diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-11-13 10:37:31 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-11-13 10:37:50 +0000 |
| commit | 5141b2b55bfd4595926cff250753982f13b194a4 (patch) | |
| tree | 23e2637e0cd578963517fece87bc52cd7723df8b | |
| parent | 285aeb8918cb76686f52211af1794c956dfac76e (diff) | |
main/freetds: security fix (CVE-2019-13508)
ref #10945
| -rw-r--r-- | main/freetds/APKBUILD | 10 | ||||
| -rw-r--r-- | main/freetds/CVE-2019-13508.patch | 30 |
2 files changed, 38 insertions, 2 deletions
diff --git a/main/freetds/APKBUILD b/main/freetds/APKBUILD index 44cf4c58b53..72951217b14 100644 --- a/main/freetds/APKBUILD +++ b/main/freetds/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=freetds pkgver=1.1.6 -pkgrel=0 +pkgrel=1 pkgdesc="Tabular Datastream Library" url="https://www.freetds.org" arch="all" @@ -11,10 +11,15 @@ makedepends="openssl-dev linux-headers readline-dev unixodbc-dev" subpackages="$pkgname-doc $pkgname-dev" source="https://www.freetds.org/files/stable/$pkgname-$pkgver.tar.bz2 fix-includes.patch + CVE-2019-13508.patch " builddir="$srcdir/$pkgname-$pkgver" options="!check" # tests require running SQL server http://www.freetds.org/userguide/confirminstall.htm#TESTS +# secfixes: +# 1.1.6-r1: +# - CVE-2019-13508 + build() { cd "$builddir" ./configure \ @@ -42,4 +47,5 @@ package() { } sha512sums="160c8638302fd36a3f42d031dbd58525cde899b64d320f6187ce5865ea2c049a1af63be419623e4cd18ccf229dd2ee7ec509bc5721c3371de0f31710dad7470d freetds-1.1.6.tar.bz2 -d75d1aab6687586697f3e430db1e82f21208f10076b45996542eea682e36cbbbb344f479a9336fcfd294b5b87d7acb2ec5fb8ddd1914e990e23dd5e7ae93a0b6 fix-includes.patch" +d75d1aab6687586697f3e430db1e82f21208f10076b45996542eea682e36cbbbb344f479a9336fcfd294b5b87d7acb2ec5fb8ddd1914e990e23dd5e7ae93a0b6 fix-includes.patch +d654640796c64bdae87f91e43701d689f9ba7b8c28cd21b07b58d0e0b9033d46a4b67e4a71a44ff1a793661c89d1bfb9e4ce5b52397ea8e898d0481b2afa5000 CVE-2019-13508.patch" diff --git a/main/freetds/CVE-2019-13508.patch b/main/freetds/CVE-2019-13508.patch new file mode 100644 index 00000000000..fa7df8dab1e --- /dev/null +++ b/main/freetds/CVE-2019-13508.patch @@ -0,0 +1,30 @@ +From 0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac Mon Sep 17 00:00:00 2001 +From: Frediano Ziglio <freddy77@gmail.com> +Date: Tue, 9 Jul 2019 09:26:43 +0100 +Subject: [PATCH] tds: Make sure UDT has varint set to 8 + +Signed-off-by: Frediano Ziglio <freddy77@gmail.com> +--- + src/tds/data.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tds/data.c b/src/tds/data.c +index c10ebe1ca..0c5e90f95 100644 +--- a/src/tds/data.c ++++ b/src/tds/data.c +@@ -1425,6 +1425,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col) + tds_get_string(tds, tds_get_usmallint(tds), NULL, 0); + + col->column_size = 0x7ffffffflu; ++ col->column_varint_size = 8; + + return TDS_SUCCESS; + } +@@ -1432,6 +1433,7 @@ tds_clrudt_get_info(TDSSOCKET * tds, TDSCOLUMN * col) + TDS_INT + tds_clrudt_row_len(TDSCOLUMN *col) + { ++ col->column_varint_size = 8; + /* TODO save other fields */ + return sizeof(TDSBLOB); + } |