aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2019-11-13 10:37:31 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2019-11-13 10:37:50 +0000
commit5141b2b55bfd4595926cff250753982f13b194a4 (patch)
tree23e2637e0cd578963517fece87bc52cd7723df8b
parent285aeb8918cb76686f52211af1794c956dfac76e (diff)
downloadaports-5141b2b55bfd4595926cff250753982f13b194a4.tar.gz
aports-5141b2b55bfd4595926cff250753982f13b194a4.tar.bz2
aports-5141b2b55bfd4595926cff250753982f13b194a4.tar.xz
main/freetds: security fix (CVE-2019-13508)
ref #10945
-rw-r--r--main/freetds/APKBUILD10
-rw-r--r--main/freetds/CVE-2019-13508.patch30
2 files changed, 38 insertions, 2 deletions
diff --git a/main/freetds/APKBUILD b/main/freetds/APKBUILD
index 44cf4c58b5..72951217b1 100644
--- a/main/freetds/APKBUILD
+++ b/main/freetds/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Michael Mason <ms13sp@gmail.com>
pkgname=freetds
pkgver=1.1.6
-pkgrel=0
+pkgrel=1
pkgdesc="Tabular Datastream Library"
url="https://www.freetds.org"
arch="all"
@@ -11,10 +11,15 @@ makedepends="openssl-dev linux-headers readline-dev unixodbc-dev"
subpackages="$pkgname-doc $pkgname-dev"
source="https://www.freetds.org/files/stable/$pkgname-$pkgver.tar.bz2
fix-includes.patch
+ CVE-2019-13508.patch
"
builddir="$srcdir/$pkgname-$pkgver"
options="!check" # tests require running SQL server http://www.freetds.org/userguide/confirminstall.htm#TESTS
+# secfixes:
+# 1.1.6-r1:
+# - CVE-2019-13508
+
build() {
cd "$builddir"
./configure \
@@ -42,4 +47,5 @@ package() {
}
sha512sums="160c8638302fd36a3f42d031dbd58525cde899b64d320f6187ce5865ea2c049a1af63be419623e4cd18ccf229dd2ee7ec509bc5721c3371de0f31710dad7470d freetds-1.1.6.tar.bz2
-d75d1aab6687586697f3e430db1e82f21208f10076b45996542eea682e36cbbbb344f479a9336fcfd294b5b87d7acb2ec5fb8ddd1914e990e23dd5e7ae93a0b6 fix-includes.patch"
+d75d1aab6687586697f3e430db1e82f21208f10076b45996542eea682e36cbbbb344f479a9336fcfd294b5b87d7acb2ec5fb8ddd1914e990e23dd5e7ae93a0b6 fix-includes.patch
+d654640796c64bdae87f91e43701d689f9ba7b8c28cd21b07b58d0e0b9033d46a4b67e4a71a44ff1a793661c89d1bfb9e4ce5b52397ea8e898d0481b2afa5000 CVE-2019-13508.patch"
diff --git a/main/freetds/CVE-2019-13508.patch b/main/freetds/CVE-2019-13508.patch
new file mode 100644
index 0000000000..fa7df8dab1
--- /dev/null
+++ b/main/freetds/CVE-2019-13508.patch
@@ -0,0 +1,30 @@
+From 0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <freddy77@gmail.com>
+Date: Tue, 9 Jul 2019 09:26:43 +0100
+Subject: [PATCH] tds: Make sure UDT has varint set to 8
+
+Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
+---
+ src/tds/data.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/tds/data.c b/src/tds/data.c
+index c10ebe1ca..0c5e90f95 100644
+--- a/src/tds/data.c
++++ b/src/tds/data.c
+@@ -1425,6 +1425,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col)
+ tds_get_string(tds, tds_get_usmallint(tds), NULL, 0);
+
+ col->column_size = 0x7ffffffflu;
++ col->column_varint_size = 8;
+
+ return TDS_SUCCESS;
+ }
+@@ -1432,6 +1433,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col)
+ TDS_INT
+ tds_clrudt_row_len(TDSCOLUMN *col)
+ {
++ col->column_varint_size = 8;
+ /* TODO save other fields */
+ return sizeof(TDSBLOB);
+ }