Commit ae0d0538 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/cyrus-sasl: fix CVE-2019-19906

fixes #11079
parent 33832d93
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cyrus-sasl
pkgver=2.1.26
pkgrel=14
pkgrel=15
pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
url="https://cyrusimap.org/"
arch="all"
......@@ -19,9 +19,12 @@ source="ftp://ftp.cyrusimap.org/$pkgname/$pkgname-$pkgver.tar.gz
cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
cyrus-sasl-2.1.26-size_t.patch
CVE-2013-4122.patch
CVE-2019-19906.patch
"
# secfixes:
# 2.1.26-r15:
# - CVE-2019-19906
# 2.1.26-r7:
# - CVE-2013-4122
......@@ -107,18 +110,9 @@ libsasl() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
md5sums="a7f4e5e559a0e37b3ffc438c9456e425 cyrus-sasl-2.1.26.tar.gz
6e7cbe301015777bf53d5f08ac4362f0 saslauthd.initd
085acdc345bcce896f3eea8956cc0892 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
bcaafcbc79054e8356217213d6eda16d cyrus-sasl-2.1.26-size_t.patch
8b3f65a7c8fbcbd7b7da2865f71b8aa7 CVE-2013-4122.patch"
sha256sums="8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 cyrus-sasl-2.1.26.tar.gz
d6d23c360d52cf35bf266ce32b7c0eccafd79f55daa3e97733a899c97211a90c saslauthd.initd
80cb9cf22b0507b503ff0cf6c5946a44eb5c3808e0a77e66d56d5a53e5e76fa7 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
b85b20bdd25b42098e07a8ba7e435f02b5cd882dcf69572c4d32de4a5e4f41bb cyrus-sasl-2.1.26-size_t.patch
e32013e7ba1d9a80c18524a413f3b3c4bfc325e1c07b1552908b631edb803346 CVE-2013-4122.patch"
sha512sums="78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 cyrus-sasl-2.1.26.tar.gz
71a00a22f91f0fb6ba2796acede321a0f071b1d7a99616f0e36c354213777f30575c340b6df392dcbfc103ba7640d046144882f6a7b505f59709bb5c429b44d8 saslauthd.initd
033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 cyrus-sasl-2.1.25-avoid_pic_overwrite.patch
fe4c3e6d5230eb50b9e6885129760a12e7bce316b41a3e58b2c550fa83526b91205cd827f7d1367751313559875d32982b95b024b1a22300ac5b35214e7c2b78 cyrus-sasl-2.1.26-size_t.patch
08964bc3ad713e137b8f05f9bac345d79676d14784bc37525f195e8e2a3e6740428237b64f7eeeacc0c71ed6cf1664c6e9c2267ac6df327761d92174a1853744 CVE-2013-4122.patch"
08964bc3ad713e137b8f05f9bac345d79676d14784bc37525f195e8e2a3e6740428237b64f7eeeacc0c71ed6cf1664c6e9c2267ac6df327761d92174a1853744 CVE-2013-4122.patch
c39efd87dc9c883d3b07474197f6835fbd32f23baa1f5cd04b25a0473639f847321c40f232e390d4dc9d9ee189dbd177c05d3d1461af4d28a48a4827abc5d9b8 CVE-2019-19906.patch"
https://github.com/cyrusimap/cyrus-sasl/issues/587
diff --git a/lib/common.c b/lib/common.c
index bc3bf1df..9969d6aa 100644
--- a/lib/common.c
+++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
if (add==NULL) add = "(null)";
- addlen=strlen(add); /* only compute once */
+ addlen=strlen(add)+1; /* only compute once */
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
return SASL_NOMEM;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment