main/apk-tools: fix issue found by fortify

05194ff1 · Timo Teräs · 7ca02ccb · 05194ff1 · 05194ff1
Commit 05194ff1 authored Apr 08, 2015 by Timo Teräs
Showing with 35 additions and 4 deletions

main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch ...se-memmove-for-copying-buffer-leftovers-as-the-rang.patch +27 -0

main/apk-tools/APKBUILD main/apk-tools/APKBUILD +8 -4

No files found.
--- a/main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch
+++ b/main/apk-tools/0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch
+From 60dd5798c90f0032b5c477bd35a2e0d49c280c7c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Wed, 8 Apr 2015 16:58:20 +0300
+Subject: [PATCH] use memmove for copying buffer leftovers, as the ranges may
+ overlap
+
+issue cought by fortify
+---
+ src/io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/io.c b/src/io.c
+index e9d95df..765afc5 100644
+--- a/src/io.c
+++ b/src/io.c
+@@ -224,7 +224,7 @@ static apk_blob_t is_bs_read(void *stream, apk_blob_t token)
+ 
+ 	/* We need more data */
+ 	if (isbs->left.len != 0)
+-		memcpy(isbs->buffer, isbs->left.ptr, isbs->left.len);
+		memmove(isbs->buffer, isbs->left.ptr, isbs->left.len);
+ 	isbs->left.ptr = isbs->buffer;
+ 	size = isbs->is->read(isbs->is, isbs->buffer + isbs->left.len,
+ 			      sizeof(isbs->buffer) - isbs->left.len);
+-- 
+2.3.5
+
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apk-tools
 pkgver=2.6.0_rc1
-pkgrel=0
+pkgrel=1
 pkgdesc="Alpine Package Keeper - package manager for alpine"
 subpackages="$pkgname-static"
 depends=
@@ -13,6 +13,7 @@ if [ "$CBUILD" = "$CHOST" ]; then
 	makedepends="$makedepends lua5.2-dev"
 fi
 source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz
+	0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch
 	"

 url="http://git.alpinelinux.org/cgit/apk-tools/"
@@ -82,6 +83,9 @@ luaapk() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/
 }

-md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0  apk-tools-2.6.0_rc1.tar.xz"
-sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba  apk-tools-2.6.0_rc1.tar.xz"
-sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105  apk-tools-2.6.0_rc1.tar.xz"
+md5sums="c9515f2063d31e4dc7583e6b3d3b8ab0  apk-tools-2.6.0_rc1.tar.xz
+b6ad09951c806fa6d2ca5d1f3c316dff  0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"
+sha256sums="41f87b45998bee0154a86d4e408ed014248abd713ca7d04b529b3d53b9af2fba  apk-tools-2.6.0_rc1.tar.xz
+01cedfd97bcbbeee309a1293c65a0e734c0b894f65b543330d564c648f91f3c4  0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"
+sha512sums="899706b2d440d4c28c3a8715514d3b32a0aea489ff48e5e1af658c167a2197f7d6e642182149f32744cd4c78d981ee4eb0f8588f07b365c6b8be04e1da3cf105  apk-tools-2.6.0_rc1.tar.xz
+4e26becda63fd1664fb1625487eedc4cb1b7b8155a65ac317e7c0583e3e9f203fe7cab7498463e6f9552ac71d9dbac48c1eba5926dc1f29481cef7d9a691c1ed  0001-use-memmove-for-copying-buffer-leftovers-as-the-rang.patch"