From 94b7368eefcb833b96859ccc9e25facffdd4901a Mon Sep 17 00:00:00 2001 From: Yegor Timoshenko Date: Mon, 30 Oct 2017 20:20:01 +0000 Subject: bchunk: fix recent CVEs, simplify installPhase For details, see: https://bugs.gentoo.org/635898 https://nvd.nist.gov/vuln/detail/CVE-2017-15953 https://nvd.nist.gov/vuln/detail/CVE-2017-15954 https://nvd.nist.gov/vuln/detail/CVE-2017-15955 https://github.com/extramaster/bchunk/issues/2 https://github.com/extramaster/bchunk/issues/3 https://github.com/extramaster/bchunk/issues/4 --- pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch | 25 ++++++++++++++++++++ pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch | 33 +++++++++++++++++++++++++++ pkgs/tools/cd-dvd/bchunk/default.nix | 20 +++++++--------- 3 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch create mode 100644 pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch (limited to 'pkgs/tools/cd-dvd') diff --git a/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch new file mode 100644 index 000000000000..f78bb7178af2 --- /dev/null +++ b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch @@ -0,0 +1,25 @@ +--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 ++++ b/bchunk.c 2017-10-30 19:40:25.558131619 +0000 +@@ -18,6 +18,7 @@ + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + ++#define _GNU_SOURCE + #include + #include + #include +@@ -271,11 +272,10 @@ + int16_t i; + float fl; + +- if (!(fname = malloc(strlen(bname) + 8))) { +- fprintf(stderr, "main(): malloc() failed, out of memory\n"); ++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) { ++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n"); + exit(4); + } +- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension); + + printf("%2d: %s ", track->num, fname); + + diff --git a/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch new file mode 100644 index 000000000000..80930ac69bc3 --- /dev/null +++ b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch @@ -0,0 +1,33 @@ +diff -urNZ bchunk-1.2.0.orig/bchunk.c bchunk-1.2.0/bchunk.c +--- a/bchunk.c 2017-10-30 18:03:58.658741629 +0000 ++++ b/bchunk.c 2017-10-30 19:17:36.732855884 +0000 +@@ -426,11 +426,11 @@ + printf("\nTrack "); + if (!(p = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after TRACK.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after track number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + +@@ -460,12 +460,12 @@ + } else if ((p = strstr(s, "INDEX"))) { + if (!(p = strchr(p, ' '))) { + printf("... ouch, no space after INDEX.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + printf("... ouch, no space after index number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + t++; \ No newline at end of file diff --git a/pkgs/tools/cd-dvd/bchunk/default.nix b/pkgs/tools/cd-dvd/bchunk/default.nix index 4b8510773a3d..ea4046f31f8c 100644 --- a/pkgs/tools/cd-dvd/bchunk/default.nix +++ b/pkgs/tools/cd-dvd/bchunk/default.nix @@ -8,20 +8,16 @@ stdenv.mkDerivation rec { sha256 = "0pcbyx3689cbl23dcij497hb3q5f1wmki7cxic5nzldx71g9vp5g"; }; - preConfigure = - '' - substituteInPlace Makefile \ - --replace "-o root -g root" "" \ - --replace "-o bin -g bin" "" - ''; + patches = [ ./CVE-2017-15953.patch ./CVE-2017-15955.patch ]; - makeFlags = "PREFIX=$(out) MAN_DIR=$(out)/share/man"; + installPhase = '' + install -Dt $out/bin bchunk + install -Dt $out/share/man/man1 bchunk.1 + ''; - preInstall = "mkdir -p $out/bin $out/share/man/man1"; - - meta = { + meta = with stdenv.lib; { homepage = http://he.fi/bchunk/; - description = "A program that converts CD-ROM images in BIN/CUE format into a set of ISO and CDR tracks"; - platforms = stdenv.lib.platforms.linux; + description = "A program that converts CD images in BIN/CUE format into a set of ISO and CDR tracks"; + platforms = platforms.unix; }; } -- cgit 1.4.1