[gentoo-commits] repo/gentoo:master commit in: media-libs/libextractor/, media-libs/libextractor/files/ - gentoo-commits

From:	Andreas Sturmlechner <asturm@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/libextractor/, media-libs/libextractor/files/
Date:	Sat, 29 Dec 2018 22:02:31
Message-Id:	`1546120921.10ca5198d87e67194880e4421dc4a3d348211008.asturm@gentoo`

1

commit:     10ca5198d87e67194880e4421dc4a3d348211008

2

Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

3

AuthorDate: Sat Dec 29 20:21:07 2018 +0000

4

Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

5

CommitDate: Sat Dec 29 22:02:01 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10ca5198

7

8

media-libs/libextractor: Fix CVE-2018-20430, CVE-2018-20431

9

10

Bug: https://bugs.gentoo.org/673742

11

Package-Manager: Portage-2.3.52, Repoman-2.3.12

12

Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

13

14

 .../files/libextractor-1.8-CVE-2018-20430.patch    |  49 +++++++++

15

 .../files/libextractor-1.8-CVE-2018-20431.patch    |  39 +++++++

16

 media-libs/libextractor/libextractor-1.8-r1.ebuild | 117 +++++++++++++++++++++

17

 3 files changed, 205 insertions(+)

18

19

diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch

20

new file mode 100644

21

index 00000000000..d0b5968606b

22

--- /dev/null

23

+++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch

24

@@ -0,0 +1,49 @@

25

+From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001

26

+From: Christian Grothoff <christian@××××××××.org>

27

+Date: Thu, 20 Dec 2018 22:47:53 +0100

28

+Subject: fix #5493 (out of bounds read)

29

+

30

+---

31

+ src/common/convert.c | 10 +++++-----

32

+ 1 file changed, 5 insertions(+), 5 deletions(-)

33

+

34

+diff --git a/src/common/convert.c b/src/common/convert.c

35

+index c0edf21..2be2108 100644

36

+--- a/src/common/convert.c

37

++++ b/src/common/convert.c

38

+@@ -36,8 +36,8 @@

39

+  *  string is returned.

40

+  */

41

+ char *

42

+-EXTRACTOR_common_convert_to_utf8 (const char *input, 

43

+-				  size_t len, 

44

++EXTRACTOR_common_convert_to_utf8 (const char *input,

45

++				  size_t len,

46

+ 				  const char *charset)

47

+ {

48

+ #if HAVE_ICONV

49

+@@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,

50

+   i = input;

51

+   cd = iconv_open ("UTF-8", charset);

52

+   if (cd == (iconv_t) - 1)

53

+-    return strdup (i);

54

++    return strndup (i, len);

55

+   if (len > 1024 * 1024)

56

+     {

57

+       iconv_close (cd);

58

+@@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,

59

+     }

60

+   itmp = tmp;

61

+   finSize = tmpSize;

62

+-  if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX)

63

++  if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1))

64

+     {

65

+       iconv_close (cd);

66

+       free (tmp);

67

+-      return strdup (i);

68

++      return strndup (i, len);

69

+     }

70

+   ret = malloc (tmpSize - finSize + 1);

71

+   if (ret == NULL)

72

+--

73

+cgit v1.1

74

75

diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch

76

new file mode 100644

77

index 00000000000..2cd0448ba89

78

--- /dev/null

79

+++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch

80

@@ -0,0 +1,39 @@

81

+From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001

82

+From: Christian Grothoff <christian@××××××××.org>

83

+Date: Thu, 20 Dec 2018 23:02:28 +0100

84

+Subject: fix #5494

85

+

86

+---

87

+ ChangeLog                    | 3 ++-

88

+ src/plugins/ole2_extractor.c | 9 +++++++--

89

+ 2 files changed, 9 insertions(+), 3 deletions(-)

90

+

91

+diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c

92

+index 53fa1b9..a48b726 100644

93

+--- a/src/plugins/ole2_extractor.c

94

++++ b/src/plugins/ole2_extractor.c

95

+@@ -173,7 +173,7 @@ struct ProcContext

96

+   EXTRACTOR_MetaDataProcessor proc;

97

+

98

+   /**

99

+-   * Closure for 'proc'.

100

++   * Closure for @e proc.

101

+    */

102

+   void *proc_cls;

103

+

104

+@@ -213,7 +213,12 @@ process_metadata (gpointer key,

105

+

106

+   if (G_VALUE_TYPE(gval) == G_TYPE_STRING)

107

+     {

108

+-      contents = strdup (g_value_get_string (gval));

109

++      const char *gvals;

110

++

111

++      gvals = g_value_get_string (gval);

112

++      if (NULL == gvals)

113

++        return;

114

++      contents = strdup (gvals);

115

+     }

116

+   else

117

+     {

118

+--

119

+cgit v1.1

120

121

diff --git a/media-libs/libextractor/libextractor-1.8-r1.ebuild b/media-libs/libextractor/libextractor-1.8-r1.ebuild

122

new file mode 100644

123

index 00000000000..45171230791

124

--- /dev/null

125

+++ b/media-libs/libextractor/libextractor-1.8-r1.ebuild

126

@@ -0,0 +1,117 @@

127

+# Copyright 1999-2018 Gentoo Authors

128

+# Distributed under the terms of the GNU General Public License v2

129

+

130

+EAPI=7

131

+

132

+DESCRIPTION="Library to extract metadata from files of arbitrary type"

133

+HOMEPAGE="https://www.gnu.org/software/libextractor/"

134

+SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"

135

+

136

+LICENSE="GPL-3"

137

+SLOT="0"

138

+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"

139

+IUSE="apparmor +archive +bzip2 ffmpeg flac gif gsf gstreamer gtk jpeg +magic midi mp4 mpeg tidy tiff vorbis +zlib" # test

140

+

141

+RESTRICT="test"

142

+

143

+DEPEND="

144

+	app-text/iso-codes

145

+	dev-libs/glib:2

146

+	<media-gfx/exiv2-0.27:=

147

+	sys-devel/libtool

148

+	virtual/libiconv

149

+	virtual/libintl

150

+	apparmor? ( sys-libs/libapparmor )

151

+	archive? ( app-arch/libarchive:= )

152

+	bzip2? ( app-arch/bzip2 )

153

+	ffmpeg? ( virtual/ffmpeg )

154

+	flac? (

155

+		media-libs/flac

156

+		media-libs/libogg

157

+	)

158

+	gif? ( media-libs/giflib:= )

159

+	gsf? ( gnome-extra/libgsf:= )

160

+	gstreamer? (

161

+		media-libs/gstreamer:1.0

162

+		media-libs/gst-plugins-base:1.0

163

+	)

164

+	gtk? ( x11-libs/gtk+:3 )

165

+	jpeg? ( virtual/jpeg:0 )

166

+	magic? ( sys-apps/file )

167

+	midi? ( media-libs/libsmf )

168

+	mp4? ( media-libs/libmp4v2:0 )

169

+	mpeg? ( media-libs/libmpeg2 )

170

+	tidy? ( app-text/tidy-html5 )

171

+	tiff? ( media-libs/tiff:0 )

172

+	vorbis? (

173

+		media-libs/libogg

174

+		media-libs/libvorbis

175

+	)

176

+	zlib? ( sys-libs/zlib )

177

+"

178

+BDEPEND="

179

+	sys-devel/gettext

180

+	virtual/pkgconfig

181

+"

182

+# test? ( app-forensics/zzuf )

183

+RDEPEND="${DEPEND}

184

+	!sci-biology/glimmer

185

+"

186

+

187

+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-2043{0,1}.patch )

188

+

189

+src_prepare() {

190

+	default

191

+

192

+	# m4/ax_create_pkgconfig_info.m4 is passing environment LDFLAGS to Libs:

193

+	sed -i \

194

+		-e '/^ax_create_pkgconfig_ldflags=/s:$LDFLAGS ::' \

195

+		-e 's:tidy/tidy.h:tidy.h:' \

196

+		-e 's:tidy/tidybuffio.h:buffio.h:' \

197

+		configure src/plugins/html_extractor.c || die

198

+

199

+	if ! use tidy; then

200

+		sed -i -e 's:tidy.h:dIsAbLe&:' configure || die

201

+	fi

202

+}

203

+

204

+src_configure() {

205

+	e_ac_cv() {

206

+		export ac_cv_"$@"

207

+	}

208

+

209

+	e_ac_cv {lib_rpm_rpmReadPackageFile,prog_HAVE_ZZUF}=no

210

+

211

+	e_ac_cv header_FLAC_all_h=$(usex flac)

212

+	e_ac_cv lib_FLAC_FLAC__stream_decoder_init_stream=$(usex flac)

213

+	e_ac_cv lib_FLAC_FLAC__stream_decoder_init_ogg_stream=$(usex flac)

214

+

215

+	e_ac_cv header_sys_apparmor_h=$(usex apparmor)

216

+	e_ac_cv header_archive_h=$(usex archive)

217

+	e_ac_cv header_bzlib_h=$(usex bzip2)

218

+	e_ac_cv header_gif_lib_h=$(usex gif)

219

+	e_ac_cv header_jpeglib_h=$(usex jpeg)

220

+	e_ac_cv header_magic_h=$(usex magic)

221

+	e_ac_cv header_mpeg2dec_mpeg2_h=$(usex mpeg)

222

+	e_ac_cv header_tiffio_h=$(usex tiff)

223

+	e_ac_cv header_vorbis_vorbisfile_h=$(usex vorbis)

224

+	e_ac_cv header_zlib_h=$(usex zlib)

225

+	e_ac_cv lib_mp4v2_MP4ReadProvider=$(usex mp4)

226

+	e_ac_cv lib_smf_smf_load_from_memory=$(usex midi)

227

+

228

+	local myeconfargs=(

229

+		--disable-static

230

+		--enable-experimental

231

+		--enable-glib

232

+		--disable-gsf-gnome

233

+		$(use_enable ffmpeg)

234

+		$(use_enable gsf)

235

+		$(use_with gstreamer)

236

+	)

237

+	econf "${myeconfargs[@]}"

238

+}

239

+

240

+src_install() {

241

+	default

242

+	find "${ED}" -name '*.la' -delete || die

243

+}

1	commit: 10ca5198d87e67194880e4421dc4a3d348211008
2	Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3	AuthorDate: Sat Dec 29 20:21:07 2018 +0000
4	Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5	CommitDate: Sat Dec 29 22:02:01 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10ca5198
7
8	media-libs/libextractor: Fix CVE-2018-20430, CVE-2018-20431
9
10	Bug: https://bugs.gentoo.org/673742
11	Package-Manager: Portage-2.3.52, Repoman-2.3.12
12	Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
13
14	.../files/libextractor-1.8-CVE-2018-20430.patch \| 49 +++++++++
15	.../files/libextractor-1.8-CVE-2018-20431.patch \| 39 +++++++
16	media-libs/libextractor/libextractor-1.8-r1.ebuild \| 117 +++++++++++++++++++++
17	3 files changed, 205 insertions(+)
18
19	diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch
20	new file mode 100644
21	index 00000000000..d0b5968606b
22	--- /dev/null
23	+++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20430.patch
24	@@ -0,0 +1,49 @@
25	+From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001
26	+From: Christian Grothoff <christian@××××××××.org>
27	+Date: Thu, 20 Dec 2018 22:47:53 +0100
28	+Subject: fix #5493 (out of bounds read)
29	+
30	+---
31	+ src/common/convert.c \| 10 +++++-----
32	+ 1 file changed, 5 insertions(+), 5 deletions(-)
33	+
34	+diff --git a/src/common/convert.c b/src/common/convert.c
35	+index c0edf21..2be2108 100644
36	+--- a/src/common/convert.c
37	++++ b/src/common/convert.c
38	+@@ -36,8 +36,8 @@
39	+ * string is returned.
40	+ */
41	+ char *
42	+-EXTRACTOR_common_convert_to_utf8 (const char *input,
43	+- size_t len,
44	++EXTRACTOR_common_convert_to_utf8 (const char *input,
45	++ size_t len,
46	+ const char *charset)
47	+ {
48	+ #if HAVE_ICONV
49	+@@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,
50	+ i = input;
51	+ cd = iconv_open ("UTF-8", charset);
52	+ if (cd == (iconv_t) - 1)
53	+- return strdup (i);
54	++ return strndup (i, len);
55	+ if (len > 1024 * 1024)
56	+ {
57	+ iconv_close (cd);
58	+@@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input,
59	+ }
60	+ itmp = tmp;
61	+ finSize = tmpSize;
62	+- if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX)
63	++ if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1))
64	+ {
65	+ iconv_close (cd);
66	+ free (tmp);
67	+- return strdup (i);
68	++ return strndup (i, len);
69	+ }
70	+ ret = malloc (tmpSize - finSize + 1);
71	+ if (ret == NULL)
72	+--
73	+cgit v1.1
74
75	diff --git a/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch
76	new file mode 100644
77	index 00000000000..2cd0448ba89
78	--- /dev/null
79	+++ b/media-libs/libextractor/files/libextractor-1.8-CVE-2018-20431.patch
80	@@ -0,0 +1,39 @@
81	+From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001
82	+From: Christian Grothoff <christian@××××××××.org>
83	+Date: Thu, 20 Dec 2018 23:02:28 +0100
84	+Subject: fix #5494
85	+
86	+---
87	+ ChangeLog \| 3 ++-
88	+ src/plugins/ole2_extractor.c \| 9 +++++++--
89	+ 2 files changed, 9 insertions(+), 3 deletions(-)
90	+
91	+diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c
92	+index 53fa1b9..a48b726 100644
93	+--- a/src/plugins/ole2_extractor.c
94	++++ b/src/plugins/ole2_extractor.c
95	+@@ -173,7 +173,7 @@ struct ProcContext
96	+ EXTRACTOR_MetaDataProcessor proc;
97	+
98	+ /**
99	+- * Closure for 'proc'.
100	++ * Closure for @e proc.
101	+ */
102	+ void *proc_cls;
103	+
104	+@@ -213,7 +213,12 @@ process_metadata (gpointer key,
105	+
106	+ if (G_VALUE_TYPE(gval) == G_TYPE_STRING)
107	+ {
108	+- contents = strdup (g_value_get_string (gval));
109	++ const char *gvals;
110	++
111	++ gvals = g_value_get_string (gval);
112	++ if (NULL == gvals)
113	++ return;
114	++ contents = strdup (gvals);
115	+ }
116	+ else
117	+ {
118	+--
119	+cgit v1.1
120
121	diff --git a/media-libs/libextractor/libextractor-1.8-r1.ebuild b/media-libs/libextractor/libextractor-1.8-r1.ebuild
122	new file mode 100644
123	index 00000000000..45171230791
124	--- /dev/null
125	+++ b/media-libs/libextractor/libextractor-1.8-r1.ebuild
126	@@ -0,0 +1,117 @@
127	+# Copyright 1999-2018 Gentoo Authors
128	+# Distributed under the terms of the GNU General Public License v2
129	+
130	+EAPI=7
131	+
132	+DESCRIPTION="Library to extract metadata from files of arbitrary type"
133	+HOMEPAGE="https://www.gnu.org/software/libextractor/"
134	+SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
135	+
136	+LICENSE="GPL-3"
137	+SLOT="0"
138	+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
139	+IUSE="apparmor +archive +bzip2 ffmpeg flac gif gsf gstreamer gtk jpeg +magic midi mp4 mpeg tidy tiff vorbis +zlib" # test
140	+
141	+RESTRICT="test"
142	+
143	+DEPEND="
144	+ app-text/iso-codes
145	+ dev-libs/glib:2
146	+ <media-gfx/exiv2-0.27:=
147	+ sys-devel/libtool
148	+ virtual/libiconv
149	+ virtual/libintl
150	+ apparmor? ( sys-libs/libapparmor )
151	+ archive? ( app-arch/libarchive:= )
152	+ bzip2? ( app-arch/bzip2 )
153	+ ffmpeg? ( virtual/ffmpeg )
154	+ flac? (
155	+ media-libs/flac
156	+ media-libs/libogg
157	+ )
158	+ gif? ( media-libs/giflib:= )
159	+ gsf? ( gnome-extra/libgsf:= )
160	+ gstreamer? (
161	+ media-libs/gstreamer:1.0
162	+ media-libs/gst-plugins-base:1.0
163	+ )
164	+ gtk? ( x11-libs/gtk+:3 )
165	+ jpeg? ( virtual/jpeg:0 )
166	+ magic? ( sys-apps/file )
167	+ midi? ( media-libs/libsmf )
168	+ mp4? ( media-libs/libmp4v2:0 )
169	+ mpeg? ( media-libs/libmpeg2 )
170	+ tidy? ( app-text/tidy-html5 )
171	+ tiff? ( media-libs/tiff:0 )
172	+ vorbis? (
173	+ media-libs/libogg
174	+ media-libs/libvorbis
175	+ )
176	+ zlib? ( sys-libs/zlib )
177	+"
178	+BDEPEND="
179	+ sys-devel/gettext
180	+ virtual/pkgconfig
181	+"
182	+# test? ( app-forensics/zzuf )
183	+RDEPEND="${DEPEND}
184	+ !sci-biology/glimmer
185	+"
186	+
187	+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-2043{0,1}.patch )
188	+
189	+src_prepare() {
190	+ default
191	+
192	+ # m4/ax_create_pkgconfig_info.m4 is passing environment LDFLAGS to Libs:
193	+ sed -i \
194	+ -e '/^ax_create_pkgconfig_ldflags=/s:$LDFLAGS ::' \
195	+ -e 's:tidy/tidy.h:tidy.h:' \
196	+ -e 's:tidy/tidybuffio.h:buffio.h:' \
197	+ configure src/plugins/html_extractor.c \|\| die
198	+
199	+ if ! use tidy; then
200	+ sed -i -e 's:tidy.h:dIsAbLe&:' configure \|\| die
201	+ fi
202	+}
203	+
204	+src_configure() {
205	+ e_ac_cv() {
206	+ export ac_cv_"$@"
207	+ }
208	+
209	+ e_ac_cv {lib_rpm_rpmReadPackageFile,prog_HAVE_ZZUF}=no
210	+
211	+ e_ac_cv header_FLAC_all_h=$(usex flac)
212	+ e_ac_cv lib_FLAC_FLAC__stream_decoder_init_stream=$(usex flac)
213	+ e_ac_cv lib_FLAC_FLAC__stream_decoder_init_ogg_stream=$(usex flac)
214	+
215	+ e_ac_cv header_sys_apparmor_h=$(usex apparmor)
216	+ e_ac_cv header_archive_h=$(usex archive)
217	+ e_ac_cv header_bzlib_h=$(usex bzip2)
218	+ e_ac_cv header_gif_lib_h=$(usex gif)
219	+ e_ac_cv header_jpeglib_h=$(usex jpeg)
220	+ e_ac_cv header_magic_h=$(usex magic)
221	+ e_ac_cv header_mpeg2dec_mpeg2_h=$(usex mpeg)
222	+ e_ac_cv header_tiffio_h=$(usex tiff)
223	+ e_ac_cv header_vorbis_vorbisfile_h=$(usex vorbis)
224	+ e_ac_cv header_zlib_h=$(usex zlib)
225	+ e_ac_cv lib_mp4v2_MP4ReadProvider=$(usex mp4)
226	+ e_ac_cv lib_smf_smf_load_from_memory=$(usex midi)
227	+
228	+ local myeconfargs=(
229	+ --disable-static
230	+ --enable-experimental
231	+ --enable-glib
232	+ --disable-gsf-gnome
233	+ $(use_enable ffmpeg)
234	+ $(use_enable gsf)
235	+ $(use_with gstreamer)
236	+ )
237	+ econf "${myeconfargs[@]}"
238	+}
239	+
240	+src_install() {
241	+ default
242	+ find "${ED}" -name '*.la' -delete \|\| die
243	+}

Gentoo Archives: gentoo-commits