aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-12-24 11:33:40 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2019-12-24 12:34:38 +0100
commit320e9fe25de21594bb1ef20b31586ec775ab1758 (patch)
tree3d5142aa82c2b9247dff709923d5272bcf55940a
parent6a4d9443f0e1fd971280cbf8b2b02b4bcd5cfa34 (diff)
downloadaports-320e9fe25de21594bb1ef20b31586ec775ab1758.tar.gz
aports-320e9fe25de21594bb1ef20b31586ec775ab1758.tar.bz2
aports-320e9fe25de21594bb1ef20b31586ec775ab1758.tar.xz
main/cyrus-sasl: fix CVE-2019-19906
fixes #11079
-rw-r--r--main/cyrus-sasl/APKBUILD6
-rw-r--r--main/cyrus-sasl/CVE-2019-19906.patch15
2 files changed, 20 insertions, 1 deletions
diff --git a/main/cyrus-sasl/APKBUILD b/main/cyrus-sasl/APKBUILD
index adcd9ee20d..28c3dc9a9a 100644
--- a/main/cyrus-sasl/APKBUILD
+++ b/main/cyrus-sasl/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cyrus-sasl
pkgver=2.1.27
-pkgrel=4
+pkgrel=5
pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
url="https://cyrusimap.org/"
arch="all"
@@ -39,10 +39,13 @@ source="https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-$pk
cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
cyrus-sasl-2.1.27-doc_build_fix.patch
cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
+ CVE-2019-19906.patch
saslauthd.initd
"
# secfixes:
+# 2.1.27-r5:
+# - CVE-2019-19906
# 2.1.26-r7:
# - CVE-2013-4122
@@ -123,4 +126,5 @@ sha512sums="d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623
4ca601839b023ef790e48dae567ffbbd57c632384c980946639ec7437ad23874961451718569455e6e25afaeff1728ecbc71a8686f6b43246f83465f95a2c904 cyrus-sasl-2.1.27-avoid_pic_overwrite.patch
6d723e7ec2c431b45c011b887187b6a670dbe646aa4c39d38171047ab23db529c30c433f8d4dd624181917c5ce4e5271f86e35e2644ede1c40dfb09cb67dccde cyrus-sasl-2.1.27-doc_build_fix.patch
fca4f2b7e427c7613f71daa4a31772c33c8c0fe9d7f85b57b85da71bc5a88a18fc52f7caea463188b4addd31cd041d5349af689d5face2cc45fb50c700a8afd7 cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch
+c39efd87dc9c883d3b07474197f6835fbd32f23baa1f5cd04b25a0473639f847321c40f232e390d4dc9d9ee189dbd177c05d3d1461af4d28a48a4827abc5d9b8 CVE-2019-19906.patch
f76bfb61567172428cdbc1ed900d5e0b6e66afc38118db6ba0e2fd8ba01956ad896e56463b2249bdc46d8725384f1b975a2af3601c0735327d3f8bc26ce1ed75 saslauthd.initd"
diff --git a/main/cyrus-sasl/CVE-2019-19906.patch b/main/cyrus-sasl/CVE-2019-19906.patch
new file mode 100644
index 0000000000..f7edb521e8
--- /dev/null
+++ b/main/cyrus-sasl/CVE-2019-19906.patch
@@ -0,0 +1,15 @@
+https://github.com/cyrusimap/cyrus-sasl/issues/587
+
+diff --git a/lib/common.c b/lib/common.c
+index bc3bf1df..9969d6aa 100644
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
+
+ if (add==NULL) add = "(null)";
+
+- addlen=strlen(add); /* only compute once */
++ addlen=strlen(add)+1; /* only compute once */
+ if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+ return SASL_NOMEM;
+