1 |
commit: 8c1539b16c078e750713e3e0a073f5f95754d16b |
2 |
Author: Yegor Timoshenko <yegortimoshenko <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Oct 31 06:32:08 2017 +0000 |
4 |
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Oct 31 16:44:07 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c1539b1 |
7 |
|
8 |
app-cdr/bchunk: patch CVE-2017-15953, CVE-2017-15954, CVE-2017-15955 |
9 |
|
10 |
...hunk-1.2.0-r2.ebuild => bchunk-1.2.0-r3.ebuild} | 1 + |
11 |
app-cdr/bchunk/files/CVE-2017-15953.patch | 25 +++++++++++++++++ |
12 |
app-cdr/bchunk/files/CVE-2017-15955.patch | 32 ++++++++++++++++++++++ |
13 |
3 files changed, 58 insertions(+) |
14 |
|
15 |
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild |
16 |
similarity index 85% |
17 |
rename from app-cdr/bchunk/bchunk-1.2.0-r2.ebuild |
18 |
rename to app-cdr/bchunk/bchunk-1.2.0-r3.ebuild |
19 |
index f8387e0cb35..165465a6fd2 100644 |
20 |
--- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild |
21 |
+++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild |
22 |
@@ -12,6 +12,7 @@ SLOT="0" |
23 |
KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris" |
24 |
|
25 |
DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog ) |
26 |
+PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" ) |
27 |
|
28 |
src_install() { |
29 |
dobin "${PN}" |
30 |
|
31 |
diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch |
32 |
new file mode 100644 |
33 |
index 00000000000..f78bb7178af |
34 |
--- /dev/null |
35 |
+++ b/app-cdr/bchunk/files/CVE-2017-15953.patch |
36 |
@@ -0,0 +1,25 @@ |
37 |
+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 |
38 |
++++ b/bchunk.c 2017-10-30 19:40:25.558131619 +0000 |
39 |
+@@ -18,6 +18,7 @@ |
40 |
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
41 |
+ */ |
42 |
+ |
43 |
++#define _GNU_SOURCE |
44 |
+ #include <stdio.h> |
45 |
+ #include <stdlib.h> |
46 |
+ #include <string.h> |
47 |
+@@ -271,11 +272,10 @@ |
48 |
+ int16_t i; |
49 |
+ float fl; |
50 |
+ |
51 |
+- if (!(fname = malloc(strlen(bname) + 8))) { |
52 |
+- fprintf(stderr, "main(): malloc() failed, out of memory\n"); |
53 |
++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) { |
54 |
++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n"); |
55 |
+ exit(4); |
56 |
+ } |
57 |
+- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension); |
58 |
+ |
59 |
+ printf("%2d: %s ", track->num, fname); |
60 |
+ |
61 |
+ |
62 |
|
63 |
diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch |
64 |
new file mode 100644 |
65 |
index 00000000000..85797fe020a |
66 |
--- /dev/null |
67 |
+++ b/app-cdr/bchunk/files/CVE-2017-15955.patch |
68 |
@@ -0,0 +1,32 @@ |
69 |
+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 |
70 |
++++ b/bchunk.c 2017-10-30 19:17:36.732855884 +0000 |
71 |
+@@ -426,11 +426,11 @@ |
72 |
+ printf("\nTrack "); |
73 |
+ if (!(p = strchr(p, ' '))) { |
74 |
+ fprintf(stderr, "... ouch, no space after TRACK.\n"); |
75 |
+- continue; |
76 |
++ exit(3); |
77 |
+ } |
78 |
+ p++; |
79 |
+ if (!(t = strchr(p, ' '))) { |
80 |
+ fprintf(stderr, "... ouch, no space after track number.\n"); |
81 |
+- continue; |
82 |
++ exit(3); |
83 |
+ } |
84 |
+ *t = '\0'; |
85 |
+ |
86 |
+@@ -460,12 +460,12 @@ |
87 |
+ } else if ((p = strstr(s, "INDEX"))) { |
88 |
+ if (!(p = strchr(p, ' '))) { |
89 |
+ printf("... ouch, no space after INDEX.\n"); |
90 |
+- continue; |
91 |
++ exit(3); |
92 |
+ } |
93 |
+ p++; |
94 |
+ if (!(t = strchr(p, ' '))) { |
95 |
+ printf("... ouch, no space after index number.\n"); |
96 |
+- continue; |
97 |
++ exit(3); |
98 |
+ } |
99 |
+ *t = '\0'; |
100 |
+ t++; |
101 |
\ No newline at end of file |