From fa4a449e7c825947f8e5670f2a7a94c75f324def Mon Sep 17 00:00:00 2001 From: "Andreas K. Hüttel" Date: Sat, 18 Feb 2017 20:08:51 +0100 Subject: net-libs/openslp: Forward-port and add patch for CVE-2012-4428, bug 434918 Package-Manager: Portage-2.3.3, Repoman-2.3.1 --- .../files/openslp-2.0.0-CVE-2012-4428.patch | 51 ++++++++++++++++++++++ net-libs/openslp/openslp-2.0.0-r3.ebuild | 43 ++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 net-libs/openslp/files/openslp-2.0.0-CVE-2012-4428.patch create mode 100644 net-libs/openslp/openslp-2.0.0-r3.ebuild (limited to 'net-libs/openslp') diff --git a/net-libs/openslp/files/openslp-2.0.0-CVE-2012-4428.patch b/net-libs/openslp/files/openslp-2.0.0-CVE-2012-4428.patch new file mode 100644 index 000000000000..28564c007cf3 --- /dev/null +++ b/net-libs/openslp/files/openslp-2.0.0-CVE-2012-4428.patch @@ -0,0 +1,51 @@ + +Description: Fix out-of-bounds buffer access (CVE-2012-4428) + Fix handling of string-list in common/slp_common.c by not increasing + the item pointer past the string-list pointer, and letting '\\' only + escape the item separator ','. +Author: Guillem Jover +Origin: vendor +Bug: http://sourceforge.net/p/openslp/bugs/122/ +Bug-Debian: https://bugs.debian.org/687597 +Last-Update: 2014-07-25 + +Strangely nobody seems to have fixed this in openslp-2.0.0 ever. +Patch forward-ported; one chunk isn't needed anymore as the code has been +independently rewritten. Andreas K. Hüttel + + +diff -ruN openslp-2.0.0.orig/common/slp_compare.c openslp-2.0.0/common/slp_compare.c +--- openslp-2.0.0.orig/common/slp_compare.c 2012-12-12 20:12:43.000000000 +0100 ++++ openslp-2.0.0/common/slp_compare.c 2017-02-18 19:59:55.296473698 +0100 +@@ -587,13 +587,10 @@ + /* seek to the end of the next list item */ + while(1) + { +- if(itemend == listend || *itemend == ',') +- { +- if(*(itemend - 1) != '\\') +- { +- break; +- } +- } ++ if(itemend == listend) ++ break; ++ if(*itemend == ',' && *(itemend - 1) != '\\') ++ break; + + itemend++; + } +@@ -683,9 +680,10 @@ + /* seek to the end of the next list item */ + while (1) + { +- if (itemend == listend || *itemend == ',') +- if (*(itemend - 1) != '\\') +- break; ++ if(itemend == listend) ++ break; ++ if(*itemend == ',' && *(itemend - 1) != '\\') ++ break; + itemend++; + } + diff --git a/net-libs/openslp/openslp-2.0.0-r3.ebuild b/net-libs/openslp/openslp-2.0.0-r3.ebuild new file mode 100644 index 000000000000..d350e7d90ea2 --- /dev/null +++ b/net-libs/openslp/openslp-2.0.0-r3.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools systemd + +DESCRIPTION="An open-source implementation of Service Location Protocol" +HOMEPAGE="http://www.openslp.org/" +SRC_URI="mirror://sourceforge/openslp/${P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" +IUSE="libressl" +RESTRICT="test" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-2.0.0-cflags.patch + "${FILESDIR}"/${PN}-2.0.0-CVE-2016-4912.patch + "${FILESDIR}"/${PN}-2.0.0-CVE-2012-4428.patch +) + +src_prepare() { + default + eautoreconf +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + dodoc AUTHORS FAQ ChangeLog NEWS README* THANKS + rm -rfv "${D}"/usr/doc + dohtml -r . + newinitd "${FILESDIR}"/slpd-init slpd + systemd_dounit "${FILESDIR}"/slpd.service +} -- cgit v1.2.3-65-gdbad