aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2021-10-11 10:48:24 -0400
committerAndy Postnikov <apostnikov@gmail.com>2021-10-11 21:20:39 +0000
commitdfc99097d6372098d36f33a1c80961d3639293f2 (patch)
treeec8887d545db75a90d45a40a5e4d79e265e0f77e
parent3b4fd7022c6318ed385fa47f57436d5343c1506e (diff)
downloadaports-dfc99097d6372098d36f33a1c80961d3639293f2.tar.gz
aports-dfc99097d6372098d36f33a1c80961d3639293f2.tar.bz2
aports-dfc99097d6372098d36f33a1c80961d3639293f2.tar.xz
community/cpio: CVE-2021-38185 followup fixes
-rw-r--r--community/cpio/APKBUILD6
-rw-r--r--community/cpio/CVE-2021-38185-2.patch36
-rw-r--r--community/cpio/CVE-2021-38185-3.patch78
3 files changed, 119 insertions, 1 deletions
diff --git a/community/cpio/APKBUILD b/community/cpio/APKBUILD
index e65ee2b305..577c9f4605 100644
--- a/community/cpio/APKBUILD
+++ b/community/cpio/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=cpio
pkgver=2.13
-pkgrel=2
+pkgrel=3
pkgdesc="tool to copy files into or out of a cpio or tar archive"
url="https://www.gnu.org/software/cpio"
arch="all"
@@ -11,6 +11,8 @@ checkdepends="autoconf"
subpackages="$pkgname-doc"
source="$pkgname-$pkgver.tar.bz2::http://ftp.snt.utwente.nl/pub/software/gnu/cpio/cpio-$pkgver.tar.bz2
CVE-2021-38185.patch
+ CVE-2021-38185-2.patch
+ CVE-2021-38185-3.patch
gcc-10.patch
"
@@ -53,6 +55,8 @@ package() {
sha512sums="
459398e69f7f48201c04d1080218c50f75edcf114ffcbb236644ff6fcade5fcc566929bdab2ebe9be5314828d6902e43b348a8adf28351df978c8989590e93a3 cpio-2.13.tar.bz2
+60a857a51ac5bc53ef04e54cf00d065ab4dcfb0d6ec2ef4a4910ed0d62b9a8cc3c595e4ccf6d54c5d3524efc8a34284df093b335c8379392ca318ab72707ea5d CVE-2021-38185-2.patch
+53271b11f4f379efd52f364026bac982c3908e5f6b9507a318535952ae8f78c494b5abdfbaaf9e771055aa0b04c83a6dd3e24290cb433e045fed790e9c4b8ff6 CVE-2021-38185-3.patch
7cc828a5933e7eb3bd4f4f82db8579c96d5e6e99dfd07da143c9eb445823727db02819d6b7f578c89008e7fd098138d372af45369e442ea2e42b0b9296d3d772 CVE-2021-38185.patch
c04e657c05ba93a03191666de93527be6b646eaa155043db7fd517e98f7a8ed61c281efb067c66f3c14f350b869866ca21c9634ce678a17c3a108c2a4ab87276 gcc-10.patch
"
diff --git a/community/cpio/CVE-2021-38185-2.patch b/community/cpio/CVE-2021-38185-2.patch
new file mode 100644
index 0000000000..3ea1c423bb
--- /dev/null
+++ b/community/cpio/CVE-2021-38185-2.patch
@@ -0,0 +1,36 @@
+From dfc801c44a93bed7b3951905b188823d6a0432c8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Wed, 11 Aug 2021 18:10:38 +0300
+Subject: Fix previous commit
+
+* src/dstring.c (ds_reset,ds_concat): Don't call ds_resize in a
+loop.
+---
+ src/dstring.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/dstring.c b/src/dstring.c
+index 692d3e7..b7e0bb5 100644
+--- a/src/dstring.c
++++ b/src/dstring.c
+@@ -64,7 +64,7 @@ void
+ ds_reset (dynamic_string *s, size_t len)
+ {
+ while (len > s->ds_size)
+- ds_resize (s);
++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
+ s->ds_idx = len;
+ }
+
+@@ -116,7 +116,7 @@ ds_concat (dynamic_string *s, char const *str)
+ {
+ size_t len = strlen (str);
+ while (len + 1 > s->ds_size)
+- ds_resize (s);
++ s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;
+--
+cgit v1.2.1
+
diff --git a/community/cpio/CVE-2021-38185-3.patch b/community/cpio/CVE-2021-38185-3.patch
new file mode 100644
index 0000000000..35870cd81f
--- /dev/null
+++ b/community/cpio/CVE-2021-38185-3.patch
@@ -0,0 +1,78 @@
+From 236684f6deb3178043fe72a8e2faca538fa2aae1 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Wed, 18 Aug 2021 09:41:39 +0300
+Subject: Fix dynamic string reallocations
+
+* src/dstring.c (ds_resize): Take additional argument: number of
+bytes to leave available after ds_idx. All uses changed.
+---
+ src/dstring.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/src/dstring.c b/src/dstring.c
+index b7e0bb5..fd4e030 100644
+--- a/src/dstring.c
++++ b/src/dstring.c
+@@ -49,9 +49,9 @@ ds_free (dynamic_string *string)
+ /* Expand dynamic string STRING, if necessary. */
+
+ void
+-ds_resize (dynamic_string *string)
++ds_resize (dynamic_string *string, size_t len)
+ {
+- if (string->ds_idx == string->ds_size)
++ while (len + string->ds_idx >= string->ds_size)
+ {
+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
+ 1);
+@@ -63,8 +63,7 @@ ds_resize (dynamic_string *string)
+ void
+ ds_reset (dynamic_string *s, size_t len)
+ {
+- while (len > s->ds_size)
+- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
++ ds_resize (s, len);
+ s->ds_idx = len;
+ }
+
+@@ -86,10 +85,10 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos)
+ /* Read the input string. */
+ while ((next_ch = getc (f)) != eos && next_ch != EOF)
+ {
+- ds_resize (s);
++ ds_resize (s, 0);
+ s->ds_string[s->ds_idx++] = next_ch;
+ }
+- ds_resize (s);
++ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = '\0';
+
+ if (s->ds_idx == 0 && next_ch == EOF)
+@@ -101,12 +100,12 @@ ds_fgetstr (FILE *f, dynamic_string *s, char eos)
+ void
+ ds_append (dynamic_string *s, int c)
+ {
+- ds_resize (s);
++ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = c;
+ if (c)
+ {
+ s->ds_idx++;
+- ds_resize (s);
++ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = 0;
+ }
+ }
+@@ -115,8 +114,7 @@ void
+ ds_concat (dynamic_string *s, char const *str)
+ {
+ size_t len = strlen (str);
+- while (len + 1 > s->ds_size)
+- s->ds_string = x2nrealloc (s->ds_string, &s->ds_size, 1);
++ ds_resize (s, len);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;
+--
+cgit v1.2.1
+