commit: d9daa618c8a85908978180048f86c08c7a4dc85d Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> AuthorDate: Sun Feb 19 16:48:34 2017 +0000 Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org> CommitDate: Sun Feb 19 16:48:54 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9daa618
net-libs/openslp: Add patch for CVE-2016-7567, bug 595542 Package-Manager: Portage-2.3.3, Repoman-2.3.1 .../files/openslp-2.0.0-CVE-2016-7567.patch | 94 ++++++++++++++++++++++ net-libs/openslp/openslp-2.0.0-r4.ebuild | 44 ++++++++++ 2 files changed, 138 insertions(+) diff --git a/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch b/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch new file mode 100644 index 0000000000..2d54fa04bf --- /dev/null +++ b/net-libs/openslp/files/openslp-2.0.0-CVE-2016-7567.patch @@ -0,0 +1,94 @@ +See +http://www.openwall.com/lists/oss-security/2016/09/27/4 +https://bugs.gentoo.org/show_bug.cgi?id=595542 + +diff -r 598821da69f2 -r 34fb3aa5e6b4 openslp/common/slp_compare.c +--- a/common/slp_compare.c Sat Jun 08 15:14:45 2013 -0600 ++++ b/common/slp_compare.c Mon Nov 30 20:50:12 2015 -0700 +@@ -194,7 +194,8 @@ + * @return The new (shorter) length of @p str. + * + * @note This routine assumes that leading and trailing white space have +- * already been removed from @p str. ++ * already been removed from @p str. It also assumes that @p str may ++ * not be null-terminated. + */ + static int SLPFoldWhiteSpace(size_t len, char * str) + { +@@ -203,11 +204,11 @@ + { + if (isspace(*p)) + { +- char * ws2p = ++p; /* Point ws2p to the second ws char. */ +- while (isspace(*p)) /* Scan till we hit a non-ws char. */ ++ char * ws2p = ++p; /* Point ws2p to the second ws char. */ ++ while (p < ep && isspace(*p)) /* Scan till we hit a non-ws char. */ + p++; +- len -= p - ws2p; /* Reduce the length by extra ws. */ +- memmove(ws2p, p, ep - p); /* Overwrite the extra white space. */ ++ len -= p - ws2p; /* Reduce the length by extra ws. */ ++ memmove(ws2p, p, ep - p); /* Overwrite the extra white space. */ + } + p++; + } +@@ -821,6 +822,50 @@ + + #ifdef SLP_COMPARE_TEST + ++/* Test boundary conditions of SLPFoldWhiteSpace. */ ++static int test_SLPFoldWhiteSpace(void) ++{ ++ static char test_str0[] = " "; ++ static char test_str1[] = "Blah"; ++ static char test_str3[] = "Blah blah"; ++ static char test_str4[] = "Blah blah"; ++ static char test_str5[] = "Blah blah blah"; ++ static char test_str8[] = " Blah blah"; ++ static char test_str9[] = " Blah blah"; ++ static char test_strC[] = "Blah blah "; ++ static char test_strD[] = "Blah blah xxxx"; ++ ++ static char * test_strs[] = ++ { ++ test_str0, test_str0, test_str0, test_str1, test_strC, ++ test_str3, test_str4, test_str5, test_strC, test_strC, ++ test_str8, test_str9, test_strC, test_strD, ++ }; ++ ++ static int test_lens[] = ++ { ++ 0, 1, 2, 4, 9, 10, 11, 15, 10, 11, 10, 11, 11, 11, ++ }; ++ ++ static int test_fins[] = ++ { ++ 0, 1, 1, 4, 9, 9, 9, 14, 10, 10, 10, 10, 10, 10, ++ }; ++ ++#define MAX_BUFSZ 32 ++ ++ int i; ++ for (i = 0; i < sizeof(test_strs) / sizeof(*test_strs); ++i) ++ { ++ char test_buf[MAX_BUFSZ]; ++ memmove(test_buf, test_strs[i], test_lens[i]); ++ int len = SLPFoldWhiteSpace(test_lens[i], test_buf); ++ if (len != test_fins[i]) ++ return -1; ++ } ++ return 0; ++} ++ + /* ---------------- Test main for the slp_compare.c module ---------------- + * + * Compile with: +@@ -840,6 +885,9 @@ + + int count; + ++ if (test_SLPFoldWhiteSpace() != 0) ++ return -1; ++ + /* *** SLPContainsStringList *** + */ + count = SLPContainsStringList(sizeof lst1 - 1, lst1, sizeof str1 - 1, str1); diff --git a/net-libs/openslp/openslp-2.0.0-r4.ebuild b/net-libs/openslp/openslp-2.0.0-r4.ebuild new file mode 100644 index 0000000000..bda06a24f8 --- /dev/null +++ b/net-libs/openslp/openslp-2.0.0-r4.ebuild @@ -0,0 +1,44 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools systemd + +DESCRIPTION="An open-source implementation of Service Location Protocol" +HOMEPAGE="http://www.openslp.org/"; +SRC_URI="mirror://sourceforge/openslp/${P}.tar.gz" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" +IUSE="libressl" +RESTRICT="test" + +DEPEND=" + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) +" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-2.0.0-cflags.patch + "${FILESDIR}"/${PN}-2.0.0-CVE-2016-4912.patch + "${FILESDIR}"/${PN}-2.0.0-CVE-2012-4428.patch + "${FILESDIR}"/${PN}-2.0.0-CVE-2016-7567.patch +) + +src_prepare() { + default + eautoreconf +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + dodoc AUTHORS FAQ ChangeLog NEWS README* THANKS + rm -rfv "${D}"/usr/doc + dohtml -r . + newinitd "${FILESDIR}"/slpd-init slpd + systemd_dounit "${FILESDIR}"/slpd.service +}
