1 |
commit: e4782ac407f7b8744abf6bb7fe9e60bdd2dffa64 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 27 00:41:03 2019 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 27 00:41:03 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4782ac4 |
7 |
|
8 |
sys-apps/file: fix CVE-2019-18218 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/698610 |
11 |
Package-Manager: Portage-2.3.78, Repoman-2.3.17 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
.../file/{file-5.37.ebuild => file-5.37-r1.ebuild} | 2 ++ |
15 |
sys-apps/file/files/file-5.37-CVE-2019-18218.patch | 36 ++++++++++++++++++++++ |
16 |
2 files changed, 38 insertions(+) |
17 |
|
18 |
diff --git a/sys-apps/file/file-5.37.ebuild b/sys-apps/file/file-5.37-r1.ebuild |
19 |
similarity index 98% |
20 |
rename from sys-apps/file/file-5.37.ebuild |
21 |
rename to sys-apps/file/file-5.37-r1.ebuild |
22 |
index 7aa0f8d8888..5b6cf1db5d0 100644 |
23 |
--- a/sys-apps/file/file-5.37.ebuild |
24 |
+++ b/sys-apps/file/file-5.37-r1.ebuild |
25 |
@@ -33,6 +33,8 @@ DEPEND=" |
26 |
RDEPEND="${DEPEND} |
27 |
python? ( !dev-python/python-magic )" |
28 |
|
29 |
+PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch ) |
30 |
+ |
31 |
src_prepare() { |
32 |
default |
33 |
|
34 |
|
35 |
diff --git a/sys-apps/file/files/file-5.37-CVE-2019-18218.patch b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch |
36 |
new file mode 100644 |
37 |
index 00000000000..1cd02b778ab |
38 |
--- /dev/null |
39 |
+++ b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch |
40 |
@@ -0,0 +1,36 @@ |
41 |
+CVE-2019-18218 |
42 |
+https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 |
43 |
+ |
44 |
+--- a/src/cdf.c |
45 |
++++ b/src/cdf.c |
46 |
+@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, |
47 |
+ goto out; |
48 |
+ } |
49 |
+ nelements = CDF_GETUINT32(q, 1); |
50 |
+- if (nelements == 0) { |
51 |
+- DPRINTF(("CDF_VECTOR with nelements == 0\n")); |
52 |
++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { |
53 |
++ DPRINTF(("CDF_VECTOR with nelements == %" |
54 |
++ SIZE_T_FORMAT "u\n", nelements)); |
55 |
+ goto out; |
56 |
+ } |
57 |
+ slen = 2; |
58 |
+@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, |
59 |
+ goto out; |
60 |
+ inp += nelem; |
61 |
+ } |
62 |
+- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", |
63 |
+- nelements)); |
64 |
+ for (j = 0; j < nelements && i < sh.sh_properties; |
65 |
+ j++, i++) |
66 |
+ { |
67 |
+--- a/src/cdf.h |
68 |
++++ b/src/cdf.h |
69 |
+@@ -48,6 +48,7 @@ |
70 |
+ typedef int32_t cdf_secid_t; |
71 |
+ |
72 |
+ #define CDF_LOOP_LIMIT 10000 |
73 |
++#define CDF_ELEMENT_LIMIT 100000 |
74 |
+ |
75 |
+ #define CDF_SECID_NULL 0 |
76 |
+ #define CDF_SECID_FREE -1 |