Package: bchunk
Version: 1.2.0-12.1
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU/ITS for bchunk (versioned as 1.2.2-1) on behalf
of Gürkan Myczko and uploaded it to DELAYED/7. Please feel free to
tell me if I should delay it longer.
Regards.
diff -Nru bchunk-1.2.0/bchunk.1 bchunk-1.2.2/bchunk.1
--- bchunk-1.2.0/bchunk.1 2004-06-29 20:39:17.000000000 +0000
+++ bchunk-1.2.2/bchunk.1 2017-11-13 23:13:54.000000000 +0000
@@ -1,4 +1,4 @@
-.TH BCHUNK 1 "v1.2.0 29 Jun 2004" "Heikki Hannikainen"
+.TH BCHUNK 1 "v1.2.2 14 Nov 2017" "Heikki Hannikainen"
.SH NAME
bchunk \- CD image format conversion from bin/cue to iso/cdr
.SH SYNOPSIS
@@ -22,10 +22,15 @@
mounted through a loop device on Linux systems, or
written on a CD-R using cdrecord.
The .cdr tracks are in the native CD audio format. They can
-be either written on a CD-R using cdrecord -audio, or converted
+be either written on a CD-R using cdrecord \(hyaudio, or converted
to WAV (or any other sound format for that matter) using
sox.
.LP
+The output type depends on the input type (data is just copied).
+If the input is in ISO format, the output will be. On the other
+hand, if the input is raw audio data, the output will be CDR or
+WAV (the latter if \(hyw is given).
+.LP
It is advisable to edit the .cue file to either MODE2/2352/2048 or
MODE2/2352/2324 depending on whether an ISO filesystem or a VCD is
desired, respectively.
@@ -46,10 +51,12 @@
.BI \-p
Makes binchunker go into PSX mode and truncate MODE2/2352 tracks to
2336 bytes at offset 0 instead of normal 2048 bytes at offset 24.
+Use this option if input is in PSX mode.
.TP 10
.BI \-r
Makes binchunker output MODE2/2352 tracks in raw format, from offset
-0 for 2352 bytes. Good for MPEG/VCD.
+0 for 2352 bytes. Good for MPEG/VCD. Use this option if input is in
+raw format.
.SH FILES
.LP
.TP 5
@@ -62,11 +69,11 @@
.B *.iso
Tracks in ISO9660 CD filesystem format. Can be either written on a
CD-R using cdrecord, or mounted (on Linux platforms at least)
-through a loop device ('mount track.iso /mnt/cdrom -o
loop=/dev/loop0,blocksize=1024').
+through a loop device ('mount track.iso /mnt/cdrom \(hyo
loop=/dev/loop0,blocksize=1024').
.TP 5
.B *.cdr
Audio tracks in native CD audio format. They can be either written on a
-CD-R using 'cdrecord -audio', or converted to WAV (or any other sound
+CD-R using 'cdrecord \(hyaudio', or converted to WAV (or any other sound
format for that matter) using sox ('sox track.cdr track.wav').
.TP 5
.B *.wav
@@ -78,7 +85,6 @@
.BR cdrdao (1)
.SH AUTHORS
.LP
-.NF
Heikki Hannikainen <[email protected]>
.br
Bob Marietta <[email protected]>
@@ -89,4 +95,3 @@
.br
Matthew Green <[email protected]>
.br
-.FI
diff -Nru bchunk-1.2.0/bchunk-1.2.0.lsm bchunk-1.2.2/bchunk-1.2.0.lsm
--- bchunk-1.2.0/bchunk-1.2.0.lsm 2004-06-29 20:36:49.000000000 +0000
+++ bchunk-1.2.2/bchunk-1.2.0.lsm 1970-01-01 00:00:00.000000000 +0000
@@ -1,17 +0,0 @@
-Begin3
-Title: bchunk
-Version: 1.2.0
-Entered-date: 29JUN04
-Description: CD image format conversion from bin/cue to iso/cdr
-Keywords: cdrecord cdwrite cue binchunker cdr
-Author: [email protected] (Heikki Hannikainen)
-Maintained-by: [email protected] (Heikki Hannikainen)
-Primary-site: sunsite.unc.edu /pub/Linux/utils/disk-management
- 15kb bchunk-1.2.0.tar.gz
- 1kb bchunk-1.2.0.lsm
-Alternate-site: http://he.fi/bchunk/
- ftp.funet.fi /pub/Linux/sunsite/utils/disk-management
-Original-site: http://www.fireburner.com/
-Platforms: Any system that is somewhat ANSI and POSIX.1 compliant
-Copying-policy: GPL
-End
diff -Nru bchunk-1.2.0/bchunk.c bchunk-1.2.2/bchunk.c
--- bchunk-1.2.0/bchunk.c 2004-06-29 20:42:33.000000000 +0000
+++ bchunk-1.2.2/bchunk.c 2017-11-13 23:13:54.000000000 +0000
@@ -18,13 +18,14 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
-#define VERSION "1.2.0"
+#define VERSION "1.2.2"
#define USAGE "Usage: bchunk [-v] [-r] [-p (PSX)] [-w (wav)] [-s
(swabaudio)]\n" \
" <image.bin> <image.cue> <basename>\n" \
"Example: bchunk foo.bin foo.cue foo\n" \
@@ -271,11 +272,10 @@
int16_t i;
float fl;
- if (!(fname = malloc(strlen(bname) + 8))) {
- fprintf(stderr, "main(): malloc() failed, out of memory\n");
+ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension)
== -1) {
+ fprintf(stderr, "writetrack(): asprintf() failed, out of
memory\n");
exit(4);
}
- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);
printf("%2d: %s ", track->num, fname);
@@ -387,7 +387,6 @@
{
char s[CUELLEN+1];
char *p, *t;
- int i, idx;
struct track_t *tracks = NULL;
struct track_t *track = NULL;
struct track_t *prevtrack = NULL;
@@ -417,7 +416,6 @@
return 3;
}
- i = 0;
while (fgets(s, CUELLEN, cuef)) {
while ((p = strchr(s, '\r')) || (p = strchr(s, '\n')))
*p = '\0';
@@ -426,12 +424,12 @@
printf("\nTrack ");
if (!(p = strchr(p, ' '))) {
fprintf(stderr, "... ouch, no space after
TRACK.\n");
- continue;
+ exit(3);
}
p++;
if (!(t = strchr(p, ' '))) {
fprintf(stderr, "... ouch, no space after track
number.\n");
- continue;
+ exit(3);
}
*t = '\0';
@@ -460,23 +458,22 @@
} else if ((p = strstr(s, "INDEX"))) {
if (!(p = strchr(p, ' '))) {
printf("... ouch, no space after INDEX.\n");
- continue;
+ exit(3);
}
p++;
if (!(t = strchr(p, ' '))) {
printf("... ouch, no space after index
number.\n");
- continue;
+ exit(3);
}
*t = '\0';
t++;
- idx = atoi(p);
printf(" %s %s", p, t);
track->startsect = time2frames(t);
track->start = track->startsect * SECTLEN;
if (verbose)
printf(" (startsect %ld ofs %ld)",
track->startsect, track->start);
if ((prevtrack) && (prevtrack->stopsect < 0)) {
- prevtrack->stopsect = track->startsect;
+ prevtrack->stopsect = track->startsect - 1;
prevtrack->stop = track->start - 1;
}
}
@@ -484,7 +481,7 @@
if (track) {
fseek(binf, 0, SEEK_END);
- track->stop = ftell(binf);
+ track->stop = ftell(binf) - 1;
track->stopsect = track->stop / SECTLEN;
}
diff -Nru bchunk-1.2.0/bchunk.spec bchunk-1.2.2/bchunk.spec
--- bchunk-1.2.0/bchunk.spec 2004-06-29 20:43:57.000000000 +0000
+++ bchunk-1.2.2/bchunk.spec 2017-11-13 23:16:33.000000000 +0000
@@ -1,5 +1,5 @@
%define name bchunk
-%define version 1.2.0
+%define version 1.2.2
%define release 0
Summary: A CD image format converter from .bin/.cue to .iso/.cdr/.wav.
@@ -43,6 +43,9 @@
%{_mandir}/man1/bchunk.1.gz
%changelog
+* Tue Nov 14 2017 Hessu <[email protected]>
+- updated to 1.2.2
+
* Tue Jun 29 2004 Hessu <[email protected]>
- updated to 1.2.0
diff -Nru bchunk-1.2.0/ChangeLog bchunk-1.2.2/ChangeLog
--- bchunk-1.2.0/ChangeLog 2004-06-29 20:35:50.000000000 +0000
+++ bchunk-1.2.2/ChangeLog 2017-11-13 23:13:54.000000000 +0000
@@ -45,3 +45,21 @@
-r, which makes binchunker output MODE2/2352 tracks in raw format,
from offset 0 for 2352 bytes.
+1.2.1 - skipped due to CVE items referring to a fork using this version
+
+1.2.2 - Nov 14 2017 - Hessu
+
+ Fixes CVE-2017-15953, a heap-based buffer overflow.
+ Fix provided by Yegor Timoshenko.
+
+ Fixes CVE-2017-15955, Access violation near NULL on destination
+ operand and crash when processing a malformed CUE (.cue) file.
+ Fix provided by Yegor Timoshenko.
+
+ Fix wrong track size calculation when having multiple tracks in
+ one image. (Closes debian bug: #261274).
+ Fix provided by Piotr Kaczuba.
+
+ Clarify manual page for input/output file types
+ Improvement from Reuben Thomas, debian bug: #503151
+
diff -Nru bchunk-1.2.0/debian/changelog bchunk-1.2.2/debian/changelog
--- bchunk-1.2.0/debian/changelog 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/changelog 2018-10-22 21:49:30.000000000 +0000
@@ -1,3 +1,16 @@
+bchunk (1.2.2-1) unstable; urgency=medium
+
+ * New upstream version.
+ * Bump standards version to 4.2.1.
+ * Bump debhelper version to 11.
+ * debian/patches: dropped, incorporated by upstream.
+ * debian/rules: updated. (Closes: #666219)
+ * Disable strip during install. (Closes: #436576)
+ * debian/control: add myself as co-maintainer. (Closes: #918662)
+ * debian/copyright: updated debian maintainers.
+
+ -- Gürkan Myczko <[email protected]> Mon, 22 Oct 2018 23:49:30 +0200
+
bchunk (1.2.0-12.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru bchunk-1.2.0/debian/compat bchunk-1.2.2/debian/compat
--- bchunk-1.2.0/debian/compat 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/compat 2018-10-22 21:49:30.000000000 +0000
@@ -1 +1 @@
-9
+11
diff -Nru bchunk-1.2.0/debian/control bchunk-1.2.2/debian/control
--- bchunk-1.2.0/debian/control 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/control 2018-10-22 21:49:30.000000000 +0000
@@ -2,11 +2,10 @@
Section: otherosfs
Priority: optional
Maintainer: Praveen Arimbrathodiyil <[email protected]>
-Build-Depends: debhelper (>= 9.0~)
-Standards-Version: 3.9.3
+Uploaders: Gürkan Myczko <[email protected]>
+Build-Depends: debhelper (>= 11)
+Standards-Version: 4.2.1
Homepage: http://he.fi/bchunk/
-Vcs-Git: git://git.debian.org/git/collab-maint/bchunk.git
-Vcs-Browser: http://git.debian.org/?p=collab-maint/bchunk.git
Package: bchunk
Architecture: any
diff -Nru bchunk-1.2.0/debian/copyright bchunk-1.2.2/debian/copyright
--- bchunk-1.2.0/debian/copyright 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/copyright 2018-10-22 21:49:30.000000000 +0000
@@ -2,7 +2,7 @@
Download: http://he.fi/bchunk/
Files: *
-Copyright: (C) 1998-2004 Heikki Hannikainen <[email protected]>
+Copyright: (C) 1998-2017 Heikki Hannikainen <[email protected]>
License: GPL-2+
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -22,7 +22,9 @@
can be found in /usr/share/common-licenses/GPL-2 file.
Files: debian/*
-Copyright: (C) 2006-2009 Daniel Baumann <[email protected]>
+Copyright: 2012 Praveen Arimbrathodiyil <[email protected]>
+ 2006-2009 Daniel Baumann <[email protected]>
+ 2001-2004 Sam Powers <[email protected]>
License: GPL-2+
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
diff -Nru bchunk-1.2.0/debian/patches/add-cpp-flags
bchunk-1.2.2/debian/patches/add-cpp-flags
--- bchunk-1.2.0/debian/patches/add-cpp-flags 1970-01-01 00:00:00.000000000
+0000
+++ bchunk-1.2.2/debian/patches/add-cpp-flags 2018-10-22 21:49:30.000000000
+0000
@@ -0,0 +1,38 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ bchunk (1.2.2-1) unstable; urgency=medium
+ .
+ * New upstream version.
+ * Bump standards version to 4.2.1.
+ * Bump debhelper version to 11.
+Author: Gürkan Myczko <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2018-10-22
+
+--- bchunk-1.2.2.orig/Makefile
++++ bchunk-1.2.2/Makefile
+@@ -17,7 +17,7 @@ BIN_DIR = $(PREFIX)/bin
+ MAN_DIR = $(PREFIX)/man
+
+ .c.o:
+- $(CC) $(CFLAGS) -c $<
++ $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+ clean:
+ rm -f *.o *~ *.bak core
diff -Nru bchunk-1.2.0/debian/patches/drop-strip
bchunk-1.2.2/debian/patches/drop-strip
--- bchunk-1.2.0/debian/patches/drop-strip 1970-01-01 00:00:00.000000000
+0000
+++ bchunk-1.2.2/debian/patches/drop-strip 2018-10-22 21:49:30.000000000
+0000
@@ -0,0 +1,41 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ bchunk (1.2.2-1) unstable; urgency=medium
+ .
+ * New upstream version.
+ * Bump standards version to 4.2.1.
+ * Bump debhelper version to 11.
+ * debian/patches: dropped, incorporated by upstream.
+ * debian/rules: updated. (Closes: #666219)
+Author: Gürkan Myczko <[email protected]>
+Bug-Debian: https://bugs.debian.org/666219
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2018-10-22
+
+--- bchunk-1.2.2.orig/Makefile
++++ bchunk-1.2.2/Makefile
+@@ -26,7 +26,7 @@ distclean: clean
+
+ install: installbin installman
+ installbin:
+- $(INSTALL) -m 755 -s -o root -g root bchunk $(BIN_DIR)
++ $(INSTALL) -m 755 -o root -g root bchunk $(BIN_DIR)
+ installman:
+ $(INSTALL) -m 644 -o bin -g bin bchunk.1 $(MAN_DIR)/man1
+
diff -Nru bchunk-1.2.0/debian/patches/great bchunk-1.2.2/debian/patches/great
--- bchunk-1.2.0/debian/patches/great 1970-01-01 00:00:00.000000000 +0000
+++ bchunk-1.2.2/debian/patches/great 2018-10-22 21:49:30.000000000 +0000
@@ -0,0 +1,43 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ bchunk (1.2.2-1) unstable; urgency=medium
+ .
+ * New upstream version.
+ * Bump standards version to 4.2.1.
+ * Bump debhelper version to 11.
+ * debian/patches: dropped, incorporated by upstream.
+ * debian/rules: updated. (Closes: #666219)
+ * Disable strip during install. (Closes: #436576)
+Author: Gürkan Myczko <[email protected]>
+Bug-Debian: https://bugs.debian.org/436576
+Bug-Debian: https://bugs.debian.org/666219
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: 2018-10-22
+
+--- bchunk-1.2.2.orig/Makefile
++++ bchunk-1.2.2/Makefile
+@@ -3,7 +3,7 @@ all: bchunk
+ # For systems with GCC (Linux, and others with GCC installed):
+ CC = gcc
+ LD = gcc
+-CFLAGS = -Wall -Wstrict-prototypes -O2
++CFLAGS += -Wall -Wstrict-prototypes -O2
+
+ # For systems with a legacy CC:
+ #CC = cc
diff -Nru bchunk-1.2.0/debian/patches/series bchunk-1.2.2/debian/patches/series
--- bchunk-1.2.0/debian/patches/series 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/patches/series 2018-10-22 21:49:30.000000000 +0000
@@ -1,4 +1,7 @@
-01-track-size.patch
-02-clarify-formats-in-help.patch
-CVE-2017-15953.patch
-CVE-2017-15955.patch
+#01-track-size.patch
+#02-clarify-formats-in-help.patch
+#CVE-2017-15953.patch
+#CVE-2017-15955.patch
+add-cpp-flags
+drop-strip
+great
diff -Nru bchunk-1.2.0/debian/rules bchunk-1.2.2/debian/rules
--- bchunk-1.2.0/debian/rules 2017-11-06 16:35:51.000000000 +0000
+++ bchunk-1.2.2/debian/rules 2018-10-22 21:49:30.000000000 +0000
@@ -1,5 +1,9 @@
#!/usr/bin/make -f
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
%:
dh ${@}
diff -Nru bchunk-1.2.0/README bchunk-1.2.2/README
--- bchunk-1.2.0/README 2004-06-29 20:39:22.000000000 +0000
+++ bchunk-1.2.2/README 2017-11-13 23:13:54.000000000 +0000
@@ -1,11 +1,15 @@
- binchunker for Unix, version 1.2.0
+ binchunker for Unix, version 1.2.2
Copyright (C) 1998-2004 Heikki Hannikainen <[email protected]>
Enhancements provided by:
Colas Nahaboo <[email protected]>, 1999
Godmar Back <[email protected]>, 2001
Matthew Green <[email protected]>, 2003
+ Piotr Kaczuba <[email protected]>, 2009
+ Reuben Thomas <[email protected]>, 2008
+ Yegor Timoshenko <[email protected]>, 2017
+
http://he.fi/bchunk/
@@ -72,12 +76,17 @@
sox ('sox track.cdr track.wav'). Audio tracks can be written
in WAV format by using the -w switch.
+ The output type depends on the input type (data is just copied).
+ If the input is in ISO format, the output will be. On the other
+ hand, if the input is raw audio data, the output will be CDR or
+ WAV (the latter if -w is given).
+
---
How to install this stuff:
- $ gzip -d -c bchunk-1.2.0.tar.gz | tar xvf -
- $ cd bchunk-1.2.0
+ $ gzip -d -c bchunk-1.2.2.tar.gz | tar xvf -
+ $ cd bchunk-1.2.2
$ make
# make install
@@ -125,6 +134,10 @@
The -r flag makes binchunker output MODE2/2352 tracks in raw
format, from offset 0 for 2352 bytes. Good for MPEG/VCD.
+ The -p and -r flags works only with MODE2/2352 input (if input
+ is in PSX mode pass -p flag or if it is in raw format pass
+ -r flag).
+
The -w flag makes binchunker write audio tracks in WAV format.
The -s flag makes binchunker swap byte order in the samples of
