aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-24 23:50:22 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-28 20:59:13 +0000
commitc6bb37d9b3b97ad919485aa1bdc99206d3f41a5b (patch)
treed28de8da2eea7cec633b34d526da78e16998bbfd
parentbac59df7da74c2932027eda4e6ae0f0d29a54746 (diff)
downloadaports-c6bb37d9b3b97ad919485aa1bdc99206d3f41a5b.tar.gz
aports-c6bb37d9b3b97ad919485aa1bdc99206d3f41a5b.tar.bz2
aports-c6bb37d9b3b97ad919485aa1bdc99206d3f41a5b.tar.xz
main/nmap: fix CVE-2018-15173 and CVE-2017-18594
ref #10899 Closes !814
-rw-r--r--main/nmap/APKBUILD16
-rw-r--r--main/nmap/CVE-2017-18594.patch30
-rw-r--r--main/nmap/CVE-2018-15173.patch34
3 files changed, 77 insertions, 3 deletions
diff --git a/main/nmap/APKBUILD b/main/nmap/APKBUILD
index 5254d983ed..3bf7004629 100644
--- a/main/nmap/APKBUILD
+++ b/main/nmap/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=nmap
pkgver=7.60
-pkgrel=2
+pkgrel=3
pkgdesc="A network exploration tool and security/port scanner"
url="http://nmap.org"
arch="all"
@@ -16,9 +16,17 @@ subpackages="
$pkgname-nping
$pkgname-ncat"
source="http://nmap.org/dist/$pkgname-$pkgver.tar.bz2
- fortify-source.patch"
+ fortify-source.patch
+ CVE-2017-18594.patch
+ CVE-2018-15173.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 7.60-r3:
+# - CVE-2017-18594
+# - CVE-2018-15173
+
prepare() {
default_prepare
update_config_sub
@@ -83,4 +91,6 @@ nping() {
}
sha512sums="74ba8f6de026ade9ee6bb2252bee18a57210f8207977df7f1c04556629dcdc1e6127f33febc8a52ef88a1dac876116d590564dee4f1c23798c3ac37529991aa4 nmap-7.60.tar.bz2
-2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch"
+2d1f6e290723ac643f456a0e1ac95c4c966106cf2ab743839d25c835bf0141dc2d6bfee19285c3518d4c5f553b0505dabe5a496b769ba47b7adb03e791f05b8d fortify-source.patch
+a3edb3dc75d4dfa20ebed17b97044f1024b1a9d58145bfc31f3e8bd9d299f047aae47c146866fdfa62fab18383f60dd1ae41091adda0ff7db4a017756886d97d CVE-2017-18594.patch
+9e439f09e9499a5664aa376273c84cdfc12f9c6854ed218e63c1a48fb76e5a63a8410bc946c4f2dbcb47784161bb75b0c7f45706b83845ec6f612790382bb4e2 CVE-2018-15173.patch"
diff --git a/main/nmap/CVE-2017-18594.patch b/main/nmap/CVE-2017-18594.patch
new file mode 100644
index 0000000000..d6cbce77e7
--- /dev/null
+++ b/main/nmap/CVE-2017-18594.patch
@@ -0,0 +1,30 @@
+diff --git a/nse_libssh2.cc b/nse_libssh2.cc
+index bf721b6..22f5bbf 100644
+--- a/nse_libssh2.cc
++++ b/nse_libssh2.cc
+@@ -13,7 +13,6 @@ extern "C" {
+ #include "libssh2.h"
+ }
+
+-#include "nse_debug.h"
+ #include "nse_nsock.h"
+ #include "nse_utility.h"
+
+@@ -296,6 +295,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) {
+
+ if (rc) {
+ libssh2_session_free(sshu->session);
++ sshu->session = NULL;
+ return luaL_error(L, "Unable to complete libssh2 handshake.");
+ }
+
+@@ -479,7 +479,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) {
+ }
+
+ /*
+-* Returns list of supported authenication methods
++* Returns list of supported authentication methods
+ */
+ static int l_userauth_list (lua_State *L) {
+ return userauth_list(L, 0, 0);
+
diff --git a/main/nmap/CVE-2018-15173.patch b/main/nmap/CVE-2018-15173.patch
new file mode 100644
index 0000000000..4b066dbd97
--- /dev/null
+++ b/main/nmap/CVE-2018-15173.patch
@@ -0,0 +1,34 @@
+diff --git a/service_scan.cc b/service_scan.cc
+index 1273513..0a431d6 100644
+--- a/service_scan.cc
++++ b/service_scan.cc
+@@ -489,6 +489,15 @@ void ServiceProbeMatch::InitMatch(const char *matchtext, int lineno) {
+ if (pcre_errptr != NULL)
+ fatal("%s: failed to pcre_study regexp on line %d of nmap-service-probes: %s\n", __func__, lineno, pcre_errptr);
+
++ // Set some limits to avoid evil match cases.
++ // These are flexible; if they cause problems, increase them.
++#ifdef PCRE_ERROR_MATCHLIMIT
++ regex_extra->match_limit = 100000; // 100K
++#endif
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ regex_extra->match_limit_recursion = 10000; // 10K
++#endif
++
+ free(modestr);
+ free(flags);
+
+@@ -568,6 +577,12 @@ const struct MatchDetails *ServiceProbeMatch::testMatch(const u8 *buf, int bufle
+ if (o.debugging || o.verbose > 1)
+ error("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
+ } else
++#endif // PCRE_ERROR_MATCHLIMIT
++#ifdef PCRE_ERROR_RECURSIONLIMIT
++ if (rc == PCRE_ERROR_RECURSIONLIMIT) {
++ if (o.debugging || o.verbose > 1)
++ error("Warning: Hit PCRE_ERROR_RECURSIONLIMIT when probing for service %s with the regex '%s'", servicename, matchstr);
++ } else
+ #endif // PCRE_ERROR_MATCHLIMIT
+ if (rc != PCRE_ERROR_NOMATCH) {
+ fatal("Unexpected PCRE error (%d) when probing for service %s with the regex '%s'", rc, servicename, matchstr);
+