summaryrefslogtreecommitdiff
path: root/sysutils
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2018-06-30 09:27:02 +0000
committerbsiegert <bsiegert@pkgsrc.org>2018-06-30 09:27:02 +0000
commitec2e9532c0f68d7b5cd845e82b429a09fb9bdf24 (patch)
treecb19f3abe00086d34ea7013b2ccad0cf363b7219 /sysutils
parent786ee8ea0ef8a4784c9bd7a65043b5c2031addc0 (diff)
downloadpkgsrc-ec2e9532c0f68d7b5cd845e82b429a09fb9bdf24.tar.gz
Patch file for CVE-2018-10360.
Patch from Matthias Ferdinand on pkgsrc-users. The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Diffstat (limited to 'sysutils')
-rw-r--r--sysutils/file/Makefile4
-rw-r--r--sysutils/file/distinfo3
-rw-r--r--sysutils/file/patches/patch-src_readelf.c24
3 files changed, 28 insertions, 3 deletions
diff --git a/sysutils/file/Makefile b/sysutils/file/Makefile
index 4b4ece4da7c..19891f0f54d 100644
--- a/sysutils/file/Makefile
+++ b/sysutils/file/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.41 2017/12/12 03:11:51 ryoon Exp $
+# $NetBSD: Makefile,v 1.42 2018/06/30 09:27:02 bsiegert Exp $
DISTNAME= file-5.32
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= ftp://ftp.astron.com/pub/file/
diff --git a/sysutils/file/distinfo b/sysutils/file/distinfo
index a93dd31a01c..66cd0ed1407 100644
--- a/sysutils/file/distinfo
+++ b/sysutils/file/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2017/12/12 03:11:51 ryoon Exp $
+$NetBSD: distinfo,v 1.31 2018/06/30 09:27:02 bsiegert Exp $
SHA1 (file-5.32.tar.gz) = c2858a8043387d1229d8768ad42762a803d017db
RMD160 (file-5.32.tar.gz) = b7d41a4c6b2c28d9f202d740e353416e2036c1ef
@@ -6,4 +6,5 @@ SHA512 (file-5.32.tar.gz) = 315343229fa196335389544ee8010e9e80995ef4721938492ded
Size (file-5.32.tar.gz) = 797025 bytes
SHA1 (patch-aa) = dc787ea0d77d7ba88bcb1e17d38b26b13153a1c5
SHA1 (patch-src_fsmagic.c) = ee770cf37dfdfbc5a7c123d2691312610b76e76e
+SHA1 (patch-src_readelf.c) = 2dca756d757509643f72937595c470378fb4f3d1
SHA1 (patch-src_softmagic.c) = bd8871c9050ca521f02b62066d0023a5fbb2d168
diff --git a/sysutils/file/patches/patch-src_readelf.c b/sysutils/file/patches/patch-src_readelf.c
new file mode 100644
index 00000000000..f8a55c586bd
--- /dev/null
+++ b/sysutils/file/patches/patch-src_readelf.c
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_readelf.c,v 1.1 2018/06/30 09:27:03 bsiegert Exp $
+
+apply https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+against https://nvd.nist.gov/vuln/detail/CVE-2018-10360
+
+ ...
+ The do_core_note function in readelf.c in libmagic.a in file
+ 5.33 allows remote attackers to cause a denial of service
+ (out-of-bounds read and application crash) via a crafted ELF
+ file.
+ ...
+
+--- src/readelf.c.orig 2017-08-27 07:55:02.000000000 +0000
++++ src/readelf.c
+@@ -824,7 +824,8 @@ do_core_note(struct magic_set *ms, unsig
+
+ cname = (unsigned char *)
+ &nbuf[doff + prpsoffsets(i)];
+- for (cp = cname; *cp && isprint(*cp); cp++)
++ for (cp = cname; cp < nbuf + size && *cp
++ && isprint(*cp); cp++)
+ continue;
+ /*
+ * Linux apparently appends a space at the end
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 16:12:46 +0000