...
 
Commits (543)
......@@ -13,3 +13,4 @@ pkg
pkg-*
build.log
core
!core/
# Contributor: Olivier Mauras <olivier@mauras.ch>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=borgbackup
pkgver=1.1.2
pkgver=1.1.3
pkgrel=0
pkgdesc="Deduplicating backup program"
url="https://borgbackup.readthedocs.io/"
......@@ -26,4 +26,4 @@ package() {
find . -name '*.h' -delete -o -name '*.c' -delete -o -name '*.pyx' -delete
}
sha512sums="e818c4750c00559bc60196446e2c8fb01d8225b307982a9b6d3b38148d6ad7aa4766a6b9f06fee3954fbc34a4ff298ad6e49a758223906cc1d3d39c3d82dcec9 borgbackup-1.1.2.tar.gz"
sha512sums="8378e4f805bfb3e9a4e454f5ccfa58eef0517f13a2e8a2c3c6cbdb0304b763fa67152963b17d677daff09590eb777f12fbe1f3f69c3459bcc68781e5a747cb49 borgbackup-1.1.3.tar.gz"
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=bzr
pkgver=2.7.0
pkgrel=0
pkgrel=1
pkgdesc="A scalable distributed SCM tool"
url="http://bazaar.canonical.com/"
arch="all"
......@@ -9,17 +9,19 @@ license="GPL2+"
depends="python2"
makedepends="python2-dev"
subpackages="$pkgname-doc"
source="http://launchpad.net/${pkgname}/${pkgver%.*}/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz"
source="http://launchpad.net/${pkgname}/${pkgver%.*}/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz
CVE-2017-14176.patch
"
builddir="$srcdir"/$pkgname-$pkgver
_builddir="$srcdir"/$pkgname-$pkgver
build() {
cd "$_builddir"
python2 setup.py build || return 1
cd "$builddir"
python2 setup.py build
}
package() {
cd "$_builddir"
python2 setup.py install --root="$pkgdir" || return 1
cd "$builddir"
python2 setup.py install --root="$pkgdir"
}
doc() {
......@@ -28,6 +30,5 @@ doc() {
default_doc
}
md5sums="8e5020502efd54f5925a14a456b88b89 bzr-2.7.0.tar.gz"
sha256sums="0d451227b705a0dd21d8408353fe7e44d3a5069e6c4c26e5f146f1314b8fdab3 bzr-2.7.0.tar.gz"
sha512sums="c39ad3715d865788da74d8de8b469e1dc93d18b6cbcbc569464cdeb9bb2173bf8d7f4f8ee8f7599fbcbbe322817a4c72e785d544e622753699c425c32597d9aa bzr-2.7.0.tar.gz"
sha512sums="c39ad3715d865788da74d8de8b469e1dc93d18b6cbcbc569464cdeb9bb2173bf8d7f4f8ee8f7599fbcbbe322817a4c72e785d544e622753699c425c32597d9aa bzr-2.7.0.tar.gz
fd3027d859e6b2b07d3f408d9f0c2b5d9a66f83aae9dfdee9ca0c47a1b5969109418a73e9801da29b2179190c801f6cadde4f1e3fc80ed09650dd1e7fe4e2f5d CVE-2017-14176.patch"
Fix CVE-2017-14176:
https://bugs.launchpad.net/bzr/+bug/1710979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176
Patch copied from Debian's Bazaar package version bzr_2.7.0+bzr6619-7+deb9u1:
https://alioth.debian.org/scm/loggerhead/pkg-bazaar/bzr/2.7/revision/4204
Description: Prevent SSH command line options from being specified in bzr+ssh:// URLs
Bug: https://bugs.launchpad.net/brz/+bug/1710979
Bug-Debian: https://bugs.debian.org/874429
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14176
Forwarded: no
Author: Jelmer Vernooij <address@hidden>
Last-Update: 2017-11-26
=== modified file 'bzrlib/tests/test_ssh_transport.py'
--- old/bzrlib/tests/test_ssh_transport.py 2010-10-07 12:45:51 +0000
+++ new/bzrlib/tests/test_ssh_transport.py 2017-08-20 01:59:20 +0000
@@ -22,6 +22,7 @@
SSHCorpSubprocessVendor,
LSHSubprocessVendor,
SSHVendorManager,
+ StrangeHostname,
)
@@ -161,6 +162,19 @@
class SubprocessVendorsTests(TestCase):
+ def test_openssh_command_tricked(self):
+ vendor = OpenSSHSubprocessVendor()
+ self.assertEqual(
+ vendor._get_vendor_specific_argv(
+ "user", "-oProxyCommand=blah", 100, command=["bzr"]),
+ ["ssh", "-oForwardX11=no", "-oForwardAgent=no",
+ "-oClearAllForwardings=yes",
+ "-oNoHostAuthenticationForLocalhost=yes",
+ "-p", "100",
+ "-l", "user",
+ "--",
+ "-oProxyCommand=blah", "bzr"])
+
def test_openssh_command_arguments(self):
vendor = OpenSSHSubprocessVendor()
self.assertEqual(
@@ -171,6 +185,7 @@
"-oNoHostAuthenticationForLocalhost=yes",
"-p", "100",
"-l", "user",
+ "--",
"host", "bzr"]
)
@@ -184,9 +199,16 @@
"-oNoHostAuthenticationForLocalhost=yes",
"-p", "100",
"-l", "user",
- "-s", "host", "sftp"]
+ "-s", "--", "host", "sftp"]
)
+ def test_openssh_command_tricked(self):
+ vendor = SSHCorpSubprocessVendor()
+ self.assertRaises(
+ StrangeHostname,
+ vendor._get_vendor_specific_argv,
+ "user", "-oProxyCommand=host", 100, command=["bzr"])
+
def test_sshcorp_command_arguments(self):
vendor = SSHCorpSubprocessVendor()
self.assertEqual(
@@ -209,6 +231,13 @@
"-s", "sftp", "host"]
)
+ def test_lsh_command_tricked(self):
+ vendor = LSHSubprocessVendor()
+ self.assertRaises(
+ StrangeHostname,
+ vendor._get_vendor_specific_argv,
+ "user", "-oProxyCommand=host", 100, command=["bzr"])
+
def test_lsh_command_arguments(self):
vendor = LSHSubprocessVendor()
self.assertEqual(
@@ -231,6 +260,13 @@
"--subsystem", "sftp", "host"]
)
+ def test_plink_command_tricked(self):
+ vendor = PLinkSubprocessVendor()
+ self.assertRaises(
+ StrangeHostname,
+ vendor._get_vendor_specific_argv,
+ "user", "-oProxyCommand=host", 100, command=["bzr"])
+
def test_plink_command_arguments(self):
vendor = PLinkSubprocessVendor()
self.assertEqual(
=== modified file 'bzrlib/transport/ssh.py'
--- old/bzrlib/transport/ssh.py 2015-07-31 01:04:41 +0000
+++ new/bzrlib/transport/ssh.py 2017-08-20 01:59:20 +0000
@@ -46,6 +46,10 @@
from paramiko.sftp_client import SFTPClient
+class StrangeHostname(errors.BzrError):
+ _fmt = "Refusing to connect to strange SSH hostname %(hostname)s"
+
+
SYSTEM_HOSTKEYS = {}
BZR_HOSTKEYS = {}
@@ -360,6 +364,11 @@
# tests, but beware of using PIPE which may hang due to not being read.
_stderr_target = None
+ @staticmethod
+ def _check_hostname(arg):
+ if arg.startswith('-'):
+ raise StrangeHostname(hostname=arg)
+
def _connect(self, argv):
# Attempt to make a socketpair to use as stdin/stdout for the SSH
# subprocess. We prefer sockets to pipes because they support
@@ -424,9 +433,9 @@
if username is not None:
args.extend(['-l', username])
if subsystem is not None:
- args.extend(['-s', host, subsystem])
+ args.extend(['-s', '--', host, subsystem])
else:
- args.extend([host] + command)
+ args.extend(['--', host] + command)
return args
register_ssh_vendor('openssh', OpenSSHSubprocessVendor())
@@ -439,6 +448,7 @@
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
command=None):
+ self._check_hostname(host)
args = [self.executable_path, '-x']
if port is not None:
args.extend(['-p', str(port)])
@@ -460,6 +470,7 @@
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
command=None):
+ self._check_hostname(host)
args = [self.executable_path]
if port is not None:
args.extend(['-p', str(port)])
@@ -481,6 +492,7 @@
def _get_vendor_specific_argv(self, username, host, port, subsystem=None,
command=None):
+ self._check_hostname(host)
args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch']
if port is not None:
args.extend(['-P', str(port)])
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=docker
pkgver=17.10.0
pkgver=17.12.1
_ver=${pkgver/_/-}-ce
pkgrel=0
_gitcommit=v$_ver
pkgdesc="Pack, ship and run any application as a lightweight container"
url="http://www.docker.io/"
arch="all !s390x"
license="ASL 2.0"
arch="all"
license="Apache-2.0"
depends="ca-certificates iptables"
makedepends="go btrfs-progs-dev bash linux-headers coreutils libseccomp-dev cmake lvm2-dev libtool"
options="!check"
......@@ -22,8 +22,8 @@ install="$pkgname.pre-install"
# VNDR_COMMIT=9909bb2b8a0b7ea464527b376dc50389c90df587
# GOMETALINTER_COMMIT=bfcc1d6942136fd86eb6f1a6fb328de8398fbd80
_runc_ver=0351df1c5a66838d0c392b4ac4cf9450de844e2d
_containerd_ver=06b9cb35161009dcb7123345749fef02f7cea8e0
_runc_ver=b2567b37d7b75eb4cf325b77297b140ea686ce8f
_containerd_ver=89623f28b87a6004d4b785663257362d1658a729
_tini_ver=949e6facb77383876aeff8a6944dde66b3089574
_libnetwork_ver=7b2b1feb1de4817d522cc372af149ff48d25028e
......@@ -96,12 +96,10 @@ build() {
# containerd
msg "building containerd"
cd "$_containerd_builddir"
# Vendor dir only works if it's part of a package in the src dir. Easiest solution is to make it a src dir iself
mv vendor src
mkdir -p src/github.com/containerd/
ln -s "$_containerd_builddir" src/github.com/containerd/containerd
##### Workaround for v17.10.0 unreachable vendor dir
mkdir -p vendor/src/
mv vendor/g* vendor/src
#####
GOPATH="$PWD" LDFLAGS="" make GIT_COMMIT="$_containerd_ver"
# libnetwork (docker-proxy)
......@@ -240,9 +238,9 @@ vim() {
done
}
sha512sums="4ec5dae379ecda36b9af7066432507947142631efea471cd7f447677f9db1fe1522fe81ef68b28d3e63b5e759535a1c518ce1ef71f4de0e9dd32c957c682098c docker-17.10.0.tar.gz
bad4643ce37dbba168cc3b0820cf7dc8166ff2d7970de519f86ca09123b59999174dd98b7bc550b714dc8235732923e0090031c789deb603f310e042a39f1d76 runc-0351df1c5a66838d0c392b4ac4cf9450de844e2d.tar.gz
c749bda691197ec8a7603db9ad92f2800a3f065143430a660333b7862518deb4c158a1c1fd01671dff438b40988d4a64d8f06bab05496b8728c6e2f57cd7da0a containerd-06b9cb35161009dcb7123345749fef02f7cea8e0.tar.gz
sha512sums="ca9c28a489c6c65de27cb64e68c783336e2ddca7e7b2d241e9557a43e62e33146afb644aa67fe92afce658522c02fbe0378b3c1318a32628c1a1a046c67a4fb7 docker-17.12.1.tar.gz
a5bf97ce284317e03e63ee0e39228d77848fcde2f6322de06eebc2536978b5d87fd8c3fbccb2e74ef8c80fbaa28f3d0b24074cb9fde01e268593332aacd57695 runc-b2567b37d7b75eb4cf325b77297b140ea686ce8f.tar.gz
6eae5e213c3016a49bf923184708a404aca6f7c2aa0b8ce12f4a52cd405d81670783d95696faa83d7dcc3a29ef130fcb145d61c98dccf443ff30b6a2e7463342 containerd-89623f28b87a6004d4b785663257362d1658a729.tar.gz
673ea638fa5c560d8238d7c1d88f114430f9d8efe701804bfe30044d0c059a688cbf6b62922be50834e16ee055ef6cf015f6232f76f0d942768f9e84e95496cd libnetwork-7b2b1feb1de4817d522cc372af149ff48d25028e.tar.gz
b6c1454f734662adf2fdedcb75cb7cdc82f4cf5b4c41fadf6891a670fa26d49b789034f4af8bf920b9e1ff1c3536123637ade9471f4ae2c1ef6c534e839b9f27 tini-949e6facb77383876aeff8a6944dde66b3089574.tar.gz
54d570901f6f1e329883e3d348ed7370e9f68b73a01b72195bed3d37508cc82e82f6c6893f798c058da00e40ff2262baaa1514d274174a3f83508e1186c7a3c4 go-md2man-1.0.7.tar.gz
......
......@@ -2,7 +2,7 @@
# Maintainer:
_php=php5
pkgname=drupal7
pkgver=7.56
pkgver=7.59
pkgrel=0
pkgdesc="An open source content management platform"
url="https://www.drupal.org/"
......@@ -17,6 +17,12 @@ source="http://ftp.drupal.org/files/projects/drupal-$pkgver.tar.gz"
builddir="$srcdir/drupal-$pkgver"
# secfixes:
# 7.59-r0:
# - CVE-2018-7602
# 7.58-r0:
# - CVE-2018-7600
package() {
cd "$builddir"
mkdir -p "$pkgdir"/var/lib/$pkgname \
......@@ -52,4 +58,4 @@ package() {
"$pkgdir"/var/lib/$pkgname/sites/default/files
}
sha512sums="ab7ad8d9cb26e89b9d81280b1677584072db627d508ccade9442c95a90f24c94d11561013c8a7297ddae6ae43696d0b711b8c37ab98f89539f6f0e0154db6344 drupal-7.56.tar.gz"
sha512sums="68f02b39d1a4658adc0f0046c22cc1059b68f952f9cd753f5a3e379cf93705be308b4727519e90d77a42437442daebaa78d76745954be4d40e1a5105c319069c drupal-7.59.tar.gz"
......@@ -5,8 +5,8 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Jesse Young <jlyo@jlyo.org>
pkgname=exim
pkgver=4.89
pkgrel=7
pkgver=4.90.1
pkgrel=0
pkgdesc="A Message Transfer Agent"
url="http://www.exim.org/"
arch="all"
......@@ -21,8 +21,6 @@ install="exim.pre-install"
subpackages="$pkgname-cdb $pkgname-dbmdb $pkgname-dnsdb $pkgname-sqlite $pkgname-mysql $pkgname-postgresql
$pkgname-utils $pkgname-scripts::noarch $pkgname-doc"
source="ftp://ftp.exim.org/pub/exim/exim4/$pkgname-$pkgver.tar.xz
CVE-2017-1000369.patch
CVE-2017-16943.patch
exim.Makefile
exim.confd
exim.initd
......@@ -32,9 +30,13 @@ builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.89-r5:
# - CVE-2017-1000369
# - CVE-2017-1000369
# 4.89-r7:
# - CVE-2017-16943
# - CVE-2017-16943
# 4.89.1-r0:
# - CVE-2017-16944
# 4.90.1-r0:
# - CVE-2018-6789
prepare() {
default_prepare
......@@ -111,9 +113,7 @@ cdb() { _mv_ext cdb; }
dbmdb() { _mv_ext dbmdb; }
dnsdb() { _mv_ext dnsdb; }
sha512sums="ce5faef3847a5baf1b4fec1ffe46ce7efaafb24e63bcc52a61f38e8312a88eccaa816c3947ba428bef3eed38b1e91e606f6ed07bc0a3e14c6a6ed0ecb41eb9fa exim-4.89.tar.xz
cffe895974e9f570e2f60583206e0c2865e9ca400636e5ed2117c531fc62b03753f41286565ee253c11610e61589275cb5235b34cae052b5dcc6e5c37fbc7ece CVE-2017-1000369.patch
2821077669f2b5bea4ed99ba9549b4952fa85a9b97b4211efe90c3002e05ee14867d58ed3cd749b693dc0413d49781717c863ab9a5368ba0f07678419efbdabf CVE-2017-16943.patch
sha512sums="b4830a2e03023b2bafc9e62535f467bb61b0f1398b6b3af0a7ef6f49e6cba60a9496e6762d0898b7ac1c2823db8cf96ed9f37e26b05809b4ba01725d9e72b806 exim-4.90.1.tar.xz
e9524d3a2cc230b4ecb3b098f53247121b9582fc7807b1549c5a3fd54bb416b837c4e09476f2e01dca03d590a968c40bf90d4b6a9f8a4abad082fdec91916a0f exim.Makefile
bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd
3769e74a54566362bcdf57c45fbf7d130d7a7529fbc40befce431eef0387df117c71a5b57779c507e30d5b125913b5f26c9d16b17995521a1d94997be6dc3e02 exim.initd
......
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=52.5.0
pkgver=52.8.1
_pkgver=$pkgver
_xulver=$pkgver
pkgrel=0
......@@ -80,6 +80,25 @@ _mozappdirdev=/usr/lib/firefox-devel-${pkgver}
# help our shared-object scanner to find the libs
ldpath="$_mozappdir"
# secfixes:
# 52.8.1-r0:
# - CVE-2018-6126
# 52.6.0-r0:
# - CVE-2018-5089
# - CVE-2018-5091
# - CVE-2018-5095
# - CVE-2018-5096
# - CVE-2018-5097
# - CVE-2018-5098
# - CVE-2018-5099
# - CVE-2018-5102
# - CVE-2018-5103
# - CVE-2018-5104
# - CVE-2018-5117
# 52.5.2-r0:
# - CVE-2017-7843
# - CVE-2017-7843
prepare() {
local i
mkdir -p "$builddir"
......@@ -229,7 +248,7 @@ dev() {
default_dev
}
sha512sums="fe724108ba538e590b87a5c1b817471d3cca9b038ba2755642e4d7b8ebb6174322be1fe074f24ef181946f9a027106b50b500d2fa541d8a99ef44905822eda18 firefox-52.5.0esr.source.tar.xz
sha512sums="a4883550fdf62e66b10f1de7416d3614a2cb0ce3a004d9a79ecc37a726794d7bbdb0a6767faab4ea97278d2192462597551fc13b7e9a9c38d043c2879d51095a firefox-52.8.1esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
7e123144bc2b1efed149dfb41b255c447d43ea93a63ebe114d01945e6a6d69edc2f2a3c36980a93279106c1842355851b8b6c1d96679ee6be7b9b30513e0b1a8 0002-Use-C99-math-isfinite.patch
09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5 fix-fortify-inline.patch
......
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gimp
pkgver=2.8.22
pkgrel=1
pkgrel=2
pkgdesc="GNU Image Manipulation Program"
url="https://www.gimp.org/"
arch="all"
......@@ -12,9 +12,25 @@ makedepends="gtk+-dev libxpm-dev libxmu-dev librsvg-dev dbus-glib-dev
libexif-dev desktop-file-utils intltool gegl-dev tiff-dev
libjpeg-turbo-dev libpng-dev iso-codes-dev lcms2-dev poppler-dev babl-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="https://download.gimp.org/mirror/pub/$pkgname/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2"
source="https://download.gimp.org/mirror/pub/$pkgname/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2
CVE-2017-17784.patch
CVE-2017-17785.patch
CVE-2017-17786-1.patch
CVE-2017-17786-2.patch
CVE-2017-17787.patch
CVE-2017-17789.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 2.8.22-r2:
# - CVE-2017-17784
# - CVE-2017-17785
# - CVE-2017-17786
# - CVE-2017-17787
# - CVE-2017-17788
# - CVE-2017-17789
build() {
cd "$builddir"
./configure \
......@@ -43,4 +59,10 @@ dev() {
mv "$pkgdir"/usr/bin/gimptool* "$subpkgdir"/usr/bin
}
sha512sums="84a78d428282538b606b3cd1ff571e52c3d828fceade171b2012bc1cdcb85919fc7734e7e6c45ed3a8683657fa580412b32c1b511b8a512172a8c1df930493e6 gimp-2.8.22.tar.bz2"
sha512sums="84a78d428282538b606b3cd1ff571e52c3d828fceade171b2012bc1cdcb85919fc7734e7e6c45ed3a8683657fa580412b32c1b511b8a512172a8c1df930493e6 gimp-2.8.22.tar.bz2
8feab75b01c8d5d57bf869f64ca377f8cfb239079fba97f66bf34f341d9d15f9a8e403b1fe04d27bdbb39151f99a208aa5236c8dd0b6afeac45400a29efa0da7 CVE-2017-17784.patch
51794739489a5e8babbc13c426dc34172caeab07cc8a64b5a8f19a4b88b736e3c9801cc4dadf6848b1e49031d2f1c7a336403a470a26a9ad8cad0a485a8342bd CVE-2017-17785.patch
d4887c49cf73c8f0238c338137ac94854524daea8535e206e34a9dfdb63dbc9ec91839d01085c484c995b26882215b652f4f7e23aa614f29272b5a18c8afc019 CVE-2017-17786-1.patch
24d02cff72ec684aafd2cc6006955f283e6d5e102c37be0b426cade34219022a8225b367643ce3cfd786425fe53005e7db6a595ba507c7eacf402eebe2b44fa0 CVE-2017-17786-2.patch
438376075d0a46809fd5f12f3d364b914c989ca512739b69da0f609100525da8dbc525ce57c144b5388eec525fd2d7b5c8098e63ddb70c68c186dee9b2ce7b83 CVE-2017-17787.patch
f2f4aff0f0478356513a1f6da0732c5d0986ef1deb7b8e68bd283b7259887cf9a4d4785f00e48f03892cc86aa715b9764302640b2b891ab16617ef595ab779b8 CVE-2017-17789.patch"
From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Thu, 21 Dec 2017 12:25:32 +0100
Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
load_image.
We were assuming the input name was well formed, hence was
nul-terminated. As any data coming from external input, this has to be
thorougly checked.
Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
to older gimp-2-8 code.
---
plug-ins/common/file-gbr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index b028100..d3f01d9 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -443,7 +443,8 @@ load_image (const gchar *filename,
{
gchar *temp = g_new (gchar, bn_size);
- if ((read (fd, temp, bn_size)) < bn_size)
+ if ((read (fd, temp, bn_size)) < bn_size ||
+ temp[bn_size - 1] != '\0')
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("Error in GIMP brush file '%s'"),
--
cgit v0.12
From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 29 Oct 2017 15:19:41 +0100
Subject: Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI files.
It is possible to trigger a heap overflow while parsing FLI files. The
RLE decoder is vulnerable to out of boundary writes due to lack of
boundary checks.
The variable "framebuf" points to a memory area which was allocated
with fli_header->width * fli_header->height bytes. The RLE decoder
therefore must never write beyond that limit.
If an illegal frame is detected, the parser won't stop, which means
that the next valid sequence is properly parsed again. This should
allow GIMP to parse FLI files as good as possible even if they are
broken by an attacker or by accident.
While at it, I changed the variable xc to be of type size_t, because
the multiplication of width and height could overflow a 16 bit type.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b)
---
plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 35 insertions(+), 15 deletions(-)
diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
index 313efeb..ffb651e 100644
--- a/plug-ins/file-fli/fli.c
+++ b/plug-ins/file-fli/fli.c
@@ -25,6 +25,8 @@
#include "config.h"
+#include <glib/gstdio.h>
+
#include <string.h>
#include <stdio.h>
@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf)
unsigned short yc;
unsigned char *pos;
for (yc=0; yc < fli_header->height; yc++) {
- unsigned short xc, pc, pcnt;
+ unsigned short pc, pcnt;
+ size_t n, xc;
pc=fli_read_char(f);
xc=0;
pos=framebuf+(fli_header->width * yc);
+ n=(size_t)fli_header->width * (fli_header->height-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps;
ps=fli_read_char(f);
if (ps & 0x80) {
unsigned short len;
- for (len=-(signed char)ps; len>0; len--) {
+ for (len=-(signed char)ps; len>0 && xc<n; len--) {
pos[xc++]=fli_read_char(f);
}
} else {
unsigned char val;
+ size_t len;
+ len=MIN(n-xc,ps);
val=fli_read_char(f);
- memset(&(pos[xc]), val, ps);
- xc+=ps;
+ memset(&(pos[xc]), val, len);
+ xc+=len;
}
}
}
@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf,
memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
firstline = fli_read_short(f);
numline = fli_read_short(f);
+ if (numline > fli_header->height || fli_header->height-numline < firstline)
+ return;
+
for (yc=0; yc < numline; yc++) {
- unsigned short xc, pc, pcnt;
+ unsigned short pc, pcnt;
+ size_t n, xc;
pc=fli_read_char(f);
xc=0;
pos=framebuf+(fli_header->width * (firstline+yc));
+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps,skip;
skip=fli_read_char(f);
ps=fli_read_char(f);
- xc+=skip;
+ xc+=MIN(n-xc,skip);
if (ps & 0x80) {
unsigned char val;
+ size_t len;
ps=-(signed char)ps;
val=fli_read_char(f);
- memset(&(pos[xc]), val, ps);
- xc+=ps;
+ len=MIN(n-xc,ps);
+ memset(&(pos[xc]), val, len);
+ xc+=len;
} else {
- fread(&(pos[xc]), ps, 1, f);
- xc+=ps;
+ size_t len;
+ len=MIN(n-xc,ps);
+ fread(&(pos[xc]), len, 1, f);
+ xc+=len;
}
}
}
@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
yc=0;
numline = fli_read_short(f);
for (lc=0; lc < numline; lc++) {
- unsigned short xc, pc, pcnt, lpf, lpn;
+ unsigned short pc, pcnt, lpf, lpn;
+ size_t n, xc;
pc=fli_read_short(f);
lpf=0; lpn=0;
while (pc & 0x8000) {
@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
}
pc=fli_read_short(f);
}
+ yc=MIN(yc, fli_header->height);
xc=0;
pos=framebuf+(fli_header->width * yc);
+ n=(size_t)fli_header->width * (fli_header->height-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps,skip;
skip=fli_read_char(f);
ps=fli_read_char(f);
- xc+=skip;
+ xc+=MIN(n-xc,skip);
if (ps & 0x80) {
unsigned char v1,v2;
ps=-(signed char)ps;
v1=fli_read_char(f);
v2=fli_read_char(f);
- while (ps>0) {
+ while (ps>0 && xc+1<n) {
pos[xc++]=v1;
pos[xc++]=v2;
ps--;
}
} else {
- fread(&(pos[xc]), ps, 2, f);
- xc+=ps << 1;
+ size_t len;
+ len=MIN((n-xc)/2,ps);
+ fread(&(pos[xc]), len, 2, f);
+ xc+=len << 1;
}
}
if (lpf) pos[xc]=lpn;
--
cgit v0.12
From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 13:02:38 +0100
Subject: Bug 739134 - (CVE-2017-17786) Out of bounds read / heap overflow
in...
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
... TGA importer.
Be more thorough on valid TGA RGB and RGBA images.
In particular current TGA plug-in can import RGBA as 32 bits (8 bits per
channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and
RGB as 15 and 24 bits.
Maybe there exist more variants, but if they do exist, we simply don't
support them yet.
Thanks to Hanno Böck for the report and a first patch attempt.
(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b)
---
plug-ins/common/file-tga.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
index aef9870..426acc2 100644
--- a/plug-ins/common/file-tga.c
+++ b/plug-ins/common/file-tga.c
@@ -564,12 +564,16 @@ load_image (const gchar *filename,
}
break;
case TGA_TYPE_COLOR:
- if (info.bpp != 15 && info.bpp != 16 &&
- info.bpp != 24 && info.bpp != 32)
+ if ((info.bpp != 15 && info.bpp != 16 &&
+ info.bpp != 24 && info.bpp != 32) ||
+ ((info.bpp == 15 || info.bpp == 24) &&
+ info.alphaBits != 0) ||
+ (info.bpp == 16 && info.alphaBits != 1) ||
+ (info.bpp == 32 && info.alphaBits != 8))
{
- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)",
+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
gimp_filename_to_utf8 (filename),
- info.imageType, info.bpp);
+ info.imageType, info.bpp, info.alphaBits);
return -1;
}
break;
--
cgit v0.12
From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 13:26:26 +0100
Subject: plug-ins: TGA 16-bit RGB (without alpha bit) is also valid.
According to some spec on the web, 16-bit RGB is also valid. In this
case, the last bit is simply ignored (at least that's how it is
implemented right now).
(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077)
---
plug-ins/common/file-tga.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
index 426acc2..eb14a1d 100644
--- a/plug-ins/common/file-tga.c
+++ b/plug-ins/common/file-tga.c
@@ -568,7 +568,8 @@ load_image (const gchar *filename,
info.bpp != 24 && info.bpp != 32) ||
((info.bpp == 15 || info.bpp == 24) &&
info.alphaBits != 0) ||
- (info.bpp == 16 && info.alphaBits != 1) ||
+ (info.bpp == 16 && info.alphaBits != 1 &&
+ info.alphaBits != 0) ||
(info.bpp == 32 && info.alphaBits != 8))
{
g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
--
cgit v0.12
From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Thu, 21 Dec 2017 12:49:41 +0100
Subject: Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
As any external data, we have to check that strings being read at fixed
length are properly nul-terminated.
(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
---
plug-ins/common/file-psp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index 4cbafe3..e350e4d 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
g_free (string);
return -1;
}
+ if (string[length - 1] != '\0')
+ {
+ g_message ("Creator keyword data not nul-terminated");
+ g_free (string);
+ return -1;
+ }
switch (keyword)
{
case PSP_CRTR_FLD_TITLE:
--
cgit v0.12
From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 16:44:20 +0100
Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...
... in PSP importer.
Check if declared block length is valid (i.e. within the actual file)
before going further.
Consider the file as broken otherwise and fail loading it.
(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
---
plug-ins/common/file-psp.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index ac0fff7..4cbafe3 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
{
block_start = ftell (f);
+ if (block_start + block_total_len > st.st_size)
+ {
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+ _("Could not open '%s' for reading: %s"),
+ gimp_filename_to_utf8 (filename),
+ _("invalid block size"));
+ goto error;
+ }
+
if (id == PSP_IMAGE_BLOCK)
{
if (block_number != 0)
--
cgit v0.12
......@@ -2,7 +2,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=git-lfs
pkgver=2.3.4
pkgrel=2
pkgrel=3
pkgdesc="Git extension for versioning large files"
url="https://git-lfs.github.io/"
arch="all"
......
#!/bin/sh
git-lfs install --system
git-lfs install --skip-repo --system
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer:
pkgname=go
pkgver=1.9.2
pkgver=1.9.4
# This should be the latest commit on the corresponding release branch
_toolsver="5d2fd3ccab986d52112bf301d47a819783339d0e"
pkgrel=1
pkgrel=0
pkgdesc="Go programming language compiler"
url="http://www.golang.org/"
arch="all"
......@@ -23,6 +23,10 @@ source="http://golang.org/dl/go${pkgver/_/}.src.tar.gz
make-sure-R0-is-zero-before-main-on-ppc64le.patch
"
# secfixes:
# 1.9.4-r0:
# - CVE-2018-6574
# NOTE: building go for x86 with grsec kernel requires:
# sysctl -w kernel.modify_ldt=1
......@@ -143,8 +147,8 @@ tools() {
done
}
sha512sums="1034098575c317eeaf648629690a4dea0c479a69c3b80d9917f6b96c8781ce79c0f29859f667dc4e07d47a44972aa09bd0163a458f897cf45f9d09eb03e4abb5 go1.9.2.src.tar.gz
d679873082dbac6a47b7c43ac74c47cb19616fb053a4faa3e6ee78004ece86aa5c432fba3d24c030d47396089d7ec7c6357af5648bd767341056396066ff9a04 go-tools-1.9.2.tar.gz
sha512sums="1a7c830e07507ff7b89025adfb5c713444d97301f8ad47ef2564722c1e28186e946350f07e22777fbdd6f2f589c334eb01dfd589e97cb8a86f73669547badb0b go1.9.4.src.tar.gz
d679873082dbac6a47b7c43ac74c47cb19616fb053a4faa3e6ee78004ece86aa5c432fba3d24c030d47396089d7ec7c6357af5648bd767341056396066ff9a04 go-tools-1.9.4.tar.gz
ef9da66d76e4698314eaf2aa88cf40a8430a15f8f6cb9ad17ee9d72498ec049b60e63e1ff5acf13a916c5ea365f9d9a282b6f2b06e28de9e3484eb9a3d7dd98e default-buildmode-pie.patch
6b36f3780ab10e5c4902473a8ab5c0417220ece584b537517e9e60979bdc5a548ed14dd2546605392c89ec5ea6691769d337d34e2e19b92eba5bbca1898f4ada set-external-linker.patch
451ca02dea91d74d8e3216c7a48d963bbfc040b43d15868087d6339a1815c4996817c5ace265a20abcdb9d1da4e9ff58e373397d98df773b729876f4623b1cc8 make-sure-R0-is-zero-before-main-on-ppc64le.patch"
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=go1.10
pkgver=1.10
# https://github.com/golang/tools/commits/release-branch.go1.10
_toolsver="25101aadb97aa42907eee6a238d6d26a6cb3c756"
pkgrel=0
pkgdesc="Go programming language compiler"
url="http://www.golang.org/"
arch="all"
license="BSD"
depends="binutils gcc"
depends_dev=""
makedepends="bash go-bootstrap"
options="!strip"
provides="go-bootstrap=$pkgver-r$pkgrel"
install=""
subpackages="$pkgname-doc"
source="http://golang.org/dl/go${pkgver/_/}.src.tar.gz
go-tools-${pkgver/_/}-$_toolsver.tar.gz::https://github.com/golang/tools/archive/${_toolsver}.tar.gz
default-buildmode-pie.patch
set-external-linker.patch
"
# secfixes:
# 1.9.4-r0:
# - CVE-2018-6574
# NOTE: building go for x86 with grsec kernel requires:
# sysctl -w kernel.modify_ldt=1
if [ "$CBUILD" = "$CTARGET" ]; then
makedepends="go-bootstrap $makedepends"
provides="go-bootstrap=$pkgver-r$pkgrel"
subpackages="$subpackages $pkgname-tools"
_gotools="cover godoc stringer"
else
pkgname="go-bootstrap"
makedepends="go $makedepends"
# Go expect host linker instead of the cross-compiler
export CC_FOR_TARGET="$CC"
export CC="${HOSTLD:-gcc}"
export CXX="${HOSTLD:-g++}"
export LD="${HOSTLD:-ld}"
fi
_tooldir="$srcdir"/tools-${_toolsver}
case "$CTARGET_ARCH" in
aarch64)export GOARCH="arm64" ;;
armhf) export GOARCH="arm" GOARM=6 ;;
armv7) export GOARCH="arm" GOARM=7 ;;
s390x) export GOARCH="s390x" ;;
x86) export GOARCH="386" GO386=387 ;;
x86_64) export GOARCH="amd64" ;;
ppc64le) export GOARCH="ppc64le" ;;
mips) export GOARCH="mips" ;;
mips64) export GOARCH="mips64" ;;
mips64el) export GOARCH="mips64le" ;;
mipsel) export GOARCH="mipsle" ;;
*) die "Unsupported arch" ;;
esac
builddir="$srcdir"/go
build() {
cd "$builddir/src"
export GOOS="linux"
export GOPATH="$srcdir"
export GOROOT="$builddir"
export GOBIN="$GOROOT"/bin
export GOROOT_FINAL=/usr/lib/go
local p; for p in /usr/lib/go-bootstrap /usr/lib/go-linux-$GOARCH-bootstrap /usr/lib/go; do
if [ -d "$p" ]; then
export GOROOT_BOOTSTRAP="$p"
break
fi
done
./make.bash
# copied from bootstrap.bash to fixup cross-built bootstrap go
if [ "$CBUILD" != "$CTARGET" ]; then
local gohostos="$(../bin/go env GOHOSTOS)"
local gohostarch="$(../bin/go env GOHOSTARCH)"
mv ../bin/*_*/* ../bin
rmdir ../bin/*_*
rm -rf "../pkg/${gohostos}_${gohostarch}"* "../pkg/tool/${gohostos}_${gohostarch}"*
rm -rf ../pkg/bootstrap ../pkg/obj
fi
# FIXME some tests fail:
# PATH="$GOROOT/bin:$PATH" ./run.bash -no-rebuild
mkdir -p "$GOPATH"/src/golang.org/x/tools
cp -r "$_tooldir"/* "$GOPATH"/src/golang.org/x/tools
for tool in $_gotools; do
"$GOROOT"/bin/go install golang.org/x/tools/cmd/$tool
done
}
check() {
cd "$builddir"
./bin/go run doc/play/hello.go
}
package() {
cd "$builddir"
mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go
for binary in go gofmt; do
install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary"
ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/
done
cp -a pkg lib "$pkgdir"/usr/lib/go
cp -r doc misc "$pkgdir"/usr/share/doc/go
rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap
rm -f "$pkgdir"/usr/lib/go/pkg/tool/*/api
# The source needs to be installed due to an upstream
# bug (https://github.com/golang/go/issues/2775).
# When this is resolved we can split out the source to a
# go-src sub package.
mkdir -p "$pkgdir"/usr/lib/go/
cp -a "$builddir"/src "$pkgdir"/usr/lib/go
# Remove tests from /usr/lib/go/src.
# Those shouldn't be affacted by the upstream bug (see above).
find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \
-exec rm -rf \{\} \+
find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \
-exec rm -rf \{\} \+
find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.bash" -o -name "*.rc" -o -name "*.bat" \) \
-exec rm -rf \{\} \+
}
tools() {
pkgdesc="Go programming language tools"
depends="$pkgname"
mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib/go/bin \
"$subpkgdir"/usr/lib/go/pkg/tool/linux_$GOARCH
for tool in $_gotools; do
if [ -f "$pkgdir"/usr/lib/go/pkg/tool/linux_$GOARCH/$tool ]; then
mv "$pkgdir"/usr/lib/go/pkg/tool/linux_$GOARCH/$tool \
"$subpkgdir"/usr/lib/go/pkg/tool/linux_$GOARCH/$tool
fi
if [ -f "$builddir/bin/$tool" ]; then
install -Dm755 "$builddir/bin/$tool" "$subpkgdir"/usr/lib/go/bin/"$tool"
ln -s /usr/lib/go/bin/"$tool" "$subpkgdir"/usr/bin/