public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/libextractor/files/, media-libs/libextractor/
Date: Mon, 25 Dec 2017 13:53:20 +0000 (UTC)	[thread overview]
Message-ID: <1514209982.6859a8b699efc9cd61a9eede139220391494d14b.asturm@gentoo> (raw)

commit:     6859a8b699efc9cd61a9eede139220391494d14b
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 25 12:47:15 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Mon Dec 25 13:53:02 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6859a8b6

media-libs/libextractor: Patch CVE-2017-17440

Bug: https://bugs.gentoo.org/635362
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../files/libextractor-1.6-CVE-2017-17440.patch    | 125 +++++++++++++++++++++
 media-libs/libextractor/libextractor-1.6.ebuild    |   2 +
 2 files changed, 127 insertions(+)

diff --git a/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch b/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch
new file mode 100644
index 00000000000..1870375664d
--- /dev/null
+++ b/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch
@@ -0,0 +1,125 @@
+From 7cc63b001ceaf81143795321379c835486d0c92e Mon Sep 17 00:00:00 2001
+From: Christian Grothoff <christian@grothoff.org>
+Date: Wed, 1 Nov 2017 09:07:35 +0100
+Subject: fix misc NULL pointer exceptions
+
+---
+ src/include/extractor.h      |  2 +-
+ src/plugins/gif_extractor.c  | 16 +++++++++-------
+ src/plugins/it_extractor.c   |  6 +++---
+ src/plugins/nsfe_extractor.c |  8 ++++----
+ src/plugins/s3m_extractor.c  |  2 +-
+ src/plugins/sid_extractor.c  | 24 ++++++++++++------------
+ src/plugins/xm_extractor.c   |  8 ++++----
+ 21 files changed, 169 insertions(+), 162 deletions(-)
+ 
+* asturm: Cleaned up unrelated whitespace and translations changes.
+
+diff --git a/src/include/extractor.h b/src/include/extractor.h
+index 0325dc6..782134b 100644
+--- a/src/include/extractor.h
++++ b/src/include/extractor.h
+@@ -35,7 +35,7 @@ extern "C" {
+  * 0.2.6-1 => 0x00020601
+  * 4.5.2-0 => 0x04050200
+  */
+-#define EXTRACTOR_VERSION 0x01060000
++#define EXTRACTOR_VERSION 0x01060001
+ 
+ #include <stdio.h>
+ 
+diff --git a/src/plugins/gif_extractor.c b/src/plugins/gif_extractor.c
+index aae2b82..8ee5807 100644
+@@ -122,6 +122,8 @@ EXTRACTOR_gif_extract_method (struct EXTRACTOR_ExtractContext *ec)
+       if (GIF_OK !=
+ 	  DGifGetExtension (gif_file, &et, &ext))
+ 	continue;
++      if (NULL == ext)
++        continue;
+       if (COMMENT_EXT_FUNC_CODE == et)
+ 	{
+ 	  ec->proc (ec->cls,
+--- a/src/plugins/it_extractor.c
++++ b/src/plugins/it_extractor.c
+@@ -70,7 +70,7 @@ EXTRACTOR_it_extract_method (struct EXTRACTOR_ExtractContext *ec)
+   char itversion[8];
+   const struct Header *head;
+ 
+-  if (HEADER_SIZE >
++  if ((ssize_t) HEADER_SIZE >
+       ec->read (ec->cls,
+ 		&data,
+ 		HEADER_SIZE))
+--- a/src/plugins/nsfe_extractor.c
++++ b/src/plugins/nsfe_extractor.c
+@@ -175,7 +175,7 @@ info_extract (struct EXTRACTOR_ExtractContext *ec,
+ 
+   if (size < 8)
+     return 0;
+-  if (size >
++  if ((ssize_t) size >
+       ec->read (ec->cls,
+ 		&data,
+ 		size))
+@@ -243,7 +243,7 @@ tlbl_extract (struct EXTRACTOR_ExtractContext *ec,
+   void *data;
+   const char *cdata;
+ 
+-  if (size >
++  if ((ssize_t) size >
+       ec->read (ec->cls,
+ 		&data,
+ 		size))
+@@ -285,7 +285,7 @@ auth_extract (struct EXTRACTOR_ExtractContext *ec,
+ 
+   if (left < 1)
+     return 0;
+-  if (size >
++  if ((ssize_t) size >
+       ec->read (ec->cls,
+ 		&data,
+ 		size))
+@@ -342,7 +342,7 @@ EXTRACTOR_nsfe_extract_method (struct EXTRACTOR_ExtractContext *ec)
+   uint32_t chunksize;
+   int ret;
+ 
+-  if (sizeof (struct header) >
++  if ((ssize_t) sizeof (struct header) >
+       ec->read (ec->cls,
+ 		&data,
+ 		sizeof (struct header)))
+--- a/src/plugins/s3m_extractor.c
++++ b/src/plugins/s3m_extractor.c
+@@ -80,7 +80,7 @@ EXTRACTOR_s3m_extract_method (struct EXTRACTOR_ExtractContext *ec)
+   struct S3MHeader header;
+   char song_name_NT[29];
+ 
+-  if (sizeof (header) >
++  if ((ssize_t) sizeof (header) >
+       ec->read (ec->cls,
+ 		&data,
+ 		sizeof (header)))
+--- a/src/plugins/sid_extractor.c
++++ b/src/plugins/sid_extractor.c
+@@ -176,7 +176,7 @@ EXTRACTOR_sid_extract_method (struct EXTRACTOR_ExtractContext *ec)
+   const struct header *head;
+   void *data;
+ 
+-  if (sizeof (struct header) >
++  if ((ssize_t) sizeof (struct header) >
+       ec->read (ec->cls,
+ 		&data,
+ 		sizeof (struct header)))
+--- a/src/plugins/xm_extractor.c
++++ b/src/plugins/xm_extractor.c
+@@ -70,7 +70,7 @@ EXTRACTOR_xm_extract_method (struct EXTRACTOR_ExtractContext *ec)
+   char xmversion[8];
+   size_t n;
+ 
+-  if (sizeof (struct Header) >
++  if ((ssize_t) sizeof (struct Header) >
+       ec->read (ec->cls,
+ 		&data,
+ 		sizeof (struct Header)))
+-- 
+cgit v1.1

diff --git a/media-libs/libextractor/libextractor-1.6.ebuild b/media-libs/libextractor/libextractor-1.6.ebuild
index c30658fc5c0..db1013736cf 100644
--- a/media-libs/libextractor/libextractor-1.6.ebuild
+++ b/media-libs/libextractor/libextractor-1.6.ebuild
@@ -57,6 +57,8 @@ RDEPEND="${COMMON_DEPEND}
 	!sci-biology/glimmer
 "
 
+PATCHES=( "${FILESDIR}/${P}-CVE-2017-17440.patch" )
+
 src_prepare() {
 	default
 


             reply	other threads:[~2017-12-25 13:53 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-25 13:53 Andreas Sturmlechner [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-10-26 20:32 [gentoo-commits] repo/gentoo:master commit in: media-libs/libextractor/files/, media-libs/libextractor/ Thomas Deutschmann
2018-03-13  9:33 Andreas Sturmlechner
2017-06-17 20:49 Andreas Sturmlechner
2016-10-25 18:32 David Seifert
2016-02-19  1:24 Mike Frysinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1514209982.6859a8b699efc9cd61a9eede139220391494d14b.asturm@gentoo \
    --to=asturm@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox