aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-11-26 14:03:34 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-11-26 14:51:13 +0100
commit8e6d8b010f1e439ab87a028379aff20da95eb2c4 (patch)
treef5a52b63c3c7c1fd4fb4718a2d59676fe2bae8db
parent05f7d5b0918696173d90aa243d8a818ebe7d721e (diff)
downloadaports-8e6d8b010f1e439ab87a028379aff20da95eb2c4.tar.gz
aports-8e6d8b010f1e439ab87a028379aff20da95eb2c4.tar.bz2
aports-8e6d8b010f1e439ab87a028379aff20da95eb2c4.tar.xz
community/libsoup: fix CVE-2019-17266
ref #10991
-rw-r--r--community/libsoup/APKBUILD11
-rw-r--r--community/libsoup/CVE-2019-17266.patch35
2 files changed, 43 insertions, 3 deletions
diff --git a/community/libsoup/APKBUILD b/community/libsoup/APKBUILD
index 8c10337e27..3d56e13d07 100644
--- a/community/libsoup/APKBUILD
+++ b/community/libsoup/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=libsoup
pkgver=2.66.2
-pkgrel=1
+pkgrel=2
pkgdesc="Gnome HTTP client/server Library"
url="https://wiki.gnome.org/Projects/libsoup"
arch="all"
@@ -12,9 +12,13 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
depends="glib-networking gsettings-desktop-schemas"
makedepends="libgcrypt-dev libgpg-error-dev zlib-dev meson gtk-doc
gobject-introspection-dev vala libxml2-dev libpsl-dev sqlite-dev"
-source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz"
+source="https://download.gnome.org/sources/libsoup/${pkgver%.*}/libsoup-$pkgver.tar.xz
+ CVE-2019-17266.patch
+ "
# secfixes:
+# 2.66.2-r2:
+# - CVE-2019-17266
# 2.58.2-r0:
# - CVE-2017-2885
@@ -37,4 +41,5 @@ check() {
package() {
DESTDIR="$pkgdir" ninja -C output install
}
-sha512sums="1df443470239f23d22301e37e36f3d34963352ee0122f317cd15b19d90115831091bddcee27bc6f0d4994adcf4e5bd9c0395de2bd7f39ae305ba0edea7789092 libsoup-2.66.2.tar.xz"
+sha512sums="1df443470239f23d22301e37e36f3d34963352ee0122f317cd15b19d90115831091bddcee27bc6f0d4994adcf4e5bd9c0395de2bd7f39ae305ba0edea7789092 libsoup-2.66.2.tar.xz
+0bf7cfb12afc32329e5ad55cbf7b399cde5582f97f3bdaefa97d648cfcc8e99588d851658489e4be79c57f5472f7f98cd2e38d16ead49db5a8398c60f6e166fd CVE-2019-17266.patch"
diff --git a/community/libsoup/CVE-2019-17266.patch b/community/libsoup/CVE-2019-17266.patch
new file mode 100644
index 0000000000..54e49c0ec6
--- /dev/null
+++ b/community/libsoup/CVE-2019-17266.patch
@@ -0,0 +1,35 @@
+From f8a54ac85eec2008c85393f331cdd251af8266ad Mon Sep 17 00:00:00 2001
+From: Claudio Saavedra <csaavedra@igalia.com>
+Date: Mon, 7 Oct 2019 16:32:15 +0300
+Subject: [PATCH] NTLM: Avoid a potential heap buffer overflow in v2
+ authentication
+
+Check the length of the decoded v2 challenge before attempting to
+parse it, to avoid reading past it.
+
+Fixes #173
+---
+ libsoup/soup-auth-ntlm.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
+index ce0b0f5c..2d078461 100644
+--- a/libsoup/soup-auth-ntlm.c
++++ b/libsoup/soup-auth-ntlm.c
+@@ -731,6 +731,12 @@ soup_ntlm_parse_challenge (const char *challenge,
+ *ntlmv2_session = (flags & NTLM_FLAGS_NEGOTIATE_NTLMV2) ? TRUE : FALSE;
+ /* To know if NTLMv2 responses should be calculated */
+ *negotiate_target = (flags & NTLM_FLAGS_NEGOTIATE_TARGET_INFORMATION ) ? TRUE : FALSE;
++ if (*negotiate_target) {
++ if (clen < NTLM_CHALLENGE_TARGET_INFORMATION_OFFSET + sizeof (target)) {
++ g_free (chall);
++ return FALSE;
++ }
++ }
+
+ if (default_domain) {
+ memcpy (&domain, chall + NTLM_CHALLENGE_DOMAIN_STRING_OFFSET, sizeof (domain));
+--
+2.22.0
+
+