summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorhe <he@pkgsrc.org>2018-02-13 15:08:11 +0000
committerhe <he@pkgsrc.org>2018-02-13 15:08:11 +0000
commit86e50dbcdd99eeb4a96cdba234b091b0c17a687a (patch)
tree9239f141d14e2e0039d876a601a0aef6691dd360 /net
parent7b46602e2ce611b977df3cc98cd624b5700ec800 (diff)
downloadpkgsrc-86e50dbcdd99eeb4a96cdba234b091b0c17a687a.tar.gz
Apply fix for CVE-2017-1000232 from
https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02 Also correct previous CVE, it's CVE-2017-100231... Bump PKGREVISION.
Diffstat (limited to 'net')
-rw-r--r--net/ldns/distinfo5
-rw-r--r--net/ldns/patches/patch-parse.c4
-rw-r--r--net/ldns/patches/patch-str2host.c19
3 files changed, 24 insertions, 4 deletions
diff --git a/net/ldns/distinfo b/net/ldns/distinfo
index eea6172c0b0..86412520cfe 100644
--- a/net/ldns/distinfo
+++ b/net/ldns/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2018/02/13 14:59:14 he Exp $
+$NetBSD: distinfo,v 1.22 2018/02/13 15:08:11 he Exp $
SHA1 (ldns-1.6.17.tar.gz) = 4218897b3c002aadfc7280b3f40cda829e05c9a4
RMD160 (ldns-1.6.17.tar.gz) = 5382cfaafa7ec1fadcf390f804fbf14e04d7c03a
@@ -6,4 +6,5 @@ SHA512 (ldns-1.6.17.tar.gz) = 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03
Size (ldns-1.6.17.tar.gz) = 1315403 bytes
SHA1 (patch-doc_doxyparse.pl) = 8d21d6f1c2e5e8d9ecc16a23dc7a462f0c54b5f7
SHA1 (patch-examples_ldns-keygen.c) = 12ab1cb2c74f09d763969298a21c9470b748d292
-SHA1 (patch-parse.c) = 206e12c806854b652a799e98efd86c5e15f8024d
+SHA1 (patch-parse.c) = 3dbf4443b4a068f02e2799e820e8fcbf50abaa15
+SHA1 (patch-str2host.c) = 002e2f04059a9bc2479a8d66335595d4d7dd598f
diff --git a/net/ldns/patches/patch-parse.c b/net/ldns/patches/patch-parse.c
index ef2cc241c43..187edbbde79 100644
--- a/net/ldns/patches/patch-parse.c
+++ b/net/ldns/patches/patch-parse.c
@@ -1,6 +1,6 @@
-$NetBSD: patch-parse.c,v 1.1 2018/02/13 14:59:15 he Exp $
+$NetBSD: patch-parse.c,v 1.2 2018/02/13 15:08:11 he Exp $
-Apply fix for CVE-2017-10002, via
+Apply fix for CVE-2017-1000231, via
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
--- parse.c.orig 2014-01-10 21:04:41.000000000 +0000
diff --git a/net/ldns/patches/patch-str2host.c b/net/ldns/patches/patch-str2host.c
new file mode 100644
index 00000000000..cd29f48a8ab
--- /dev/null
+++ b/net/ldns/patches/patch-str2host.c
@@ -0,0 +1,19 @@
+$NetBSD: patch-str2host.c,v 1.1 2018/02/13 15:08:11 he Exp $
+
+Apply fix for CVE-2017-1000232 from
+https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02
+
+--- str2host.c.orig 2014-01-10 21:04:41.000000000 +0000
++++ str2host.c
+@@ -1458,7 +1458,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, con
+ if (! str) {
+ return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+ }
+- length = (size_t)(dp - data);
++ if (!(length = (size_t)(dp - data))) {
++ LDNS_FREE(data);
++ return LDNS_STATUS_SYNTAX_EMPTY;
++ }
+
+ /* Lose the overmeasure */
+ data = LDNS_XREALLOC(dp = data, uint8_t, length);