aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2018-08-01 07:24:14 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2018-08-01 07:24:14 +0000
commit6cb9533a172c3840964227cf4fda35150dfa0eb9 (patch)
tree70116c982bc1e1f5ea91d7e28678b40939f5465c
parent89fe29bbad9afaa38e91399e623b77a726e77594 (diff)
downloadaports-6cb9533a172c3840964227cf4fda35150dfa0eb9.tar.gz
aports-6cb9533a172c3840964227cf4fda35150dfa0eb9.tar.bz2
aports-6cb9533a172c3840964227cf4fda35150dfa0eb9.tar.xz
main/kamailio: security fix
https://skalatan.de/blog/advisory-hw-2018-05
-rw-r--r--main/kamailio/APKBUILD6
-rw-r--r--main/kamailio/core-improve-to-header-check-guards.patch32
2 files changed, 37 insertions, 1 deletions
diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD
index 2ff4577a60..d108e6315d 100644
--- a/main/kamailio/APKBUILD
+++ b/main/kamailio/APKBUILD
@@ -13,7 +13,7 @@ _gittag=HEAD
pkgver=4.3.5
-pkgrel=0
+pkgrel=1
[ -z "${_gitcommit}" ] && _suffix="_src" || _suffix="-${_gitcommit}"
pkgdesc="Open Source SIP Server"
@@ -232,6 +232,7 @@ source="http://www.kamailio.org/pub/kamailio/$pkgver/src/${pkgname}-${pkgver}${_
0001-musl-fixes.patch
0002-mohqueue-v0-12.patch
0003-kamdbctl-backslash.patch
+ core-improve-to-header-check-guards.patch
kamailio.cfg
kamailio.initd
"
@@ -501,17 +502,20 @@ md5sums="117e08e69a973cc0c0d63662d2f47109 kamailio-4.3.5_src.tar.gz
18863791d386659eae6ef0c82a2517ae 0001-musl-fixes.patch
324ce879bceac05b30aa9466bb74916d 0002-mohqueue-v0-12.patch
fe8f61c73264cd1c360f3876f664464d 0003-kamdbctl-backslash.patch
+7e4ec3df07c11701dee9277a5598ed8c core-improve-to-header-check-guards.patch
299706d97e30a4f0d9b4c873df422866 kamailio.cfg
39dc9355fa7d8fec425d3b17c2fb26e0 kamailio.initd"
sha256sums="2c8c963a2cd0c997c66ccc65b8d5de01fd7f4b6b6053bcf10bf746d814b313d5 kamailio-4.3.5_src.tar.gz
254ea5d4699417aec49e1aae45398a802067a8967060f2a469e278779d876d22 0001-musl-fixes.patch
93e8ed5bbe16535286ab4cb586caf01cdf11f405492d36271108333210f0c58b 0002-mohqueue-v0-12.patch
46026949a3a367ebaf0c8a7d1ffeeaa3dc67588c94dd8d558991a54996877c1f 0003-kamdbctl-backslash.patch
+35777009ffeaffcec73beb25ffb28f1dcb2b192a16d0283e75671146e991accc core-improve-to-header-check-guards.patch
8b742ff710ef67ff59ec07a260690ebcdda24fb6f0b7b64dc50433a1bacf99f2 kamailio.cfg
ba928fa914feea2b95b8c659832e3fbea25eb6ac1ce56e4c23ff58c09f1ec3b8 kamailio.initd"
sha512sums="73b28c0c8bfa8998091c6a40d74c5be057e1d8ad9838ac073bd8769fbf93448daf695040b49c432b87a38725a6debb3bd89a1080554e1f88e6fe8e305b535a87 kamailio-4.3.5_src.tar.gz
32c8e723ee858b24a3bd1313537e9348bdd895e709041d52199b7d2c4054565f3f8d203458b5a7bd5f4b09a782a972cf87f931de5bb8199e6f9786a3c9bfb3ba 0001-musl-fixes.patch
782e70cd6c17f37ca613b05c86a2ddca71b1f0d58361345ddecede2743de65095f058916e049db98e4033b937bcb7a94df77f4b5e1a78e1346d07c8d22dd51d5 0002-mohqueue-v0-12.patch
d96600f1047eac65c0eba34030baa26ee6ee953434ae5808b203cba979fbed616289d40fc588939222371d832f54cbda0a5e8ba9baa16913363e204490758167 0003-kamdbctl-backslash.patch
+4c199996bf848b2efdc6552bc48d576dd8c0f3cd0b8499f4f2e8a8695a1e7348c58828651ee971751876e97b06b358147ad0a807158d1c6af7e42770e2360a65 core-improve-to-header-check-guards.patch
c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg
cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd"
diff --git a/main/kamailio/core-improve-to-header-check-guards.patch b/main/kamailio/core-improve-to-header-check-guards.patch
new file mode 100644
index 0000000000..543ed12222
--- /dev/null
+++ b/main/kamailio/core-improve-to-header-check-guards.patch
@@ -0,0 +1,32 @@
+From 281a6c6b6eaaf30058b603325e8ded20b99e1456 Mon Sep 17 00:00:00 2001
+From: Henning Westerholt <hw@kamailio.org>
+Date: Mon, 7 May 2018 09:36:53 +0200
+Subject: [PATCH] core: improve to header check guards, str consists of length
+ and pointer
+
+---
+ msg_translator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
+index 22122768a1..4dd648e874 100644
+--- a/msg_translator.c
++++ b/msg_translator.c
+@@ -2369,7 +2369,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+ case HDR_TO_T:
+ if (new_tag && new_tag->len) {
+ to_tag=get_to(msg)->tag_value;
+- if ( to_tag.len || to_tag.s )
++ if ( to_tag.len && to_tag.s )
+ len+=new_tag->len-to_tag.len;
+ else
+ len+=new_tag->len+TOTAG_TOKEN_LEN/*";tag="*/;
+@@ -2497,7 +2497,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag,
+ break;
+ case HDR_TO_T:
+ if (new_tag && new_tag->len){
+- if (to_tag.s ) { /* replacement */
++ if (to_tag.len && to_tag.s) { /* replacement */
+ /* before to-tag */
+ append_str( p, hdr->name.s, to_tag.s-hdr->name.s);
+ /* to tag replacement */