From 347f876ac7ef15b7a58a375363b4b515206819c8 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Thu, 10 Aug 2017 03:46:03 +0200 Subject: [PATCH] mdocml: add upstream patch Fix an out of bounds read access to a constant array that caused segfaults on certain hardened versions of glibc. Triggered by .sp or blank lines right before .SS or .SH, or before the first .Sh. Found the hard way by Dr. Markus Waldner on Debian and by Leah Neukirchen on Void Linux. Fixes #7330 --- srcpkgs/mdocml/patches/boundary-check.patch | 34 ++++++++++++++++----- srcpkgs/mdocml/template | 4 +-- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/srcpkgs/mdocml/patches/boundary-check.patch b/srcpkgs/mdocml/patches/boundary-check.patch index f4f83e73b1e..41de5cb946b 100644 --- a/srcpkgs/mdocml/patches/boundary-check.patch +++ b/srcpkgs/mdocml/patches/boundary-check.patch @@ -1,13 +1,31 @@ -Else mount(8) segfaults due to n->tok = roff_SP. +=================================================================== +RCS file: /vhosts/mdocml.bsd.lv/cvs/mdocml/man_term.c,v +retrieving revision 1.208 +retrieving revision 1.209 +diff -u -r1.208 -r1.209 +--- man_term.c 2017/06/25 11:42:02 1.208 ++++ man_term.c 2017/07/31 15:19:06 1.209 +@@ -1,4 +1,4 @@ +-/* $Id: man_term.c,v 1.208 2017/06/25 11:42:02 schwarze Exp $ */ ++/* $Id: man_term.c,v 1.209 2017/07/31 15:19:06 schwarze Exp $ */ + /* + * Copyright (c) 2008-2012 Kristaps Dzonsons + * Copyright (c) 2010-2015, 2017 Ingo Schwarze +@@ -673,7 +673,7 @@ ---- man_term.c 2017-07-30 12:00:19.858167629 -0400 -+++ man_term.c 2017-07-30 12:00:06.700039726 -0400 -@@ -674,7 +674,7 @@ do { n = n->prev; - } while (n != NULL && n->tok != TOKEN_NONE && -- termacts[n->tok].flags & MAN_NOTEXT); -+ n->tok >= MAN_TH && termacts[n->tok].flags & MAN_NOTEXT); +- } while (n != NULL && n->tok != TOKEN_NONE && ++ } while (n != NULL && n->tok >= MAN_TH && + termacts[n->tok].flags & MAN_NOTEXT); if (n == NULL || (n->tok == MAN_SS && n->body->child == NULL)) break; - +@@ -735,7 +735,7 @@ + + do { + n = n->prev; +- } while (n != NULL && n->tok != TOKEN_NONE && ++ } while (n != NULL && n->tok >= MAN_TH && + termacts[n->tok].flags & MAN_NOTEXT); + if (n == NULL || (n->tok == MAN_SH && n->body->child == NULL)) + break; diff --git a/srcpkgs/mdocml/template b/srcpkgs/mdocml/template index 354a2392197..f0c7e99f700 100644 --- a/srcpkgs/mdocml/template +++ b/srcpkgs/mdocml/template @@ -1,8 +1,8 @@ # Template file for 'mdocml' pkgname=mdocml version=1.14.2 -revision=2 -wrksrc="mandoc-1.14.2" +revision=3 +wrksrc="mandoc-${version}" build_style=configure makedepends="zlib-devel" depends="less"