public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Marc Schiffbauer" <mschiff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-libs/ldns/, net-libs/ldns/files/
Date: Thu, 23 Nov 2017 16:49:11 +0000 (UTC)	[thread overview]
Message-ID: <1511455678.bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc.mschiff@gentoo> (raw)

commit:     bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc
Author:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 23 16:37:01 2017 +0000
Commit:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
CommitDate: Thu Nov 23 16:47:58 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc5ac7f9

net-libs/ldns: add patches to fix CVE-2017-1000231/1000232

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 net-libs/ldns/Manifest                                  |  2 +-
 net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch   | 15 +++++++++++++++
 net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch   | 17 +++++++++++++++++
 .../ldns/{ldns-1.7.0.ebuild => ldns-1.7.0-r1.ebuild}    |  6 ++++++
 4 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/net-libs/ldns/Manifest b/net-libs/ldns/Manifest
index c444cb3ed12..419666a1102 100644
--- a/net-libs/ldns/Manifest
+++ b/net-libs/ldns/Manifest
@@ -1,2 +1,2 @@
 DIST ldns-1.6.17.tar.gz 1315403 SHA256 8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd SHA512 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03b65c5b45d7c51bf9c2edb310ef9d7431af49aef77d968bfa2455a7dedfa80cde3d433436c83785 WHIRLPOOL 08c8a13df3dbeccd5dc5ceeb52730a61ab231e70a85524e826f9275bbcde6e09d6e2fc5234303a6bceb431d2b91f510140ce61a2b59d77afbb2759a0627c7cb7
-DIST ldns-1.7.0.tar.gz 1304424 SHA256 c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 WHIRLPOOL 4450b94dd3e2586230f1691b626947cad7ac2031e343d1e522343570d5b713cfd4bacd52e91713139a88c2fe2406f5f42594d2da0a0474c807f47fd2e98726b1
+DIST ldns-1.7.0.tar.gz 1304424 BLAKE2B 2f37aa2d00c1d9cf18711bd4f873f4722df01c4f4d0f627e054f04b2473c0fbf19449e293a130d5c8b98dcebafeb3d7b3f5923ae0244bd80139cea77f2171e06 SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8

diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch
new file mode 100644
index 00000000000..9ff92e25c75
--- /dev/null
+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch
@@ -0,0 +1,15 @@
+diff --git a/parse.c b/parse.c
+index e68627c..947dbb8 100644
+--- a/parse.c
++++ b/parse.c
+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
+ 			if (line_nr) {
+ 				*line_nr = *line_nr + 1;
+ 			}
++			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++				*t = '\0';
++				return -1;
++			}
+ 			*t++ = ' ';
+ 			prev_c = c;
+			continue;

diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch
new file mode 100644
index 00000000000..341dfa5916e
--- /dev/null
+++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch
@@ -0,0 +1,17 @@
+diff --git a/str2host.c b/str2host.c
+index b274b17..f2a317b 100644
+--- a/str2host.c
++++ b/str2host.c
+@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
+ 	if (! str) {
+ 		return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+ 	}
+-	length = (size_t)(dp - data);
+-
++	if (!(length = (size_t)(dp - data))) {
++		LDNS_FREE(data);
++		return LDNS_STATUS_SYNTAX_EMPTY;
++	}
+ 	/* Lose the overmeasure */
+ 	data = LDNS_XREALLOC(dp = data, uint8_t, length);
+	if (! data) {

diff --git a/net-libs/ldns/ldns-1.7.0.ebuild b/net-libs/ldns/ldns-1.7.0-r1.ebuild
similarity index 95%
rename from net-libs/ldns/ldns-1.7.0.ebuild
rename to net-libs/ldns/ldns-1.7.0-r1.ebuild
index 5e5b25fd009..d507363c921 100644
--- a/net-libs/ldns/ldns-1.7.0.ebuild
+++ b/net-libs/ldns/ldns-1.7.0-r1.ebuild
@@ -72,6 +72,12 @@ multilib_src_configure() {
 		# >=openssl-1.1.0 required for dane-ta
 }
 
+src_prepare() {
+	cd "$S"
+	epatch "${FILESDIR}/${P}-CVE-2017-1000231.patch"
+	epatch "${FILESDIR}/${P}-CVE-2017-1000232.patch"
+}
+
 multilib_src_compile() {
 	default
 


             reply	other threads:[~2017-11-23 16:49 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-23 16:49 Marc Schiffbauer [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-09-29 13:50 [gentoo-commits] repo/gentoo:master commit in: net-libs/ldns/, net-libs/ldns/files/ Marc Schiffbauer
2021-12-24 10:57 Marc Schiffbauer
2023-01-26  7:55 Sam James
2024-02-06  5:18 Sam James
2025-04-07  6:33 Marc Schiffbauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1511455678.bc5ac7f9daddfa46622cc9fed02ae05d0f1484cc.mschiff@gentoo \
    --to=mschiff@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox