diff options
Diffstat (limited to 'user')
-rw-r--r-- | user/libproxy/APKBUILD | 16 | ||||
-rw-r--r-- | user/libproxy/CVE-2020-25219.patch | 57 | ||||
-rw-r--r-- | user/libproxy/CVE-2020-26154.patch | 93 | ||||
-rw-r--r-- | user/libproxy/python3.10.patch | 58 |
4 files changed, 65 insertions, 159 deletions
diff --git a/user/libproxy/APKBUILD b/user/libproxy/APKBUILD index 7a13ebc05..d0d3b6620 100644 --- a/user/libproxy/APKBUILD +++ b/user/libproxy/APKBUILD @@ -1,10 +1,10 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> -# Maintainer: +# Maintainer: Zach van Rijn <me@zv.io> pkgname=libproxy -pkgver=0.4.15 -pkgrel=3 +pkgver=0.4.17 +pkgrel=0 pkgdesc="Library providing automatic proxy configuration management" -url="http://libproxy.github.io/libproxy/" +url="https://libproxy.github.io/libproxy/" arch="all" license="LGPL-2.1+" depends="" @@ -14,8 +14,7 @@ subpackages="$pkgname-dev $pkgname-bin py3-$pkgname:py" source="$pkgname-$pkgver.tar.gz::https://github.com/libproxy/libproxy/archive/$pkgver.tar.gz libproxy-0.4.7-unistd.patch fix-includes.patch - CVE-2020-25219.patch - CVE-2020-26154.patch + python3.10.patch " # secfixes: @@ -60,8 +59,7 @@ py() { mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ } -sha512sums="8f68bd56e44aeb3f553f4657bef82a5d14302780508dafa32454d6f724b724c884ceed6042f8df53a081d26ea0b05598cf35eab44823257c47c5ef8afb36442b libproxy-0.4.15.tar.gz +sha512sums="589045538a78dc7453335ed61c60adad3352b840b224885d4a58ae284e52224ae3ff2eebd77df57aebbc3ae75d7b6d69a825f24f01c19e75bf0a3345dce53126 libproxy-0.4.17.tar.gz 9929c308195bc59c1b9a7ddaaf708fb831da83c5d86d7ce122cb9774c9b9b16aef3c17fb721356e33a865de1af27db493f29a99d292e1e258cd0135218cacd32 libproxy-0.4.7-unistd.patch e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch -908fbf49bec18764a8c2ab81ef5d5e6e1fc2423cf9a6608cc7d3a6d5ac44676e171646b0f95b39b7ade108afd62cc2ede8f7b57d6ba0d67025f30b18e5084292 CVE-2020-25219.patch -01c784a8016bb2a2bf5058b6af7fac29250542bfd4e0679a91fa223c821336d651f8f4a968763072edb86a78a743618c312a2daeb2963c8e5207109f2d26a18f CVE-2020-26154.patch" +9f506d918c4bacbc224cf798b776a7daeb124782352270cca184c5af0f6f4cab73de724f3724e380ddd9240521e0eee46b1a22f2953d1d3026edc3926b3ff9b0 python3.10.patch" diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch deleted file mode 100644 index 03cfbc00e..000000000 --- a/user/libproxy/CVE-2020-25219.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro <mcatanzaro@gnome.org> -Date: Wed, 9 Sep 2020 11:12:02 -0500 -Subject: [PATCH] Rewrite url::recvline to be nonrecursive - -This function processes network input. It's semi-trusted, because the -PAC ought to be trusted. But we still shouldn't allow it to control how -far we recurse. A malicious PAC can cause us to overflow the stack by -sending a sufficiently-long line without any '\n' character. - -Also, this function failed to properly handle EINTR, so let's fix that -too, for good measure. - -Fixes #134 ---- - libproxy/url.cpp | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/libproxy/url.cpp b/libproxy/url.cpp -index ee776b2..68d69cd 100644 ---- a/libproxy/url.cpp -+++ b/libproxy/url.cpp -@@ -388,16 +388,24 @@ string url::to_string() const { - return m_orig; - } - --static inline string recvline(int fd) { -- // Read a character. -- // If we don't get a character, return empty string. -- // If we are at the end of the line, return empty string. -- char c = '\0'; -- -- if (recv(fd, &c, 1, 0) != 1 || c == '\n') -- return ""; -- -- return string(1, c) + recvline(fd); -+static string recvline(int fd) { -+ string line; -+ int ret; -+ -+ // Reserve arbitrary amount of space to avoid small memory reallocations. -+ line.reserve(128); -+ -+ do { -+ char c; -+ ret = recv(fd, &c, 1, 0); -+ if (ret == 1) { -+ if (c == '\n') -+ return line; -+ line += c; -+ } -+ } while (ret == 1 || (ret == -1 && errno == EINTR)); -+ -+ return line; - } - - char* url::get_pac() { diff --git a/user/libproxy/CVE-2020-26154.patch b/user/libproxy/CVE-2020-26154.patch deleted file mode 100644 index 929083327..000000000 --- a/user/libproxy/CVE-2020-26154.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001 -From: Fei Li <lifeibiren@gmail.com> -Date: Fri, 17 Jul 2020 02:18:37 +0800 -Subject: [PATCH] Fix buffer overflow when PAC is enabled - -The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned -out to be the large PAC file (more than 102400 bytes) returned by a -local proxy program with no content-length present. ---- - libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++------------- - 1 file changed, 31 insertions(+), 13 deletions(-) - -diff --git a/libproxy/url.cpp b/libproxy/url.cpp -index ee776b2..8684086 100644 ---- a/libproxy/url.cpp -+++ b/libproxy/url.cpp -@@ -54,7 +54,7 @@ using namespace std; - #define PAC_MIME_TYPE_FB "text/plain" - - // This is the maximum pac size (to avoid memory attacks) --#define PAC_MAX_SIZE 102400 -+#define PAC_MAX_SIZE 0x800000 - // This is the default block size to use when receiving via HTTP - #define PAC_HTTP_BLOCK_SIZE 512 - -@@ -478,15 +478,13 @@ char* url::get_pac() { - } - - // Get content -- unsigned int recvd = 0; -- buffer = new char[PAC_MAX_SIZE]; -- memset(buffer, 0, PAC_MAX_SIZE); -+ std::vector<char> dynamic_buffer; - do { - unsigned int chunk_length; - - if (chunked) { - // Discard the empty line if we received a previous chunk -- if (recvd > 0) recvline(sock); -+ if (!dynamic_buffer.empty()) recvline(sock); - - // Get the chunk-length line as an integer - if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break; -@@ -498,21 +496,41 @@ char* url::get_pac() { - - if (content_length >= PAC_MAX_SIZE) break; - -- while (content_length == 0 || recvd != content_length) { -- int r = recv(sock, buffer + recvd, -- content_length == 0 ? PAC_HTTP_BLOCK_SIZE -- : content_length - recvd, 0); -+ while (content_length == 0 || dynamic_buffer.size() != content_length) { -+ // Calculate length to recv -+ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE; -+ if (content_length > 0) -+ length_to_read = content_length - dynamic_buffer.size(); -+ -+ // Prepare buffer -+ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read); -+ -+ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0); -+ -+ // Shrink buffer to fit -+ if (r >= 0) -+ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r); -+ -+ // PAC size too large, discard -+ if (dynamic_buffer.size() >= PAC_MAX_SIZE) { -+ chunked = false; -+ dynamic_buffer.clear(); -+ break; -+ } -+ - if (r <= 0) { - chunked = false; - break; - } -- recvd += r; - } - } while (chunked); - -- if (content_length != 0 && string(buffer).size() != content_length) { -- delete[] buffer; -- buffer = NULL; -+ if (content_length == 0 || content_length == dynamic_buffer.size()) { -+ buffer = new char[dynamic_buffer.size() + 1]; -+ if (!dynamic_buffer.empty()) { -+ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size()); -+ } -+ buffer[dynamic_buffer.size()] = '\0'; - } - } - diff --git a/user/libproxy/python3.10.patch b/user/libproxy/python3.10.patch new file mode 100644 index 000000000..73645cee6 --- /dev/null +++ b/user/libproxy/python3.10.patch @@ -0,0 +1,58 @@ +From 04eeeabb42436cb58e9bac2f6c31c0fb87905a72 Mon Sep 17 00:00:00 2001 +From: David King <amigadave@amigadave.com> +Date: Mon, 21 Jun 2021 17:10:43 +0100 +Subject: [PATCH] python: Support Python 3.10 and above +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As suggested by Miro Hrončok, change the way that the Python interpreter +version is found. Additionally, update the static list of accepted +Python 3 versions. + +https://bugzilla.redhat.com/show_bug.cgi?id=1898060 +--- + bindings/python/python2/CMakeLists.txt | 2 +- + bindings/python/python3/CMakeLists.txt | 2 +- + cmake/FindPython3Interp.cmake | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/bindings/python/python2/CMakeLists.txt b/bindings/python/python2/CMakeLists.txt +index 00df551b..f4d2b91a 100644 +--- a/bindings/python/python2/CMakeLists.txt ++++ b/bindings/python/python2/CMakeLists.txt +@@ -6,7 +6,7 @@ if(PYTHON2INTERP_FOUND) + if(NOT PYTHON2_SITEPKG_DIR) + execute_process(COMMAND + ${PYTHON2_EXECUTABLE} +- -c "import sys; print (sys.version[0:3])" ++ -c "import sys; print('{}.{}'.format(*sys.version_info[0:2]))" + OUTPUT_VARIABLE PYTHON2_VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE) + +diff --git a/bindings/python/python3/CMakeLists.txt b/bindings/python/python3/CMakeLists.txt +index bf87dfcc..fc3b24b2 100644 +--- a/bindings/python/python3/CMakeLists.txt ++++ b/bindings/python/python3/CMakeLists.txt +@@ -6,7 +6,7 @@ if(PYTHON3INTERP_FOUND) + if(NOT PYTHON3_SITEPKG_DIR) + execute_process(COMMAND + ${PYTHON3_EXECUTABLE} +- -c "import sys; print (sys.version[0:3])" ++ -c "import sys; print('{}.{}'.format(*sys.version_info[0:2]))" + OUTPUT_VARIABLE PYTHON3_VERSION + OUTPUT_STRIP_TRAILING_WHITESPACE) + +diff --git a/cmake/FindPython3Interp.cmake b/cmake/FindPython3Interp.cmake +index 74398b2b..5b25e5af 100644 +--- a/cmake/FindPython3Interp.cmake ++++ b/cmake/FindPython3Interp.cmake +@@ -39,7 +39,7 @@ + + unset(_Python3_NAMES) + +-set(_Python3_VERSIONS 3.9 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0) ++set(_Python3_VERSIONS 3.10 3.9 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0) + + if(Python3Interp_FIND_VERSION) + if(Python3Interp_FIND_VERSION_COUNT GREATER 1) |