aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2017-08-14 10:00:17 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2017-08-14 10:00:35 +0000
commit16649bcca066db87c70f1ddc537c58b5c76773e6 (patch)
tree626dd7db0ccfd90f19a2b922fe889d2e220ce437
parenta51f2d7593706eb38073b80df6192c6730f36c60 (diff)
downloadaports-16649bcca066db87c70f1ddc537c58b5c76773e6.tar.gz
aports-16649bcca066db87c70f1ddc537c58b5c76773e6.tar.bz2
aports-16649bcca066db87c70f1ddc537c58b5c76773e6.tar.xz
main/libsoup: fix for CVE-2017-2885. Fixes #7680
-rw-r--r--main/libsoup/APKBUILD18
-rw-r--r--main/libsoup/CVE-2017-2885.patch57
2 files changed, 70 insertions, 5 deletions
diff --git a/main/libsoup/APKBUILD b/main/libsoup/APKBUILD
index 0daa1a9e81..4f64e7113a 100644
--- a/main/libsoup/APKBUILD
+++ b/main/libsoup/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libsoup
pkgver=2.52.2
-pkgrel=0
+pkgrel=1
pkgdesc="Gnome HTTP Library"
url="ihttp://live.gnome.org/LibSoup"
arch="all"
@@ -11,7 +11,12 @@ depends="glib-networking"
depends_dev="gnutls-dev sqlite-dev"
makedepends="$depends_dev libgcrypt-dev libgpg-error-dev zlib-dev
gobject-introspection-dev intltool vala"
-source="http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz"
+source="http://ftp.gnome.org/pub/gnome/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz
+ CVE-2017-2885.patch"
+
+# secfixes:
+# 2.52.2-r1:
+# - CVE-2017-2885
build() {
cd "$srcdir"/$pkgname-$pkgver
@@ -34,6 +39,9 @@ package() {
cd "$srcdir"/$pkgname-$pkgver
make DESTDIR="$pkgdir" install || return 1
}
-md5sums="e4757d09012ed93822b1ee41435fec24 libsoup-2.52.2.tar.xz"
-sha256sums="db55628b5c7d952945bb71b236469057c8dfb8dea0c271513579c6273c2093dc libsoup-2.52.2.tar.xz"
-sha512sums="866942d8db43a19630f39db12b22058cf31ef0c56f337e6c5790f5b881aaa768d4dbece1d2fe0d9560a82ae0f362365c19aa9b0d05afeb45bc5774f6713f51b2 libsoup-2.52.2.tar.xz"
+md5sums="e4757d09012ed93822b1ee41435fec24 libsoup-2.52.2.tar.xz
+d64bec326fe5a317e415cd9c35d7a48c CVE-2017-2885.patch"
+sha256sums="db55628b5c7d952945bb71b236469057c8dfb8dea0c271513579c6273c2093dc libsoup-2.52.2.tar.xz
+0ec94352aa14b1d28718766bba5b21430be7ab94c60122c82459d66df69c71c8 CVE-2017-2885.patch"
+sha512sums="866942d8db43a19630f39db12b22058cf31ef0c56f337e6c5790f5b881aaa768d4dbece1d2fe0d9560a82ae0f362365c19aa9b0d05afeb45bc5774f6713f51b2 libsoup-2.52.2.tar.xz
+9a4a71d8ee253be41995ccabe2a70b29bb7b29282f33009ad52ba488995853d219af60841c1d5ffd4a3e74fe1435118359bfbe2ab72ebb1d078430c1db5c4a08 CVE-2017-2885.patch"
diff --git a/main/libsoup/CVE-2017-2885.patch b/main/libsoup/CVE-2017-2885.patch
new file mode 100644
index 0000000000..c22616ad5b
--- /dev/null
+++ b/main/libsoup/CVE-2017-2885.patch
@@ -0,0 +1,57 @@
+From 03c91c76daf70ee227f38304c5e45a155f45073d Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw@gnome.org>
+Date: Thu, 3 Aug 2017 09:56:43 -0400
+Subject: Fix chunked decoding buffer overrun (CVE-2017-2885)
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785774
+---
+ libsoup/soup-filter-input-stream.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/libsoup/soup-filter-input-stream.c b/libsoup/soup-filter-input-stream.c
+index cde4d12..2c30bf9 100644
+--- a/libsoup/soup-filter-input-stream.c
++++ b/libsoup/soup-filter-input-stream.c
+@@ -198,7 +198,7 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ GCancellable *cancellable,
+ GError **error)
+ {
+- gssize nread;
++ gssize nread, read_length;
+ guint8 *p, *buf, *end;
+ gboolean eof = FALSE;
+ GError *my_error = NULL;
+@@ -251,10 +251,11 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ } else
+ buf = fstream->priv->buf->data;
+
+- /* Scan for the boundary */
+- end = buf + fstream->priv->buf->len;
+- if (!eof)
+- end -= boundary_length;
++ /* Scan for the boundary within the range we can possibly return. */
++ if (include_boundary)
++ end = buf + MIN (fstream->priv->buf->len, length) - boundary_length;
++ else
++ end = buf + MIN (fstream->priv->buf->len - boundary_length, length);
+ for (p = buf; p <= end; p++) {
+ if (*p == *(guint8*)boundary &&
+ !memcmp (p, boundary, boundary_length)) {
+@@ -268,10 +269,9 @@ soup_filter_input_stream_read_until (SoupFilterInputStream *fstream,
+ if (!*got_boundary && fstream->priv->buf->len < length && !eof)
+ goto fill_buffer;
+
+- /* Return everything up to 'p' (which is either just after the boundary if
+- * include_boundary is TRUE, just before the boundary if include_boundary is
+- * FALSE, @boundary_len - 1 bytes before the end of the buffer, or end-of-
+- * file).
+- */
+- return read_from_buf (fstream, buffer, p - buf);
++ if (eof && !*got_boundary)
++ read_length = MIN (fstream->priv->buf->len, length);
++ else
++ read_length = p - buf;
++ return read_from_buf (fstream, buffer, read_length);
+ }
+--
+cgit v0.12