diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-08-25 10:45:55 +0100 |
| commit | 3cf7c3ef441822c889356fd1812ebf2944a59851 (patch) | |
| tree | c513fe68548b40365c1c2ebfe35c58ad431cdd77 /sys-fs/fuseiso | |
| parent | 05b8b0e0af1d72e51a3ee61522941bf7605cd01c (diff) | |
gentoo resync : 25.08.2020
Diffstat (limited to 'sys-fs/fuseiso')
| -rw-r--r-- | sys-fs/fuseiso/Manifest | 6 | ||||
| -rw-r--r-- | sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch | 38 | ||||
| -rw-r--r-- | sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch | 19 | ||||
| -rw-r--r-- | sys-fs/fuseiso/fuseiso-20070708-r3.ebuild (renamed from sys-fs/fuseiso/fuseiso-20070708-r2.ebuild) | 12 | ||||
| -rw-r--r-- | sys-fs/fuseiso/metadata.xml | 8 |
5 files changed, 71 insertions, 12 deletions
diff --git a/sys-fs/fuseiso/Manifest b/sys-fs/fuseiso/Manifest index 5456aed72557..576f33370664 100644 --- a/sys-fs/fuseiso/Manifest +++ b/sys-fs/fuseiso/Manifest @@ -1,5 +1,7 @@ +AUX fuseiso-20070708-CVE-2015-8837.patch 1480 BLAKE2B 53eb28eb86b963963631955f5b402fdf48b34111278634953a41228ef0b56cc2668deb86b18e9f837261ce3fa7a2b539425070304be8e318e2aa220e9cc8f211 SHA512 3bf7e2b199d0521de8eabda9db9dc6ac64ed6356ab675c0d7ca1264a37f57b19a86a79ed2dd471d90b80d033207ce870b56020e0f0408854edb60c6af18595ff AUX fuseiso-20070708-fix-typo.patch 683 BLAKE2B a6467bc243f7dcf37e843ccbdc044b05b94458fd3324a359793267008f144cc2514e379b713c4d0571afafe621f1455c321b94083d760e49cdbeb0eed79e8091 SHA512 ccfbcdba2c81d834d658f399f378feb6fec9d920c0fcc5cce3cd744f26cb94708a739c34e9e7cc374d31920a84bc6fbcc5b3ff841ee0d352de96a90cdc7c266e +AUX fuseiso-20070708-integer-overflow.patch 721 BLAKE2B 1ae8dcde6d4618a6da264ffe072d0e8273fe0de2eb4afc03a6decad683caa728f70a208ff646e3bb84cb81b16b838bdafb1325d8b5c3a2804c6ba974e787281c SHA512 61a2ce687eb6a88f1e07398df08eb360167826f70d97570a89a67a3c263e37661ed9664173b2df36db0b6a25533cddcd53efa706f89be7bbb73fe2a821d4580e AUX fuseiso-20070708-largeiso.patch 2583 BLAKE2B 90374aca589c81aa760301c1fbd98bc1199c8d69d20d26f42d343ca80e17f3656b5c1b5dd5c7088d4e2f242e536db6726f6d3a44f712f78fa7472c114af63f56 SHA512 f3268473d771de520f80d6ccdc6147fdc0c250f4b28070b7cb7b75734b893431ee3e20c46acb54f51f177c2e60f554c5ae8c2e3a514aa97a4208f514512be9cf DIST fuseiso-20070708.tar.bz2 239960 BLAKE2B b794d7381d707c42ad8082c999ba2702d76b4b37971e9cad37ccf80657a68e0d4aa5a6b8628c324e81b7fe0c031d91398c82c3d5f40ee0ed12711ef5d7cad1f6 SHA512 d9d8153101494434fe4ec9c684cec46a1eee46fd3ce06e97fa27f4746990f866e1f23f256b2659e60296d2362cea05d259a0a2ef669ecddf7a0a7e44110c4ae0 -EBUILD fuseiso-20070708-r2.ebuild 596 BLAKE2B 46b709c6aac399c06335e04d2833c6470282e1bc4620b1f2ccfc7c8e5052ac48c3fd8f43f67355fdd4372cbaaf061b47e428ae7b7a7156ec4e5914b54d790e1e SHA512 877c0dcd58a31a9e8f482ac610fc31696352335d8520c811e5eda7ecc3a13c18f07953c71c361e6b1603562f606009ef779b3529dfca0741ab6aae8190e892d9 -MISC metadata.xml 420 BLAKE2B ab7884f79bd4e597cb7cd131ffa708353fbebc814578bcfedeb1d16bfd9b28163e1b66455b325ee7c2e811febca207568a376166d6d91b46e7aabf43ae3344ef SHA512 03659deebcb170d3144010e020528bf2ab8fc946f324a70da5b68db30d0ce89864b355abc358287ee01b3758d3495c246bc102e2a0d61fc54e8c549dad9228e6 +EBUILD fuseiso-20070708-r3.ebuild 667 BLAKE2B d490108be3b3132cf64bf4482ecd9940dee6b6d8374684c084ac5e031cddef90d63cfa9ead2004d4bbc81964638d4d73d85d87eda2b8fcf9f0f4266f4bbe4379 SHA512 32a1299f5cd439bb4a733284138a37099de09c18a5a63e67e3be16b3d8656f29a44cb4d4b11e390f7c6176680f0da2217bf1829a71540ebecc9846a339fc3e92 +MISC metadata.xml 244 BLAKE2B b8fe725610fb85711c3dcae43435062521d9102cf3f87cef36d2f0decff44f0d769ab8bd6fb9ecf610ab6d130aa74568f1d9a9649b7f7374094960971782b466 SHA512 386ec4723a0de60b693f2bc258b75e05be36b2809d93b637cde00f484deafb235b8b1d359b940321ddcf3947bc091e1c3a60cece5c7d57418fbeeb126b02e178 diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch new file mode 100644 index 000000000000..a5ab828ee637 --- /dev/null +++ b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch @@ -0,0 +1,38 @@ +https://sources.debian.org/patches/fuseiso/20070708-3.2/02-prevent-buffer-overflow.patch/ +https://bugs.gentoo.org/713328 +---- +Description: Prevent stack-based buffer overflow on too-long path names +Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> + +--- a/src/isofs.c ++++ b/src/isofs.c +@@ -1532,13 +1532,23 @@ + if(path[1] != '\0') { // not root dir + strcat(absolute_entry, "/"); + }; +- strcat(absolute_entry, entry); +- if(g_hash_table_lookup(lookup_table, absolute_entry)) { +- // already in lookup cache ++ ++ if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) { ++ strcat(absolute_entry, entry); ++ if(g_hash_table_lookup(lookup_table, absolute_entry)) { ++ // already in lookup cache ++ isofs_free_inode(inode); ++ } else { ++ g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); ++ }; ++ } ++ else { ++ printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX); + isofs_free_inode(inode); +- } else { +- g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); +- }; ++ free(buf); ++ free(entry); ++ return -EIO; ++ } + + free(entry); + diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch new file mode 100644 index 000000000000..9f20b9b8c51e --- /dev/null +++ b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch @@ -0,0 +1,19 @@ +https://sources.debian.org/patches/fuseiso/20070708-3.2/03-prevent-integer-overflow.patch/ +https://bugs.gentoo.org/713328 +---- +Description: Prevent integer overflow in ZISO code +Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> + +--- a/src/isofs.c ++++ b/src/isofs.c +@@ -1618,6 +1618,10 @@ + }; + + static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) { ++ if( inode->zf_block_shift > 17 ) { ++ fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift); ++ return -EIO; ++ } + int zf_block_size = 1 << inode->zf_block_shift; + int zf_start = offset / zf_block_size; + int zf_end = (offset + size) / zf_block_size; diff --git a/sys-fs/fuseiso/fuseiso-20070708-r2.ebuild b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild index e5d22bb4de7c..4ac8844af9f9 100644 --- a/sys-fs/fuseiso/fuseiso-20070708-r2.ebuild +++ b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 DESCRIPTION="Fuse module to mount ISO9660" HOMEPAGE="https://sourceforge.net/projects/fuseiso" -SRC_URI="http://superb-dca2.dl.sourceforge.net/project/fuseiso/fuseiso/20070708/fuseiso-20070708.tar.bz2" +SRC_URI="http://superb-dca2.dl.sourceforge.net/project/${PN}/${PN}/${PV}/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" @@ -19,4 +19,10 @@ DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" DOCS=( AUTHORS ChangeLog NEWS README ) -PATCHES=( ${FILESDIR}/${P}-largeiso.patch ${FILESDIR}/${P}-fix-typo.patch ) + +PATCHES=( + "${FILESDIR}/${P}-largeiso.patch" + "${FILESDIR}/${P}-fix-typo.patch" + "${FILESDIR}/${P}-CVE-2015-8837.patch" + "${FILESDIR}/${P}-integer-overflow.patch" +) diff --git a/sys-fs/fuseiso/metadata.xml b/sys-fs/fuseiso/metadata.xml index 220254c786eb..409729bbcacb 100644 --- a/sys-fs/fuseiso/metadata.xml +++ b/sys-fs/fuseiso/metadata.xml @@ -1,13 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person"> - <email>zhaoxiaoqiang007@gmail.com</email> - </maintainer> - <maintainer type="project"> - <email>proxy-maint@gentoo.org</email> - <name>Proxy Maintainers</name> - </maintainer> + <!-- maintainer-needed --> <upstream> <remote-id type="sourceforge">fuseiso</remote-id> </upstream> |