diff options
-rw-r--r-- | net-libs/ldns/Manifest | 2 | ||||
-rw-r--r-- | net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch | 15 | ||||
-rw-r--r-- | net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch | 17 | ||||
-rw-r--r-- | net-libs/ldns/ldns-1.7.0-r1.ebuild (renamed from net-libs/ldns/ldns-1.7.0.ebuild) | 6 |
4 files changed, 39 insertions, 1 deletions
diff --git a/net-libs/ldns/Manifest b/net-libs/ldns/Manifest index c444cb3ed123..419666a11028 100644 --- a/net-libs/ldns/Manifest +++ b/net-libs/ldns/Manifest @@ -1,2 +1,2 @@ DIST ldns-1.6.17.tar.gz 1315403 SHA256 8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd SHA512 5de42b4b8622591db51efb0956735deee9cd5e0bee12249a03b65c5b45d7c51bf9c2edb310ef9d7431af49aef77d968bfa2455a7dedfa80cde3d433436c83785 WHIRLPOOL 08c8a13df3dbeccd5dc5ceeb52730a61ab231e70a85524e826f9275bbcde6e09d6e2fc5234303a6bceb431d2b91f510140ce61a2b59d77afbb2759a0627c7cb7 -DIST ldns-1.7.0.tar.gz 1304424 SHA256 c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 WHIRLPOOL 4450b94dd3e2586230f1691b626947cad7ac2031e343d1e522343570d5b713cfd4bacd52e91713139a88c2fe2406f5f42594d2da0a0474c807f47fd2e98726b1 +DIST ldns-1.7.0.tar.gz 1304424 BLAKE2B 2f37aa2d00c1d9cf18711bd4f873f4722df01c4f4d0f627e054f04b2473c0fbf19449e293a130d5c8b98dcebafeb3d7b3f5923ae0244bd80139cea77f2171e06 SHA512 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8 diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch new file mode 100644 index 000000000000..9ff92e25c75e --- /dev/null +++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000231.patch @@ -0,0 +1,15 @@ +diff --git a/parse.c b/parse.c +index e68627c..947dbb8 100644 +--- a/parse.c ++++ b/parse.c +@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li + if (line_nr) { + *line_nr = *line_nr + 1; + } ++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { ++ *t = '\0'; ++ return -1; ++ } + *t++ = ' '; + prev_c = c; + continue; diff --git a/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch new file mode 100644 index 000000000000..341dfa5916e4 --- /dev/null +++ b/net-libs/ldns/files/ldns-1.7.0-CVE-2017-1000232.patch @@ -0,0 +1,17 @@ +diff --git a/str2host.c b/str2host.c +index b274b17..f2a317b 100644 +--- a/str2host.c ++++ b/str2host.c +@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); +- ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) { diff --git a/net-libs/ldns/ldns-1.7.0.ebuild b/net-libs/ldns/ldns-1.7.0-r1.ebuild index 5e5b25fd009c..d507363c9210 100644 --- a/net-libs/ldns/ldns-1.7.0.ebuild +++ b/net-libs/ldns/ldns-1.7.0-r1.ebuild @@ -72,6 +72,12 @@ multilib_src_configure() { # >=openssl-1.1.0 required for dane-ta } +src_prepare() { + cd "$S" + epatch "${FILESDIR}/${P}-CVE-2017-1000231.patch" + epatch "${FILESDIR}/${P}-CVE-2017-1000232.patch" +} + multilib_src_compile() { default |