aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2020-04-17 12:44:08 +0200
committerSören Tempel <soeren+git@soeren-tempel.net>2020-04-17 12:54:25 +0200
commit8dc38ebaea189e1ada9a64ef29baba9e91e57799 (patch)
treefb342940711ed35d613ea57b9c8785224bc51c2c
parent70c5111c08c96861682fc21db445c066f5d9e328 (diff)
main/mcpp: fix CVE-2019-14274
Patch taken from Debian.
-rw-r--r--main/mcpp/APKBUILD18
-rw-r--r--main/mcpp/CVE-2019-14274.patch52
2 files changed, 61 insertions, 9 deletions
diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD
index 85aaff93b30..f102d1dc8ec 100644
--- a/main/mcpp/APKBUILD
+++ b/main/mcpp/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=mcpp
pkgver=2.7.2
-pkgrel=1
+pkgrel=2
pkgdesc="A portable C preprocessor"
url="http://mcpp.sourceforge.net"
arch="all"
@@ -13,7 +13,12 @@ makedepends=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
01-zeroc-fixes.patch
- 02-gniibe-fixes.patch"
+ 02-gniibe-fixes.patch
+ CVE-2019-14274.patch"
+
+# secfixes:
+# 2.7.2-r2:
+# - CVE-2019-14274
prepare() {
cd "$builddir"
@@ -45,12 +50,7 @@ package() {
"$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
}
-md5sums="512de48c87ab023a69250edc7a0c7b05 mcpp-2.7.2.tar.gz
-e231a2c976ccf14b548deaee840faeb7 01-zeroc-fixes.patch
-1801827678e80d0ef73655a88064a35b 02-gniibe-fixes.patch"
-sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864 mcpp-2.7.2.tar.gz
-6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c 01-zeroc-fixes.patch
-30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504 02-gniibe-fixes.patch"
sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz
86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch
-a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch"
+a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch
+12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882 CVE-2019-14274.patch"
diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch
new file mode 100644
index 00000000000..717b16fe9dd
--- /dev/null
+++ b/main/mcpp/CVE-2019-14274.patch
@@ -0,0 +1,52 @@
+Description: Fix for a bug reported to sourceforge.net #13
+ by fixing error messages.
+ Also, fix erroneous messages.
+Author: NIIBE Yutaka
+
+Index: mcpp/src/support.c
+===================================================================
+--- mcpp.orig/src/support.c
++++ mcpp/src/support.c
+@@ -822,7 +822,7 @@ escape:
+ if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
+ && (warn_level & 1))
+ cwarn(
+- "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */
++ "Illegal control character %.0s0x%02x in quotation" /* _W1_ */
+ , NULL, (long) c, NULL);
+ *out_p++ = c;
+ chk_limit:
+@@ -861,10 +861,10 @@ chk_limit:
+ if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+ /* STD, KR */
+ if (warn_level & 1)
+- cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
++ cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
+ goto done;
+ } else {
+- cerror( unterm_char, out, 0L, skip); /* _E_ */
++ cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */
+ }
+ } else {
+ cerror( "Unterminated header name %s%.0ld%s" /* _E_ */
+@@ -875,9 +875,9 @@ chk_limit:
+ if (mcpp_mode != POST_STD && option_flags.lang_asm) {
+ /* STD, KR */
+ if (warn_level & 1)
+- cwarn( empty_const, out, 0L, skip); /* _W1_ */
++ cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */
+ } else {
+- cerror( empty_const, out, 0L, skip); /* _E_ */
++ cerror( empty_const, NULL, (long)delim, skip); /* _E_ */
+ out_p = NULL;
+ goto done;
+ }
+@@ -1774,7 +1774,7 @@ not_comment:
+ default:
+ if (iscntrl( c)) {
+ cerror( /* Skip the control character */
+- "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */
++ "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */
+ , NULL, (long) c, NULL);
+ } else { /* Any valid character */
+ *tp++ = c;