aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2019-12-24 11:33:40 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2019-12-24 12:44:58 +0100
commitae0d0538a6d887aa919e257b5d2e386000418efa (patch)
treeb8c18cbd4436fbb67f9d81fd5031edcda507688c
parent33832d93c0d87e0c90f543ea973e7d12ea27a3ee (diff)
downloadaports-ae0d0538a6d887aa919e257b5d2e386000418efa.tar.gz
aports-ae0d0538a6d887aa919e257b5d2e386000418efa.tar.bz2
aports-ae0d0538a6d887aa919e257b5d2e386000418efa.tar.xz
main/cyrus-sasl: fix CVE-2019-19906
fixes #11079
-rw-r--r--main/cyrus-sasl/APKBUILD18
-rw-r--r--main/cyrus-sasl/CVE-2019-19906.patch15
2 files changed, 21 insertions, 12 deletions
diff --git a/main/cyrus-sasl/APKBUILD b/main/cyrus-sasl/APKBUILD
index bbd1ff5980..439d48bd7e 100644
--- a/main/cyrus-sasl/APKBUILD
+++ b/main/cyrus-sasl/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cyrus-sasl
pkgver=2.1.26
-pkgrel=14
+pkgrel=15
pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
url="https://cyrusimap.org/"
arch="all"
@@ -19,9 +19,12 @@ source="ftp://ftp.cyrusimap.org/$pkgname/$pkgname-$pkgver.tar.gz
cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
cyrus-sasl-2.1.26-size_t.patch
CVE-2013-4122.patch
+ CVE-2019-19906.patch
"
# secfixes:
+# 2.1.26-r15:
+# - CVE-2019-19906
# 2.1.26-r7:
# - CVE-2013-4122
@@ -107,18 +110,9 @@ libsasl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
-md5sums="a7f4e5e559a0e37b3ffc438c9456e425 cyrus-sasl-2.1.26.tar.gz
-6e7cbe301015777bf53d5f08ac4362f0 saslauthd.initd
-085acdc345bcce896f3eea8956cc0892 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
-bcaafcbc79054e8356217213d6eda16d cyrus-sasl-2.1.26-size_t.patch
-8b3f65a7c8fbcbd7b7da2865f71b8aa7 CVE-2013-4122.patch"
-sha256sums="8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 cyrus-sasl-2.1.26.tar.gz
-d6d23c360d52cf35bf266ce32b7c0eccafd79f55daa3e97733a899c97211a90c saslauthd.initd
-80cb9cf22b0507b503ff0cf6c5946a44eb5c3808e0a77e66d56d5a53e5e76fa7 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
-b85b20bdd25b42098e07a8ba7e435f02b5cd882dcf69572c4d32de4a5e4f41bb cyrus-sasl-2.1.26-size_t.patch
-e32013e7ba1d9a80c18524a413f3b3c4bfc325e1c07b1552908b631edb803346 CVE-2013-4122.patch"
sha512sums="78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 cyrus-sasl-2.1.26.tar.gz
71a00a22f91f0fb6ba2796acede321a0f071b1d7a99616f0e36c354213777f30575c340b6df392dcbfc103ba7640d046144882f6a7b505f59709bb5c429b44d8 saslauthd.initd
033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
fe4c3e6d5230eb50b9e6885129760a12e7bce316b41a3e58b2c550fa83526b91205cd827f7d1367751313559875d32982b95b024b1a22300ac5b35214e7c2b78 cyrus-sasl-2.1.26-size_t.patch
-08964bc3ad713e137b8f05f9bac345d79676d14784bc37525f195e8e2a3e6740428237b64f7eeeacc0c71ed6cf1664c6e9c2267ac6df327761d92174a1853744 CVE-2013-4122.patch"
+08964bc3ad713e137b8f05f9bac345d79676d14784bc37525f195e8e2a3e6740428237b64f7eeeacc0c71ed6cf1664c6e9c2267ac6df327761d92174a1853744 CVE-2013-4122.patch
+c39efd87dc9c883d3b07474197f6835fbd32f23baa1f5cd04b25a0473639f847321c40f232e390d4dc9d9ee189dbd177c05d3d1461af4d28a48a4827abc5d9b8 CVE-2019-19906.patch"
diff --git a/main/cyrus-sasl/CVE-2019-19906.patch b/main/cyrus-sasl/CVE-2019-19906.patch
new file mode 100644
index 0000000000..f7edb521e8
--- /dev/null
+++ b/main/cyrus-sasl/CVE-2019-19906.patch
@@ -0,0 +1,15 @@
+https://github.com/cyrusimap/cyrus-sasl/issues/587
+
+diff --git a/lib/common.c b/lib/common.c
+index bc3bf1df..9969d6aa 100644
+--- a/lib/common.c
++++ b/lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
+
+ if (add==NULL) add = "(null)";
+
+- addlen=strlen(add); /* only compute once */
++ addlen=strlen(add)+1; /* only compute once */
+ if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+ return SASL_NOMEM;
+