Commit 9ee02b0d authored by Leonardo Arena's avatar Leonardo Arena

main/zeromq: upgrade to 4.2.5, security fix (CVE-2019-6250)

Fixes #9878
parent 4bae97cf
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=zeromq
pkgver=4.2.2
pkgrel=2
pkgver=4.2.5
pkgrel=0
pkgdesc="The ZeroMQ messaging library and tools"
url="http://www.zeromq.org/"
arch="all"
......@@ -13,9 +13,14 @@ makedepends="util-linux-dev libsodium-dev
subpackages="$pkgname-dev $pkgname-doc libzmq:libs"
source="https://github.com/zeromq/libzmq/releases/download/v$pkgver/$pkgname-$pkgver.tar.gz
test-driver.patch
CVE-2019-6250.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.2.5-r0:
# - CVE-2019-6250
build() {
cd "$builddir"
./configure \
......@@ -40,5 +45,6 @@ package() {
make DESTDIR="$pkgdir" install || return 1
}
sha512sums="d78813a61ce3311a1f8c230f7da0f5aedc97ef4b792afb6d398c5710da239348c0c7a67bdfeb38a7ab0282af498f1ed173649aff4add1bc35f0ef1b66f965443 zeromq-4.2.2.tar.gz
64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch"
sha512sums="4556cb50d05a6d133015a0ba804d6d951a47479a33fa29561eaeecb93d48b7bb6477365d0986c38b779f500cadaf08522c4a7aa13f5510303bd923f794d37036 zeromq-4.2.5.tar.gz
64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch
ee0c71814c93378106593afafd9bb96c15038c2455dcd57ac71a6c3474ebd4eee3f4cf9933ddc737bbe0fe25f8d7cb141517c933fec591c00b7d5563bf33894d CVE-2019-6250.patch"
diff --git a/src/v2_decoder.cpp b/src/v2_decoder.cpp
index 839be9a..37889bd 100644
--- a/src/v2_decoder.cpp
+++ b/src/v2_decoder.cpp
@@ -116,7 +116,7 @@ int zmq::v2_decoder_t::size_ready (uint64_t msg_size,
if (unlikely (
!zero_copy
- || ((unsigned char *) read_pos + msg_size > (data () + size ())))) {
+ || (msg_size > (size_t) (data () + size () - read_pos)))) {
// a new message has started, but the size would exceed the pre-allocated arena
// this happens every time when a message does not fit completely into the buffer
rc = in_progress.init_size (static_cast<size_t> (msg_size));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment