[gentoo-commits] repo/gentoo:master commit in: app-cdr/bchunk/files/, app-cdr/bchunk/ - gentoo-commits

From:	Fabian Groffen <grobian@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-cdr/bchunk/files/, app-cdr/bchunk/
Date:	Tue, 31 Oct 2017 16:44:32
Message-Id:	`1509468247.8c1539b16c078e750713e3e0a073f5f95754d16b.grobian@gentoo`

1

commit:     8c1539b16c078e750713e3e0a073f5f95754d16b

2

Author:     Yegor Timoshenko <yegortimoshenko <AT> gmail <DOT> com>

3

AuthorDate: Tue Oct 31 06:32:08 2017 +0000

4

Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>

5

CommitDate: Tue Oct 31 16:44:07 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c1539b1

7

8

app-cdr/bchunk: patch CVE-2017-15953, CVE-2017-15954, CVE-2017-15955

9

10

 ...hunk-1.2.0-r2.ebuild => bchunk-1.2.0-r3.ebuild} |  1 +

11

 app-cdr/bchunk/files/CVE-2017-15953.patch          | 25 +++++++++++++++++

12

 app-cdr/bchunk/files/CVE-2017-15955.patch          | 32 ++++++++++++++++++++++

13

 3 files changed, 58 insertions(+)

14

15

diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild

16

similarity index 85%

17

rename from app-cdr/bchunk/bchunk-1.2.0-r2.ebuild

18

rename to app-cdr/bchunk/bchunk-1.2.0-r3.ebuild

19

index f8387e0cb35..165465a6fd2 100644

20

--- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild

21

+++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild

22

@@ -12,6 +12,7 @@ SLOT="0"

23

 KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris"

24

25

 DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )

26

+PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" )

27

28

 src_install() {

29

 	dobin "${PN}"

30

31

diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch

32

new file mode 100644

33

index 00000000000..f78bb7178af

34

--- /dev/null

35

+++ b/app-cdr/bchunk/files/CVE-2017-15953.patch

36

@@ -0,0 +1,25 @@

37

+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000

38

++++ b/bchunk.c	2017-10-30 19:40:25.558131619 +0000

39

+@@ -18,6 +18,7 @@

40

+   *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

41

+   */

42

+

43

++#define _GNU_SOURCE

44

+ #include <stdio.h>

45

+ #include <stdlib.h>

46

+ #include <string.h>

47

+@@ -271,11 +272,10 @@

48

+ 	int16_t i;

49

+ 	float fl;

50

+

51

+-	if (!(fname = malloc(strlen(bname) + 8))) {

52

+-		fprintf(stderr, "main(): malloc() failed, out of memory\n");

53

++	if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) {

54

++		fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n");

55

+ 		exit(4);

56

+ 	}

57

+-	sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);

58

+

59

+ 	printf("%2d: %s ", track->num, fname);

60

+

61

+

62

63

diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch

64

new file mode 100644

65

index 00000000000..85797fe020a

66

--- /dev/null

67

+++ b/app-cdr/bchunk/files/CVE-2017-15955.patch

68

@@ -0,0 +1,32 @@

69

+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000

70

++++ b/bchunk.c	2017-10-30 19:17:36.732855884 +0000

71

+@@ -426,11 +426,11 @@

72

+ 			printf("\nTrack ");

73

+ 			if (!(p = strchr(p, ' '))) {

74

+ 				fprintf(stderr, "... ouch, no space after TRACK.\n");

75

+-				continue;

76

++				exit(3);

77

+ 			}

78

+ 			p++;

79

+ 			if (!(t = strchr(p, ' '))) {

80

+ 				fprintf(stderr, "... ouch, no space after track number.\n");

81

+-				continue;

82

++				exit(3);

83

+ 			}

84

+ 			*t = '\0';

85

+

86

+@@ -460,12 +460,12 @@

87

+ 		} else if ((p = strstr(s, "INDEX"))) {

88

+ 			if (!(p = strchr(p, ' '))) {

89

+ 				printf("... ouch, no space after INDEX.\n");

90

+-				continue;

91

++				exit(3);

92

+ 			}

93

+ 			p++;

94

+ 			if (!(t = strchr(p, ' '))) {

95

+ 				printf("... ouch, no space after index number.\n");

96

+-				continue;

97

++				exit(3);

98

+ 			}

99

+ 			*t = '\0';

100

+ 			t++;

101

\ No newline at end of file

1	commit: 8c1539b16c078e750713e3e0a073f5f95754d16b
2	Author: Yegor Timoshenko <yegortimoshenko <AT> gmail <DOT> com>
3	AuthorDate: Tue Oct 31 06:32:08 2017 +0000
4	Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
5	CommitDate: Tue Oct 31 16:44:07 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c1539b1
7
8	app-cdr/bchunk: patch CVE-2017-15953, CVE-2017-15954, CVE-2017-15955
9
10	...hunk-1.2.0-r2.ebuild => bchunk-1.2.0-r3.ebuild} \| 1 +
11	app-cdr/bchunk/files/CVE-2017-15953.patch \| 25 +++++++++++++++++
12	app-cdr/bchunk/files/CVE-2017-15955.patch \| 32 ++++++++++++++++++++++
13	3 files changed, 58 insertions(+)
14
15	diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
16	similarity index 85%
17	rename from app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
18	rename to app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
19	index f8387e0cb35..165465a6fd2 100644
20	--- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
21	+++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
22	@@ -12,6 +12,7 @@ SLOT="0"
23	KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris"
24
25	DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )
26	+PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" )
27
28	src_install() {
29	dobin "${PN}"
30
31	diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch
32	new file mode 100644
33	index 00000000000..f78bb7178af
34	--- /dev/null
35	+++ b/app-cdr/bchunk/files/CVE-2017-15953.patch
36	@@ -0,0 +1,25 @@
37	+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000
38	++++ b/bchunk.c 2017-10-30 19:40:25.558131619 +0000
39	+@@ -18,6 +18,7 @@
40	+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
41	+ */
42	+
43	++#define _GNU_SOURCE
44	+ #include <stdio.h>
45	+ #include <stdlib.h>
46	+ #include <string.h>
47	+@@ -271,11 +272,10 @@
48	+ int16_t i;
49	+ float fl;
50	+
51	+- if (!(fname = malloc(strlen(bname) + 8))) {
52	+- fprintf(stderr, "main(): malloc() failed, out of memory\n");
53	++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) {
54	++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n");
55	+ exit(4);
56	+ }
57	+- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);
58	+
59	+ printf("%2d: %s ", track->num, fname);
60	+
61	+
62
63	diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch
64	new file mode 100644
65	index 00000000000..85797fe020a
66	--- /dev/null
67	+++ b/app-cdr/bchunk/files/CVE-2017-15955.patch
68	@@ -0,0 +1,32 @@
69	+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000
70	++++ b/bchunk.c 2017-10-30 19:17:36.732855884 +0000
71	+@@ -426,11 +426,11 @@
72	+ printf("\nTrack ");
73	+ if (!(p = strchr(p, ' '))) {
74	+ fprintf(stderr, "... ouch, no space after TRACK.\n");
75	+- continue;
76	++ exit(3);
77	+ }
78	+ p++;
79	+ if (!(t = strchr(p, ' '))) {
80	+ fprintf(stderr, "... ouch, no space after track number.\n");
81	+- continue;
82	++ exit(3);
83	+ }
84	+ *t = '\0';
85	+
86	+@@ -460,12 +460,12 @@
87	+ } else if ((p = strstr(s, "INDEX"))) {
88	+ if (!(p = strchr(p, ' '))) {
89	+ printf("... ouch, no space after INDEX.\n");
90	+- continue;
91	++ exit(3);
92	+ }
93	+ p++;
94	+ if (!(t = strchr(p, ' '))) {
95	+ printf("... ouch, no space after index number.\n");
96	+- continue;
97	++ exit(3);
98	+ }
99	+ *t = '\0';
100	+ t++;
101	\ No newline at end of file

Gentoo Archives: gentoo-commits