diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-05-21 07:24:05 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-05-21 07:25:19 -0300 |
| commit | 3ae6bad39b1a131bc419fb4e9088f4b12fa07aa2 (patch) | |
| tree | 06b358928fbec375990c6a0ee0ab70ef77fbdb95 | |
| parent | e09fa9fd69e509b0de3041baab65aac63b246b0d (diff) | |
main/iproute2: fix CVE-2019-20795
See #11541
| -rw-r--r-- | main/iproute2/APKBUILD | 13 | ||||
| -rw-r--r-- | main/iproute2/CVE-2019-20795.patch | 42 |
2 files changed, 52 insertions, 3 deletions
diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD index a2c79c9a19b..740763a72df 100644 --- a/main/iproute2/APKBUILD +++ b/main/iproute2/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=iproute2 pkgver=4.19.0 -pkgrel=0 +pkgrel=1 pkgdesc="IP Routing Utilities" url="https://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" arch="all" @@ -11,9 +11,15 @@ install="$pkgname.post-install" makedepends="bison flex bash iptables-dev libelf-dev" subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch" source="https://kernel.org/pub/linux/utils/net/iproute2/iproute2-$pkgver.tar.xz - fix-install-errors.patch" + fix-install-errors.patch + CVE-2019-20795.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 4.19.0-r1: +# - CVE-2019-20795 + prepare() { default_prepare cd "$builddir" @@ -54,4 +60,5 @@ bashcomp() { } sha512sums="47c750da2247705b1b1d1621f58987333e54370d0fff2f24106194022de793ff35dfd67fd1be127ce019008705702092d31dac49abf930a7c0dc5c7e7c0665b8 iproute2-4.19.0.tar.xz -24fc2a901650e11f80bcaa82c839e70c21aafdf3c5b8a357d932d066a0b98ae2ec8379fc17a0a16a1b5b4fa5edc131179c10fc02e55d6101701df5a09966912c fix-install-errors.patch" +24fc2a901650e11f80bcaa82c839e70c21aafdf3c5b8a357d932d066a0b98ae2ec8379fc17a0a16a1b5b4fa5edc131179c10fc02e55d6101701df5a09966912c fix-install-errors.patch +a9f7685dc50495e338fcfce31fc097c220227e78158e16845ed9341d96ba82f34d2778e6268ed7ad795d0bde7293b63d19b3066d37f37dde9112277e61a4e9ac CVE-2019-20795.patch" diff --git a/main/iproute2/CVE-2019-20795.patch b/main/iproute2/CVE-2019-20795.patch new file mode 100644 index 00000000000..bc50bee0910 --- /dev/null +++ b/main/iproute2/CVE-2019-20795.patch @@ -0,0 +1,42 @@ +diff --git a/ip/ipnetns.c b/ip/ipnetns.c +index 03879b4..18d6e26 100644 +--- a/ip/ipnetns.c ++++ b/ip/ipnetns.c +@@ -106,7 +106,7 @@ int get_netnsid_from_name(const char *name) + struct nlmsghdr *answer; + struct rtattr *tb[NETNSA_MAX + 1]; + struct rtgenmsg *rthdr; +- int len, fd; ++ int len, fd, ret = -1; + + netns_nsid_socket_init(); + +@@ -123,23 +123,22 @@ int get_netnsid_from_name(const char *name) + + /* Validate message and parse attributes */ + if (answer->nlmsg_type == NLMSG_ERROR) +- goto err_out; ++ goto out; + + rthdr = NLMSG_DATA(answer); + len = answer->nlmsg_len - NLMSG_SPACE(sizeof(*rthdr)); + if (len < 0) +- goto err_out; ++ goto out; + + parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len); + + if (tb[NETNSA_NSID]) { +- free(answer); +- return rta_getattr_u32(tb[NETNSA_NSID]); ++ ret = rta_getattr_u32(tb[NETNSA_NSID]); + } + +-err_out: ++out: + free(answer); +- return -1; ++ return ret; + } + + struct nsid_cache { |