diff options
| author |   Yegor Timoshenko <yegortimoshenko@gmail.com> | 2017-10-31 06:32:08 +0000 |
|---|---|---|
| committer |   Fabian Groffen <grobian@gentoo.org> | 2017-10-31 17:44:07 +0100 |
| commit | 8c1539b16c078e750713e3e0a073f5f95754d16b (patch) | |
| tree | e85c309db20de1522a03a0ee441c156db7fba0b2 /app-cdr | |
| parent | dev-libs/zthread: Remove old (diff) | |
| download | gentoo-8c1539b16c078e750713e3e0a073f5f95754d16b.tar.gz gentoo-8c1539b16c078e750713e3e0a073f5f95754d16b.tar.bz2 gentoo-8c1539b16c078e750713e3e0a073f5f95754d16b.zip | |
app-cdr/bchunk: patch CVE-2017-15953, CVE-2017-15954, CVE-2017-15955
Diffstat (limited to 'app-cdr')
| -rw-r--r-- | app-cdr/bchunk/bchunk-1.2.0-r3.ebuild (renamed from app-cdr/bchunk/bchunk-1.2.0-r2.ebuild) | 1 | ||||
| -rw-r--r-- | app-cdr/bchunk/files/CVE-2017-15953.patch | 25 | ||||
| -rw-r--r-- | app-cdr/bchunk/files/CVE-2017-15955.patch | 32 |
3 files changed, 58 insertions, 0 deletions
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild index f8387e0cb352..165465a6fd2c 100644 --- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild +++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild @@ -12,6 +12,7 @@ SLOT="0" KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris" DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog ) +PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" ) src_install() { dobin "${PN}" diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch new file mode 100644 index 000000000000..f78bb7178af2 --- /dev/null +++ b/app-cdr/bchunk/files/CVE-2017-15953.patch @@ -0,0 +1,25 @@ +--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 ++++ b/bchunk.c 2017-10-30 19:40:25.558131619 +0000 +@@ -18,6 +18,7 @@ + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + ++#define _GNU_SOURCE + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -271,11 +272,10 @@ + int16_t i; + float fl; + +- if (!(fname = malloc(strlen(bname) + 8))) { +- fprintf(stderr, "main(): malloc() failed, out of memory\n"); ++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) { ++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n"); + exit(4); + } +- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension); + + printf("%2d: %s ", track->num, fname); + + diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch new file mode 100644 index 000000000000..85797fe020af --- /dev/null +++ b/app-cdr/bchunk/files/CVE-2017-15955.patch @@ -0,0 +1,32 @@ +--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 ++++ b/bchunk.c 2017-10-30 19:17:36.732855884 +0000 +@@ -426,11 +426,11 @@ + printf("\nTrack "); + if (!(p = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after TRACK.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after track number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + +@@ -460,12 +460,12 @@ + } else if ((p = strstr(s, "INDEX"))) { + if (!(p = strchr(p, ' '))) { + printf("... ouch, no space after INDEX.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + printf("... ouch, no space after index number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + t++;
\ No newline at end of file |