From 15feb9e144ba7cc51bf09aeea032b8558d7f7305 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Sat, 25 Feb 2017 19:51:01 +0100 Subject: [PATCH] libevent: add patches for recent CVEs - CVE-2016-10195 - CVE-2016-10196 - CVE-2016-10197 Fixes #5825 --- srcpkgs/libevent/patches/CVE-2016-10195.patch | 23 +++++++++++++++++++ srcpkgs/libevent/patches/CVE-2016-10196.patch | 23 +++++++++++++++++++ srcpkgs/libevent/patches/CVE-2016-10197.patch | 21 +++++++++++++++++ srcpkgs/libevent/template | 2 +- 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/libevent/patches/CVE-2016-10195.patch create mode 100644 srcpkgs/libevent/patches/CVE-2016-10196.patch create mode 100644 srcpkgs/libevent/patches/CVE-2016-10197.patch diff --git a/srcpkgs/libevent/patches/CVE-2016-10195.patch b/srcpkgs/libevent/patches/CVE-2016-10195.patch new file mode 100644 index 00000000000..83a76600852 --- /dev/null +++ b/srcpkgs/libevent/patches/CVE-2016-10195.patch @@ -0,0 +1,23 @@ +From 96f64a022014a208105ead6c8a7066018449d86d Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin +Date: Mon, 1 Feb 2016 17:32:09 +0300 +Subject: [PATCH] evdns: name_parse(): fix remote stack overread + +--- evdns.c ++++ evdns.c +@@ -976,7 +976,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + + for (;;) { + u8 label_len; +- if (j >= length) return -1; + GET8(label_len); + if (!label_len) break; + if (label_len & 0xc0) { +@@ -997,6 +996,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { + *cp++ = '.'; + } + if (cp + label_len >= end) return -1; ++ if (j + label_len > length) return -1; + memcpy(cp, packet + j, label_len); + cp += label_len; + j += label_len; diff --git a/srcpkgs/libevent/patches/CVE-2016-10196.patch b/srcpkgs/libevent/patches/CVE-2016-10196.patch new file mode 100644 index 00000000000..aaaa7f796a0 --- /dev/null +++ b/srcpkgs/libevent/patches/CVE-2016-10196.patch @@ -0,0 +1,23 @@ +From 329acc18a0768c21ba22522f01a5c7f46cacc4d5 Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin +Date: Sun, 31 Jan 2016 00:57:16 +0300 +Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow + +--- evutil.c ++++ evutil.c +@@ -2058,12 +2058,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * + + cp = strchr(ip_as_string, ':'); + if (*ip_as_string == '[') { +- int len; ++ size_t len; + if (!(cp = strchr(ip_as_string, ']'))) { + return -1; + } +- len = (int) ( cp-(ip_as_string + 1) ); +- if (len > (int)sizeof(buf)-1) { ++ len = ( cp-(ip_as_string + 1) ); ++ if (len > sizeof(buf)-1) { + return -1; + } + memcpy(buf, ip_as_string+1, len); diff --git a/srcpkgs/libevent/patches/CVE-2016-10197.patch b/srcpkgs/libevent/patches/CVE-2016-10197.patch new file mode 100644 index 00000000000..27bb7791d21 --- /dev/null +++ b/srcpkgs/libevent/patches/CVE-2016-10197.patch @@ -0,0 +1,21 @@ +From ec65c42052d95d2c23d1d837136d1cf1d9ecef9e Mon Sep 17 00:00:00 2001 +From: Azat Khuzhin +Date: Fri, 25 Mar 2016 00:33:47 +0300 +Subject: [PATCH] evdns: fix searching empty hostnames + +--- evdns.c ++++ evdns.c +@@ -3175,9 +3175,12 @@ search_set_from_hostname(struct evdns_base *base) { + static char * + search_make_new(const struct search_state *const state, int n, const char *const base_name) { + const size_t base_len = strlen(base_name); +- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ char need_to_append_dot; + struct search_domain *dom; + ++ if (!base_len) return NULL; ++ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; ++ + for (dom = state->head; dom; dom = dom->next) { + if (!n--) { + /* this is the postfix we want */ diff --git a/srcpkgs/libevent/template b/srcpkgs/libevent/template index c3590d53ab7..7a8785a52e0 100644 --- a/srcpkgs/libevent/template +++ b/srcpkgs/libevent/template @@ -1,7 +1,7 @@ # Template file for 'libevent' pkgname=libevent version=2.0.22 -revision=7 +revision=8 wrksrc="$pkgname-$version-stable" build_style=gnu-configure makedepends="libressl-devel"