Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
651
Issues
651
List
Boards
Labels
Service Desk
Milestones
Merge Requests
216
Merge Requests
216
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
9ee02b0d
Commit
9ee02b0d
authored
Feb 04, 2019
by
Leonardo Arena
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/zeromq: upgrade to 4.2.5, security fix (CVE-2019-6250)
Fixes
#9878
parent
4bae97cf
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
23 additions
and
4 deletions
+23
-4
main/zeromq/APKBUILD
main/zeromq/APKBUILD
+10
-4
main/zeromq/CVE-2019-6250.patch
main/zeromq/CVE-2019-6250.patch
+13
-0
No files found.
main/zeromq/APKBUILD
View file @
9ee02b0d
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
zeromq
pkgver
=
4.2.
2
pkgrel
=
2
pkgver
=
4.2.
5
pkgrel
=
0
pkgdesc
=
"The ZeroMQ messaging library and tools"
url
=
"http://www.zeromq.org/"
arch
=
"all"
...
...
@@ -13,9 +13,14 @@ makedepends="util-linux-dev libsodium-dev
subpackages
=
"
$pkgname
-dev
$pkgname
-doc libzmq:libs"
source
=
"https://github.com/zeromq/libzmq/releases/download/v
$pkgver
/
$pkgname
-
$pkgver
.tar.gz
test-driver.patch
CVE-2019-6250.patch
"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
# secfixes:
# 4.2.5-r0:
# - CVE-2019-6250
build
()
{
cd
"
$builddir
"
./configure
\
...
...
@@ -40,5 +45,6 @@ package() {
make
DESTDIR
=
"
$pkgdir
"
install
||
return
1
}
sha512sums
=
"d78813a61ce3311a1f8c230f7da0f5aedc97ef4b792afb6d398c5710da239348c0c7a67bdfeb38a7ab0282af498f1ed173649aff4add1bc35f0ef1b66f965443 zeromq-4.2.2.tar.gz
64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch"
sha512sums
=
"4556cb50d05a6d133015a0ba804d6d951a47479a33fa29561eaeecb93d48b7bb6477365d0986c38b779f500cadaf08522c4a7aa13f5510303bd923f794d37036 zeromq-4.2.5.tar.gz
64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch
ee0c71814c93378106593afafd9bb96c15038c2455dcd57ac71a6c3474ebd4eee3f4cf9933ddc737bbe0fe25f8d7cb141517c933fec591c00b7d5563bf33894d CVE-2019-6250.patch"
main/zeromq/CVE-2019-6250.patch
0 → 100644
View file @
9ee02b0d
diff --git a/src/v2_decoder.cpp b/src/v2_decoder.cpp
index 839be9a..37889bd 100644
--- a/src/v2_decoder.cpp
+++ b/src/v2_decoder.cpp
@@ -116,7 +116,7 @@
int zmq::v2_decoder_t::size_ready (uint64_t msg_size,
if (unlikely (
!zero_copy
- || ((unsigned char *) read_pos + msg_size > (data () + size ())))) {
+ || (msg_size > (size_t) (data () + size () - read_pos)))) {
// a new message has started, but the size would exceed the pre-allocated arena
// this happens every time when a message does not fit completely into the buffer
rc = in_progress.init_size (static_cast<size_t> (msg_size));
Alicha CH
@alicha
mentioned in issue
#9878 (closed)
·
Jul 12, 2019
mentioned in issue
#9878 (closed)
mentioned in issue #9878
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment