| 1 |
commit: 876f39a654bd15c8fe2dbdfcf07bcee2b7d10bf6 |
| 2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri May 24 19:09:44 2019 +0000 |
| 4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri May 24 19:25:47 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=876f39a6 |
| 7 |
|
| 8 |
sci-geosciences/liblas: Fix CVE-2018-20540 |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/678482 |
| 11 |
Package-Manager: Portage-2.3.66, Repoman-2.3.12 |
| 12 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
| 13 |
|
| 14 |
.../liblas/files/liblas-1.8.1-CVE-2018-20540.patch | 55 ++++++++++++++++++++++ |
| 15 |
sci-geosciences/liblas/liblas-1.8.1-r2.ebuild | 1 + |
| 16 |
2 files changed, 56 insertions(+) |
| 17 |
|
| 18 |
diff --git a/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch |
| 19 |
new file mode 100644 |
| 20 |
index 00000000000..ab2174f04ff |
| 21 |
--- /dev/null |
| 22 |
+++ b/sci-geosciences/liblas/files/liblas-1.8.1-CVE-2018-20540.patch |
| 23 |
@@ -0,0 +1,55 @@ |
| 24 |
+From 09d45518776489508f34098f1c159f58b856f459 Mon Sep 17 00:00:00 2001 |
| 25 |
+From: Mateusz Loskot <mateusz@××××××.net> |
| 26 |
+Date: Sun, 20 Jan 2019 02:28:29 +0100 |
| 27 |
+Subject: [PATCH] Ensure stream is deallocated in case of exception (#162) |
| 28 |
+ |
| 29 |
+Fixes #158 |
| 30 |
+--- |
| 31 |
+ include/liblas/liblas.hpp | 32 ++++++++++++++++++++++++-------- |
| 32 |
+ 1 file changed, 24 insertions(+), 8 deletions(-) |
| 33 |
+ |
| 34 |
+diff --git a/include/liblas/liblas.hpp b/include/liblas/liblas.hpp |
| 35 |
+index f5ad44e1..325de3ff 100644 |
| 36 |
+--- a/include/liblas/liblas.hpp |
| 37 |
++++ b/include/liblas/liblas.hpp |
| 38 |
+@@ -119,16 +119,32 @@ inline std::istream* Open(std::string const& filename, std::ios::openmode mode) |
| 39 |
+ { |
| 40 |
+ #ifdef USE_BOOST_IO |
| 41 |
+ namespace io = boost::iostreams; |
| 42 |
+- io::stream<io::file_source>* ifs = new io::stream<io::file_source>(); |
| 43 |
+- ifs->open(filename.c_str(), mode); |
| 44 |
+- if (ifs->is_open() == false) return NULL; |
| 45 |
+- return ifs; |
| 46 |
++ io::stream<io::file_source>* ifs = NULL; |
| 47 |
++ try |
| 48 |
++ { |
| 49 |
++ ifs = new io::stream<io::file_source>(); |
| 50 |
++ ifs->open(filename.c_str(), mode); |
| 51 |
++ if (ifs->is_open() == false) return NULL; |
| 52 |
++ return ifs; |
| 53 |
++ } |
| 54 |
++ catch (...) |
| 55 |
++ { |
| 56 |
++ delete ifs; |
| 57 |
++ } |
| 58 |
+ #else |
| 59 |
+- std::ifstream* ifs = new std::ifstream(); |
| 60 |
+- ifs->open(filename.c_str(), mode); |
| 61 |
+- if (ifs->is_open() == false) return NULL; |
| 62 |
+- return ifs; |
| 63 |
++ std::ifstream* ifs = NULL; |
| 64 |
++ try |
| 65 |
++ { |
| 66 |
++ ifs = new std::ifstream(); |
| 67 |
++ ifs->open(filename.c_str(), mode); |
| 68 |
++ if (ifs->is_open() == false) return NULL; |
| 69 |
++ } |
| 70 |
++ catch (...) |
| 71 |
++ { |
| 72 |
++ delete ifs; |
| 73 |
++ } |
| 74 |
+ #endif |
| 75 |
++ return NULL; |
| 76 |
+ } |
| 77 |
+ |
| 78 |
+ /// Create file and open to write in binary mode. |
| 79 |
|
| 80 |
diff --git a/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild b/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild |
| 81 |
index 11e130b1404..6153260346a 100644 |
| 82 |
--- a/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild |
| 83 |
+++ b/sci-geosciences/liblas/liblas-1.8.1-r2.ebuild |
| 84 |
@@ -30,6 +30,7 @@ S="${WORKDIR}/libLAS-${PV}" |
| 85 |
PATCHES=( |
| 86 |
"${FILESDIR}"/${PN}-1.8.0_remove-std-c++98.patch |
| 87 |
"${FILESDIR}"/${P}-fix-overload-call.patch # bug 661654 |
| 88 |
+ "${FILESDIR}"/${P}-CVE-2018-20540.patch # bug 678482 |
| 89 |
) |
| 90 |
|
| 91 |
src_prepare() { |
Archives