diff options
Diffstat (limited to 'user')
-rw-r--r-- | user/djvulibre/APKBUILD | 25 | ||||
-rw-r--r-- | user/djvulibre/CVE-2019-15142.patch | 94 | ||||
-rw-r--r-- | user/djvulibre/CVE-2019-15143.patch | 46 | ||||
-rw-r--r-- | user/djvulibre/CVE-2019-15144.patch | 117 | ||||
-rw-r--r-- | user/djvulibre/CVE-2019-15145.patch | 34 | ||||
-rw-r--r-- | user/faad2/APKBUILD | 46 | ||||
-rw-r--r-- | user/faad2/automake.patch | 11 | ||||
-rw-r--r-- | user/faad2/overflow.patch | 25 | ||||
-rw-r--r-- | user/irssi/APKBUILD | 9 | ||||
-rw-r--r-- | user/libvorbis/APKBUILD | 17 | ||||
-rw-r--r-- | user/libvorbis/CVE-2017-14160-and-2018-10393.patch | 27 | ||||
-rw-r--r-- | user/libvorbis/CVE-2017-14160.patch | 58 | ||||
-rw-r--r-- | user/libvorbis/CVE-2018-10392.patch | 25 | ||||
-rw-r--r-- | user/links/APKBUILD | 4 | ||||
-rw-r--r-- | user/mpg123/APKBUILD | 4 | ||||
-rw-r--r-- | user/opencv/APKBUILD | 10 | ||||
-rw-r--r-- | user/opencv/CVE-2019-16249.patch | 57 | ||||
-rw-r--r-- | user/pango/APKBUILD | 14 | ||||
-rw-r--r-- | user/pango/CVE-2019-1010238.patch | 34 | ||||
-rw-r--r-- | user/vlc/APKBUILD | 38 | ||||
-rw-r--r-- | user/wpa_supplicant/APKBUILD | 6 | ||||
-rw-r--r-- | user/wpa_supplicant/CVE-2019-16275.patch | 73 |
22 files changed, 628 insertions, 146 deletions
diff --git a/user/djvulibre/APKBUILD b/user/djvulibre/APKBUILD index a90485e6a..2b4a3ed0e 100644 --- a/user/djvulibre/APKBUILD +++ b/user/djvulibre/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=djvulibre pkgver=3.5.27 -pkgrel=0 +pkgrel=1 pkgdesc="Format for distributing documents and images" url="http://djvu.sourceforge.net/" arch="all" @@ -11,10 +11,20 @@ depends="" depends_dev="" makedepends="$depends_dev imagemagick libjpeg-turbo-dev tiff-dev" subpackages="$pkgname-dev $pkgname-doc" -source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz" +source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz + CVE-2019-15142.patch + CVE-2019-15143.patch + CVE-2019-15144.patch + CVE-2019-15145.patch" + +# secfixes: +# 3.5.27-r1: +# - CVE-2019-15142 +# - CVE-2019-15143 +# - CVE-2019-15144 +# - CVE-2019-15145 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -26,13 +36,16 @@ build() { } check() { - cd "$builddir" + # This doesn't actually do anything yet make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee djvulibre-3.5.27.tar.gz" +sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee djvulibre-3.5.27.tar.gz +d9e4301fb98a35b8c2f1854eb4be53611f98b3fc9fdd357dd5502b5b189bdf61957a48b220f3ab7465bbf1df8606ce04513e10df74643a9e289c349f94721561 CVE-2019-15142.patch +3527e1c84f7c7d36f902cb3d7e9ddb6866acbdd4b47675ce3ffd164accf2e2931a4c6bbaae2ea775b4710d88ae34dd4dcd39a5846fce13bef2c82a99d608b8c1 CVE-2019-15143.patch +f8f1abf328a97d69514b2626e4c6449c0c7b7e2b5518d56bba6a61a944aaf4b7fffd1371c26396353728f6a1399c6d87492af5c17e6b623dae7751b81eac11f9 CVE-2019-15144.patch +790ef1e05874635c762600c990ecbd3e29e2eb01c59e25a0f8b2a15dbadbd3673d9dbb651d9dcb53fd3e5f4cb6bded47c3eefaaef8b4ccac39bd28f8bbec2068 CVE-2019-15145.patch" diff --git a/user/djvulibre/CVE-2019-15142.patch b/user/djvulibre/CVE-2019-15142.patch new file mode 100644 index 000000000..84ed64e24 --- /dev/null +++ b/user/djvulibre/CVE-2019-15142.patch @@ -0,0 +1,94 @@ +Lifted from SUSE: backport of two upstream commits + +https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e +https://sourceforge.net/p/djvu/djvulibre-git/ci/89d71b01d606e57ecec2c2930c145bb20ba5bbe3 +https://bugzilla.suse.com/show_bug.cgi?id=1146702#c3 +https://build.opensuse.org/package/view_file/graphics/djvulibre/djvulibre-CVE-2019-15142.patch + +Index: djvulibre-3.5.27/libdjvu/DjVmDir.cpp +=================================================================== +--- djvulibre-3.5.27.orig/libdjvu/DjVmDir.cpp 2014-07-08 23:15:07.000000000 +0200 ++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp 2019-09-02 13:46:28.076374501 +0200 +@@ -300,36 +300,44 @@ DjVmDir::decode(const GP<ByteStream> &gs + memcpy((char*) strings+strings_size, buffer, length); + } + DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); +- +- // Copy names into the files ++ int strings_size=strings.size(); ++ strings.resize(strings_size+3); ++ memset((char*) strings+strings_size, 0, 4); ++ ++ // Copy names into the files + const char * ptr=strings; + for(pos=files_list;pos;++pos) + { + GP<File> file=files_list[pos]; +- ++ if (ptr >= (const char*)strings + strings_size) ++ G_THROW( "DjVu document is corrupted (DjVmDir)" ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) + { +- file->name=ptr; +- ptr+=file->name.length()+1; +- } else ++ file->name=ptr; ++ ptr+=file->name.length()+1; ++ } ++ else + { + file->name=file->id; + } + if (file->flags & File::HAS_TITLE) + { +- file->title=ptr; +- ptr+=file->title.length()+1; +- } else +- file->title=file->id; +- /* msr debug: multipage file, file->title is null. ++ file->title=ptr; ++ ptr+=file->title.length()+1; ++ } ++ else ++ { ++ file->title=file->id; ++ } ++ /* msr debug: multipage file, file->title is null. + DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " << + file->offset << ", " << file->size << ", " << + file->is_page() << "\n"); */ + } + +- // Check that there is only one file with SHARED_ANNO flag on ++ // Check that there is only one file with SHARED_ANNO flag on + int shared_anno_cnt=0; + for(pos=files_list;pos;++pos) + { +Index: djvulibre-3.5.27/libdjvu/miniexp.cpp +=================================================================== +--- djvulibre-3.5.27.orig/libdjvu/miniexp.cpp 2015-02-11 05:35:37.000000000 +0100 ++++ djvulibre-3.5.27/libdjvu/miniexp.cpp 2019-09-02 13:46:28.072374476 +0200 +@@ -1028,7 +1028,7 @@ print_c_string(const char *s, char *d, i + { + if (char_quoted(c, flags)) + { +- char buffer[10]; ++ char buffer[16]; /* 10+1 */ + static const char *tr1 = "\"\\tnrbf"; + static const char *tr2 = "\"\\\t\n\r\b\f"; + buffer[0] = buffer[1] = 0; +Index: djvulibre-3.5.27/tools/csepdjvu.cpp +=================================================================== +--- djvulibre-3.5.27.orig/tools/csepdjvu.cpp 2014-07-24 23:12:05.000000000 +0200 ++++ djvulibre-3.5.27/tools/csepdjvu.cpp 2019-09-02 13:46:28.072374476 +0200 +@@ -1814,7 +1814,7 @@ main(int argc, const char **argv) + ByteStream::create(GURL::Filename::UTF8(arg),"rb"); + BufferByteStream ibs(*fbs); + do { +- char pagename[16]; ++ char pagename[20]; + sprintf(pagename, "p%04d.djvu", ++pageno); + if (opts.verbose > 1) + DjVuPrintErrorUTF8("%s","--------------------\n"); diff --git a/user/djvulibre/CVE-2019-15143.patch b/user/djvulibre/CVE-2019-15143.patch new file mode 100644 index 000000000..db04087e1 --- /dev/null +++ b/user/djvulibre/CVE-2019-15143.patch @@ -0,0 +1,46 @@ +From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001 +From: Leon Bottou <leon@bottou.org> +Date: Tue, 26 Mar 2019 20:45:46 -0400 +Subject: [PATCH] fix for bug #297 + +--- + libdjvu/DjVmDir.cpp | 2 +- + libdjvu/GBitmap.cpp | 6 ++++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp +index 0a0fac6..5a49015 100644 +--- a/libdjvu/DjVmDir.cpp ++++ b/libdjvu/DjVmDir.cpp +@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr) + { + GP<File> file=files_list[pos]; + if (ptr >= (const char*)strings + strings_size) +- G_THROW( "DjVu document is corrupted (DjVmDir)" ); ++ G_THROW( ByteStream::EndOfFile ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index 0e487f0..c2fdbe4 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs) + int c = 0; + while (n >= 0) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + int x = h; + if (x >= (int)RUNOVERFLOWVALUE) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + x = h + ((x - (int)RUNOVERFLOWVALUE) << 8); + } + if (c+x > ncolumns) +-- +2.22.1 + diff --git a/user/djvulibre/CVE-2019-15144.patch b/user/djvulibre/CVE-2019-15144.patch new file mode 100644 index 000000000..1b0c71c5f --- /dev/null +++ b/user/djvulibre/CVE-2019-15144.patch @@ -0,0 +1,117 @@ +From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001 +From: Leon Bottou <leon@bottou.org> +Date: Mon, 8 Apr 2019 22:25:55 -0400 +Subject: [PATCH] bug 299 fixed + +--- + libdjvu/GContainer.h | 87 ++++++++++++++++++++++++-------------------- + 1 file changed, 48 insertions(+), 39 deletions(-) + +diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h +index 96b067c..0140211 100644 +--- a/libdjvu/GContainer.h ++++ b/libdjvu/GContainer.h +@@ -550,52 +550,61 @@ public: + template <class TYPE> void + GArrayTemplate<TYPE>::sort(int lo, int hi) + { +- if (hi <= lo) +- return; +- if (hi > hibound || lo<lobound) +- G_THROW( ERR_MSG("GContainer.illegal_subscript") ); + TYPE *data = (TYPE*)(*this); +- // Test for insertion sort +- if (hi <= lo + 50) ++ while(true) + { +- for (int i=lo+1; i<=hi; i++) ++ if (hi <= lo) ++ return; ++ if (hi > hibound || lo<lobound) ++ G_THROW( ERR_MSG("GContainer.illegal_subscript") ); ++ // Test for insertion sort ++ if (hi <= lo + 50) + { +- int j = i; +- TYPE tmp = data[i]; +- while ((--j>=lo) && !(data[j]<=tmp)) +- data[j+1] = data[j]; +- data[j+1] = tmp; ++ for (int i=lo+1; i<=hi; i++) ++ { ++ int j = i; ++ TYPE tmp = data[i]; ++ while ((--j>=lo) && !(data[j]<=tmp)) ++ data[j+1] = data[j]; ++ data[j+1] = tmp; ++ } ++ return; + } +- return; +- } +- // -- determine suitable quick-sort pivot +- TYPE tmp = data[lo]; +- TYPE pivot = data[(lo+hi)/2]; +- if (pivot <= tmp) +- { tmp = pivot; pivot=data[lo]; } +- if (data[hi] <= tmp) +- { pivot = tmp; } +- else if (data[hi] <= pivot) +- { pivot = data[hi]; } +- // -- partition set +- int h = hi; +- int l = lo; +- while (l < h) +- { +- while (! (pivot <= data[l])) l++; +- while (! (data[h] <= pivot)) h--; +- if (l < h) ++ // -- determine median-of-three pivot ++ TYPE tmp = data[lo]; ++ TYPE pivot = data[(lo+hi)/2]; ++ if (pivot <= tmp) ++ { tmp = pivot; pivot=data[lo]; } ++ if (data[hi] <= tmp) ++ { pivot = tmp; } ++ else if (data[hi] <= pivot) ++ { pivot = data[hi]; } ++ // -- partition set ++ int h = hi; ++ int l = lo; ++ while (l < h) + { +- tmp = data[l]; +- data[l] = data[h]; +- data[h] = tmp; +- l = l+1; +- h = h-1; ++ while (! (pivot <= data[l])) l++; ++ while (! (data[h] <= pivot)) h--; ++ if (l < h) ++ { ++ tmp = data[l]; ++ data[l] = data[h]; ++ data[h] = tmp; ++ l = l+1; ++ h = h-1; ++ } ++ } ++ // -- recurse, small partition first ++ // tail-recursion elimination ++ if (h - lo <= hi - l) { ++ sort(lo,h); ++ lo = l; // sort(l,hi) ++ } else { ++ sort(l,hi); ++ hi = h; // sort(lo,h) + } + } +- // -- recursively restart +- sort(lo, h); +- sort(l, hi); + } + + template<class TYPE> inline TYPE& +-- +2.22.1 + diff --git a/user/djvulibre/CVE-2019-15145.patch b/user/djvulibre/CVE-2019-15145.patch new file mode 100644 index 000000000..2a545cee2 --- /dev/null +++ b/user/djvulibre/CVE-2019-15145.patch @@ -0,0 +1,34 @@ +From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001 +From: Leon Bottou <leon@bottou.org> +Date: Mon, 8 Apr 2019 22:55:38 -0400 +Subject: [PATCH] fix bug #298 + +--- + libdjvu/GBitmap.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h +index e8e0c9b..ca89a19 100644 +--- a/libdjvu/GBitmap.h ++++ b/libdjvu/GBitmap.h +@@ -566,7 +566,7 @@ GBitmap::operator[](int row) + { + if (!bytes) + uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") ); +@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const + { + if (!bytes) + ((GBitmap*)this)->uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") ); +-- +2.22.1 + diff --git a/user/faad2/APKBUILD b/user/faad2/APKBUILD index 3794942b9..970d16f7e 100644 --- a/user/faad2/APKBUILD +++ b/user/faad2/APKBUILD @@ -1,7 +1,8 @@ # Maintainer: pkgname=faad2 -pkgver=2.8.8 -pkgrel=1 +pkgver=2.9.0 +_pkgver="$(printf '%s' "$pkgver" | tr . _)" +pkgrel=0 pkgdesc="ISO AAC audio decoder" url="https://www.audiocoding.com/" arch="all" @@ -10,23 +11,48 @@ license="GPL-2.0+" subpackages="$pkgname-dev $pkgname-doc" depends="" makedepends="autoconf automake libtool" -source="https://downloads.sourceforge.net/sourceforge/faac/$pkgname-$pkgver.tar.gz - overflow.patch - " +source="$pkgname-$pkgver.tar.gz::https://github.com/knik0/faad2/archive/$_pkgver.tar.gz" +builddir="$srcdir/$pkgname-$_pkgver" + +# secfixes: +# 2.8.8-r1: +# - CVE-2018-19502 +# - CVE-2019-15296 +# 2.9.0-r0: +# - CVE-2019-6956 +# - CVE-2018-19503 +# - CVE-2018-19504 +# - CVE-2018-20194 +# - CVE-2018-20195 +# - CVE-2018-20196 +# - CVE-2018-20197 +# - CVE-2018-20198 +# - CVE-2018-20199 +# - CVE-2018-20357 +# - CVE-2018-20358 +# - CVE-2018-20359 +# - CVE-2018-20360 +# - CVE-2018-20361 +# - CVE-2018-20362 + +prepare() { + default_prepare + ./bootstrap +} build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ - --prefix=/usr + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var make } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="3275d292b2a9fe984842962f4d81202894bddd17033f7cd6df95466554cc968dfcbf2890ae8b1df37da0cd25d645cca0a687f07e39b9fc37dd004fd5956a82af faad2-2.8.8.tar.gz -f9266ca424d1e4f5b46c2f6b4b1568caee86849d2b6edc3b6c1fb7cf08fd736c0a8fe2c096c3bc64674e4fa40619c24d45d6d6125f11360517feb09a5c996a34 overflow.patch" +sha512sums="1756b2672f9e438a56b11160ddc77fc721d85860eaa325a3ff01b51a2524baf4c1c61068a97cbc4e99d47e7643f10e1d6afb997eede3295b44551fe4661fb5dc faad2-2.9.0.tar.gz" diff --git a/user/faad2/automake.patch b/user/faad2/automake.patch deleted file mode 100644 index 809031eb0..000000000 --- a/user/faad2/automake.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ./configure.in.orig 2012-12-31 10:42:26.394219312 +0000 -+++ ./configure.in 2012-12-31 10:42:43.294360781 +0000 -@@ -25,7 +25,7 @@ - AC_PROG_MAKE_SET - AC_CHECK_PROGS(RPMBUILD, rpmbuild, rpm) - --AM_CONFIG_HEADER(config.h) -+AC_CONFIG_HEADER(config.h) - - AC_ARG_WITH(xmms,[ --with-xmms compile XMMS-1 plugin], - WITHXMMS=$withval, WITHXMMS=no) diff --git a/user/faad2/overflow.patch b/user/faad2/overflow.patch deleted file mode 100644 index 5a198f8d8..000000000 --- a/user/faad2/overflow.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- faad2/libfaad/bits.c 2007-11-01 13:33:29.000000000 +0100 -+++ faad2.new/libfaad/bits.c 2019-03-25 17:29:26.134199188 +0100 -@@ -167,7 +167,10 @@ - int words = bits >> 5; - int remainder = bits & 0x1F; - -- ld->bytes_left = ld->buffer_size - words*4; -+ if (ld->buffer_size < words * 4) -+ ld->bytes_left = 0; -+ else -+ ld->bytes_left = ld->buffer_size - words*4; - - if (ld->bytes_left >= 4) - { ---- faad2/libfaad/syntax.c 2019-03-25 17:57:36.930937066 +0100 -+++ faad2.new/libfaad/syntax.c 2019-03-25 17:49:26.135368525 +0100 -@@ -2292,6 +2292,8 @@ - while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld - DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1) - { -+ if (i >= MAX_CHANNELS - num_excl_chan - 7) -+ return n; - for (i = num_excl_chan; i < num_excl_chan+7; i++) - { - drc->exclude_mask[i] = faad_get1bit(ld diff --git a/user/irssi/APKBUILD b/user/irssi/APKBUILD index ffa7267ac..1d63fd4b2 100644 --- a/user/irssi/APKBUILD +++ b/user/irssi/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> pkgname=irssi -pkgver=1.2.1 +pkgver=1.2.2 pkgrel=0 pkgdesc="Text-based IRC client" url="https://irssi.org" @@ -14,9 +14,10 @@ source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.t # secfixes: irssi # 1.2.1-r0: # - CVE-2019-13045 +# 1.2.2-r0: +# - CVE-2019-15717 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -31,12 +32,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -48,4 +47,4 @@ perl() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr mv "$pkgdir"/usr/share/irssi/scripts "$subpkgdir"/usr/share/irssi } -sha512sums="67c4501b5a0055c1b24fa6753305658de809cd66e952e6f9233701a112989fd8721a065b1c681725b82346b40b53a29bd2b6b8b8315ac0ad196235a9e5156d5a irssi-1.2.1.tar.xz" +sha512sums="5444ac102ff9ad3a6399a47c967d138e181330dd226eac68886d35fee4ad455932b9306a367bee3478095158e41ba67fb46deb8f0a33512046b9b83bae37c610 irssi-1.2.2.tar.xz" diff --git a/user/libvorbis/APKBUILD b/user/libvorbis/APKBUILD index 2b5b41f4c..73520bf56 100644 --- a/user/libvorbis/APKBUILD +++ b/user/libvorbis/APKBUILD @@ -10,18 +10,21 @@ license="BSD-3-Clause" subpackages="$pkgname-dev $pkgname-doc" makedepends="libogg-dev" source="https://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz - CVE-2017-14160.patch + CVE-2017-14160-and-2018-10393.patch + CVE-2018-10392.patch " # secfixes: +# 1.3.6-r1: +# - CVE-2018-10392 # 1.3.5-r4: -# - CVE-2017-14632 -# - CVE-2017-14633 +# - CVE-2017-14632 +# - CVE-2017-14633 # 1.3.5-r3: -# - CVE-2017-14160 +# - CVE-2017-14160 +# - CVE-2018-10393 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,9 +36,9 @@ build() { } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132 libvorbis-1.3.6.tar.xz -4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e CVE-2017-14160.patch" +332081da5dd8fb28ee70dfbc123e7fcef279317ee977be9da97e97a105e788da452c33097bf597f369fea0e49749f876a93d6af0fa2fa20405acbc57771c89a9 CVE-2017-14160-and-2018-10393.patch +294de5e0c40b64d495df7f53196260be5ffaba11c75fc4a1a54ec0c058eeba4793c1ef685c8cf866195a2972c91a7a896df5f05f478b7f25a564abb3f82f331f CVE-2018-10392.patch" diff --git a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch new file mode 100644 index 000000000..3a7097ec7 --- /dev/null +++ b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch @@ -0,0 +1,27 @@ +From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Wed, 9 May 2018 14:56:59 -0700 +Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. + +--- + lib/psy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +-- +2.22.0 + diff --git a/user/libvorbis/CVE-2017-14160.patch b/user/libvorbis/CVE-2017-14160.patch deleted file mode 100644 index 9ad9d18f7..000000000 --- a/user/libvorbis/CVE-2017-14160.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001 -Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org> -From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> -Date: Wed, 15 Nov 2017 13:12:00 +0100 -Subject: [PATCH] CVE-2017-14160: make sure we don't overflow - ---- - lib/psy.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/lib/psy.c b/lib/psy.c -index 422c6f1e..8bbf6cf3 100644 ---- a/lib/psy.c -+++ b/lib/psy.c -@@ -599,7 +599,7 @@ static void bark_noise_hybridmp(int n,const long *b, - XY[i] = tXY; - } - -- for (i = 0, x = 0.f;; i++, x += 1.f) { -+ for (i = 0, x = 0.f; i < n; i++, x += 1.f) { - - lo = b[i] >> 16; - if( lo>=0 ) break; -@@ -621,12 +621,11 @@ static void bark_noise_hybridmp(int n,const long *b, - noise[i] = R - offset; - } - -- for ( ;; i++, x += 1.f) { -+ for ( ; i < n; i++, x += 1.f) { - - lo = b[i] >> 16; - hi = b[i] & 0xffff; - if(hi>=n)break; -- - tN = N[hi] - N[lo]; - tX = X[hi] - X[lo]; - tXX = XX[hi] - XX[lo]; -@@ -651,7 +650,7 @@ static void bark_noise_hybridmp(int n,const long *b, - - if (fixed <= 0) return; - -- for (i = 0, x = 0.f;; i++, x += 1.f) { -+ for (i = 0, x = 0.f; i < n; i++, x += 1.f) { - hi = i + fixed / 2; - lo = hi - fixed; - if(lo>=0)break; -@@ -670,7 +669,7 @@ static void bark_noise_hybridmp(int n,const long *b, - - if (R - offset < noise[i]) noise[i] = R - offset; - } -- for ( ;; i++, x += 1.f) { -+ for ( ; i < n; i++, x += 1.f) { - - hi = i + fixed / 2; - lo = hi - fixed; --- -2.15.0 - diff --git a/user/libvorbis/CVE-2018-10392.patch b/user/libvorbis/CVE-2018-10392.patch new file mode 100644 index 000000000..a12038a94 --- /dev/null +++ b/user/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,25 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. +--- + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +2.22.0 + diff --git a/user/links/APKBUILD b/user/links/APKBUILD index b3ade3cb2..5761ea7be 100644 --- a/user/links/APKBUILD +++ b/user/links/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=links -pkgver=2.19 +pkgver=2.20.1 pkgrel=0 pkgdesc="Text Web browser, similar to Lynx" url="http://links.twibright.com/" @@ -28,4 +28,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="8716cea6feb5a02b59d7e2dd5bfd0af9b2ac2a4427c0f98a3c8a8eaabca31e7a96c16888c0de19976749485b3cdbf75cbff88a37cd3b58700c1f090acec328ea links-2.19.tar.bz2" +sha512sums="c7258e303a2012e9016385abd1e8882ffec47dd3baf479a54448742e41b03508d874387af6ea97c7ef9c4d37f2eecbe7bc0121d923df79b0f455f4f466747ca2 links-2.20.1.tar.bz2" diff --git a/user/mpg123/APKBUILD b/user/mpg123/APKBUILD index 6948916b2..e21981859 100644 --- a/user/mpg123/APKBUILD +++ b/user/mpg123/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=mpg123 -pkgver=1.25.11 +pkgver=1.25.12 pkgrel=0 pkgdesc="Real time MPEG Audio player for Layers 1, 2 and 3" url="https://www.mpg123.org/" @@ -32,4 +32,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="986338d0f4829ec9e40990cb384746c7abfa80d3b3d5656b6dda73d03e2441c1f28ffbe7f3f82b0008a1c4ebcfa07aeffb493e95f13f7d04cbc818a09f1008ed mpg123-1.25.11.tar.bz2" +sha512sums="fa3c719c68dbe45b265fd7677d0932b07f6a14e7ffe365ede965ff1637e655c4b57c86f7e4cd60cace7df5fcc93d48e0d44f082931394b7c6ef19f5d11638eff mpg123-1.25.12.tar.bz2" diff --git a/user/opencv/APKBUILD b/user/opencv/APKBUILD index 76403ac60..a8a38c149 100644 --- a/user/opencv/APKBUILD +++ b/user/opencv/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=opencv pkgver=4.1.1 -pkgrel=0 +pkgrel=1 pkgdesc="Computer vision and machine learning software library" url="https://opencv.org" arch="all" @@ -15,8 +15,13 @@ makedepends="cmake doxygen ffmpeg-dev gst-plugins-base-dev gtk+2.0-dev subpackages="$pkgname-dev $pkgname-libs" source="opencv-$pkgver.tar.gz::https://github.com/opencv/opencv/archive/$pkgver.tar.gz cmake-license.patch + CVE-2019-16249.patch " +# secfixes: +# 4.1.1-r1: +# - CVE-2019-16249 + prepare() { default_prepare # purge 3rd party except carotene @@ -61,4 +66,5 @@ package() { } sha512sums="80fa48d992ca06a2a4ab6740df6d8c21f4926165486b393969da2c5bbe2f3a0b799fb76dee5e3654e90c743e49bbd2b5b02ad59a4766896bbf4cd5b4e3251e0f opencv-4.1.1.tar.gz -ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6 cmake-license.patch" +ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6 cmake-license.patch +39f2f9abb1051220d6b842e9337c3636ee229781c7efcc92e987dae47ac82072dc95568e6a766e01329ee61c0a3be4efdd82aa3b56c011b44e175444d81c134d CVE-2019-16249.patch" diff --git a/user/opencv/CVE-2019-16249.patch b/user/opencv/CVE-2019-16249.patch new file mode 100644 index 000000000..a7f0027ac --- /dev/null +++ b/user/opencv/CVE-2019-16249.patch @@ -0,0 +1,57 @@ +From cd7fa04985b10db5e66de542725d0da57f0d10b6 Mon Sep 17 00:00:00 2001 +From: Vitaly Tuzov <terfendail@mediana.jetos.com> +Date: Tue, 17 Sep 2019 15:53:18 +0300 +Subject: [PATCH] Fixed out of bound reading in DIS optical flow evaluation + implementation + +--- + modules/video/src/dis_flow.cpp | 18 +++++------------- + 1 file changed, 5 insertions(+), 13 deletions(-) + +diff --git a/modules/video/src/dis_flow.cpp b/modules/video/src/dis_flow.cpp +index 85400c71ca7..a260b8726bb 100644 +--- a/modules/video/src/dis_flow.cpp ++++ b/modules/video/src/dis_flow.cpp +@@ -494,7 +494,6 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp + v_float32x4 w10v = v_setall_f32(w10); \ + v_float32x4 w11v = v_setall_f32(w11); \ + \ +- v_uint8x16 I0_row_16, I1_row_16, I1_row_shifted_16, I1_row_next_16, I1_row_next_shifted_16; \ + v_uint16x8 I0_row_8, I1_row_8, I1_row_shifted_8, I1_row_next_8, I1_row_next_shifted_8, tmp; \ + v_uint32x4 I0_row_4_left, I1_row_4_left, I1_row_shifted_4_left, I1_row_next_4_left, I1_row_next_shifted_4_left; \ + v_uint32x4 I0_row_4_right, I1_row_4_right, I1_row_shifted_4_right, I1_row_next_4_right, \ +@@ -502,29 +501,22 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp + v_float32x4 I_diff_left, I_diff_right; \ + \ + /* Preload and expand the first row of I1: */ \ +- I1_row_16 = v_load(I1_ptr); \ +- I1_row_shifted_16 = v_extract<1>(I1_row_16, I1_row_16); \ +- v_expand(I1_row_16, I1_row_8, tmp); \ +- v_expand(I1_row_shifted_16, I1_row_shifted_8, tmp); \ ++ I1_row_8 = v_load_expand(I1_ptr); \ ++ I1_row_shifted_8 = v_load_expand(I1_ptr + 1); \ + v_expand(I1_row_8, I1_row_4_left, I1_row_4_right); \ + v_expand(I1_row_shifted_8, I1_row_shifted_4_left, I1_row_shifted_4_right); \ + I1_ptr += I1_stride; + + #define HAL_PROCESS_BILINEAR_8x8_PATCH_EXTRACTION \ + /* Load the next row of I1: */ \ +- I1_row_next_16 = v_load(I1_ptr); \ +- /* Circular shift left by 1 element: */ \ +- I1_row_next_shifted_16 = v_extract<1>(I1_row_next_16, I1_row_next_16); \ +- /* Expand to 8 ushorts (we only need the first 8 values): */ \ +- v_expand(I1_row_next_16, I1_row_next_8, tmp); \ +- v_expand(I1_row_next_shifted_16, I1_row_next_shifted_8, tmp); \ ++ I1_row_next_8 = v_load_expand(I1_ptr); \ ++ I1_row_next_shifted_8 = v_load_expand(I1_ptr + 1); \ + /* Separate the left and right halves: */ \ + v_expand(I1_row_next_8, I1_row_next_4_left, I1_row_next_4_right); \ + v_expand(I1_row_next_shifted_8, I1_row_next_shifted_4_left, I1_row_next_shifted_4_right); \ + \ + /* Load current row of I0: */ \ +- I0_row_16 = v_load(I0_ptr); \ +- v_expand(I0_row_16, I0_row_8, tmp); \ ++ I0_row_8 = v_load_expand(I0_ptr); \ + v_expand(I0_row_8, I0_row_4_left, I0_row_4_right); \ + \ + /* Compute diffs between I0 and bilinearly interpolated I1: */ \ diff --git a/user/pango/APKBUILD b/user/pango/APKBUILD index aff854dc0..c26726d5d 100644 --- a/user/pango/APKBUILD +++ b/user/pango/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=pango pkgver=1.42.4 -pkgrel=0 +pkgrel=1 pkgdesc="Library for laying out and rendering text" url="https://www.pango.org/" arch="all" @@ -12,10 +12,14 @@ makedepends="$depends_dev cairo-dev expat-dev fontconfig-dev freetype-dev fribidi-dev glib-dev gobject-introspection-dev harfbuzz-dev libxft-dev" install="$pkgname.pre-deinstall" triggers="$pkgname.trigger=/usr/lib/pango/*/modules" -source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz" +source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz + CVE-2019-1010238.patch" + +# secfixes: +# 1.42.4-r1: +# - CVE-2019-1010238 build () { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -26,9 +30,9 @@ build () { } package() { - cd "$builddir" mkdir -p "$pkgdir"/etc/pango make DESTDIR="$pkgdir" install } -sha512sums="993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc pango-1.42.4.tar.xz" +sha512sums="993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc pango-1.42.4.tar.xz +d11af8e56c59286f998d136d795d9ed22bea96b7dfaf4e02fe294ab0b147606ecb43ddfbd8caaa0eee1ee27b5a2f5c5a6f6f7a0b3193750649cf6b121cb6de50 CVE-2019-1010238.patch" diff --git a/user/pango/CVE-2019-1010238.patch b/user/pango/CVE-2019-1010238.patch new file mode 100644 index 000000000..cc65b3d53 --- /dev/null +++ b/user/pango/CVE-2019-1010238.patch @@ -0,0 +1,34 @@ +From 490f8979a260c16b1df055eab386345da18a2d54 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Wed, 10 Jul 2019 20:26:23 -0400 +Subject: [PATCH] bidi: Be safer against bad input + +Don't run off the end of an array that we +allocated to certain length. + +Closes: https://gitlab.gnome.org/GNOME/pango/issues/342 +--- + pango/pango-bidi-type.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c +index 3e46b66c..5c02dbbb 100644 +--- a/pango/pango-bidi-type.c ++++ b/pango/pango-bidi-type.c +@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar *text, + for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++) + { + gunichar ch = g_utf8_get_char (p); +- FriBidiCharType char_type; +- char_type = fribidi_get_bidi_type (ch); ++ FriBidiCharType char_type = fribidi_get_bidi_type (ch); ++ ++ if (i == n_chars) ++ break; ++ + bidi_types[i] = char_type; + ored_types |= char_type; + if (FRIBIDI_IS_STRONG (char_type)) +-- +2.22.0 + diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD index 2dc82dde6..6c9a23c97 100644 --- a/user/vlc/APKBUILD +++ b/user/vlc/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=vlc -pkgver=3.0.7.1 -pkgrel=2 +pkgver=3.0.8 +pkgrel=0 pkgdesc="Multi-platform MPEG, VCD/DVD, and DivX player" triggers="vlc-libs.trigger=/usr/lib/vlc/plugins" pkgusers="vlc" @@ -11,7 +11,7 @@ pkggroups="vlc" url="https://www.videolan.org/vlc/" arch="all" license="GPL-2.0+" -options="!checkroot textrel" +options="textrel" subpackages="$pkgname-dev $pkgname-doc $pkgname-qt $pkgname-pulse $pkgname-daemon::noarch $pkgname-libs $pkgname-lang" depends="ttf-dejavu xdg-utils" @@ -43,12 +43,28 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz omxil-rpi-codecs.patch tar-compat.patch test-s390x.patch - vlc-libs.trigger + + $pkgname.initd + $pkgname.confd " # secfixes: vlc_media_player # 3.0.4-r2: # - CVE-2018-19857 +# 3.0.8-r0: +# - CVE-2019-13602 +# - CVE-2019-13615 +# - CVE-2019-13962 +# - CVE-2019-14437 +# - CVE-2019-14438 +# - CVE-2019-14498 +# - CVE-2019-14533 +# - CVE-2019-14534 +# - CVE-2019-14535 +# - CVE-2019-14776 +# - CVE-2019-14777 +# - CVE-2019-14778 +# - CVE-2019-14970 prepare() { default_prepare @@ -57,7 +73,6 @@ prepare() { build() { local _arch_opts= - cd "$builddir" export CFLAGS="$CFLAGS -D_GNU_SOURCE" case "$CARCH" in @@ -127,7 +142,6 @@ build() { } package() { - cd "$builddir" make DESTDIR="$pkgdir" install # delete cache as it's autocreated by trigger rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat @@ -137,7 +151,6 @@ package() { } check() { - cd "$builddir" make check } @@ -150,7 +163,7 @@ _mv() { pulse() { pkgdesc="PulseAudio support for VLC" depends="" - install_if="vlc pulseaudio" + install_if="vlc=$pkgver-r$pkgrel pulseaudio" mkdir -p "$subpkgdir"/usr/lib/vlc mv "$pkgdir"/usr/lib/vlc/libvlc_pulse* "$subpkgdir"/usr/lib/vlc/ } @@ -179,8 +192,8 @@ daemon() { mkdir -p "$subpkgdir" cd "$pkgdir" - install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc - install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc + install -D -m755 "$srcdir"/vlc.initd "$subpkgdir"/etc/init.d/vlc + install -D -m664 "$srcdir"/vlc.confd "$subpkgdir"/etc/conf.d/vlc install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc } @@ -192,7 +205,7 @@ libs() { default_libs } -sha512sums="6b99ae0564630a7a7ca9187c3bb954c601e384522ce93460b73f2dbf31787ce5828daca9f31c781b97db77872d76b6a3e871ff3401d70f1b5829fee7c4e847fd vlc-3.0.7.1.tar.xz +sha512sums="5ade0b350e98fd6fa90035bffabda96f0addb3844a7c0a242b4db1cab6a746e1adb1d713ddcb48ae51a7d1736090f096f5d3b0637a9f958ccf4fcf27e838cf70 vlc-3.0.8.tar.xz 22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa check-headless.patch e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0 disable-sub-autodetect-fuzzy-1-test.patch e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd4630948e30c4329d27bd928f95de20fe1050d5e839778a4d012 endian-fix.patch @@ -201,4 +214,5 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89 omxil-rpi-codecs.patch a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3 tar-compat.patch c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5 test-s390x.patch -34d899b8b88de2058a8d64ce316389bd3437c0bbcd64a925eec4975adf2bc306a3a8d2e322bad5e3a18b5a28cbb5bf6705d8849dee655daf7e5a4bb007fe07e0 vlc-libs.trigger" +55e245190b443dde9c7215ea5210612fcca164900a9a4b025ccf0d1e3fc5206d00b52355b256974421e37c609875627f1db19f0f5a084511aec0daf677ecc9d6 vlc.initd +d89190dca1b8b2c3faca5863dc6c7e6eb24e05178e6f75ed752fd3c6a73cb8a42d2625b6e56453296b7096ea868be642ecd42745dac20e7f13fc67dd3c3c7c49 vlc.confd" diff --git a/user/wpa_supplicant/APKBUILD b/user/wpa_supplicant/APKBUILD index 5d1a35b4e..dbd22b8c7 100644 --- a/user/wpa_supplicant/APKBUILD +++ b/user/wpa_supplicant/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=wpa_supplicant pkgver=2.9 -pkgrel=0 +pkgrel=1 pkgdesc="Utility providing key negotiation for WPA wireless networks" url="https://w1.fi/wpa_supplicant/" arch="all" @@ -17,6 +17,7 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz wpa_supplicant.conf dbus.patch eloop.patch + CVE-2019-16275.patch config wpa_cli.sh" @@ -32,6 +33,8 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz # - CVE-2017-13086 # - CVE-2017-13087 # - CVE-2017-13088 +# 2.9-r1: +# - CVE-2019-16275 prepare() { default_prepare @@ -104,5 +107,6 @@ sha512sums="37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd f8b224b6c5a8adf378d8224beb49f2a99817d303f7e6a724943ecb3313ae85ce0fdd8291a20c95563470681ebf5d991ffa31094b9171e470e9690b38bba25738 wpa_supplicant.conf dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed dbus.patch 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch +63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch 221660fa0350442a7d8371686b2118861052a4613fb352b7f80079e3750b82f4e48efc378b9d617455007d1106552b695fdca506a3c338283986641f3848b202 config 45d3e70c47d0f7d6dc6730853af8cbcb40ed0713ee7b1069698f5a635939f273f66e72d4221e064c3c71a92154cf07841c8c0d4fc14d796dbb6fe0d92776ee2b wpa_cli.sh" diff --git a/user/wpa_supplicant/CVE-2019-16275.patch b/user/wpa_supplicant/CVE-2019-16275.patch new file mode 100644 index 000000000..d764a9db0 --- /dev/null +++ b/user/wpa_supplicant/CVE-2019-16275.patch @@ -0,0 +1,73 @@ +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 + |