aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-05-21 07:24:05 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-05-21 07:25:35 -0300
commit635fd56d923cf83e6dcc44c1547073ff890f3c89 (patch)
treeec1408c3ef538df2b70174795db8d82ccb40e794
parent54d9d7620b3c43d194b0db4a84b55f3def94cd75 (diff)
downloadaports-635fd56d923cf83e6dcc44c1547073ff890f3c89.tar.gz
aports-635fd56d923cf83e6dcc44c1547073ff890f3c89.tar.bz2
aports-635fd56d923cf83e6dcc44c1547073ff890f3c89.tar.xz
main/iproute2: fix CVE-2019-20795
See #11541
-rw-r--r--main/iproute2/APKBUILD13
-rw-r--r--main/iproute2/CVE-2019-20795.patch42
2 files changed, 52 insertions, 3 deletions
diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD
index e9c08f876b..9db60aefab 100644
--- a/main/iproute2/APKBUILD
+++ b/main/iproute2/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=iproute2
pkgver=4.20.0
-pkgrel=1
+pkgrel=2
pkgdesc="IP Routing Utilities"
url="https://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
arch="all"
@@ -12,9 +12,15 @@ makedepends="bison flex bash iptables-dev elfutils-dev"
subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
source="https://kernel.org/pub/linux/utils/net/iproute2/iproute2-$pkgver.tar.xz
fix-install-errors.patch
- musl-fixes.patch"
+ musl-fixes.patch
+ CVE-2019-20795.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 4.20.0-r2:
+# - CVE-2019-20795
+
prepare() {
default_prepare
cd "$builddir"
@@ -56,4 +62,5 @@ bashcomp() {
sha512sums="ed29638c864062e199152c7b3b24b6495987ca6f79cc9ab1b529dab37a8a840fa2b5858d5db2b94eeefa1c0d72ff666a790107e27d11a597b189bfb7a01a4b8b iproute2-4.20.0.tar.xz
24fc2a901650e11f80bcaa82c839e70c21aafdf3c5b8a357d932d066a0b98ae2ec8379fc17a0a16a1b5b4fa5edc131179c10fc02e55d6101701df5a09966912c fix-install-errors.patch
-2e3558caddf814da8c4d78c74eddb7a659d6f94b93de5396bdd995e2333e3cd656f9c936ac7a5a86d0477abc27a92550582575ab4ed19fc2ec0d9b6699cd612c musl-fixes.patch"
+2e3558caddf814da8c4d78c74eddb7a659d6f94b93de5396bdd995e2333e3cd656f9c936ac7a5a86d0477abc27a92550582575ab4ed19fc2ec0d9b6699cd612c musl-fixes.patch
+a9f7685dc50495e338fcfce31fc097c220227e78158e16845ed9341d96ba82f34d2778e6268ed7ad795d0bde7293b63d19b3066d37f37dde9112277e61a4e9ac CVE-2019-20795.patch"
diff --git a/main/iproute2/CVE-2019-20795.patch b/main/iproute2/CVE-2019-20795.patch
new file mode 100644
index 0000000000..bc50bee091
--- /dev/null
+++ b/main/iproute2/CVE-2019-20795.patch
@@ -0,0 +1,42 @@
+diff --git a/ip/ipnetns.c b/ip/ipnetns.c
+index 03879b4..18d6e26 100644
+--- a/ip/ipnetns.c
++++ b/ip/ipnetns.c
+@@ -106,7 +106,7 @@ int get_netnsid_from_name(const char *name)
+ struct nlmsghdr *answer;
+ struct rtattr *tb[NETNSA_MAX + 1];
+ struct rtgenmsg *rthdr;
+- int len, fd;
++ int len, fd, ret = -1;
+
+ netns_nsid_socket_init();
+
+@@ -123,23 +123,22 @@ int get_netnsid_from_name(const char *name)
+
+ /* Validate message and parse attributes */
+ if (answer->nlmsg_type == NLMSG_ERROR)
+- goto err_out;
++ goto out;
+
+ rthdr = NLMSG_DATA(answer);
+ len = answer->nlmsg_len - NLMSG_SPACE(sizeof(*rthdr));
+ if (len < 0)
+- goto err_out;
++ goto out;
+
+ parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len);
+
+ if (tb[NETNSA_NSID]) {
+- free(answer);
+- return rta_getattr_u32(tb[NETNSA_NSID]);
++ ret = rta_getattr_u32(tb[NETNSA_NSID]);
+ }
+
+-err_out:
++out:
+ free(answer);
+- return -1;
++ return ret;
+ }
+
+ struct nsid_cache {