openslp: patched against CVE-2016-4912

openslp/PKGBUILD

@@ -1,24 +1,30 @@
 pkgname=openslp
 pkgver=2.0.0
-pkgrel=2
+pkgrel=3
 pkgdesc="Open-source implementation of Service Location Protocol"
 arch=('x86_64')
 url="http://www.openslp.org"
 license=('BSD')
 depends=('glibc' 'bash' 'openssl')
 backup=('etc/slp.conf' 'etc/slp.reg' 'etc/slp.spi')
-source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+source=("http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz"
         "makefile.patch"
-        'openslp.service')
+        'openslp.service'
+        'openslp-2.0.0-null-pointer-deref.patch')
 md5sums=('18cf7940bcc444e32592cf34e84f833f'
-         '996b9f8371290b7a8c6b1c470734bdd2'
-         '296dc3c8f75e7a1823fcb9dd97ea0971')
+         'de1c503d82b30269edc75be614ac0fe9'
+         '296dc3c8f75e7a1823fcb9dd97ea0971'
+         'af9f6b5fcc7dbe24888b9bba61154533')
+
+prepare() {
+  # fix package bug, tries to create director /usr/var/log
+  patch -Np1 -i makefile.patch
+  #fix CVE-2016-4912, thanks to Arch for the patch
+  patch -Np1 -i openslp-2.0.0-null-pointer-deref.patch
+}
 
 build() {
-  cd ${srcdir}/${pkgname}-${pkgver}
-   
-   # fix package bug, tries to create director /usr/var/log
-   patch -p1 -i ${srcdir}/makefile.patch
+  cd $pkgname-$pkgver
 
   ./configure --prefix=/usr \
               --sysconfdir=/etc \
@@ -30,9 +36,9 @@ build() {
 }
 
 package() {
-  cd ${srcdir}/${pkgname}-${pkgver}
+  cd $pkgname-$pkgver
   
-  make DESTDIR=${pkgdir} DOC_DIR=/usr/share/doc/openslp-${pkgver} install 
-  install -D -m644 COPYING ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
-  install -D -m644 $srcdir/openslp.service ${pkgdir}/usr/lib/systemd/system/openslp.service
+  make DESTDIR=$pkgdir DOC_DIR=/usr/share/doc/openslp-$pkgver install 
+  install -D -m644 COPYING $pkgdir/usr/share/licenses/$pkgname/LICENSE
+  install -D -m644 ../openslp.service $pkgdir/usr/lib/systemd/system/openslp.service
 }

openslp/makefile.patch

@@ -1,5 +1,6 @@
---- /etc/Makefile.am	2013-07-20 21:51:37.675986920 +0000
-+++ /etc/Makefile.am	2013-07-20 21:51:58.399208143 +0000
+diff -u openslp-2.0.0/etc/Makefile.am openslp-2.0.0/etc/Makefile.am
+--- a/openslp-2.0.0/etc/Makefile.am	2013-07-20 21:51:37.675986920 +0000
++++ b/openslp-2.0.0/etc/Makefile.am	2013-07-20 21:51:58.399208143 +0000
 @@ -4,7 +4,7 @@
  
  #make sure the slpd log directory is there

openslp/openslp-2.0.0-null-pointer-deref.patch

@@ -0,0 +1,12 @@
+diff -up openslp-2.0.0/common/slp_xmalloc.c.orig openslp-2.0.0/common/slp_xmalloc.c
+--- a/openslp-2.0.0/common/slp_xmalloc.c.orig	2012-12-07 01:52:08.000000000 +0100
++++ b/openslp-2.0.0/common/slp_xmalloc.c	2016-05-23 12:58:57.953532979 +0200
+@@ -203,6 +203,8 @@ void * _xrealloc(const char * file, int
+       if (x->size != size)
+       {
+          newptr = _xmalloc(file, line, size);
++         if (newptr == 0)
++            return 0;
+          memcpy(newptr, ptr, x->size);
+          _xfree(file, line, x);
+       }

openslp/openslp-2.0.0-openssl-1.1-fix.patch

@@ -0,0 +1,25 @@
+diff -up openslp-2.0.0/common/slp_crypto.c.orig openslp-2.0.0/common/slp_crypto.c
+--- a/openslp-2.0.0/common/slp_crypto.c.orig	2012-12-07 21:13:28.000000000 +0100
++++ b/openslp-2.0.0/common/slp_crypto.c	2017-02-22 11:16:11.620835724 +0100
+@@ -88,11 +88,16 @@ SLPCryptoDSAKey * SLPCryptoDSAKeyDup(SLP
+    result =  DSA_new();
+    if (result)
+    {
+-      result->p = BN_dup(dsa->p);
+-      result->q = BN_dup(dsa->q);
+-      result->g = BN_dup(dsa->g);
+-      result->priv_key = BN_dup(dsa->priv_key);
+-      result->pub_key = BN_dup(dsa->pub_key);
++      const BIGNUM *p, *q, *g;
++      const BIGNUM *priv_key, *pub_key;
++
++      DSA_get0_pqg(dsa, &p, &q, &g);
++      DSA_get0_key(dsa, &pub_key, &priv_key);
++
++      /* would be nice to check return values,
++       * but original code didn't do that either... */
++      DSA_set0_pqg(result, BN_dup(p), BN_dup(q), BN_dup(g));
++      DSA_set0_key(result, BN_dup(pub_key), BN_dup(priv_key));
+    }
+    return result;
+ }