diff options
author | Sören Tempel <soeren+git@soeren-tempel.net> | 2018-10-11 15:40:32 +0200 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2018-10-11 15:53:26 +0200 |
commit | f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0 (patch) | |
tree | 8dc8cda3b39ddd95e9dc9bed864416910501f900 /main | |
parent | 81e1cee85584d995c8969a63342418a878ec3a66 (diff) | |
download | aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.bz2 aports-f7f3b355b2e9c3f5ef29fe317425f380fbacc5d0.tar.xz |
main/ldns: Fix CVE-2017-1000231 and CVE-2017-1000232
Diffstat (limited to 'main')
-rw-r--r-- | main/ldns/APKBUILD | 14 | ||||
-rw-r--r-- | main/ldns/CVE-2017-1000231.patch | 25 | ||||
-rw-r--r-- | main/ldns/CVE-2017-1000232.patch | 27 |
3 files changed, 63 insertions, 3 deletions
diff --git a/main/ldns/APKBUILD b/main/ldns/APKBUILD index 522c4a8c52..5ddabeebfb 100644 --- a/main/ldns/APKBUILD +++ b/main/ldns/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ldns pkgver=1.7.0 -pkgrel=0 +pkgrel=1 pkgdesc="Lowlevel DNS(SEC) library" url="http://nlnetlabs.nl/projects/ldns/" arch="all" @@ -13,7 +13,13 @@ makedepends="$depends_dev libpcap-dev perl" install="" subpackages="$pkgname-dev $pkgname-doc drill $pkgname-tools" source="https://nlnetlabs.nl/downloads/ldns/ldns-$pkgver.tar.gz - " + CVE-2017-1000231.patch + CVE-2017-1000232.patch" + +# secfixes +# 1.7.0-r1: +# - CVE-2017-1000231 +# - CVE-2017-1000232 builddir="$srcdir"/ldns-$pkgver build() { @@ -67,4 +73,6 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 ldns-1.7.0.tar.gz" +sha512sums="8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 ldns-1.7.0.tar.gz +51c54a8bc60b18ca90111fceb86873609401c901345851ad44f6be2437f3700ccdcff502e5bfefa9da327b7f0739e644edbbfbce8afc1c19eda97663a04c02a1 CVE-2017-1000231.patch +00e547359dd2bf9498dfe7bdb236fb6327ca972356ea089e415cdf21dbae49555cd32b09f27226c1f7aea7e3e1b94cce3e3750c595080aa182fe1790a1f5a5ff CVE-2017-1000232.patch" diff --git a/main/ldns/CVE-2017-1000231.patch b/main/ldns/CVE-2017-1000231.patch new file mode 100644 index 0000000000..b6898b5816 --- /dev/null +++ b/main/ldns/CVE-2017-1000231.patch @@ -0,0 +1,25 @@ +From 99dfbbc328f75df60d52f8a578545017dd98c475 Mon Sep 17 00:00:00 2001 +From: Willem Toorop <willem@nlnetlabs.nl> +Date: Thu, 27 Apr 2017 00:14:58 +0200 +Subject: [PATCH] Check parse limit before t increment + +Thanks Stephan Zeisberg +--- + parse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/parse.c b/parse.c +index e68627c2..947dbb89 100644 +--- a/parse.c ++++ b/parse.c +@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li + if (line_nr) { + *line_nr = *line_nr + 1; + } ++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { ++ *t = '\0'; ++ return -1; ++ } + *t++ = ' '; + prev_c = c; + continue; diff --git a/main/ldns/CVE-2017-1000232.patch b/main/ldns/CVE-2017-1000232.patch new file mode 100644 index 0000000000..d36738ca22 --- /dev/null +++ b/main/ldns/CVE-2017-1000232.patch @@ -0,0 +1,27 @@ +From f5bae2bf02aa0d8a38e02e14f27e3c4dee15077d Mon Sep 17 00:00:00 2001 +From: Willem Toorop <willem@nlnetlabs.nl> +Date: Thu, 27 Apr 2017 00:25:20 +0200 +Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size + +Thanks Stephan Zeisberg +--- + str2host.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/str2host.c b/str2host.c +index c396f547..c3afba1d 100644 +--- a/str2host.c ++++ b/str2host.c +@@ -1496,8 +1496,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); +- ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) { |