* [gentoo-commits] repo/gentoo:master commit in: app-cdr/bchunk/files/, app-cdr/bchunk/
@ 2017-10-31 16:44 Fabian Groffen
0 siblings, 0 replies; only message in thread
From: Fabian Groffen @ 2017-10-31 16:44 UTC (permalink / raw
To: gentoo-commits
commit: 8c1539b16c078e750713e3e0a073f5f95754d16b
Author: Yegor Timoshenko <yegortimoshenko <AT> gmail <DOT> com>
AuthorDate: Tue Oct 31 06:32:08 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Oct 31 16:44:07 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c1539b1
app-cdr/bchunk: patch CVE-2017-15953, CVE-2017-15954, CVE-2017-15955
...hunk-1.2.0-r2.ebuild => bchunk-1.2.0-r3.ebuild} | 1 +
app-cdr/bchunk/files/CVE-2017-15953.patch | 25 +++++++++++++++++
app-cdr/bchunk/files/CVE-2017-15955.patch | 32 ++++++++++++++++++++++
3 files changed, 58 insertions(+)
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
similarity index 85%
rename from app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
rename to app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
index f8387e0cb35..165465a6fd2 100644
--- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
+++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
@@ -12,6 +12,7 @@ SLOT="0"
KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris"
DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )
+PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" )
src_install() {
dobin "${PN}"
diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch
new file mode 100644
index 00000000000..f78bb7178af
--- /dev/null
+++ b/app-cdr/bchunk/files/CVE-2017-15953.patch
@@ -0,0 +1,25 @@
+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c 2017-10-30 19:40:25.558131619 +0000
+@@ -18,6 +18,7 @@
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -271,11 +272,10 @@
+ int16_t i;
+ float fl;
+
+- if (!(fname = malloc(strlen(bname) + 8))) {
+- fprintf(stderr, "main(): malloc() failed, out of memory\n");
++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) {
++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n");
+ exit(4);
+ }
+- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);
+
+ printf("%2d: %s ", track->num, fname);
+
+
diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch
new file mode 100644
index 00000000000..85797fe020a
--- /dev/null
+++ b/app-cdr/bchunk/files/CVE-2017-15955.patch
@@ -0,0 +1,32 @@
+--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c 2017-10-30 19:17:36.732855884 +0000
+@@ -426,11 +426,11 @@
+ printf("\nTrack ");
+ if (!(p = strchr(p, ' '))) {
+ fprintf(stderr, "... ouch, no space after TRACK.\n");
+- continue;
++ exit(3);
+ }
+ p++;
+ if (!(t = strchr(p, ' '))) {
+ fprintf(stderr, "... ouch, no space after track number.\n");
+- continue;
++ exit(3);
+ }
+ *t = '\0';
+
+@@ -460,12 +460,12 @@
+ } else if ((p = strstr(s, "INDEX"))) {
+ if (!(p = strchr(p, ' '))) {
+ printf("... ouch, no space after INDEX.\n");
+- continue;
++ exit(3);
+ }
+ p++;
+ if (!(t = strchr(p, ' '))) {
+ printf("... ouch, no space after index number.\n");
+- continue;
++ exit(3);
+ }
+ *t = '\0';
+ t++;
\ No newline at end of file
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-31 16:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-31 16:44 [gentoo-commits] repo/gentoo:master commit in: app-cdr/bchunk/files/, app-cdr/bchunk/ Fabian Groffen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox