summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
authorA. Wilcox <awilcox@wilcox-tech.com>2020-03-10 02:44:11 +0000
committerA. Wilcox <awilcox@wilcox-tech.com>2020-03-10 02:44:11 +0000
commitb2b91cc7b341c21dd2754f766e3688d1cd8683cd (patch)
tree89eb840eb4db48f40d8e3b4315b883b108d3b71e /system
parent757c7417918541af9e656e023b2ead86998a07d9 (diff)
parent2da62e2b9ab827bf6930e008d51cd0ab468dbd1b (diff)
downloadpackages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.gz
packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.bz2
packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.xz
packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.zip
Merge branch 'cves.2020.02.28' into 'master'
CVE patches for 2020.02.28 See merge request adelie/packages!408
Diffstat (limited to 'system')
-rw-r--r--system/libxml2/APKBUILD11
-rw-r--r--system/libxml2/CVE-2019-20388.patch33
-rw-r--r--system/libxml2/CVE-2020-7595.patch32
-rw-r--r--system/rsync/APKBUILD14
-rw-r--r--system/zsh/APKBUILD9
5 files changed, 90 insertions, 9 deletions
diff --git a/system/libxml2/APKBUILD b/system/libxml2/APKBUILD
index 1d1664047..73b6eb2a0 100644
--- a/system/libxml2/APKBUILD
+++ b/system/libxml2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libxml2
pkgver=2.9.10
-pkgrel=0
+pkgrel=1
pkgdesc="XML parsing library"
url="http://www.xmlsoft.org/"
arch="all"
@@ -16,6 +16,8 @@ subpackages="$pkgname-doc $pkgname-dev py-libxml2:py"
provides="$pkgname-utils=$pkgver-r$pkgrel"
source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
python-segfault-fix.patch
+ CVE-2019-20388.patch
+ CVE-2020-7595.patch
"
# secfixes:
@@ -25,6 +27,9 @@ source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
# - CVE-2016-9318
# 2.9.4-r4:
# - CVE-2017-5969
+# 2.9.10-r1:
+# - CVE-2019-20388
+# - CVE-2020-7595
prepare() {
default_prepare
@@ -62,4 +67,6 @@ py() {
}
sha512sums="0adfd12bfde89cbd6296ba6e66b6bed4edb814a74b4265bda34d95c41d9d92c696ee7adb0c737aaf9cc6e10426a31a35079b2a23d26c074e299858da12c072ed libxml2-2.9.10.tar.gz
-384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch"
+384b3d2031cd8f77528190bbb7652faa9ccb22bc604bcf4927e59046d38830dac38010828fe1568b6514976f725981a6d3ac1aa595d31477a36db2afe491452c python-segfault-fix.patch
+48ea30bd8035f3b60825ce24185fbec1e7423e683f64626405fd96daaaa14011e7f7c180a7a87d7ff8f73983b0e221974cbce619d04b932c1db2110a13be014e CVE-2019-20388.patch
+90db832e60c700e971669f57a54fdb297660c42602089b4e77e013a7051c880f380f0c98c059d9f54de99855b2d9be78fcf0639443f3765a925b52fc093fb4d9 CVE-2020-7595.patch"
diff --git a/system/libxml2/CVE-2019-20388.patch b/system/libxml2/CVE-2019-20388.patch
new file mode 100644
index 000000000..49ff6fbe0
--- /dev/null
+++ b/system/libxml2/CVE-2019-20388.patch
@@ -0,0 +1,33 @@
+From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+ vctxt->nberrors = 0;
+ vctxt->depth = -1;
+ vctxt->skipDepth = -1;
+- vctxt->xsiAssemble = 0;
+ vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+ vctxt->createIDCNodeTables = 1;
+--
+2.24.1
+
diff --git a/system/libxml2/CVE-2020-7595.patch b/system/libxml2/CVE-2020-7595.patch
new file mode 100644
index 000000000..3dd677497
--- /dev/null
+++ b/system/libxml2/CVE-2020-7595.patch
@@ -0,0 +1,32 @@
+From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c31963..a34bb6cd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ else
+ c = 0;
+ while ((c != 0) && (c != end) && /* non input consuming loop */
+- (c != end2) && (c != end3)) {
++ (c != end2) && (c != end3) &&
++ (ctxt->instate != XML_PARSER_EOF)) {
+
+ if (c == 0) break;
+ if ((c == '&') && (str[1] == '#')) {
+--
+2.24.1
+
diff --git a/system/rsync/APKBUILD b/system/rsync/APKBUILD
index e93da8552..728a32fbc 100644
--- a/system/rsync/APKBUILD
+++ b/system/rsync/APKBUILD
@@ -2,14 +2,14 @@
# Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house>
pkgname=rsync
pkgver=3.1.3
-pkgrel=1
+pkgrel=2
pkgdesc="File transfer program to keep remote files in sync"
url="https://rsync.samba.org/"
arch="all"
license="GPL-3.0+"
depends=""
checkdepends="fakeroot"
-makedepends="perl acl-dev attr-dev popt-dev"
+makedepends="perl acl-dev attr-dev popt-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-openrc rrsync::noarch"
source="https://download.samba.org/pub/$pkgname/$pkgname-$pkgver.tar.gz
rsyncd.initd
@@ -18,6 +18,13 @@ source="https://download.samba.org/pub/$pkgname/$pkgname-$pkgver.tar.gz
rsyncd.logrotate
"
+# secfixes:
+# 3.1.3-r2:
+# - CVE-2016-9840
+# - CVE-2016-9841
+# - CVE-2016-9842
+# - CVE-2016-9843
+
build() {
# Force IPv6 enabled, upstream bug https://bugzilla.samba.org/show_bug.cgi?id=10715
CFLAGS="$CFLAGS -DINET6" \
@@ -29,7 +36,8 @@ build() {
--mandir=/usr/share/man \
--localstatedir=/var \
--enable-acl-support \
- --enable-xattr-support
+ --enable-xattr-support \
+ --with-included-zlib=no
make
}
diff --git a/system/zsh/APKBUILD b/system/zsh/APKBUILD
index 3bc96b226..53bf5587b 100644
--- a/system/zsh/APKBUILD
+++ b/system/zsh/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=zsh
-pkgver=5.7.1
-pkgrel=3
+pkgver=5.8
+pkgrel=0
pkgdesc="A very advanced and programmable command interpreter (shell)"
url="https://www.zsh.org/"
arch="all"
@@ -25,6 +25,8 @@ subpackages="$pkgname-doc
[ "$CBUILD" != "$CHOST" ] || subpackages="$subpackages $pkgname-zftp"
# secfixes:
+# 5.8-r0:
+# - CVE-2019-20044
# 5.6.2-r0:
# - CVE-2018-0502
# - CVE-2018-13259
@@ -44,7 +46,6 @@ _comps="android-tools:Unix/_adb
graphicsmagick:Unix/_graphicsmagick
imagemagick:Unix/_imagemagick
lynx:Unix/_lynx
- mercurial:Unix/_hg
rsync:Unix/_rsync
subversion:Unix/_subversion
tmux:Unix/_tmux
@@ -178,7 +179,7 @@ _submv() {
mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/
}
-sha512sums="a6aa88e1955a80229a4784a128866e325f79a8b5f73c922ab480048411036f1835cbb31daa30ab38bd16ab2a50040eda8f4f1f64704b21b6acc3051b1dbf18d0 zsh-5.7.1.tar.xz
+sha512sums="96198ecef498b7d7945fecebbe6bf14065fa8c5d81a7662164579eba8206b79575812d292adea1864bc7487ac0818ba900e25f9ab3802449340de80417c2c533 zsh-5.8.tar.xz
d820fcf65bb3c52f23e968110b5df1188fc0b64079312f64d22ffe35de3b4f3055d4d629b3b0f97a1bfaddf62dbc80676af31c3a1a79645632082abfc854cf97 skel
63167188e22bf8933eb420a5ba068ab897531b90c8d8b8ec892f26a9180267a971013046a72b810d5b9d3add427cf650df608b0e008cd0789681ed1371b172c3 zprofile
1675e016f97333cad89b587f4292d81b6bc10e27b75482e3e0c3808539c95bd49b907b6579fb98d817f77f2f2384c0df5afa3e2b6f43b6ae9b466925cd9ccffc zshrc"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-12-04 13:37:18 +0000