From 27dfd272ae3be15b1017f733682211afa1c7c0f0 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Thu, 2 Nov 2017 21:07:25 +0000
Subject: gentoo resync : 02.11.2017

---
 app-cdr/bchunk/Manifest                   |  5 ++++-
 app-cdr/bchunk/bchunk-1.2.0-r2.ebuild     | 20 -------------------
 app-cdr/bchunk/bchunk-1.2.0-r3.ebuild     | 20 +++++++++++++++++++
 app-cdr/bchunk/bchunk-1.2.0-r4.ebuild     | 21 ++++++++++++++++++++
 app-cdr/bchunk/files/CVE-2017-15953.patch | 25 ++++++++++++++++++++++++
 app-cdr/bchunk/files/CVE-2017-15955.patch | 32 +++++++++++++++++++++++++++++++
 6 files changed, 102 insertions(+), 21 deletions(-)
 delete mode 100644 app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
 create mode 100644 app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
 create mode 100644 app-cdr/bchunk/bchunk-1.2.0-r4.ebuild
 create mode 100644 app-cdr/bchunk/files/CVE-2017-15953.patch
 create mode 100644 app-cdr/bchunk/files/CVE-2017-15955.patch

(limited to 'app-cdr')

diff --git a/app-cdr/bchunk/Manifest b/app-cdr/bchunk/Manifest
index dccb09f52d27..657d4cb143a3 100644
--- a/app-cdr/bchunk/Manifest
+++ b/app-cdr/bchunk/Manifest
@@ -1,5 +1,8 @@
+AUX CVE-2017-15953.patch 738 SHA256 3dc5052752932c89c11942ccac855ec73949b592235012f5ba645cf3a2bd8da7 SHA512 266dc695cbc53a58f99cef7bff8e399a018275dce05d50edb4465096c418fa4d77850c671b56a3656f942f0affd83110f341c91bb325d48b9d264b5370b99a51 WHIRLPOOL ead887e1ba05ab169e3da542bdf61c411846987575aeb2083470d35792be8617c116bb64f94b837f623bf27519c6be4ced9757ec2522d9010f7cd719f0b7095c
+AUX CVE-2017-15955.patch 773 SHA256 9cb40f8abdd07b4d6575d6b1d2fd5cdfb7b9137d3260ed3933af85e7554591b6 SHA512 060d6d637f5af2507d63edea4bdda30ae4d6fa5b8e96aaac6d9e41fe328d474bf6854fea101fd6de878ea3b5f2f3e2ccdd1b8e1182a55fe423f293b2024dc7f1 WHIRLPOOL 5343db35bf7361f45a6559147ccb4b3e481732d7dad53cb43bc0813f8ac46b14052b0016d9b76de69e5b823708958b28259326b73bd86f20217d90d29931bc1c
 DIST bchunk-1.2.0.tar.gz 15078 SHA256 afdc9d5e38bdd16f0b8b9d9d382b0faee0b1e0494446d686a08b256446f78b5d SHA512 0e1f9daa2dfeff58e2c65ac2767bff804811fa22f70a220747aa873cb01b77b4c6a809736483aa22fb3f2d2a88885469d10fb45af4626069e992a0763a5fcc2d WHIRLPOOL c6e1982cf731263edd8ab368100136d67b26600a2edd632153588a107bfae54fa5364c6816b40374adf2d7a112aaa138a016d3e46dbdedbdd392535da3fd8592
-EBUILD bchunk-1.2.0-r2.ebuild 502 SHA256 7649bf1d82858ca39e493efcd415088c1ba02ff0c147a516b81bdc4285e2f9ad SHA512 8153d27a6bbffe3b0d4fb50da5b5c64c9a0187a9db6008516975fdd133d4550484d88ee54075146690a87a098e21f462e09426436f1e5f5c6695cb4b892b1f1e WHIRLPOOL f8f6267db79b64b50513df84bd078588ddd94852ffe7b2bd5e2be5e3819f3e85b17141cb4ace1851c1958957ca32e79ec997476cd30d2c769b51d43426c64b2e
+EBUILD bchunk-1.2.0-r3.ebuild 502 SHA256 7649bf1d82858ca39e493efcd415088c1ba02ff0c147a516b81bdc4285e2f9ad SHA512 8153d27a6bbffe3b0d4fb50da5b5c64c9a0187a9db6008516975fdd133d4550484d88ee54075146690a87a098e21f462e09426436f1e5f5c6695cb4b892b1f1e WHIRLPOOL f8f6267db79b64b50513df84bd078588ddd94852ffe7b2bd5e2be5e3819f3e85b17141cb4ace1851c1958957ca32e79ec997476cd30d2c769b51d43426c64b2e
+EBUILD bchunk-1.2.0-r4.ebuild 588 SHA256 ccef29389061fa2bdd750b0a92c0c9c61f862368ec8e261980a9c5b510130587 SHA512 aa908bd073b293f3df60387421956ef31609e2185d8178be5d505036e9d5d2c4ee731046101f13571d594846c2ac88c12e8b461e2e5f6f144a23315a87c76d30 WHIRLPOOL 15eed1859c6b3c47772b0e4d902ef65c40353f5a8a0951412eb2b138f9c475e11f384267db6cd518d9fa432b0726868ed665da990e8f72841064c56c22f43181
 MISC ChangeLog 2458 SHA256 b7f9a64ab165fff9cbb5730f58e62b7c1738b56ee22e50c3f716d13cc2b9ae2f SHA512 6769e66bf6ce7799c3a473e9c726c15083895de7527b4a0593ac92dddcc73ef0642527991c0166aeeaef848c3827b96fbc5b32415605a1555f16c363b5f57a35 WHIRLPOOL 79a40bb45c8d4036fec6daae0049fe62b0b331a9cd3290bd2e177fcbe02e31224c6f31f2449925a238b150f60a93a46a853f1816d5b9f740a937beab36001ab7
 MISC ChangeLog-2015 2774 SHA256 f3cfce88edd9e9f4177da7db3485428cbe8773fe19c75517c660ea0a600c81e6 SHA512 e4b525bab6008db094dc9cca742812fa0afaa062cadc0109f33917168efa10f7f3be2fc5ba07a847efc1d2f99fc8525ff13c51b93da004c6675c32ca71e4aa58 WHIRLPOOL 465f00fe801ea486df97e18b6a60dd0731a11f174dd0c3683af3ef19323a620a27659edd13709a13924e3c7986ab4bbf7a785300486db7b8b8e415aeda8bdb77
 MISC metadata.xml 411 SHA256 6ec952259a398d4d59ebcb17f8f33b08ea9bf126f267957dbcec9d52ca4ebebb SHA512 ff162a38d348b314ad956852d301682b8ab35188e81a193f393b2f1de422fb616660e3fa7f0ef8cc6610531caf32d2d58f82e4c7300feea00209b5e5830bfbaf WHIRLPOOL e9af17a756157bd95e7dad3a672f340a9ff757783e9d9629baeaba032965cff6e6509c69a8d734b219bacafceb8382511581df53fefc0843f10674d30a38d80d
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
deleted file mode 100644
index f8387e0cb352..000000000000
--- a/app-cdr/bchunk/bchunk-1.2.0-r2.ebuild
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-DESCRIPTION="Convert CD images from bin/cue to iso+wav/cdr"
-HOMEPAGE="http://he.fi/bchunk/"
-SRC_URI="${HOMEPAGE}${P}.tar.gz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris"
-
-DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )
-
-src_install() {
-	dobin "${PN}"
-	doman "${PN}.1"
-	einstalldocs
-}
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
new file mode 100644
index 000000000000..f8387e0cb352
--- /dev/null
+++ b/app-cdr/bchunk/bchunk-1.2.0-r3.ebuild
@@ -0,0 +1,20 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+DESCRIPTION="Convert CD images from bin/cue to iso+wav/cdr"
+HOMEPAGE="http://he.fi/bchunk/"
+SRC_URI="${HOMEPAGE}${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="amd64 ppc sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x64-macos ~sparc-solaris ~x86-solaris"
+
+DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )
+
+src_install() {
+	dobin "${PN}"
+	doman "${PN}.1"
+	einstalldocs
+}
diff --git a/app-cdr/bchunk/bchunk-1.2.0-r4.ebuild b/app-cdr/bchunk/bchunk-1.2.0-r4.ebuild
new file mode 100644
index 000000000000..f3c8e22334d1
--- /dev/null
+++ b/app-cdr/bchunk/bchunk-1.2.0-r4.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+DESCRIPTION="Convert CD images from bin/cue to iso+wav/cdr"
+HOMEPAGE="http://he.fi/bchunk/"
+SRC_URI="${HOMEPAGE}${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+
+DOCS=( "${P}.lsm" "${PN}.spec" README ChangeLog )
+PATCHES=( "${FILESDIR}/CVE-2017-15953.patch" "${FILESDIR}/CVE-2017-15955.patch" )
+
+src_install() {
+	dobin "${PN}"
+	doman "${PN}.1"
+	einstalldocs
+}
diff --git a/app-cdr/bchunk/files/CVE-2017-15953.patch b/app-cdr/bchunk/files/CVE-2017-15953.patch
new file mode 100644
index 000000000000..f78bb7178af2
--- /dev/null
+++ b/app-cdr/bchunk/files/CVE-2017-15953.patch
@@ -0,0 +1,25 @@
+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c	2017-10-30 19:40:25.558131619 +0000
+@@ -18,6 +18,7 @@
+   *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+   */
+
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -271,11 +272,10 @@
+ 	int16_t i;
+ 	float fl;
+ 	
+-	if (!(fname = malloc(strlen(bname) + 8))) {
+-		fprintf(stderr, "main(): malloc() failed, out of memory\n");
++	if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) {
++		fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n");
+ 		exit(4);
+ 	}
+-	sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);
+ 	
+ 	printf("%2d: %s ", track->num, fname);
+ 	
+
diff --git a/app-cdr/bchunk/files/CVE-2017-15955.patch b/app-cdr/bchunk/files/CVE-2017-15955.patch
new file mode 100644
index 000000000000..85797fe020af
--- /dev/null
+++ b/app-cdr/bchunk/files/CVE-2017-15955.patch
@@ -0,0 +1,32 @@
+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c	2017-10-30 19:17:36.732855884 +0000
+@@ -426,11 +426,11 @@
+ 			printf("\nTrack ");
+ 			if (!(p = strchr(p, ' '))) {
+ 				fprintf(stderr, "... ouch, no space after TRACK.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			p++;
+ 			if (!(t = strchr(p, ' '))) {
+ 				fprintf(stderr, "... ouch, no space after track number.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			*t = '\0';
+
+@@ -460,12 +460,12 @@
+ 		} else if ((p = strstr(s, "INDEX"))) {
+ 			if (!(p = strchr(p, ' '))) {
+ 				printf("... ouch, no space after INDEX.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			p++;
+ 			if (!(t = strchr(p, ' '))) {
+ 				printf("... ouch, no space after index number.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			*t = '\0';
+ 			t++;
\ No newline at end of file
-- 
cgit v1.2.3