Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/samurai/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- Makefile 21 Dec 2020 22:47:37 -0000 1.9
+++ Makefile 3 Jun 2021 20:53:45 -0000
@@ -4,6 +4,7 @@ COMMENT = ninja-compatible build tool wr
V = 1.2
DISTNAME = samurai-$V
+REVISION = 0
CATEGORIES = devel
MAINTAINER = Brian Callahan <bcallah@openbsd.org>
Index: patches/patch-parse_c
===================================================================
RCS file: patches/patch-parse_c
diff -N patches/patch-parse_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-parse_c 3 Jun 2021 20:53:45 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+CVE-2021-30219
+https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655
+
+Index: parse.c
+--- parse.c.orig
++++ parse.c
+@@ -42,6 +42,8 @@ parserule(struct scanner *s, struct environment *env)
+ var = scanname(s);
+ parselet(s, &val);
+ ruleaddvar(r, var, val);
++ if (!val)
++ continue;
+ if (strcmp(var, "command") == 0)
+ hascommand = true;
+ else if (strcmp(var, "rspfile") == 0)
Index: patches/patch-util_c
===================================================================
RCS file: patches/patch-util_c
diff -N patches/patch-util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-util_c 3 Jun 2021 20:53:45 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+CVE-2021-30218
+https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918
+
+Index: util.c
+--- util.c.orig
++++ util.c
+@@ -258,7 +258,7 @@ writefile(const char *name, struct string *s)
+ return -1;
+ }
+ ret = 0;
+- if (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0) {
++ if (s && (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0)) {
+ warn("write %s:", name);
+ ret = -1;
+ }
Hi ports --
Attached is a diff to fix two CVEs with devel/samurai:
https://nvd.nist.gov/vuln/detail/CVE-2021-30218
https://nvd.nist.gov/vuln/detail/CVE-2021-30219
OK?
~Brian
No comments:
Post a Comment