Commit 5fb8228f authored by A. Wilcox's avatar A. Wilcox

Merge branch 'sec/2020.04.20' into 'master'

Security updates for 2020.04.20

See merge request !441
parents 9680fd28 5df19234
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=git
pkgver=2.25.3
pkgver=2.25.4
pkgrel=0
pkgdesc="Distributed version control system"
url="https://www.git-scm.com/"
......@@ -32,6 +32,8 @@ source="https://www.kernel.org/pub/software/scm/git/git-$pkgver.tar.xz
_gitcoredir=/usr/libexec/git-core
# secfixes:
# 2.25.4-r0:
# - CVE-2020-11008
# 2.25.3-r0:
# - CVE-2020-5260
# 2.24.1-r0:
......@@ -164,7 +166,7 @@ subtree() {
make install prefix=/usr DESTDIR="$subpkgdir"
}
sha512sums="1ea2f0727baa29200f33469463c3b6db04a2e228e83ff552faa47fefe31063d92966d7502b2f13546c36cfc2756d42d71a26e41141c0fb972af9d6760f3aa471 git-2.25.3.tar.xz
sha512sums="ca2ecc561d06dbb393fe47d445f0d69423d114766d9bcc125ef1d6d37e350ad903c456540cea420c1a51635b750cde3901e4196f29ce95b315fda11270173450 git-2.25.4.tar.xz
0a0935d876024d96156df3aeec06b47fd9e370484d4552786c450cb500ae671a631e64c30994ec39f43a2f313f75d68909688ea92b47327d1af65e365dc77480 dont-test-other-encodings.patch
89528cdd14c51fd568aa61cf6c5eae08ea0844e59f9af9292da5fc6c268261f4166017d002d494400945e248df6b844e2f9f9cd2d9345d516983f5a110e4c42a git-daemon.initd
fbf1f425206a76e2a8f82342537ed939ff7e623d644c086ca2ced5f69b36734695f9f80ebda1728f75a94d6cd2fcb71bf845b64239368caab418e4d368c141ec git-daemon.confd"
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=openssl
pkgver=1.1.1f
pkgver=1.1.1g
pkgrel=0
pkgdesc="Toolkit for SSL and TLS"
url="https://www.openssl.org/"
......@@ -58,6 +58,8 @@ source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
# - CVE-2019-1563
# 1.1.1d-r0:
# - CVE-2019-1551
# 1.1.1g-r0:
# - CVE-2020-1967
build() {
# openssl will prepend crosscompile always core CC et al
......@@ -127,6 +129,6 @@ libssl() {
done
}
sha512sums="b00bd9b5ad5298fbceeec6bb19c1ab0c106ca5cfb31178497c58bf7e0e0cf30fcc19c20f84e23af31cc126bf2447d3e4f8461db97bafa7bd78f69561932f000c openssl-1.1.1f.tar.gz
sha512sums="01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab openssl-1.1.1g.tar.gz
c164dd528d7408b8b2a52a0b181f2066ff00feb635df863bdeb4ce879db9ecdf7dd9033bb14b63ee5239aa814d5d777a86bb99cc37ecedae2d77a6bd86144b88 ppc-auxv.patch
e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch"
# Maintainer: Max Rees <maxcrees@me.com>
pkgname=libslirp
pkgver=4.2.0
pkgver=4.3.0
pkgrel=0
pkgdesc="A general-purpose TCP/IP emulator"
url="https://gitlab.freedesktop.org/slirp/libslirp"
......@@ -10,10 +10,14 @@ license="BSD-3-Clause AND MIT"
depends=""
makedepends="glib-dev meson"
subpackages="$pkgname-dev"
source="https://gitlab.freedesktop.org/slirp/libslirp/-/archive/v$pkgver/libslirp-v$pkgver.tar.gz
source="https://elmarco.fedorapeople.org/libslirp-$pkgver.tar.xz
git-describe.patch
static.patch
"
builddir="$srcdir/libslirp-v$pkgver"
# secfixes:
# 4.3.0-r0:
# - CVE-2020-1983
build() {
meson \
......@@ -30,5 +34,6 @@ package() {
DESTDIR="$pkgdir" ninja -C output install
}
sha512sums="514744ac8325857915b9946a76f4a55d48c8361b6167cd69c533086928ae06f059d923c5f057e92a0915921bb363b69d34a939a0bcc28233515125a5d1858d25 libslirp-v4.2.0.tar.gz
sha512sums="656a57878354b893503af69dfb11ab93dcf4728cc68bd0b6aa352073cbcf1b558924a5932e1996011002f72f5bddfb22ddaffc5a88078a61862c630d908e8beb libslirp-4.3.0.tar.xz
fb66abe30c7b36c93bf759960275119c6d34e57861efe0cdc147a606a7a13b2d29f0f77dfe99326539800bd4ded9e39c736abd9d4ca9d6f16df2d50fd70fb7f6 git-describe.patch
bb1bb5443d8083099d2a270b78b7ec74daa26634b2062d2c30460ed118b333942a9a555c96910216bb746311ae021d457f39a304a60fe07a3908a0c315a7c756 static.patch"
Otherwise you might get "-dirty" in the pc: version
--- libslirp-4.3.0/build-aux/git-version-gen 2020-04-23 06:09:44.166262600 -0500
+++ libslirp-4.3.0/build-aux/git-version-gen 2020-04-24 15:08:09.450004079 -0500
@@ -133,19 +133,6 @@ fi
v=`echo "$v" |sed 's/^v//'`
-# Don't declare a version "dirty" merely because a time stamp has changed.
-git update-index --refresh > /dev/null 2>&1
-
-dirty=`sh -c 'git diff-index --name-only HEAD' 2>/dev/null` || dirty=
-case "$dirty" in
- '') ;;
- *) # Append the suffix only if there isn't one already.
- case $v in
- *-dirty) ;;
- *) v="$v-dirty" ;;
- esac ;;
-esac
-
# Omit the trailing newline, so that m4_esyscmd can use the result directly.
echo "$v" | tr -d "$nl"
......@@ -2,7 +2,7 @@
# Maintainer:
pkgname=re2c
pkgver=1.3
pkgrel=0
pkgrel=1
pkgdesc="Fast lexer generator for C and C++"
url="http://re2c.org/"
arch="all"
......@@ -11,7 +11,13 @@ depends=""
checkdepends="bash"
makedepends=""
subpackages="$pkgname-doc"
source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.xz"
source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.xz
CVE-2020-11958.patch
"
# secfixes:
# 1.3-r1:
# - CVE-2020-11958
build() {
./configure \
......@@ -32,4 +38,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="c7084ab2399fb6b96cef74c1393715d90830f43b82b96af46feb71ef008c0215381c3dbea0b003ff810d869db6021e28001b9d588ad55c616642244b2da09c0e re2c-1.3.tar.xz"
sha512sums="c7084ab2399fb6b96cef74c1393715d90830f43b82b96af46feb71ef008c0215381c3dbea0b003ff810d869db6021e28001b9d588ad55c616642244b2da09c0e re2c-1.3.tar.xz
f4376b8e0724d500f665fa60dfd6fb35685a281af50c500d2ff90d781a829fb78f21e8c93c5745a4519acd55a62ec48a570dbfacf0a9ee977502e06f3e2e474a CVE-2020-11958.patch"
From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001
From: Ulya Trofimovich <skvadrik@gmail.com>
Date: Fri, 17 Apr 2020 22:47:14 +0100
Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo).
The crash happened in a rare case of a very long lexeme that doen't fit
into the buffer, forcing buffer reallocation.
The crash was caused by an incorrect calculation of the shift offset
(it was smaller than necessary). As a consequence, the data from buffer
start and up to the beginning of the current lexeme was not discarded
(as it should have been), resulting in less free space for new data than
expected.
---
src/parse/scanner.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc
index 1d6e9efa..bd651314 100644
--- a/src/parse/scanner.cc
+++ b/src/parse/scanner.cc
@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need)
if (!buf) fatal("out of memory");
memmove(buf, tok, copy);
- shift_ptrs_and_fpos(buf - bot);
+ shift_ptrs_and_fpos(buf - tok);
delete [] bot;
bot = buf;
free = BSIZE - copy;
}
+ DASSERT(lim + free <= bot + BSIZE);
if (!read(free)) {
eof = lim;
memset(lim, 0, YYMAXFILL);
......@@ -2,7 +2,7 @@
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=tcpdump
pkgver=4.9.3
pkgrel=0
pkgrel=1
pkgdesc="A tool for network monitoring and data acquisition"
url="http://www.tcpdump.org"
arch="all"
......@@ -10,9 +10,7 @@ license="BSD-3-Clause"
depends=""
makedepends="libpcap-dev openssl-dev perl"
subpackages="$pkgname-doc"
source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
CVE-2018-19519.patch
"
source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz"
# secfixes:
# 4.9.2-r1:
......@@ -67,5 +65,4 @@ package() {
rm -f "$pkgdir"/usr/sbin/tcpdump.4*
}
sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz
eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch"
sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz"
--- tcpdump-4.9.2/print-hncp.c.old 2017-09-03 23:17:14.000000000 +0000
+++ tcpdump-4.9.2/print-hncp.c 2018-12-07 19:31:24.360000000 +0000
@@ -228,6 +228,7 @@
snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen);
plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
} else {
+ buf[0] = '\0';
plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment