aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-07-16 15:50:16 -0300
committerNatanael Copa <ncopa@alpinelinux.org>2019-07-17 07:08:38 +0200
commite417e312a2460b385bd5003089c29af549f19b14 (patch)
tree9e8bd590ed2edce8028da5183c3c20886b81f9fb
parentd53ed0c4c1d95491577c154f337313ee72703ef8 (diff)
downloadaports-e417e312a2460b385bd5003089c29af549f19b14.tar.gz
aports-e417e312a2460b385bd5003089c29af549f19b14.tar.bz2
aports-e417e312a2460b385bd5003089c29af549f19b14.tar.xz
main/file: backport a few CVE fixes
-rw-r--r--main/file/APKBUILD17
-rw-r--r--main/file/CVE-2019-8905-and-CVE-2019-8907.patch102
-rw-r--r--main/file/CVE-2019-8906.patch14
3 files changed, 130 insertions, 3 deletions
diff --git a/main/file/APKBUILD b/main/file/APKBUILD
index 58477ab711..ad6680b832 100644
--- a/main/file/APKBUILD
+++ b/main/file/APKBUILD
@@ -2,15 +2,24 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=file
pkgver=5.32
-pkgrel=0
+pkgrel=1
pkgdesc="File type identification utility"
url="http://www.darwinsys.com/file/"
arch="all"
license="BSD"
subpackages="$pkgname-dev $pkgname-doc libmagic"
-source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"
+source="ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz
+ CVE-2019-8906.patch
+ CVE-2019-8905-and-CVE-2019-8907.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 5.32-r1:
+# - CVE-2019-8905
+# - CVE-2019-8906
+# - CVE-2019-8907
+
build() {
cd "$builddir"
./configure \
@@ -37,4 +46,6 @@ libmagic() {
mv "$pkgdir"/usr/lib "$pkgdir"/usr/share "$subpkgdir"/usr
}
-sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f file-5.32.tar.gz"
+sha512sums="315343229fa196335389544ee8010e9e80995ef4721938492dedcfb0465dfc45e1feb96f26dfe53cab484fb5d9bac54d2d72917fbfd28a1d998c6ad8c8f9792f file-5.32.tar.gz
+f54a16dbca2b5a490405e323924fb2657cc67f73648ad5203b41c13da1dc98e5ca64fc6c94415386538d3c2124f487fc3bf86082ce1571a24d05f5a5e213da08 CVE-2019-8906.patch
+5b8058fd39d9f9d91c7d8377708068dc0161abdbbb7fdb3d1bd9358b297133e425252758b45cccec937a7c51226d4f6dd67f5a13ff935a4353a44f140f011a7e CVE-2019-8905-and-CVE-2019-8907.patch"
diff --git a/main/file/CVE-2019-8905-and-CVE-2019-8907.patch b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch
new file mode 100644
index 0000000000..d81c54636f
--- /dev/null
+++ b/main/file/CVE-2019-8905-and-CVE-2019-8907.patch
@@ -0,0 +1,102 @@
+diff --git a/src/file.h b/src/file.h
+index eb9c054..6d9d204 100644
+--- a/src/file.h
++++ b/src/file.h
+@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsigned char *, size_t, unichar *,
+ size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ size_t);
+diff --git a/src/funcs.c b/src/funcs.c
+index d7a18f4..eb44261 100644
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, file_pushbuf_t *pb)
+ * convert string to ascii printable format.
+ */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+- char *ptr, *eptr;
++ char *ptr, *eptr = buf + bufsiz - 1;
+ const unsigned char *s = (const unsigned char *)str;
++ const unsigned char *es = s + slen;
+
+- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
+ if (isprint(*s)) {
+ *ptr++ = *s;
+ continue;
+diff --git a/src/readelf.c b/src/readelf.c
+index 5f425c9..ee466fc 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -725,7 +725,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ file_printable(sbuf, sizeof(sbuf),
+- CAST(char *, pi.cpi_name)),
++ CAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ elf_getu32(swap, pi.cpi_pid),
+ elf_getu32(swap, pi.cpi_euid),
+ elf_getu32(swap, pi.cpi_egid),
+@@ -1563,7 +1563,8 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
+ return -1;
+ if (interp[0])
+ if (file_printf(ms, ", interpreter %s",
+- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++ file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
++ == -1)
+ return -1;
+ return 0;
+ }
+diff --git a/src/softmagic.c b/src/softmagic.c
+index b9e9753..fa82d58 100644
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -544,8 +544,8 @@ mprint(struct magic_set *ms, struct magic *m)
+ case FILE_LESTRING16:
+ if (m->reln == '=' || m->reln == '!') {
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), m->value.s))
+- == -1)
++ file_printable(sbuf, sizeof(sbuf), m->value.s,
++ sizeof(m->value.s))) == -1)
+ return -1;
+ t = ms->offset + m->vallen;
+ }
+@@ -572,7 +572,8 @@ mprint(struct magic_set *ms, struct magic *m)
+ }
+
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), str)) == -1)
++ file_printable(sbuf, sizeof(sbuf), str,
++ sizeof(p->s) - (str - p->s))) == -1)
+ return -1;
+
+ if (m->type == FILE_PSTRING)
+@@ -678,7 +679,7 @@ mprint(struct magic_set *ms, struct magic *m)
+ return -1;
+ }
+ rval = file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), cp));
++ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ free(cp);
+
+ if (rval == -1)
+@@ -705,7 +706,8 @@ mprint(struct magic_set *ms, struct magic *m)
+ break;
+ case FILE_DER:
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++ sizeof(ms->ms_value.s))) == -1)
+ return -1;
+ t = ms->offset;
+ break;
+
diff --git a/main/file/CVE-2019-8906.patch b/main/file/CVE-2019-8906.patch
new file mode 100644
index 0000000000..05ff2c73fd
--- /dev/null
+++ b/main/file/CVE-2019-8906.patch
@@ -0,0 +1,14 @@
+diff --git a/src/readelf.c b/src/readelf.c
+index 5f425c9..50883fe 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -720,7 +720,7 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ char sbuf[512];
+ struct NetBSD_elfcore_procinfo pi;
+ memset(&pi, 0, sizeof(pi));
+- memcpy(&pi, nbuf + doff, descsz);
++ memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+
+ if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+