1 |
commit: db551c8e70391cfe960b526704564beb1f31453e |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 3 00:39:37 2017 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 3 00:48:01 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db551c8e |
7 |
|
8 |
kde-apps/k3b: Fix K3b::Device::from2Byte out-of-bounds issue |
9 |
|
10 |
See also: https://bugs.kde.org/show_bug.cgi?id=382941 |
11 |
|
12 |
Gentoo-bug: 616880 |
13 |
|
14 |
Package-Manager: Portage-2.3.6, Repoman-2.3.1 |
15 |
|
16 |
kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch | 75 +++++++++++++ |
17 |
kde-apps/k3b/k3b-17.04.3-r2.ebuild | 120 +++++++++++++++++++++ |
18 |
2 files changed, 195 insertions(+) |
19 |
|
20 |
diff --git a/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch |
21 |
new file mode 100644 |
22 |
index 00000000000..83034e74813 |
23 |
--- /dev/null |
24 |
+++ b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch |
25 |
@@ -0,0 +1,75 @@ |
26 |
+From 7f0be6a33b8260f7789c6aeed58be8d1c844229a Mon Sep 17 00:00:00 2001 |
27 |
+From: Leslie Zhai <lesliezhai@××××××××.cn> |
28 |
+Date: Tue, 1 Aug 2017 14:13:05 +0800 |
29 |
+Subject: Fix K3b::Device::from2Byte out-of-bounds issue. |
30 |
+ |
31 |
+A great bug report by Mark! |
32 |
+ |
33 |
+BUG: 382941 |
34 |
+--- |
35 |
+ libk3bdevice/k3bdeviceglobals.cpp | 24 ++++++++++++------------ |
36 |
+ tests/k3bdeviceglobalstest.cpp | 4 +++- |
37 |
+ 2 files changed, 15 insertions(+), 13 deletions(-) |
38 |
+ |
39 |
+diff --git a/libk3bdevice/k3bdeviceglobals.cpp b/libk3bdevice/k3bdeviceglobals.cpp |
40 |
+index 090ed29..c016f59 100644 |
41 |
+--- a/libk3bdevice/k3bdeviceglobals.cpp |
42 |
++++ b/libk3bdevice/k3bdeviceglobals.cpp |
43 |
+@@ -212,27 +212,27 @@ void K3b::Device::debugBitfield( unsigned char* data, long len ) |
44 |
+ } |
45 |
+ |
46 |
+ |
47 |
+-quint16 K3b::Device::from2Byte( const unsigned char* d ) |
48 |
++quint16 K3b::Device::from2Byte(const unsigned char* d) |
49 |
+ { |
50 |
+- if (d == NULL) { |
51 |
+- qWarning() << "Invalid nullptr!"; |
52 |
++ if (d == NULL || strlen((const char *) d) < 2) { |
53 |
++ qWarning() << "Invalid Byte!"; |
54 |
+ return 0; |
55 |
+ } |
56 |
+- return ( (d[0] << 8 & 0xFF00) | |
57 |
+- (d[1] & 0xFF) ); |
58 |
++ return ((d[0] << 8 & 0xFF00) | |
59 |
++ (d[1] & 0xFF)); |
60 |
+ } |
61 |
+ |
62 |
+ |
63 |
+-quint32 K3b::Device::from4Byte( const unsigned char* d ) |
64 |
++quint32 K3b::Device::from4Byte(const unsigned char* d) |
65 |
+ { |
66 |
+- if (d == NULL) { |
67 |
+- qWarning() << "Invalid nullptr!"; |
68 |
++ if (d == NULL || strlen((const char *) d) < 4) { |
69 |
++ qWarning() << "Invalid Byte!"; |
70 |
+ return 0; |
71 |
+ } |
72 |
+- return ( (d[0] << 24 & 0xFF000000) | |
73 |
+- (d[1] << 16 & 0xFF0000) | |
74 |
+- (d[2] << 8 & 0xFF00) | |
75 |
+- (d[3] & 0xFF) ); |
76 |
++ return ((d[0] << 24 & 0xFF000000) | |
77 |
++ (d[1] << 16 & 0xFF0000) | |
78 |
++ (d[2] << 8 & 0xFF00) | |
79 |
++ (d[3] & 0xFF)); |
80 |
+ } |
81 |
+ |
82 |
+ |
83 |
+diff --git a/tests/k3bdeviceglobalstest.cpp b/tests/k3bdeviceglobalstest.cpp |
84 |
+index 307b772..635ee39 100644 |
85 |
+--- a/tests/k3bdeviceglobalstest.cpp |
86 |
++++ b/tests/k3bdeviceglobalstest.cpp |
87 |
+@@ -23,8 +23,10 @@ DeviceGlobalsTest::DeviceGlobalsTest() |
88 |
+ |
89 |
+ void DeviceGlobalsTest::testFrom2Byte() |
90 |
+ { |
91 |
+- const unsigned char* d = NULL; |
92 |
++ unsigned char* d = NULL; |
93 |
+ QCOMPARE(K3b::Device::from2Byte(d), (quint16)0); |
94 |
++ unsigned char buf[1] = { '\0' }; |
95 |
++ QCOMPARE(K3b::Device::from2Byte(buf), (quint16)0); |
96 |
+ } |
97 |
+ |
98 |
+ void DeviceGlobalsTest::testFrom4Byte() |
99 |
+-- |
100 |
+cgit v0.11.2 |
101 |
|
102 |
diff --git a/kde-apps/k3b/k3b-17.04.3-r2.ebuild b/kde-apps/k3b/k3b-17.04.3-r2.ebuild |
103 |
new file mode 100644 |
104 |
index 00000000000..d6448856ec8 |
105 |
--- /dev/null |
106 |
+++ b/kde-apps/k3b/k3b-17.04.3-r2.ebuild |
107 |
@@ -0,0 +1,120 @@ |
108 |
+# Copyright 1999-2017 Gentoo Foundation |
109 |
+# Distributed under the terms of the GNU General Public License v2 |
110 |
+ |
111 |
+EAPI=6 |
112 |
+ |
113 |
+KDE_HANDBOOK="forceoptional" |
114 |
+KDE_TEST="true" |
115 |
+inherit kde5 |
116 |
+ |
117 |
+DESCRIPTION="Full-featured burning and ripping application based on KDE Frameworks" |
118 |
+HOMEPAGE="http://www.k3b.org/" |
119 |
+ |
120 |
+LICENSE="GPL-2 FDL-1.2" |
121 |
+KEYWORDS="~amd64 ~x86" |
122 |
+IUSE="dvd emovix encode ffmpeg flac libav mad mp3 musepack sndfile sox taglib vcd vorbis webkit" |
123 |
+ |
124 |
+DEPEND=" |
125 |
+ $(add_frameworks_dep karchive) |
126 |
+ $(add_frameworks_dep kbookmarks) |
127 |
+ $(add_frameworks_dep kcmutils) |
128 |
+ $(add_frameworks_dep kcompletion) |
129 |
+ $(add_frameworks_dep kconfig) |
130 |
+ $(add_frameworks_dep kconfigwidgets) |
131 |
+ $(add_frameworks_dep kcoreaddons) |
132 |
+ $(add_frameworks_dep kfilemetadata 'taglib?') |
133 |
+ $(add_frameworks_dep ki18n) |
134 |
+ $(add_frameworks_dep kiconthemes) |
135 |
+ $(add_frameworks_dep kio) |
136 |
+ $(add_frameworks_dep kjobwidgets) |
137 |
+ $(add_frameworks_dep knewstuff) |
138 |
+ $(add_frameworks_dep knotifications) |
139 |
+ $(add_frameworks_dep knotifyconfig) |
140 |
+ $(add_frameworks_dep kservice) |
141 |
+ $(add_frameworks_dep kwidgetsaddons) |
142 |
+ $(add_frameworks_dep kxmlgui) |
143 |
+ $(add_frameworks_dep solid) |
144 |
+ $(add_kdeapps_dep libkcddb) |
145 |
+ $(add_qt_dep qtdbus) |
146 |
+ $(add_qt_dep qtgui) |
147 |
+ $(add_qt_dep qtnetwork) |
148 |
+ $(add_qt_dep qtwidgets) |
149 |
+ $(add_qt_dep qtxml) |
150 |
+ media-libs/libsamplerate |
151 |
+ dvd? ( media-libs/libdvdread ) |
152 |
+ ffmpeg? ( |
153 |
+ libav? ( media-video/libav:= ) |
154 |
+ !libav? ( media-video/ffmpeg:0= ) |
155 |
+ ) |
156 |
+ flac? ( >=media-libs/flac-1.2[cxx] ) |
157 |
+ mp3? ( media-sound/lame ) |
158 |
+ mad? ( media-libs/libmad ) |
159 |
+ musepack? ( >=media-sound/musepack-tools-444 ) |
160 |
+ sndfile? ( media-libs/libsndfile ) |
161 |
+ taglib? ( >=media-libs/taglib-1.5 ) |
162 |
+ vorbis? ( media-libs/libvorbis ) |
163 |
+ webkit? ( $(add_qt_dep qtwebkit) ) |
164 |
+" |
165 |
+RDEPEND="${DEPEND} |
166 |
+ app-cdr/cdrdao |
167 |
+ dev-libs/libburn |
168 |
+ media-sound/cdparanoia |
169 |
+ virtual/cdrtools |
170 |
+ dvd? ( |
171 |
+ >=app-cdr/dvd+rw-tools-7 |
172 |
+ encode? ( media-video/transcode[dvd] ) |
173 |
+ ) |
174 |
+ emovix? ( media-video/emovix ) |
175 |
+ sox? ( media-sound/sox ) |
176 |
+ vcd? ( media-video/vcdimager ) |
177 |
+" |
178 |
+ |
179 |
+REQUIRED_USE=" |
180 |
+ flac? ( taglib ) |
181 |
+ mp3? ( encode taglib ) |
182 |
+ sox? ( encode taglib ) |
183 |
+" |
184 |
+ |
185 |
+DOCS+=( ChangeLog {FAQ,PERMISSIONS,README}.txt ) |
186 |
+ |
187 |
+PATCHES=( "${FILESDIR}/${P}-out-of-bounds.patch" ) |
188 |
+ |
189 |
+src_configure() { |
190 |
+ local mycmakeargs=( |
191 |
+ -DK3B_BUILD_API_DOCS=OFF |
192 |
+ -DK3B_BUILD_WAVE_DECODER_PLUGIN=ON |
193 |
+ -DK3B_ENABLE_HAL_SUPPORT=OFF |
194 |
+ -DK3B_ENABLE_MUSICBRAINZ=OFF |
195 |
+ -DK3B_DEBUG=$(usex debug) |
196 |
+ -DK3B_ENABLE_DVD_RIPPING=$(usex dvd) |
197 |
+ -DK3B_BUILD_EXTERNAL_ENCODER_PLUGIN=$(usex encode) |
198 |
+ -DK3B_BUILD_FFMPEG_DECODER_PLUGIN=$(usex ffmpeg) |
199 |
+ -DK3B_BUILD_FLAC_DECODER_PLUGIN=$(usex flac) |
200 |
+ -DK3B_BUILD_LAME_ENCODER_PLUGIN=$(usex mp3) |
201 |
+ -DK3B_BUILD_MAD_DECODER_PLUGIN=$(usex mad) |
202 |
+ -DK3B_BUILD_MUSE_DECODER_PLUGIN=$(usex musepack) |
203 |
+ -DK3B_BUILD_SNDFILE_DECODER_PLUGIN=$(usex sndfile) |
204 |
+ -DK3B_BUILD_SOX_ENCODER_PLUGIN=$(usex sox) |
205 |
+ -DK3B_ENABLE_TAGLIB=$(usex taglib) |
206 |
+ -DK3B_BUILD_OGGVORBIS_DECODER_PLUGIN=$(usex vorbis) |
207 |
+ -DK3B_BUILD_OGGVORBIS_ENCODER_PLUGIN=$(usex vorbis) |
208 |
+ $(cmake-utils_use_find_package webkit Qt5WebKitWidgets) |
209 |
+ ) |
210 |
+ |
211 |
+ kde5_src_configure |
212 |
+} |
213 |
+ |
214 |
+pkg_postinst() { |
215 |
+ kde5_pkg_postinst |
216 |
+ |
217 |
+ echo |
218 |
+ elog "If you get warnings on start-up, uncheck the \"Check system" |
219 |
+ elog "configuration\" option in the \"Misc\" settings window." |
220 |
+ echo |
221 |
+ |
222 |
+ local group=cdrom |
223 |
+ use kernel_linux || group=operator |
224 |
+ elog "Make sure you have proper read/write permissions on optical device(s)." |
225 |
+ elog "Usually, it is sufficient to be in the ${group} group." |
226 |
+ echo |
227 |
+} |