From bf57debcdef45adc78bc5bd59e2d44599fc49ccd Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Thu, 14 Oct 2021 00:33:02 -0600 Subject: [PATCH] main/openrc: add mitigation for CVE-2021-42341 --- main/openrc/APKBUILD | 9 ++++++++- main/openrc/CVE-2021-42341.patch | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 main/openrc/CVE-2021-42341.patch diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD index 8aaea2db730..734f788e292 100644 --- a/main/openrc/APKBUILD +++ b/main/openrc/APKBUILD @@ -2,7 +2,7 @@ pkgname=openrc pkgver=0.43.3 _ver=${pkgver/_git*/} -pkgrel=1 +pkgrel=2 pkgdesc="OpenRC manages the services, startup and shutdown of a host" url="https://github.com/OpenRC/openrc" arch="all" @@ -29,6 +29,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve 0014-time_t-64bit.patch 0020-staticroute-confd.patch + CVE-2021-42341.patch + openrc.logrotate hostname.initd hwdrivers.initd @@ -43,6 +45,10 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve test-networking.sh " +# secfixes: +# 0.43.3-r2: +# - CVE-2021-42341 + prepare() { default_prepare sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile @@ -142,6 +148,7 @@ ff9bf2f6e4f55633a9641385398f70a2e591e2b3b56b1903f168a97b07bd56dc5a65d151deeab942 34c5b1157d9f1e26f9c9121b649f7a31c32f3bdd62a17f451d3391f276ec8ca82623c1b917506867647523d18a1ee665a17d261ac12ff1732ab5c19cfaf91aac 0011-vrf.patch af0d5a3e6bdd09abd65174a0292450ebb79116a6be50ad4dc368e7ade497020bf4f7d55487335eb32067616603c7d9c3f8596228064c93bfd47596fb12ef7215 0014-time_t-64bit.patch 50acfd498c74e34b099b43776545327dba63114d16347839bc9f1cc40b1898d0a600f05e64b24f7f013842e9f72fadc5a7b651d145d45699e87b6919ba077281 0020-staticroute-confd.patch +0c593760590748c57e40a0727aff4c4bf92d3a5317fe6de8a03efe44abb49a22fd76080b92d5cdb281c1c6ac51c8a1e2fbcfb78f0e7f55b94e6864832258bd04 CVE-2021-42341.patch 12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate 493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd c06eac7264f6cc6888563feeae5ca745aae538323077903de1b19102e4f16baa34c18b8c27af5dd5423e7670834e2261e9aa55f2b1ec8d8fdc2be105fe894d55 hwdrivers.initd diff --git a/main/openrc/CVE-2021-42341.patch b/main/openrc/CVE-2021-42341.patch new file mode 100644 index 00000000000..b18772ab088 --- /dev/null +++ b/main/openrc/CVE-2021-42341.patch @@ -0,0 +1,33 @@ +From cc45b55f895d0c21b5ac3e5a65b0bf00f76adeb7 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Fri, 8 Oct 2021 04:52:55 +0100 +Subject: [PATCH] checkpath: fix allocation size of path buffer + +strlen's return value isn't enough to be used +directly for (x)malloc; it doesn't include +the null byte at the end of the string. + +X-Gentoo-Bug: 816900 +X-Gentoo-Bug-URL: https://bugs.gentoo.org/816900 +Fixes: #459 +Fixes: #462 +--- + src/rc/checkpath.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c +index bab22692..c4dd7d9d 100644 +--- a/src/rc/checkpath.c ++++ b/src/rc/checkpath.c +@@ -151,7 +151,7 @@ static char *clean_path(char *path) + char *ch; + char *ch2; + char *str; +- str = xmalloc(strlen(path)); ++ str = xmalloc(strlen(path) + 1); + ch = path; + ch2 = str; + while (true) { +-- +2.33.0 +