diff options
| author | Max Rees <maxcrees@me.com> | 2020-04-06 18:10:10 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-04-06 18:10:10 -0500 |
| commit | 08b3d99b0cc3c18fe3061620c73dea7c3aa4f9fc (patch) | |
| tree | 0df43e10fddac487037f162fd43d314ea1f95671 /user | |
| parent | bc1be870b029b7d290ecefb422d5cb19c4914dc3 (diff) | |
| download | packages-08b3d99b0cc3c18fe3061620c73dea7c3aa4f9fc.tar.gz packages-08b3d99b0cc3c18fe3061620c73dea7c3aa4f9fc.tar.bz2 packages-08b3d99b0cc3c18fe3061620c73dea7c3aa4f9fc.tar.xz packages-08b3d99b0cc3c18fe3061620c73dea7c3aa4f9fc.zip | |
user/cyrus-sasl: patch CVE-2019-19906 (#257)
Diffstat (limited to 'user')
| -rw-r--r-- | user/cyrus-sasl/APKBUILD | 10 | ||||
| -rw-r--r-- | user/cyrus-sasl/CVE-2019-19906.patch | 25 |
2 files changed, 32 insertions, 3 deletions
diff --git a/user/cyrus-sasl/APKBUILD b/user/cyrus-sasl/APKBUILD index be7505b82..b061d41ad 100644 --- a/user/cyrus-sasl/APKBUILD +++ b/user/cyrus-sasl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=cyrus-sasl pkgver=2.1.27 -pkgrel=0 +pkgrel=1 pkgdesc="Cyrus Simple Authentication Service Layer (SASL)" url="https://www.cyrusimap.org/sasl/" arch="all" @@ -15,11 +15,14 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-gssapi $pkgname-gs2 libsasl $pkgname-openrc" source="https://github.com/cyrusimap/$pkgname/releases/download/$pkgname-$pkgver/$pkgname-$pkgver.tar.gz saslauthd.initd + CVE-2019-19906.patch " # secfixes: # 2.1.26-r7: -# - CVE-2013-4122 +# - CVE-2013-4122 +# 2.1.27-r1: +# - CVE-2019-19906 build() { ./configure \ @@ -76,4 +79,5 @@ libsasl() { } sha512sums="d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b cyrus-sasl-2.1.27.tar.gz -71a00a22f91f0fb6ba2796acede321a0f071b1d7a99616f0e36c354213777f30575c340b6df392dcbfc103ba7640d046144882f6a7b505f59709bb5c429b44d8 saslauthd.initd" +71a00a22f91f0fb6ba2796acede321a0f071b1d7a99616f0e36c354213777f30575c340b6df392dcbfc103ba7640d046144882f6a7b505f59709bb5c429b44d8 saslauthd.initd +35d2fc8d1ea905898d526af515ee6c1c23f46092d2a034c7fa1b989ec2985ff68f74b7dc26e86525beecb6997562f29aea87a0c945953db1b6a0fac807c294ae CVE-2019-19906.patch" diff --git a/user/cyrus-sasl/CVE-2019-19906.patch b/user/cyrus-sasl/CVE-2019-19906.patch new file mode 100644 index 000000000..acdf68243 --- /dev/null +++ b/user/cyrus-sasl/CVE-2019-19906.patch @@ -0,0 +1,25 @@ +From dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 Mon Sep 17 00:00:00 2001 +From: Quanah Gibson-Mount <quanah@symas.com> +Date: Tue, 18 Feb 2020 19:05:12 +0000 +Subject: [PATCH] Fix #587 + +Off by one error in common.c, CVE-2019-19906. + +Thanks to Stephan Zeisberg for reporting +--- + lib/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/common.c b/lib/common.c +index bc3bf1df..9969d6aa 100644 +--- a/lib/common.c ++++ b/lib/common.c +@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen, + + if (add==NULL) add = "(null)"; + +- addlen=strlen(add); /* only compute once */ ++ addlen=strlen(add)+1; /* only compute once */ + if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK) + return SASL_NOMEM; + |