mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-06 04:46:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/mcpp: fix CVE-2019-14274

Browse Source 
Patch taken from Debian.
This commit is contained in:
Sören Tempel 2020-04-17 12:44:08 +02:00
parent 4f0eb74758
commit e044f03789
2 changed files with 61 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
main/mcpp/APKBUILD
View File

@ -2,7 +2,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=mcpp
pkgver=2.7.2
pkgrel=1
pkgrel=2
pkgdesc="A portable C preprocessor"
url="http://mcpp.sourceforge.net"
arch="all"
@ -13,7 +13,12 @@ makedepends=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
01-zeroc-fixes.patch
02-gniibe-fixes.patch"
02-gniibe-fixes.patch
CVE-2019-14274.patch"
# secfixes:
# 2.7.2-r2:
# - CVE-2019-14274
prepare() {
cd "$builddir"
@ -45,12 +50,7 @@ package() {
"$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1
}
md5sums="512de48c87ab023a69250edc7a0c7b05 mcpp-2.7.2.tar.gz
e231a2c976ccf14b548deaee840faeb7 01-zeroc-fixes.patch
1801827678e80d0ef73655a88064a35b 02-gniibe-fixes.patch"
sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864 mcpp-2.7.2.tar.gz
6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c 01-zeroc-fixes.patch
30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504 02-gniibe-fixes.patch"
sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz
86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch
a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch"
a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch
12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882 CVE-2019-14274.patch"

52
main/mcpp/CVE-2019-14274.patch Normal file
View File

@ -0,0 +1,52 @@
Description: Fix for a bug reported to sourceforge.net #13
by fixing error messages.
Also, fix erroneous messages.
Author: NIIBE Yutaka
Index: mcpp/src/support.c
===================================================================
--- mcpp.orig/src/support.c
+++ mcpp/src/support.c
@@ -822,7 +822,7 @@ escape:
if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0)
&& (warn_level & 1))
cwarn(
- "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */
+ "Illegal control character %.0s0x%02x in quotation" /* _W1_ */
, NULL, (long) c, NULL);
*out_p++ = c;
chk_limit:
@@ -861,10 +861,10 @@ chk_limit:
if (mcpp_mode != POST_STD && option_flags.lang_asm) {
/* STD, KR */
if (warn_level & 1)
- cwarn( unterm_char, out, 0L, NULL); /* _W1_ */
+ cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */
goto done;
} else {
- cerror( unterm_char, out, 0L, skip); /* _E_ */
+ cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */
}
} else {
cerror( "Unterminated header name %s%.0ld%s" /* _E_ */
@@ -875,9 +875,9 @@ chk_limit:
if (mcpp_mode != POST_STD && option_flags.lang_asm) {
/* STD, KR */
if (warn_level & 1)
- cwarn( empty_const, out, 0L, skip); /* _W1_ */
+ cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */
} else {
- cerror( empty_const, out, 0L, skip); /* _E_ */
+ cerror( empty_const, NULL, (long)delim, skip); /* _E_ */
out_p = NULL;
goto done;
}
@@ -1774,7 +1774,7 @@ not_comment:
default:
if (iscntrl( c)) {
cerror( /* Skip the control character */
- "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */
+ "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */
, NULL, (long) c, NULL);
} else { /* Any valid character */
*tp++ = c;