From 143427d67a983d7d05ac3e66b5221316df7b4c7d Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 16 Dec 2015 12:37:08 +0000 Subject: main/redis: security fix for CVE-2015-8080 ref #4943 fixes #4944 --- main/redis/APKBUILD | 6 ++++- main/redis/CVE-2015-8080.patch | 51 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 main/redis/CVE-2015-8080.patch diff --git a/main/redis/APKBUILD b/main/redis/APKBUILD index e965f91243..1481b07cb3 100644 --- a/main/redis/APKBUILD +++ b/main/redis/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Eivind Uggedal pkgname=redis pkgver=3.0.5 -pkgrel=0 +pkgrel=1 pkgdesc="Advanced key-value store" url="http://redis.io/" arch="all" @@ -15,6 +15,7 @@ subpackages="" pkgusers="redis" pkggroups="redis" source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz + CVE-2015-8080.patch redis.initd redis.logrotate redis.confd @@ -72,14 +73,17 @@ package() { md5sums="c7ba233e5f92ad2f48860c815bb05480 redis-3.0.5.tar.gz +764d954b972a9a0eb2bdb25282246161 CVE-2015-8080.patch e284cbbb7fcddbcb573bcd8318366316 redis.initd ed0a5e40633e82c52c50f8bf0ed93ae0 redis.logrotate bf204d560e41b854297c60aff8d862d5 redis.confd" sha256sums="4c176826eee909fbdc63db1c15adc22aab42d758043829e556f4331e6a5bd480 redis-3.0.5.tar.gz +582f0c324c63076173d5c541aa449c236ef977e59031bbb8d83cf4762547e24f CVE-2015-8080.patch 0cc974108792aa49c7d2cddcb0d53c4223acdf38652ffac6b6b76e835ebcaf78 redis.initd aa078c4757fc426710310a0688cc1ab728acb7a2afa648e28b2ecbd57d003c0d redis.logrotate 97d50b2bee2df995317b505d459c31fe4abe74e670028f0335febdd6e4e31486 redis.confd" sha512sums="f44e2bcf2f4910da9f9d9e31ec542d5816ec0ba4329efe3e5053cc0176a5a8557d905f23bd3fd37e8a6e674eaf12804613718f63cb2ca1eac2b4f9c6082acab6 redis-3.0.5.tar.gz +34edf38a3b11d6f572f01daeb7698dca0ab75dd1cbbf5a25fc88fef15c79eb9711ef6feebf5f9c19bd614cbe4fa560df285dfd1db8089be622a97d44803736a2 CVE-2015-8080.patch 91b663f802aea9a473195940d3bf2ce3ca2af4e5b6e61a2d28ebbfe502ef2c764b574b7e87c49e60345d1a5d6b73d12920924c93b26be110c2ce824023347b6f redis.initd 6d17d169b40a7e23a0a2894eff0f3e2fe8e4461b36f2a9d45468f0abd84ea1035d679b4c0a34029bce093147f9c7bb697e843c113c17769d38c934d4a78a5848 redis.logrotate d87aad6185300c99cc9b6a478c83bf62c450fb2c225592d74cc43a3adb93e19d8d2a42cc279907b385aa73a7b9c77b66828dbfb001009edc16a604abb2087e99 redis.confd" diff --git a/main/redis/CVE-2015-8080.patch b/main/redis/CVE-2015-8080.patch new file mode 100644 index 0000000000..22ff080ace --- /dev/null +++ b/main/redis/CVE-2015-8080.patch @@ -0,0 +1,51 @@ +From 8bb9cb38befd8c1131576b9fdbea605a7a094245 Mon Sep 17 00:00:00 2001 +From: Sun He +Date: Sun, 13 Dec 2015 13:47:22 +0800 +Subject: [PATCH] lua_struct.c/getnum: throw error if overflow happen + +Fix issue #2855 +--- + deps/lua/src/lua_struct.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c +index ec78bcb..a602bb4 100644 +--- a/deps/lua/src/lua_struct.c ++++ b/deps/lua/src/lua_struct.c +@@ -89,12 +89,14 @@ typedef struct Header { + } Header; + + +-static int getnum (const char **fmt, int df) { ++static int getnum (lua_State *L, const char **fmt, int df) { + if (!isdigit(**fmt)) /* no number? */ + return df; /* return default value */ + else { + int a = 0; + do { ++ if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0'))) ++ luaL_error(L, "integral size overflow"); + a = a*10 + *((*fmt)++) - '0'; + } while (isdigit(**fmt)); + return a; +@@ -115,9 +117,9 @@ static size_t optsize (lua_State *L, char opt, const char **fmt) { + case 'f': return sizeof(float); + case 'd': return sizeof(double); + case 'x': return 1; +- case 'c': return getnum(fmt, 1); ++ case 'c': return getnum(L, fmt, 1); + case 'i': case 'I': { +- int sz = getnum(fmt, sizeof(int)); ++ int sz = getnum(L, fmt, sizeof(int)); + if (sz > MAXINTSIZE) + luaL_error(L, "integral size %d is larger than limit of %d", + sz, MAXINTSIZE); +@@ -150,7 +152,7 @@ static void controloptions (lua_State *L, int opt, const char **fmt, + case '>': h->endian = BIG; return; + case '<': h->endian = LITTLE; return; + case '!': { +- int a = getnum(fmt, MAXALIGN); ++ int a = getnum(L, fmt, MAXALIGN); + if (!isp2(a)) + luaL_error(L, "alignment %d is not a power of 2", a); + h->align = a; -- cgit v1.2.3