aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTBK <tbk@jjtc.eu>2020-04-23 15:35:09 +0200
committerLeo <thinkabit.ukim@gmail.com>2020-04-23 14:49:08 +0000
commit82bc7fb60da9290cd137ac8f7365bcbd966ce731 (patch)
tree0c050db1d5dc5d4a27ea6650c2b339282af28b11
parentf405590628e306f0d330930b043de953f5f1eb26 (diff)
downloadaports-82bc7fb60da9290cd137ac8f7365bcbd966ce731.tar.gz
aports-82bc7fb60da9290cd137ac8f7365bcbd966ce731.tar.bz2
aports-82bc7fb60da9290cd137ac8f7365bcbd966ce731.tar.xz
community/advancecomp: patch CVE-2019-9210
Fixes #11441
-rw-r--r--community/advancecomp/APKBUILD13
-rw-r--r--community/advancecomp/CVE-2019-9210.patch88
2 files changed, 98 insertions, 3 deletions
diff --git a/community/advancecomp/APKBUILD b/community/advancecomp/APKBUILD
index 6b13f40232..bd3739305b 100644
--- a/community/advancecomp/APKBUILD
+++ b/community/advancecomp/APKBUILD
@@ -2,14 +2,20 @@
# Maintainer: TBK <alpine@jjtc.eu>
pkgname=advancecomp
pkgver=2.1
-pkgrel=1
+pkgrel=2
pkgdesc="A collection of recompression utilities for your .ZIP archives, .PNG snapshots, .MNG video clips and .GZ files"
url="https://www.advancemame.it/"
arch="all"
license="GPL-3.0-or-later"
makedepends="automake autoconf libtool zlib-dev"
subpackages="$pkgname-doc"
-source="$pkgname-$pkgver.tar.gz::https://github.com/amadvance/advancecomp/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/amadvance/advancecomp/archive/v$pkgver.tar.gz
+ CVE-2019-9210.patch
+ "
+
+# secfixes:
+# 2.1-r2:
+# - CVE-2019-9210
prepare() {
default_prepare
@@ -30,4 +36,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="9789e2abfc17a1630efcb15c04c8806edfd8ca074f19f53476c9f4057287a661de2cb386ad6c81c0112c127ac1283cc6b3162c15765d3b4623c800ce2d240cbc advancecomp-2.1.tar.gz"
+sha512sums="9789e2abfc17a1630efcb15c04c8806edfd8ca074f19f53476c9f4057287a661de2cb386ad6c81c0112c127ac1283cc6b3162c15765d3b4623c800ce2d240cbc advancecomp-2.1.tar.gz
+df6a05acbc6e603e9c870911ed66f865f354652f9645ae014e8d665b867b7d316ea243f477980053bcbe3276f5976a68818c7b3693d603de41a40e49677582f6 CVE-2019-9210.patch"
diff --git a/community/advancecomp/CVE-2019-9210.patch b/community/advancecomp/CVE-2019-9210.patch
new file mode 100644
index 0000000000..c7cb056b79
--- /dev/null
+++ b/community/advancecomp/CVE-2019-9210.patch
@@ -0,0 +1,88 @@
+From 7894a6e684ce68ddff9f4f4919ab8e3911ac8040 Mon Sep 17 00:00:00 2001
+From: Andrea Mazzoleni <amadvance@gmail.com>
+Date: Fri, 4 Jan 2019 20:49:48 +0100
+Subject: [PATCH] Fix a buffer overflow caused by invalid chunks
+
+---
+ pngex.cc | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/pngex.cc b/pngex.cc
+index 55d16f5..3f5b49f 100644
+--- a/pngex.cc
++++ b/pngex.cc
+@@ -163,6 +163,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+
+ switch (type) {
+ case ADV_MNG_CN_MHDR :
++ if (size < 28) {
++ cout << " invalid chunk size";
++ break;
++ }
+ cout << " width:" << be_uint32_read(data+0) << " height:" << be_uint32_read(data+4) << " frequency:" << be_uint32_read(data+8);
+ cout << " simplicity:" << be_uint32_read(data+24);
+ cout << "(bit";
+@@ -174,6 +178,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ cout << ")";
+ break;
+ case ADV_MNG_CN_DHDR :
++ if (size < 4) {
++ cout << " invalid chunk size";
++ break;
++ }
+ cout << " id:" << be_uint16_read(data+0);
+ switch (data[2]) {
+ case 0 : cout << " img:unspecified"; break;
+@@ -243,6 +251,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ }
+ break;
+ case ADV_MNG_CN_DEFI :
++ if (size < 2) {
++ cout << " invalid chunk size";
++ break;
++ }
+ cout << " id:" << be_uint16_read(data+0);
+ if (size >= 3) {
+ switch (data[2]) {
+@@ -266,6 +278,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ }
+ break;
+ case ADV_MNG_CN_MOVE :
++ if (size < 13) {
++ cout << " invalid chunk size";
++ break;
++ }
+ cout << " id_from:" << be_uint16_read(data+0) << " id_to:" << be_uint16_read(data+2);
+ switch (data[4]) {
+ case 0 : cout << " type:replace"; break;
+@@ -275,6 +291,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ cout << " x:" << (int)be_uint32_read(data + 5) << " y:" << (int)be_uint32_read(data + 9);
+ break;
+ case ADV_MNG_CN_PPLT :
++ if (size < 1) {
++ cout << " invalid chunk size";
++ break;
++ }
+ switch (data[0]) {
+ case 0 : cout << " type:replacement_rgb"; break;
+ case 1 : cout << " type:delta_rgb"; break;
+@@ -285,7 +305,7 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ default : cout << " type:?"; break;
+ }
+ i = 1;
+- while (i<size) {
++ while (i + 1 < size) {
+ unsigned ssize;
+ cout << " " << (unsigned)data[i] << ":" << (unsigned)data[i+1];
+ if (data[0] == 0 || data[1] == 1)
+@@ -298,6 +318,10 @@ void png_print_chunk(unsigned type, unsigned char* data, unsigned size)
+ }
+ break;
+ case ADV_PNG_CN_IHDR :
++ if (size < 13) {
++ cout << " invalid chunk size";
++ break;
++ }
+ cout << " width:" << be_uint32_read(data) << " height:" << be_uint32_read(data + 4);
+ cout << " depth:" << (unsigned)data[8];
+ cout << " color_type:" << (unsigned)data[9];