aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-28 09:11:32 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-29 05:47:58 +0000
commit615b572ef6341859fe6be51d0809da4e783eb89e (patch)
treea4279945fdcb9545d7b839b2520efbb55abd3174
parentc6bb37d9b3b97ad919485aa1bdc99206d3f41a5b (diff)
downloadaports-615b572ef6341859fe6be51d0809da4e783eb89e.tar.gz
aports-615b572ef6341859fe6be51d0809da4e783eb89e.tar.bz2
aports-615b572ef6341859fe6be51d0809da4e783eb89e.tar.xz
main/file: fix CVE-2019-18218
ref #10911 Closes !891
-rw-r--r--main/file/APKBUILD8
-rw-r--r--main/file/CVE-2019-18218.patch40
2 files changed, 46 insertions, 2 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD
index ad6680b832..cfa734f0fc 100644
--- a/main/file/APKBUILD
+++ b/main/file/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=file
pkgver=5.32
-pkgrel=1
+pkgrel=2
pkgdesc="File type identification utility"
url="http://www.darwinsys.com/file/"
arch="all"
@@ -11,10 +11,13 @@ subpackages="$pkgname-dev $pkgname-doc libmagic"
source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz
CVE-2019-8906.patch
CVE-2019-8905-and-CVE-2019-8907.patch
+ CVE-2019-18218.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 5.32-r2:
+# - CVE-2019-19218
# 5.32-r1:
# - CVE-2019-8905
# - CVE-2019-8906
@@ -48,4 +51,5 @@ libmagic() {
sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f file-5.32.tar.gz
f54a16dbca2b5a490405e323924fb2657cc67f73648ad5203b41c13da1dc98e5ca64fc6c94415386538d3c2124f487fc3bf86082ce1571a24d05f5a5e213da08 CVE-2019-8906.patch
-5b8058fd39d9f9d91c7d8377708068dc0161abdbbb7fdb3d1bd9358b297133e425252758b45cccec937a7c51226d4f6dd67f5a13ff935a4353a44f140f011a7e CVE-2019-8905-and-CVE-2019-8907.patch"
+5b8058fd39d9f9d91c7d8377708068dc0161abdbbb7fdb3d1bd9358b297133e425252758b45cccec937a7c51226d4f6dd67f5a13ff935a4353a44f140f011a7e CVE-2019-8905-and-CVE-2019-8907.patch
+d70c5d298db7f70c45feaeebb077f076e6f1b5bcccb85926afeead64838436fd42681541d56f4fbe35b97dd76bfdbf3abf2665894c18999b37d2ca3fe2f2cf17 CVE-2019-18218.patch"
diff --git a/main/file/CVE-2019-18218.patch b/main/file/CVE-2019-18218.patch
new file mode 100644
index 0000000000..e7eba44922
--- /dev/null
+++ b/main/file/CVE-2019-18218.patch
@@ -0,0 +1,40 @@
+Source: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 556a3ff..8bb0a6d 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ goto out;
+ }
+ nelements = CDF_GETUINT32(q, 1);
+- if (nelements == 0) {
+- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++ DPRINTF(("CDF_VECTOR with nelements == %"
++ SIZE_T_FORMAT "u\n", nelements));
+ goto out;
+ }
+ slen = 2;
+@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ goto out;
+ inp += nelem;
+ }
+- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+- nelements));
+ for (j = 0; j < nelements && i < sh.sh_properties;
+ j++, i++)
+ {
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554..0505666 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+
+ #define CDF_LOOP_LIMIT 10000
++#define CDF_ELEMENT_LIMIT 100000
+
+ #define CDF_SECID_NULL 0
+ #define CDF_SECID_FREE -1
+