summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2020-07-19 19:06:17 +0000
committerSam James <sam@gentoo.org>2020-07-19 19:06:17 +0000
commit675031ceeb5731701376347641f857d3d00c8322 (patch)
tree12430b39af2f6dd213921a24d28170e611e7385f /sys-fs/fuseiso
parentgnome-extra/gnome-user-docs: bump to 3.36.2 (diff)
downloadgentoo-675031ceeb5731701376347641f857d3d00c8322.tar.gz
gentoo-675031ceeb5731701376347641f857d3d00c8322.tar.bz2
gentoo-675031ceeb5731701376347641f857d3d00c8322.zip
sys-fs/fuseiso: revbump for security patches
This fixes CVE-2015-8837 and another possible vulnerability using patches from Debian. Bug: https://bugs.gentoo.org/713328 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-fs/fuseiso')
-rw-r--r--sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch35
-rw-r--r--sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch16
-rw-r--r--sys-fs/fuseiso/fuseiso-20070708-r3.ebuild28
3 files changed, 79 insertions, 0 deletions
diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
new file mode 100644
index 000000000000..1e760fd89f66
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch
@@ -0,0 +1,35 @@
+Description: Prevent stack-based buffer overflow on too-long path names
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1532,13 +1532,23 @@
+ if(path[1] != '\0') { // not root dir
+ strcat(absolute_entry, "/");
+ };
+- strcat(absolute_entry, entry);
+- if(g_hash_table_lookup(lookup_table, absolute_entry)) {
+- // already in lookup cache
++
++ if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) {
++ strcat(absolute_entry, entry);
++ if(g_hash_table_lookup(lookup_table, absolute_entry)) {
++ // already in lookup cache
++ isofs_free_inode(inode);
++ } else {
++ g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
++ };
++ }
++ else {
++ printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX);
+ isofs_free_inode(inode);
+- } else {
+- g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode);
+- };
++ free(buf);
++ free(entry);
++ return -EIO;
++ }
+
+ free(entry);
+
diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
new file mode 100644
index 000000000000..83c2c9451a61
--- /dev/null
+++ b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch
@@ -0,0 +1,16 @@
+Description: Prevent integer overflow in ZISO code
+Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+
+--- a/src/isofs.c
++++ b/src/isofs.c
+@@ -1618,6 +1618,10 @@
+ };
+
+ static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) {
++ if( inode->zf_block_shift > 17 ) {
++ fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift);
++ return -EIO;
++ }
+ int zf_block_size = 1 << inode->zf_block_shift;
+ int zf_start = offset / zf_block_size;
+ int zf_end = (offset + size) / zf_block_size;
diff --git a/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
new file mode 100644
index 000000000000..a49b359127b3
--- /dev/null
+++ b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild
@@ -0,0 +1,28 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Fuse module to mount ISO9660"
+HOMEPAGE="https://sourceforge.net/projects/fuseiso"
+SRC_URI="http://superb-dca2.dl.sourceforge.net/project/${PN}/${PN}/${PV}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+
+RDEPEND="sys-fs/fuse:0=
+ sys-libs/zlib
+ dev-libs/glib:2"
+
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+DOCS=( AUTHORS ChangeLog NEWS README )
+
+PATCHES=(
+ "${FILESDIR}/${P}-largeiso.patch"
+ "${FILESDIR}/${P}-fix-typo.patch"
+ "${FILESDIR}/${P}-CVE-2015-8837.patch"
+ "${FILESDIR}/${P}-integer-overflow.patch"
+)