1 |
commit: bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc |
2 |
Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Nov 23 16:37:01 2017 +0000 |
4 |
Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Nov 23 16:47:58 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc5ac7f9 |
7 |
|
8 |
net-libs/ldns: add patches to fix CVE-2017-1000231/1000232 |
9 |
|
10 |
Package-Manager: Portage-2.3.16, Repoman-2.3.6 |
11 |
|
12 |
net-libs/ldns/Manifest | 2 +- |
13 |
net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch | 15 +++++++++++++++ |
14 |
net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch | 17 +++++++++++++++++ |
15 |
.../ldns/{ldns-1.7.0.ebuild => ldns-1.7.0-r1.ebuild} | 6 ++++++ |
16 |
4 files changed, 39 insertions(+), 1 deletion(-) |
17 |
|
18 |
diff --git a/net-libs/ldns/Manifest b/net-libs/ldns/Manifest |
19 |
index c444cb3ed12..419666a1102 100644 |
20 |
--- a/net-libs/ldns/Manifest |
21 |
+++ b/net-libs/ldns/Manifest |
22 |
@@ -1,2 +1,2 @@ |
23 |
DIST ldns-1.6.17.tar.gz 1315403 SHA256 8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd SHA512 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03b65c5b45d7c51bf9c2edb310ef9d7431af49aef77d968bfa2455a7dedfa80cde3d433436c83785 WHIRLPOOL 08c8a13df3dbeccd5dc5ceeb52730a61ab231e70a85524e826f9275bbcde6e09d6e2fc5234303a6bceb431d2b91f510140ce61a2b59d77afbb2759a0627c7cb7 |
24 |
-DIST ldns-1.7.0.tar.gz 1304424 SHA256 c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 WHIRLPOOL 4450b94dd3e2586230f1691b626947cad7ac2031e343d1e522343570d5b713cfd4bacd52e91713139a88c2fe2406f5f42594d2da0a0474c807f47fd2e98726b1 |
25 |
+DIST ldns-1.7.0.tar.gz 1304424 BLAKE2B 2f37aa2d00c1d9cf18711bd4f873f4722df01c4f4d0f627e054f04b2473c0fbf19449e293a130d5c8b98dcebafeb3d7b3f5923ae0244bd80139cea77f2171e06 SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 |
26 |
|
27 |
diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch |
28 |
new file mode 100644 |
29 |
index 00000000000..9ff92e25c75 |
30 |
--- /dev/null |
31 |
+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch |
32 |
@@ -0,0 +1,15 @@ |
33 |
+diff --git a/parse.c b/parse.c |
34 |
+index e68627c..947dbb8 100644 |
35 |
+--- a/parse.c |
36 |
++++ b/parse.c |
37 |
+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li |
38 |
+ if (line_nr) { |
39 |
+ *line_nr = *line_nr + 1; |
40 |
+ } |
41 |
++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { |
42 |
++ *t = '\0'; |
43 |
++ return -1; |
44 |
++ } |
45 |
+ *t++ = ' '; |
46 |
+ prev_c = c; |
47 |
+ continue; |
48 |
|
49 |
diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch |
50 |
new file mode 100644 |
51 |
index 00000000000..341dfa5916e |
52 |
--- /dev/null |
53 |
+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch |
54 |
@@ -0,0 +1,17 @@ |
55 |
+diff --git a/str2host.c b/str2host.c |
56 |
+index b274b17..f2a317b 100644 |
57 |
+--- a/str2host.c |
58 |
++++ b/str2host.c |
59 |
+@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) |
60 |
+ if (! str) { |
61 |
+ return LDNS_STATUS_SYNTAX_BAD_ESCAPE; |
62 |
+ } |
63 |
+- length = (size_t)(dp - data); |
64 |
+- |
65 |
++ if (!(length = (size_t)(dp - data))) { |
66 |
++ LDNS_FREE(data); |
67 |
++ return LDNS_STATUS_SYNTAX_EMPTY; |
68 |
++ } |
69 |
+ /* Lose the overmeasure */ |
70 |
+ data = LDNS_XREALLOC(dp = data, uint8_t, length); |
71 |
+ if (! data) { |
72 |
|
73 |
diff --git a/net-libs/ldns/ldns-1.7.0.ebuild b/net-libs/ldns/ldns-1.7.0-r1.ebuild |
74 |
similarity index 95% |
75 |
rename from net-libs/ldns/ldns-1.7.0.ebuild |
76 |
rename to net-libs/ldns/ldns-1.7.0-r1.ebuild |
77 |
index 5e5b25fd009..d507363c921 100644 |
78 |
--- a/net-libs/ldns/ldns-1.7.0.ebuild |
79 |
+++ b/net-libs/ldns/ldns-1.7.0-r1.ebuild |
80 |
@@ -72,6 +72,12 @@ multilib_src_configure() { |
81 |
# >=openssl-1.1.0 required for dane-ta |
82 |
} |
83 |
|
84 |
+src_prepare() { |
85 |
+ cd "$S" |
86 |
+ epatch "${FILESDIR}/${P}-CVE-2017-1000231.patch" |
87 |
+ epatch "${FILESDIR}/${P}-CVE-2017-1000232.patch" |
88 |
+} |
89 |
+ |
90 |
multilib_src_compile() { |
91 |
default |