diff options
Diffstat (limited to 'user/samurai')
| -rw-r--r-- | user/samurai/APKBUILD | 37 | ||||
| -rw-r--r-- | user/samurai/CVE-2021-30218.patch | 29 | ||||
| -rw-r--r-- | user/samurai/CVE-2021-30219.patch | 26 |
3 files changed, 92 insertions, 0 deletions
diff --git a/user/samurai/APKBUILD b/user/samurai/APKBUILD new file mode 100644 index 000000000..3bcd50c72 --- /dev/null +++ b/user/samurai/APKBUILD @@ -0,0 +1,37 @@ +# Contributor: Síle Ekaterin Liszka <sheila@vulpine.house> +# Maintainer: Síle Ekaterin Liszka <sheila@vulpine.house> +pkgname=samurai +pkgver=1.2 +pkgrel=0 +pkgdesc="Pure-C drop-in replacement for ninja" +url="https://github.com/michaelforney/samurai" +arch="all" +options="!check" # no test suite and upstream build-tests against Chromium anyhow +license="Apache-2.0 OR ISC" +depends="" +makedepends="" +provides="ninja" +replaces="ninja" +subpackages="$pkgname-doc" +source="https://github.com/michaelforney/samurai/releases/download/$pkgver/samurai-$pkgver.tar.gz + CVE-2021-30218.patch + CVE-2021-30219.patch" + +# secfixes: +# 1.2-r0: +# - CVE-2021-30218 +# - CVE-2021-30219 + +build() { + make +} + +package() { + make PREFIX=/usr DESTDIR="$pkgdir" install + cd "$pkgdir/usr/bin" + ln -s samu ninja +} + +sha512sums="bbe6a582c34b04f1df53b76c1647aa3e03c4698ebf7591a203935f11ffa05971bbcb86dc1a8c06aeb904cdc741abb08918122810fc47216fed0a6d9f87fd1225 samurai-1.2.tar.gz +6e1c3a0bd92e006f364a81e9e51394f1bc583efa96120306fe33dc0a48cb4babaa8e8c97d754d3c37cda4b4936e77f64e4c138ccb8cfedfdce43adb09c393edb CVE-2021-30218.patch +0504b137fc9ac113453075a22bdfac4ab7616f668e640b7125041400729aaecad1173c528934223246035f68a95d92c6a85e62d1ea5fea996d85647cb33483eb CVE-2021-30219.patch" diff --git a/user/samurai/CVE-2021-30218.patch b/user/samurai/CVE-2021-30218.patch new file mode 100644 index 000000000..1d6663865 --- /dev/null +++ b/user/samurai/CVE-2021-30218.patch @@ -0,0 +1,29 @@ +From e84b6d99c85043fa1ba54851ee500540ec206918 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Fri, 2 Apr 2021 17:27:48 -0700 +Subject: [PATCH] util: Check for NULL string in writefile + +This check was there previously, but was removed in f549b757 with +the addition of a check during parse that every rule has rspfile +if and only if it has rspfile_content. However, this fails to +consider the possibility of those variables coming from the edge +or global environment. So, re-add the check. + +Fixes #67. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index ea5c3ce..2a59881 100644 +--- a/util.c ++++ b/util.c +@@ -258,7 +258,7 @@ writefile(const char *name, struct string *s) + return -1; + } + ret = 0; +- if (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0) { ++ if (s && (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0)) { + warn("write %s:", name); + ret = -1; + } diff --git a/user/samurai/CVE-2021-30219.patch b/user/samurai/CVE-2021-30219.patch new file mode 100644 index 000000000..fbc97b03d --- /dev/null +++ b/user/samurai/CVE-2021-30219.patch @@ -0,0 +1,26 @@ +From d2af3bc375e2a77139c3a28d6128c60cd8d08655 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Sun, 4 Apr 2021 03:50:09 -0700 +Subject: [PATCH] parse: Check for non-empty command/rspfile/rspfile_content + +This matches ninja behavior and prevents the possibility of a rule +with an empty (NULL) command string. + +Fixes #68. +--- + parse.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/parse.c b/parse.c +index f79a5ee..b4b98a1 100644 +--- a/parse.c ++++ b/parse.c +@@ -42,6 +42,8 @@ parserule(struct scanner *s, struct environment *env) + var = scanname(s); + parselet(s, &val); + ruleaddvar(r, var, val); ++ if (!val) ++ continue; + if (strcmp(var, "command") == 0) + hascommand = true; + else if (strcmp(var, "rspfile") == 0) |