From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E8FAE138350 for ; Sun, 15 Mar 2020 18:13:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 25EC8E0C41; Sun, 15 Mar 2020 18:13:13 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id EEDD6E0C41 for ; Sun, 15 Mar 2020 18:13:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 4B9D834F07D for ; Sun, 15 Mar 2020 18:13:11 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0A51410A for ; Sun, 15 Mar 2020 18:13:09 +0000 (UTC) From: "Sebastian Pipping" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sebastian Pipping" Message-ID: <1584295720.8721763f5c744e8eca229edfe1afd52a77cf2842.sping@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/iniparser/, dev-libs/iniparser/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch dev-libs/iniparser/iniparser-3.1-r2.ebuild X-VCS-Directories: dev-libs/iniparser/ dev-libs/iniparser/files/ X-VCS-Committer: sping X-VCS-Committer-Name: Sebastian Pipping X-VCS-Revision: 8721763f5c744e8eca229edfe1afd52a77cf2842 X-VCS-Branch: master Date: Sun, 15 Mar 2020 18:13:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 43d41ab6-d67a-493f-8edc-c11a92fdc683 X-Archives-Hash: ef008f930217874a5ad33299c1e072ca commit: 8721763f5c744e8eca229edfe1afd52a77cf2842 Author: Sebastian Pipping gentoo org> AuthorDate: Sun Mar 15 18:08:29 2020 +0000 Commit: Sebastian Pipping gentoo org> CommitDate: Sun Mar 15 18:08:40 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8721763f dev-libs/iniparser: Fix out-of-bounds read Bug: https://bugs.gentoo.org/647588 Signed-off-by: Sebastian Pipping gentoo.org> Package-Manager: Portage-2.3.92, Repoman-2.3.20 .../files/iniparser-4.0-out-of-bounds-read.patch | 22 ++++++++++ dev-libs/iniparser/iniparser-3.1-r2.ebuild | 47 ++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch b/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch new file mode 100644 index 00000000000..962566cd5b7 --- /dev/null +++ b/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch @@ -0,0 +1,22 @@ +From 4f870752abbb756911d7b11405d49e9769d082bd Mon Sep 17 00:00:00 2001 +From: Emmanuel Leblond +Date: Fri, 8 Apr 2016 22:13:36 +0200 +Subject: [PATCH] Fix #68 when reading file with only \0 char + +--- + src/iniparser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index be37fec..fb1b549 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -678,7 +678,7 @@ dictionary * iniparser_load(const char * ininame) + while (fgets(line+last, ASCIILINESZ-last, in)!=NULL) { + lineno++ ; + len = (int)strlen(line)-1; +- if (len==0) ++ if (len<=0) + continue; + /* Safety check against buffer overflows */ + if (line[len]!='\n' && !feof(in)) { diff --git a/dev-libs/iniparser/iniparser-3.1-r2.ebuild b/dev-libs/iniparser/iniparser-3.1-r2.ebuild new file mode 100644 index 00000000000..3d8e93facd0 --- /dev/null +++ b/dev-libs/iniparser/iniparser-3.1-r2.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +AUTOTOOLS_AUTORECONF=1 +inherit autotools-utils autotools-multilib + +DESCRIPTION="A free stand-alone ini file parsing library" +HOMEPAGE="http://ndevilla.free.fr/iniparser/" + +SRC_URI="http://ndevilla.free.fr/iniparser/${P}.tar.gz" +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="doc examples static-libs" + +DEPEND="doc? ( app-doc/doxygen ) + sys-devel/libtool" +RDEPEND="" + +# the tests are rather examples than tests, no point in running them +RESTRICT="test" + +S="${WORKDIR}/${PN}" + +DOCS=( AUTHORS README ) + +PATCHES=( + "${FILESDIR}/${PN}-3.0b-cpp.patch" + "${FILESDIR}/${PN}-3.0-autotools.patch" + "${FILESDIR}/${PN}-4.0-out-of-bounds-read.patch" +) + +src_install() { + autotools-multilib_src_install + + if use doc; then + emake -C doc + dohtml -r html/* + fi + + if use examples ; then + insinto /usr/share/doc/${PF}/examples + doins test/*.{c,ini,py} + fi +}