commit: 675031ceeb5731701376347641f857d3d00c8322 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Jul 19 19:06:17 2020 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jul 19 19:06:17 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=675031ce
sys-fs/fuseiso: revbump for security patches This fixes CVE-2015-8837 and another possible vulnerability using patches from Debian. Bug: https://bugs.gentoo.org/713328 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/fuseiso-20070708-CVE-2015-8837.patch | 35 ++++++++++++++++++++++ .../files/fuseiso-20070708-integer-overflow.patch | 16 ++++++++++ sys-fs/fuseiso/fuseiso-20070708-r3.ebuild | 28 +++++++++++++++++ 3 files changed, 79 insertions(+) diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch new file mode 100644 index 00000000000..1e760fd89f6 --- /dev/null +++ b/sys-fs/fuseiso/files/fuseiso-20070708-CVE-2015-8837.patch @@ -0,0 +1,35 @@ +Description: Prevent stack-based buffer overflow on too-long path names +Author: Mike Gabriel <[email protected]> + +--- a/src/isofs.c ++++ b/src/isofs.c +@@ -1532,13 +1532,23 @@ + if(path[1] != '\0') { // not root dir + strcat(absolute_entry, "/"); + }; +- strcat(absolute_entry, entry); +- if(g_hash_table_lookup(lookup_table, absolute_entry)) { +- // already in lookup cache ++ ++ if(strlen(absolute_entry) + strlen(entry) <= PATH_MAX-1) { ++ strcat(absolute_entry, entry); ++ if(g_hash_table_lookup(lookup_table, absolute_entry)) { ++ // already in lookup cache ++ isofs_free_inode(inode); ++ } else { ++ g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); ++ }; ++ } ++ else { ++ printf("readdir: absolute path name for entry '%s' exceeding PATH_MAX (%d)\n", entry, PATH_MAX); + isofs_free_inode(inode); +- } else { +- g_hash_table_insert(lookup_table, g_strdup(absolute_entry), inode); +- }; ++ free(buf); ++ free(entry); ++ return -EIO; ++ } + + free(entry); + diff --git a/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch new file mode 100644 index 00000000000..83c2c9451a6 --- /dev/null +++ b/sys-fs/fuseiso/files/fuseiso-20070708-integer-overflow.patch @@ -0,0 +1,16 @@ +Description: Prevent integer overflow in ZISO code +Author: Mike Gabriel <[email protected]> + +--- a/src/isofs.c ++++ b/src/isofs.c +@@ -1618,6 +1618,10 @@ + }; + + static int isofs_real_read_zf(isofs_inode *inode, char *out_buf, size_t size, off_t offset) { ++ if( inode->zf_block_shift > 17 ) { ++ fprintf(stderr, "isofs_real_read_zf: can't handle ZF block size of 2^%d\n", inode->zf_block_shift); ++ return -EIO; ++ } + int zf_block_size = 1 << inode->zf_block_shift; + int zf_start = offset / zf_block_size; + int zf_end = (offset + size) / zf_block_size; diff --git a/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild new file mode 100644 index 00000000000..a49b359127b --- /dev/null +++ b/sys-fs/fuseiso/fuseiso-20070708-r3.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Fuse module to mount ISO9660" +HOMEPAGE="https://sourceforge.net/projects/fuseiso"; +SRC_URI="http://superb-dca2.dl.sourceforge.net/project/${PN}/${PN}/${PV}/${P}.tar.bz2"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" + +RDEPEND="sys-fs/fuse:0= + sys-libs/zlib + dev-libs/glib:2" + +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +DOCS=( AUTHORS ChangeLog NEWS README ) + +PATCHES=( + "${FILESDIR}/${P}-largeiso.patch" + "${FILESDIR}/${P}-fix-typo.patch" + "${FILESDIR}/${P}-CVE-2015-8837.patch" + "${FILESDIR}/${P}-integer-overflow.patch" +)
