From 3e640fd910796674d8743fb511793f676856900a Mon Sep 17 00:00:00 2001
From: Nathan Owens <ndowens04@gmail.com>
Date: Mon, 31 Dec 2018 23:57:08 -0600
Subject: [PATCH] proplib: add security patches

---
 .../patches/avoid-extra-alloc-free.patch      | 52 +++++++++++++++++++
 .../proplib/patches/check-sysconf-value.patch | 34 ++++++++++++
 .../proplib/patches/overflow-protection.patch | 23 ++++++++
 srcpkgs/proplib/template                      |  2 +-
 4 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/proplib/patches/avoid-extra-alloc-free.patch
 create mode 100644 srcpkgs/proplib/patches/check-sysconf-value.patch
 create mode 100644 srcpkgs/proplib/patches/overflow-protection.patch

diff --git a/srcpkgs/proplib/patches/avoid-extra-alloc-free.patch b/srcpkgs/proplib/patches/avoid-extra-alloc-free.patch
new file mode 100644
index 00000000000..caacfc36dd3
--- /dev/null
+++ b/srcpkgs/proplib/patches/avoid-extra-alloc-free.patch
@@ -0,0 +1,52 @@
+From 903e696b47fc469004598a5671965b31e902c544 Mon Sep 17 00:00:00 2001
+From: Juan RP <xtraeme@gmail.com>
+Date: Sun, 11 Jan 2015 17:07:55 +0100
+Subject: [PATCH] prop_zlib: use a stack buffer to avoid an extra alloc/free.
+
+Merged from xbps.
+---
+ src/prop_zlib.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git src/prop_zlib.c src/prop_zlib.c
+index f764eee..539ee76 100644
+--- src/prop_zlib.c
++++ src/prop_zlib.c
+@@ -1,5 +1,5 @@
+ /*-
+- * Copyright (c) 2010-2012 Juan Romero Pardines.
++ * Copyright (c) 2010-2014 Juan Romero Pardines.
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -58,7 +58,7 @@ prop ## type ## _internalize_from_zfile(const char *fname)				\
+ 	struct _prop_object_internalize_mapped_file *mf;				\
+ 	prop ## type ## _t obj = NULL;							\
+ 	z_stream strm;									\
+-	unsigned char *out;								\
++	unsigned char out[_READ_CHUNK+1];						\
+ 	char *uncomp_xml = NULL;							\
+ 	size_t have;									\
+ 	ssize_t totalsize = 0;								\
+@@ -78,13 +78,6 @@ prop ## type ## _internalize_from_zfile(const char *fname)				\
+ 	if (uncomp_xml == NULL)								\
+ 		goto out;								\
+ 											\
+-	/* temporary output buffer for inflate */					\
+-	out = _PROP_MALLOC(_READ_CHUNK, M_TEMP);					\
+-	if (out == NULL) {								\
+-		_PROP_FREE(uncomp_xml, M_TEMP);						\
+-		goto out;								\
+-	}										\
+-											\
+ 	/* Decompress the mmap'ed buffer with zlib */					\
+ 	strm.zalloc = Z_NULL;								\
+ 	strm.zfree = Z_NULL;								\
+@@ -123,7 +116,6 @@ out2:											\
+ 	(void)inflateEnd(&strm);							\
+ out1:											\
+ 	obj = prop ## type ## _internalize(uncomp_xml);					\
+-	_PROP_FREE(out, M_TEMP);							\
+ 	_PROP_FREE(uncomp_xml, M_TEMP);							\
+ out:											\
+ 	_prop_object_internalize_unmap_file(mf);					\
diff --git a/srcpkgs/proplib/patches/check-sysconf-value.patch b/srcpkgs/proplib/patches/check-sysconf-value.patch
new file mode 100644
index 00000000000..3591cb8aee8
--- /dev/null
+++ b/srcpkgs/proplib/patches/check-sysconf-value.patch
@@ -0,0 +1,34 @@
+From 23ea15715c90bb3e85fd0392d7e1c7b2e94a3898 Mon Sep 17 00:00:00 2001
+From: Juan RP <xtraeme@gmail.com>
+Date: Sun, 11 Jan 2015 17:08:46 +0100
+Subject: [PATCH] prop_object: check sysconf() return value.
+
+Merged from xbps.
+---
+ src/prop_object.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git src/prop_object.c src/prop_object.c
+index a94015d..27f54b1 100644
+--- src/prop_object.c
++++ src/prop_object.c
+@@ -903,11 +903,17 @@ _prop_object_internalize_map_file(const char *fname)
+ {
+ 	struct stat sb;
+ 	struct _prop_object_internalize_mapped_file *mf;
+-	size_t pgsize = (size_t)sysconf(_SC_PAGESIZE);
+-	size_t pgmask = pgsize - 1;
++	long scps = sysconf(_SC_PAGESIZE);
++	size_t pgsize, pgmask;
+ 	bool need_guard = false;
+ 	int fd;
+ 
++	if (scps == -1)
++		return NULL;
++
++	pgsize = (size_t)scps;
++	pgmask = pgsize -1;
++
+ 	mf = _PROP_MALLOC(sizeof(*mf), M_TEMP);
+ 	if (mf == NULL)
+ 		return (NULL);
diff --git a/srcpkgs/proplib/patches/overflow-protection.patch b/srcpkgs/proplib/patches/overflow-protection.patch
new file mode 100644
index 00000000000..79797cd8045
--- /dev/null
+++ b/srcpkgs/proplib/patches/overflow-protection.patch
@@ -0,0 +1,23 @@
+From b2a0db1b8239f94323c2e6f8edd99a965baa9f18 Mon Sep 17 00:00:00 2001
+From: Juan RP <xtraeme@gmail.com>
+Date: Sun, 11 Jan 2015 17:09:34 +0100
+Subject: [PATCH] prop_data: make sure there's no overflow.
+
+Found by coverity and merged from xbps.
+---
+ src/prop_data.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git src/prop_data.c src/prop_data.c
+index abb7b18..4d0ae2c 100644
+--- src/prop_data.c
++++ src/prop_data.c
+@@ -565,6 +565,8 @@ _prop_data_internalize(prop_stack_t stack, prop_object_t *obj,
+ 						NULL) == false)
+ 		return (true);
+ 
++	if (len + 1 >= SIZE_MAX)
++		return true;
+ 	/*
+ 	 * Always allocate one extra in case we don't land on an even byte
+ 	 * boundary during the decode.
diff --git a/srcpkgs/proplib/template b/srcpkgs/proplib/template
index c0887f9b6c0..542fd6613ee 100644
--- a/srcpkgs/proplib/template
+++ b/srcpkgs/proplib/template
@@ -1,7 +1,7 @@
 # Template file for 'proplib'
 pkgname=proplib
 version=0.6.4
-revision=4
+revision=5
 wrksrc="portableproplib-${version}"
 build_style=gnu-configure
 hostmakedepends="automake libtool"