commit: db551c8e70391cfe960b526704564beb1f31453e Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Thu Aug 3 00:39:37 2017 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Thu Aug 3 00:48:01 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db551c8e
kde-apps/k3b: Fix K3b::Device::from2Byte out-of-bounds issue See also: https://bugs.kde.org/show_bug.cgi?id=382941 Gentoo-bug: 616880 Package-Manager: Portage-2.3.6, Repoman-2.3.1 kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch | 75 +++++++++++++ kde-apps/k3b/k3b-17.04.3-r2.ebuild | 120 +++++++++++++++++++++ 2 files changed, 195 insertions(+) diff --git a/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch new file mode 100644 index 00000000000..83034e74813 --- /dev/null +++ b/kde-apps/k3b/files/k3b-17.04.3-out-of-bounds.patch @@ -0,0 +1,75 @@ +From 7f0be6a33b8260f7789c6aeed58be8d1c844229a Mon Sep 17 00:00:00 2001 +From: Leslie Zhai <[email protected]> +Date: Tue, 1 Aug 2017 14:13:05 +0800 +Subject: Fix K3b::Device::from2Byte out-of-bounds issue. + +A great bug report by Mark! + +BUG: 382941 +--- + libk3bdevice/k3bdeviceglobals.cpp | 24 ++++++++++++------------ + tests/k3bdeviceglobalstest.cpp | 4 +++- + 2 files changed, 15 insertions(+), 13 deletions(-) + +diff --git a/libk3bdevice/k3bdeviceglobals.cpp b/libk3bdevice/k3bdeviceglobals.cpp +index 090ed29..c016f59 100644 +--- a/libk3bdevice/k3bdeviceglobals.cpp ++++ b/libk3bdevice/k3bdeviceglobals.cpp +@@ -212,27 +212,27 @@ void K3b::Device::debugBitfield( unsigned char* data, long len ) + } + + +-quint16 K3b::Device::from2Byte( const unsigned char* d ) ++quint16 K3b::Device::from2Byte(const unsigned char* d) + { +- if (d == NULL) { +- qWarning() << "Invalid nullptr!"; ++ if (d == NULL || strlen((const char *) d) < 2) { ++ qWarning() << "Invalid Byte!"; + return 0; + } +- return ( (d[0] << 8 & 0xFF00) | +- (d[1] & 0xFF) ); ++ return ((d[0] << 8 & 0xFF00) | ++ (d[1] & 0xFF)); + } + + +-quint32 K3b::Device::from4Byte( const unsigned char* d ) ++quint32 K3b::Device::from4Byte(const unsigned char* d) + { +- if (d == NULL) { +- qWarning() << "Invalid nullptr!"; ++ if (d == NULL || strlen((const char *) d) < 4) { ++ qWarning() << "Invalid Byte!"; + return 0; + } +- return ( (d[0] << 24 & 0xFF000000) | +- (d[1] << 16 & 0xFF0000) | +- (d[2] << 8 & 0xFF00) | +- (d[3] & 0xFF) ); ++ return ((d[0] << 24 & 0xFF000000) | ++ (d[1] << 16 & 0xFF0000) | ++ (d[2] << 8 & 0xFF00) | ++ (d[3] & 0xFF)); + } + + +diff --git a/tests/k3bdeviceglobalstest.cpp b/tests/k3bdeviceglobalstest.cpp +index 307b772..635ee39 100644 +--- a/tests/k3bdeviceglobalstest.cpp ++++ b/tests/k3bdeviceglobalstest.cpp +@@ -23,8 +23,10 @@ DeviceGlobalsTest::DeviceGlobalsTest() + + void DeviceGlobalsTest::testFrom2Byte() + { +- const unsigned char* d = NULL; ++ unsigned char* d = NULL; + QCOMPARE(K3b::Device::from2Byte(d), (quint16)0); ++ unsigned char buf[1] = { '\0' }; ++ QCOMPARE(K3b::Device::from2Byte(buf), (quint16)0); + } + + void DeviceGlobalsTest::testFrom4Byte() +-- +cgit v0.11.2 diff --git a/kde-apps/k3b/k3b-17.04.3-r2.ebuild b/kde-apps/k3b/k3b-17.04.3-r2.ebuild new file mode 100644 index 00000000000..d6448856ec8 --- /dev/null +++ b/kde-apps/k3b/k3b-17.04.3-r2.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +KDE_HANDBOOK="forceoptional" +KDE_TEST="true" +inherit kde5 + +DESCRIPTION="Full-featured burning and ripping application based on KDE Frameworks" +HOMEPAGE="http://www.k3b.org/"; + +LICENSE="GPL-2 FDL-1.2" +KEYWORDS="~amd64 ~x86" +IUSE="dvd emovix encode ffmpeg flac libav mad mp3 musepack sndfile sox taglib vcd vorbis webkit" + +DEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kbookmarks) + $(add_frameworks_dep kcmutils) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kfilemetadata 'taglib?') + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep knewstuff) + $(add_frameworks_dep knotifications) + $(add_frameworks_dep knotifyconfig) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kxmlgui) + $(add_frameworks_dep solid) + $(add_kdeapps_dep libkcddb) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtnetwork) + $(add_qt_dep qtwidgets) + $(add_qt_dep qtxml) + media-libs/libsamplerate + dvd? ( media-libs/libdvdread ) + ffmpeg? ( + libav? ( media-video/libav:= ) + !libav? ( media-video/ffmpeg:0= ) + ) + flac? ( >=media-libs/flac-1.2[cxx] ) + mp3? ( media-sound/lame ) + mad? ( media-libs/libmad ) + musepack? ( >=media-sound/musepack-tools-444 ) + sndfile? ( media-libs/libsndfile ) + taglib? ( >=media-libs/taglib-1.5 ) + vorbis? ( media-libs/libvorbis ) + webkit? ( $(add_qt_dep qtwebkit) ) +" +RDEPEND="${DEPEND} + app-cdr/cdrdao + dev-libs/libburn + media-sound/cdparanoia + virtual/cdrtools + dvd? ( + >=app-cdr/dvd+rw-tools-7 + encode? ( media-video/transcode[dvd] ) + ) + emovix? ( media-video/emovix ) + sox? ( media-sound/sox ) + vcd? ( media-video/vcdimager ) +" + +REQUIRED_USE=" + flac? ( taglib ) + mp3? ( encode taglib ) + sox? ( encode taglib ) +" + +DOCS+=( ChangeLog {FAQ,PERMISSIONS,README}.txt ) + +PATCHES=( "${FILESDIR}/${P}-out-of-bounds.patch" ) + +src_configure() { + local mycmakeargs=( + -DK3B_BUILD_API_DOCS=OFF + -DK3B_BUILD_WAVE_DECODER_PLUGIN=ON + -DK3B_ENABLE_HAL_SUPPORT=OFF + -DK3B_ENABLE_MUSICBRAINZ=OFF + -DK3B_DEBUG=$(usex debug) + -DK3B_ENABLE_DVD_RIPPING=$(usex dvd) + -DK3B_BUILD_EXTERNAL_ENCODER_PLUGIN=$(usex encode) + -DK3B_BUILD_FFMPEG_DECODER_PLUGIN=$(usex ffmpeg) + -DK3B_BUILD_FLAC_DECODER_PLUGIN=$(usex flac) + -DK3B_BUILD_LAME_ENCODER_PLUGIN=$(usex mp3) + -DK3B_BUILD_MAD_DECODER_PLUGIN=$(usex mad) + -DK3B_BUILD_MUSE_DECODER_PLUGIN=$(usex musepack) + -DK3B_BUILD_SNDFILE_DECODER_PLUGIN=$(usex sndfile) + -DK3B_BUILD_SOX_ENCODER_PLUGIN=$(usex sox) + -DK3B_ENABLE_TAGLIB=$(usex taglib) + -DK3B_BUILD_OGGVORBIS_DECODER_PLUGIN=$(usex vorbis) + -DK3B_BUILD_OGGVORBIS_ENCODER_PLUGIN=$(usex vorbis) + $(cmake-utils_use_find_package webkit Qt5WebKitWidgets) + ) + + kde5_src_configure +} + +pkg_postinst() { + kde5_pkg_postinst + + echo + elog "If you get warnings on start-up, uncheck the \"Check system" + elog "configuration\" option in the \"Misc\" settings window." + echo + + local group=cdrom + use kernel_linux || group=operator + elog "Make sure you have proper read/write permissions on optical device(s)." + elog "Usually, it is sufficient to be in the ${group} group." + echo +}
