aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-26 15:03:23 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-26 18:13:51 +0000
commit7b7625a81b8571398c20ac7e40ff345e3dfe118c (patch)
tree62b31c96a608fd288dce4eaa418e67e82163e155
parenta03d4c39806e50ed74c534b897f798f29c0d4c8c (diff)
downloadaports-7b7625a81b8571398c20ac7e40ff345e3dfe118c.tar.gz
aports-7b7625a81b8571398c20ac7e40ff345e3dfe118c.tar.bz2
aports-7b7625a81b8571398c20ac7e40ff345e3dfe118c.tar.xz
main/libmspack: fix CVE-2019-1010305
see #10814
-rw-r--r--main/libmspack/APKBUILD11
-rw-r--r--main/libmspack/CVE-2019-1010305.patch39
2 files changed, 47 insertions, 3 deletions
diff --git a/main/libmspack/APKBUILD b/main/libmspack/APKBUILD
index 83f62b4eab..10fa5d6869 100644
--- a/main/libmspack/APKBUILD
+++ b/main/libmspack/APKBUILD
@@ -2,18 +2,22 @@
pkgname=libmspack
pkgver=0.8_alpha
_ver=${pkgver/_/}
-pkgrel=0
+pkgrel=1
pkgdesc="Library for Microsoft CAB compression formats"
url="https://www.cabextract.org.uk/libmspack/"
arch="all"
license="LGPL-2.1-only"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-utils"
-source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz"
+source="https://www.cabextract.org.uk/libmspack/libmspack-$_ver.tar.gz
+ CVE-2019-1010305.patch
+ "
builddir="$srcdir"/libmspack-$_ver
# secfixes:
+# 0.8_alpha-r1:
+# - CVE-2019-1010305
# 0.8_alpha-r0:
# - CVE-2018-18584
# - CVE-2018-18585
@@ -58,4 +62,5 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr
}
-sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz"
+sha512sums="d178afc4d2eded204594c81af1c91be17d3be4f1a09829e08c103023aa7badc6b2595e9ec13cc7f77e3262d2cd874ed40ce6da01695c5c839682562740d2bf0a libmspack-0.8alpha.tar.gz
+4c5f5ab9d597538303ce2adf27014db715603afdde50904cd3cb363077f2ff883086cf9ccf1072fa516f73df4652bec3bddd81854aeac5f11c0698d1cfb59cdf CVE-2019-1010305.patch"
diff --git a/main/libmspack/CVE-2019-1010305.patch b/main/libmspack/CVE-2019-1010305.patch
new file mode 100644
index 0000000000..af113af2d3
--- /dev/null
+++ b/main/libmspack/CVE-2019-1010305.patch
@@ -0,0 +1,39 @@
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index 1d198bf..26c1b18 100644
+--- a/mspack/chmd.c
++++ b/mspack/chmd.c
+@@ -482,21 +482,19 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+ fi->filename[name_len] = '\0';
+
+ if (name[0] == ':' && name[1] == ':') {
+- /* system file */
+- if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
+- if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
+- chm->sec1.content = fi;
+- }
+- else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
+- chm->sec1.control = fi;
+- }
+- else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
+- chm->sec1.spaninfo = fi;
+- }
+- else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+- chm->sec1.rtable = fi;
+- }
+- }
++ /* system file */
++ if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
++ chm->sec1.content = fi;
++ }
++ else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
++ chm->sec1.control = fi;
++ }
++ else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
++ chm->sec1.spaninfo = fi;
++ }
++ else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
++ chm->sec1.rtable = fi;
++ }
+ fi->next = chm->sysfiles;
+ chm->sysfiles = fi;
+ }