[gentoo-commits] repo/gentoo:master commit in: net-libs/ldns/, net-libs/ldns/files/ - gentoo-commits

From:	Marc Schiffbauer <mschiff@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-libs/ldns/, net-libs/ldns/files/
Date:	Thu, 23 Nov 2017 16:49:15
Message-Id:	`1511455678.bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc.mschiff@gentoo`

1

commit:     bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc

2

Author:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>

3

AuthorDate: Thu Nov 23 16:37:01 2017 +0000

4

Commit:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>

5

CommitDate: Thu Nov 23 16:47:58 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc5ac7f9

7

8

net-libs/ldns: add patches to fix CVE-2017-1000231/1000232

9

10

Package-Manager: Portage-2.3.16, Repoman-2.3.6

11

12

 net-libs/ldns/Manifest                                  |  2 +-

13

 net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch   | 15 +++++++++++++++

14

 net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch   | 17 +++++++++++++++++

15

 .../ldns/{ldns-1.7.0.ebuild => ldns-1.7.0-r1.ebuild}    |  6 ++++++

16

 4 files changed, 39 insertions(+), 1 deletion(-)

17

18

diff --git a/net-libs/ldns/Manifest b/net-libs/ldns/Manifest

19

index c444cb3ed12..419666a1102 100644

20

--- a/net-libs/ldns/Manifest

21

+++ b/net-libs/ldns/Manifest

22

@@ -1,2 +1,2 @@

23

 DIST ldns-1.6.17.tar.gz 1315403 SHA256 8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd SHA512 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03b65c5b45d7c51bf9c2edb310ef9d7431af49aef77d968bfa2455a7dedfa80cde3d433436c83785 WHIRLPOOL 08c8a13df3dbeccd5dc5ceeb52730a61ab231e70a85524e826f9275bbcde6e09d6e2fc5234303a6bceb431d2b91f510140ce61a2b59d77afbb2759a0627c7cb7

24

-DIST ldns-1.7.0.tar.gz 1304424 SHA256 c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 WHIRLPOOL 4450b94dd3e2586230f1691b626947cad7ac2031e343d1e522343570d5b713cfd4bacd52e91713139a88c2fe2406f5f42594d2da0a0474c807f47fd2e98726b1

25

+DIST ldns-1.7.0.tar.gz 1304424 BLAKE2B 2f37aa2d00c1d9cf18711bd4f873f4722df01c4f4d0f627e054f04b2473c0fbf19449e293a130d5c8b98dcebafeb3d7b3f5923ae0244bd80139cea77f2171e06 SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8

26

27

diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch

28

new file mode 100644

29

index 00000000000..9ff92e25c75

30

--- /dev/null

31

+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch

32

@@ -0,0 +1,15 @@

33

+diff --git a/parse.c b/parse.c

34

+index e68627c..947dbb8 100644

35

+--- a/parse.c

36

++++ b/parse.c

37

+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li

38

+ 			if (line_nr) {

39

+ 				*line_nr = *line_nr + 1;

40

+ 			}

41

++			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {

42

++				*t = '\0';

43

++				return -1;

44

++			}

45

+ 			*t++ = ' ';

46

+ 			prev_c = c;

47

+			continue;

48

49

diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch

50

new file mode 100644

51

index 00000000000..341dfa5916e

52

--- /dev/null

53

+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch

54

@@ -0,0 +1,17 @@

55

+diff --git a/str2host.c b/str2host.c

56

+index b274b17..f2a317b 100644

57

+--- a/str2host.c

58

++++ b/str2host.c

59

+@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)

60

+ 	if (! str) {

61

+ 		return LDNS_STATUS_SYNTAX_BAD_ESCAPE;

62

+ 	}

63

+-	length = (size_t)(dp - data);

64

+-

65

++	if (!(length = (size_t)(dp - data))) {

66

++		LDNS_FREE(data);

67

++		return LDNS_STATUS_SYNTAX_EMPTY;

68

++	}

69

+ 	/* Lose the overmeasure */

70

+ 	data = LDNS_XREALLOC(dp = data, uint8_t, length);

71

+	if (! data) {

72

73

diff --git a/net-libs/ldns/ldns-1.7.0.ebuild b/net-libs/ldns/ldns-1.7.0-r1.ebuild

74

similarity index 95%

75

rename from net-libs/ldns/ldns-1.7.0.ebuild

76

rename to net-libs/ldns/ldns-1.7.0-r1.ebuild

77

index 5e5b25fd009..d507363c921 100644

78

--- a/net-libs/ldns/ldns-1.7.0.ebuild

79

+++ b/net-libs/ldns/ldns-1.7.0-r1.ebuild

80

@@ -72,6 +72,12 @@ multilib_src_configure() {

81

 		# >=openssl-1.1.0 required for dane-ta

82

}

83

84

+src_prepare() {

85

+	cd "$S"

86

+	epatch "${FILESDIR}/${P}-CVE-2017-1000231.patch"

87

+	epatch "${FILESDIR}/${P}-CVE-2017-1000232.patch"

88

+}

89

+

90

 multilib_src_compile() {

91

 	default

1	commit: bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc
2	Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
3	AuthorDate: Thu Nov 23 16:37:01 2017 +0000
4	Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
5	CommitDate: Thu Nov 23 16:47:58 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc5ac7f9
7
8	net-libs/ldns: add patches to fix CVE-2017-1000231/1000232
9
10	Package-Manager: Portage-2.3.16, Repoman-2.3.6
11
12	net-libs/ldns/Manifest \| 2 +-
13	net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch \| 15 +++++++++++++++
14	net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch \| 17 +++++++++++++++++
15	.../ldns/{ldns-1.7.0.ebuild => ldns-1.7.0-r1.ebuild} \| 6 ++++++
16	4 files changed, 39 insertions(+), 1 deletion(-)
17
18	diff --git a/net-libs/ldns/Manifest b/net-libs/ldns/Manifest
19	index c444cb3ed12..419666a1102 100644
20	--- a/net-libs/ldns/Manifest
21	+++ b/net-libs/ldns/Manifest
22	@@ -1,2 +1,2 @@
23	DIST ldns-1.6.17.tar.gz 1315403 SHA256 8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd SHA512 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03b65c5b45d7c51bf9c2edb310ef9d7431af49aef77d968bfa2455a7dedfa80cde3d433436c83785 WHIRLPOOL 08c8a13df3dbeccd5dc5ceeb52730a61ab231e70a85524e826f9275bbcde6e09d6e2fc5234303a6bceb431d2b91f510140ce61a2b59d77afbb2759a0627c7cb7
24	-DIST ldns-1.7.0.tar.gz 1304424 SHA256 c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 WHIRLPOOL 4450b94dd3e2586230f1691b626947cad7ac2031e343d1e522343570d5b713cfd4bacd52e91713139a88c2fe2406f5f42594d2da0a0474c807f47fd2e98726b1
25	+DIST ldns-1.7.0.tar.gz 1304424 BLAKE2B 2f37aa2d00c1d9cf18711bd4f873f4722df01c4f4d0f627e054f04b2473c0fbf19449e293a130d5c8b98dcebafeb3d7b3f5923ae0244bd80139cea77f2171e06 SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8
26
27	diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch
28	new file mode 100644
29	index 00000000000..9ff92e25c75
30	--- /dev/null
31	+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch
32	@@ -0,0 +1,15 @@
33	+diff --git a/parse.c b/parse.c
34	+index e68627c..947dbb8 100644
35	+--- a/parse.c
36	++++ b/parse.c
37	+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE f, char token, const char delim, size_t limit, int li
38	+ if (line_nr) {
39	+ line_nr = line_nr + 1;
40	+ }
41	++ if (limit > 0 && (i >= limit \|\| (size_t)(t-token) >= limit)) {
42	++ *t = '\0';
43	++ return -1;
44	++ }
45	+ *t++ = ' ';
46	+ prev_c = c;
47	+ continue;
48
49	diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch
50	new file mode 100644
51	index 00000000000..341dfa5916e
52	--- /dev/null
53	+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch
54	@@ -0,0 +1,17 @@
55	+diff --git a/str2host.c b/str2host.c
56	+index b274b17..f2a317b 100644
57	+--- a/str2host.c
58	++++ b/str2host.c
59	+@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf *rd, const char str)
60	+ if (! str) {
61	+ return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
62	+ }
63	+- length = (size_t)(dp - data);
64	+-
65	++ if (!(length = (size_t)(dp - data))) {
66	++ LDNS_FREE(data);
67	++ return LDNS_STATUS_SYNTAX_EMPTY;
68	++ }
69	+ /* Lose the overmeasure */
70	+ data = LDNS_XREALLOC(dp = data, uint8_t, length);
71	+ if (! data) {
72
73	diff --git a/net-libs/ldns/ldns-1.7.0.ebuild b/net-libs/ldns/ldns-1.7.0-r1.ebuild
74	similarity index 95%
75	rename from net-libs/ldns/ldns-1.7.0.ebuild
76	rename to net-libs/ldns/ldns-1.7.0-r1.ebuild
77	index 5e5b25fd009..d507363c921 100644
78	--- a/net-libs/ldns/ldns-1.7.0.ebuild
79	+++ b/net-libs/ldns/ldns-1.7.0-r1.ebuild
80	@@ -72,6 +72,12 @@ multilib_src_configure() {
81	# >=openssl-1.1.0 required for dane-ta
82	}
83
84	+src_prepare() {
85	+ cd "$S"
86	+ epatch "${FILESDIR}/${P}-CVE-2017-1000231.patch"
87	+ epatch "${FILESDIR}/${P}-CVE-2017-1000232.patch"
88	+}
89	+
90	multilib_src_compile() {
91	default

Gentoo Archives: gentoo-commits