aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-28 09:11:32 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-29 11:25:46 +0000
commit867138742023dde9397648e41743a9173432a7b2 (patch)
treea5491b6bdf28349192443b96fed9bfa77f59f82c
parentceff67c5d40cc138ae037f8aff6b1e3c3d00deb9 (diff)
main/file: fix CVE-2019-18218
ref #10911 Closes !887
-rw-r--r--main/file/APKBUILD11
-rw-r--r--main/file/CVE-2019-18218.patch40
2 files changed, 48 insertions, 3 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD
index 433245e420b..d1b7fbbcca9 100644
--- a/main/file/APKBUILD
+++ b/main/file/APKBUILD
@@ -2,17 +2,21 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=file
pkgver=5.37
-pkgrel=0
+pkgrel=1
pkgdesc="File type identification utility"
url="https://www.darwinsys.com/file"
arch="all"
license="BSD-2-Clause"
makedepends="autoconf libtool automake"
subpackages="$pkgname-dev $pkgname-doc libmagic"
-source=$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz
+source="$pkgname-$pkgver.tar.gz::https://github.com/file/file/archive/FILE${pkgver/./_}.tar.gz
+ CVE-2019-18218.patch
+ "
builddir="$srcdir/$pkgname-FILE${pkgver/./_}"
# secfixes:
+# 5.37-r1:
+# - CVE-2019-19218
# 5.36-r0:
# - CVE-2019-1543
# - CVE-2019-8904
@@ -44,4 +48,5 @@ libmagic() {
mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr
}
-sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz"
+sha512sums="9b6ae3dd910a03d2161c91ebc75ac91eb7dbd279563462b77daf902d9ae9f0a70de12c37a498b20c6357d6594059d01841bfd104592107b65c08d8343fca19d2 file-5.37.tar.gz
+d70c5d298db7f70c45feaeebb077f076e6f1b5bcccb85926afeead64838436fd42681541d56f4fbe35b97dd76bfdbf3abf2665894c18999b37d2ca3fe2f2cf17 CVE-2019-18218.patch"
diff --git a/main/file/CVE-2019-18218.patch b/main/file/CVE-2019-18218.patch
new file mode 100644
index 00000000000..e7eba449222
--- /dev/null
+++ b/main/file/CVE-2019-18218.patch
@@ -0,0 +1,40 @@
+Source: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 556a3ff..8bb0a6d 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1013,8 +1013,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ goto out;
+ }
+ nelements = CDF_GETUINT32(q, 1);
+- if (nelements == 0) {
+- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++ DPRINTF(("CDF_VECTOR with nelements == %"
++ SIZE_T_FORMAT "u\n", nelements));
+ goto out;
+ }
+ slen = 2;
+@@ -1056,8 +1057,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ goto out;
+ inp += nelem;
+ }
+- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+- nelements));
+ for (j = 0; j < nelements && i < sh.sh_properties;
+ j++, i++)
+ {
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554..0505666 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+
+ #define CDF_LOOP_LIMIT 10000
++#define CDF_ELEMENT_LIMIT 100000
+
+ #define CDF_SECID_NULL 0
+ #define CDF_SECID_FREE -1
+