From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7F9BB138806 for ; Mon, 25 Dec 2017 13:53:30 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 713B4E0E40; Mon, 25 Dec 2017 13:53:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 416DFE0E40 for ; Mon, 25 Dec 2017 13:53:24 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2403933D4A6 for ; Mon, 25 Dec 2017 13:53:23 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 08C8FAE97 for ; Mon, 25 Dec 2017 13:53:20 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1514209982.6859a8b699efc9cd61a9eede139220391494d14b.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/libextractor/files/, media-libs/libextractor/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch media-libs/libextractor/libextractor-1.6.ebuild X-VCS-Directories: media-libs/libextractor/files/ media-libs/libextractor/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: 6859a8b699efc9cd61a9eede139220391494d14b X-VCS-Branch: master Date: Mon, 25 Dec 2017 13:53:20 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0398d4d1-572c-4dcc-ac64-24c9bf8c9f16 X-Archives-Hash: 7d13f3e7ac102f9254eaacf8643b5fcf commit: 6859a8b699efc9cd61a9eede139220391494d14b Author: Andreas Sturmlechner gentoo org> AuthorDate: Mon Dec 25 12:47:15 2017 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Mon Dec 25 13:53:02 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6859a8b6 media-libs/libextractor: Patch CVE-2017-17440 Bug: https://bugs.gentoo.org/635362 Package-Manager: Portage-2.3.19, Repoman-2.3.6 .../files/libextractor-1.6-CVE-2017-17440.patch | 125 +++++++++++++++++++++ media-libs/libextractor/libextractor-1.6.ebuild | 2 + 2 files changed, 127 insertions(+) diff --git a/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch b/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch new file mode 100644 index 00000000000..1870375664d --- /dev/null +++ b/media-libs/libextractor/files/libextractor-1.6-CVE-2017-17440.patch @@ -0,0 +1,125 @@ +From 7cc63b001ceaf81143795321379c835486d0c92e Mon Sep 17 00:00:00 2001 +From: Christian Grothoff +Date: Wed, 1 Nov 2017 09:07:35 +0100 +Subject: fix misc NULL pointer exceptions + +--- + src/include/extractor.h | 2 +- + src/plugins/gif_extractor.c | 16 +++++++++------- + src/plugins/it_extractor.c | 6 +++--- + src/plugins/nsfe_extractor.c | 8 ++++---- + src/plugins/s3m_extractor.c | 2 +- + src/plugins/sid_extractor.c | 24 ++++++++++++------------ + src/plugins/xm_extractor.c | 8 ++++---- + 21 files changed, 169 insertions(+), 162 deletions(-) + +* asturm: Cleaned up unrelated whitespace and translations changes. + +diff --git a/src/include/extractor.h b/src/include/extractor.h +index 0325dc6..782134b 100644 +--- a/src/include/extractor.h ++++ b/src/include/extractor.h +@@ -35,7 +35,7 @@ extern "C" { + * 0.2.6-1 => 0x00020601 + * 4.5.2-0 => 0x04050200 + */ +-#define EXTRACTOR_VERSION 0x01060000 ++#define EXTRACTOR_VERSION 0x01060001 + + #include + +diff --git a/src/plugins/gif_extractor.c b/src/plugins/gif_extractor.c +index aae2b82..8ee5807 100644 +@@ -122,6 +122,8 @@ EXTRACTOR_gif_extract_method (struct EXTRACTOR_ExtractContext *ec) + if (GIF_OK != + DGifGetExtension (gif_file, &et, &ext)) + continue; ++ if (NULL == ext) ++ continue; + if (COMMENT_EXT_FUNC_CODE == et) + { + ec->proc (ec->cls, +--- a/src/plugins/it_extractor.c ++++ b/src/plugins/it_extractor.c +@@ -70,7 +70,7 @@ EXTRACTOR_it_extract_method (struct EXTRACTOR_ExtractContext *ec) + char itversion[8]; + const struct Header *head; + +- if (HEADER_SIZE > ++ if ((ssize_t) HEADER_SIZE > + ec->read (ec->cls, + &data, + HEADER_SIZE)) +--- a/src/plugins/nsfe_extractor.c ++++ b/src/plugins/nsfe_extractor.c +@@ -175,7 +175,7 @@ info_extract (struct EXTRACTOR_ExtractContext *ec, + + if (size < 8) + return 0; +- if (size > ++ if ((ssize_t) size > + ec->read (ec->cls, + &data, + size)) +@@ -243,7 +243,7 @@ tlbl_extract (struct EXTRACTOR_ExtractContext *ec, + void *data; + const char *cdata; + +- if (size > ++ if ((ssize_t) size > + ec->read (ec->cls, + &data, + size)) +@@ -285,7 +285,7 @@ auth_extract (struct EXTRACTOR_ExtractContext *ec, + + if (left < 1) + return 0; +- if (size > ++ if ((ssize_t) size > + ec->read (ec->cls, + &data, + size)) +@@ -342,7 +342,7 @@ EXTRACTOR_nsfe_extract_method (struct EXTRACTOR_ExtractContext *ec) + uint32_t chunksize; + int ret; + +- if (sizeof (struct header) > ++ if ((ssize_t) sizeof (struct header) > + ec->read (ec->cls, + &data, + sizeof (struct header))) +--- a/src/plugins/s3m_extractor.c ++++ b/src/plugins/s3m_extractor.c +@@ -80,7 +80,7 @@ EXTRACTOR_s3m_extract_method (struct EXTRACTOR_ExtractContext *ec) + struct S3MHeader header; + char song_name_NT[29]; + +- if (sizeof (header) > ++ if ((ssize_t) sizeof (header) > + ec->read (ec->cls, + &data, + sizeof (header))) +--- a/src/plugins/sid_extractor.c ++++ b/src/plugins/sid_extractor.c +@@ -176,7 +176,7 @@ EXTRACTOR_sid_extract_method (struct EXTRACTOR_ExtractContext *ec) + const struct header *head; + void *data; + +- if (sizeof (struct header) > ++ if ((ssize_t) sizeof (struct header) > + ec->read (ec->cls, + &data, + sizeof (struct header))) +--- a/src/plugins/xm_extractor.c ++++ b/src/plugins/xm_extractor.c +@@ -70,7 +70,7 @@ EXTRACTOR_xm_extract_method (struct EXTRACTOR_ExtractContext *ec) + char xmversion[8]; + size_t n; + +- if (sizeof (struct Header) > ++ if ((ssize_t) sizeof (struct Header) > + ec->read (ec->cls, + &data, + sizeof (struct Header))) +-- +cgit v1.1 diff --git a/media-libs/libextractor/libextractor-1.6.ebuild b/media-libs/libextractor/libextractor-1.6.ebuild index c30658fc5c0..db1013736cf 100644 --- a/media-libs/libextractor/libextractor-1.6.ebuild +++ b/media-libs/libextractor/libextractor-1.6.ebuild @@ -57,6 +57,8 @@ RDEPEND="${COMMON_DEPEND} !sci-biology/glimmer " +PATCHES=( "${FILESDIR}/${P}-CVE-2017-17440.patch" ) + src_prepare() { default