBUILD | 7 +++++-- community/zutils/CVE-2018-1000637.patch | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 community/zutils/CVE-2018-1000637.patch (limited to 'community') diff --git a/community/zutils/APKBUILD b/community/zutils/APKBUILD index 8ff0055985..ff679b9e4b 100644 --- a/community/zutils/APKBUILD +++ b/community/zutils/APKBUILD @@ -9,7 +9,9 @@ arch="all" license="GPL-2.0" subpackages="$pkgname-doc" checkdepends="bzip2" -source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz" +source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz + CVE-2018-1000637.patch + " builddir="$srcdir/$pkgname-$pkgver" build() { @@ -28,4 +30,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz" +sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz +de30e5458b294175cfb3ab9c2031e80c7a4269cf7cf5968e08690ea363bc057a4b052d3a6979d577e8e2182a0a74bc02997c1ba074baa97223b23057b73d6799 CVE-2018-1000637.patch" diff --git a/community/zutils/CVE-2018-1000637.patch b/community/zutils/CVE-2018-1000637.patch new file mode 100644 index 0000000000..8ddc02d5c2 --- /dev/null +++ b/community/zutils/CVE-2018-1000637.patch @@ -0,0 +1,17 @@ +--- zutils-1.7/zcat.cc 2018-02-13 19:10:41.000000000 +0000 ++++ zutils-1.8-pre2/zcat.cc 2018-07-31 21:49:02.000000000 +0000 +@@ -227,10 +230,11 @@ + const Cat_options & cat_options ) + { + enum { buffer_size = 4096 }; +- // buffer with space for sentinel newline at the end ++ // buffer with space for sentinel newline at the end + uint8_t * const inbuf = new uint8_t[buffer_size+1]; +- // buffer with space for character quoting and 255-digit line number +- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256]; ++ // buffer with space for character quoting, 255-digit line number and ++ // worst case flushing respect to inbuf. ++ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256]; + int retval = 0; + Children children; + if( !set_data_feeder( input_filename, &infd, children, format_index ) ) -- cgit v1.2.3