diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2010-11-23 12:53:04 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2010-11-23 12:53:04 +0000 |
| commit | 75ebdfcb076fef0ef1e6b6cc1e367114332d13cd (patch) | |
| tree | 8d1014a8a9666565f00e52afdfca31b9cd48437b /dev-games | |
| parent | Version bump (diff) | |
| download | historical-75ebdfcb076fef0ef1e6b6cc1e367114332d13cd.tar.gz historical-75ebdfcb076fef0ef1e6b6cc1e367114332d13cd.tar.bz2 historical-75ebdfcb076fef0ef1e6b6cc1e367114332d13cd.zip | |
Fix buffer overflows #340145 by Diego Elio Pettenò.
Package-Manager: portage-2.2.0_alpha4/cvs/Linux x86_64
Diffstat (limited to 'dev-games')
| -rw-r--r-- | dev-games/hdl_dump/ChangeLog | 7 | ||||
| -rw-r--r-- | dev-games/hdl_dump/Manifest | 13 | ||||
| -rw-r--r-- | dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch | 45 | ||||
| -rw-r--r-- | dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild | 12 |
4 files changed, 65 insertions, 12 deletions
diff --git a/dev-games/hdl_dump/ChangeLog b/dev-games/hdl_dump/ChangeLog index ad65555567ce..6c473b5b3387 100644 --- a/dev-games/hdl_dump/ChangeLog +++ b/dev-games/hdl_dump/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for dev-games/hdl_dump # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/ChangeLog,v 1.8 2010/05/20 00:39:16 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/ChangeLog,v 1.9 2010/11/23 12:53:04 vapier Exp $ + + 23 Nov 2010; Mike Frysinger <vapier@gentoo.org> + hdl_dump-0.8.6.20060901.ebuild, + +files/hdl_dump-0.8.6.20060901-fortify.patch: + Fix buffer overflows #340145 by Diego Elio Pettenò. 20 May 2010; Mike Frysinger <vapier@gentoo.org> hdl_dump-0.8.6.20060901.ebuild: diff --git a/dev-games/hdl_dump/Manifest b/dev-games/hdl_dump/Manifest index a457995e6660..8c71468b7ed9 100644 --- a/dev-games/hdl_dump/Manifest +++ b/dev-games/hdl_dump/Manifest @@ -1,14 +1,15 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 +AUX hdl_dump-0.8.6.20060901-fortify.patch 1443 RMD160 3303eafe05b22294a02050e322e13c69a87b6f28 SHA1 f3a81ce52e6a54ffb5f9a8c419d465ae79efb6a2 SHA256 fa519c575df336db148b3f13b3b6aa7494f7d70320ba0226535c808eec4542f2 DIST hdl_dumx-0.8.6-20060901-src.tar.bz2 156322 RMD160 6a2f90eda70b5bee4dcc4e8a6154f5a39a1eae7e SHA1 08f1ca6892f6af572bb540a4e9d3bead4fa2e9db SHA256 6ccb427da1fb957d82e6e0929e3605abe136f44326e85b16b6cdc3b59569486b -EBUILD hdl_dump-0.8.6.20060901.ebuild 802 RMD160 8ff7f1178703576fea1df3716d745390da5e7257 SHA1 be0bbb56f3f5bdef593dcfd8adaafbd0d4f4ddc5 SHA256 8b4edd0b27f9aa42741eec868ccac9a1893882903ab44bc3a47e1f144532c6e6 -MISC ChangeLog 1168 RMD160 64f0766c3f44718a45525acad396da29c4b44f5a SHA1 d85f25054e6699079ebbb7b38df3271f98c804ef SHA256 9ad1667f0fb2cdee0a57aaa3ba14d883ed0682214b157444bfb8c916cb306ffc +EBUILD hdl_dump-0.8.6.20060901.ebuild 833 RMD160 72e3b26c5a410f8be6cbcab15c72e73c93b7515b SHA1 7dfb264c977f2922ac13cdc48fb3f85aef0b952a SHA256 06849cacab9cfcbc8d0f08b8d84a957bec92eb4a0f69b3bc85e83b7a3bd2cad0 +MISC ChangeLog 1356 RMD160 d05647ed6b996a139dea2470f2b843ff9e069259 SHA1 e24c04d015fb547cdd46b443f19733c64c73d006 SHA256 2de2b3f3e21feb6b54d51e32ae9204b3c4e7419d5c88b314e8c019df680f2f0d MISC metadata.xml 219 RMD160 7910ab018fa6822f52a49d65851c3c552e643c1f SHA1 71e51db51777c7fe8c02eee6e09625cb73704a8a SHA256 d39afbd3fcef67d20b361451ec929d19b81690517cf6b5bf63dc79f445045ace -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.14 (GNU/Linux) +Version: GnuPG v2.0.16 (GNU/Linux) -iF4EAREIAAYFAkv0hL8ACgkQTwhj9JtAlp7jQAEAsyCn/Hd8gBx//LKLeB0RcTZh -/HqjSAhkuCB1Ex9ESOwBAKcvHpjZexUKFsiwIgvCB1TVXN1qF5Gg+66PSSvj1BwB -=ixly +iF4EAREIAAYFAkzruKcACgkQTwhj9JtAlp6TKAD/WpBkHoEPn7d6eYq+Jii3w2b7 +VXL9hs4es8b+T+gmRa4BAMiW/E++RN1WcxH0RrKBttacidzQGz8fHwTGwQ0PYgp8 +=V2j7 -----END PGP SIGNATURE----- diff --git a/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch b/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch new file mode 100644 index 000000000000..96f85d4609af --- /dev/null +++ b/dev-games/hdl_dump/files/hdl_dump-0.8.6.20060901-fortify.patch @@ -0,0 +1,45 @@ +http://bugs.gentoo.org/340145 + +fix buffer overflows in path handling. these defines should only be used +with host paths, so bumping them up to a larger value should be fine. + +--- a/common.h ++++ b/common.h +@@ -35,7 +35,8 @@ + C_START + + #if !defined (MAX_PATH) +-# define MAX_PATH 128 ++/* This needs to be at least 256 bytes -- see iin_gi_probe_path */ ++# define MAX_PATH 1024 + #endif + + +--- a/osal.h ++++ b/osal.h +@@ -62,7 +62,8 @@ typedef struct + # define OSAL_HANDLE_INIT { -1 } /* file descriptor */ + # define OSAL_IS_OPENED(x) ((x).desc != -1) + +-# define MAX_PATH 256 ++/* This needs to be at least 256 bytes -- see iin_gi_probe_path */ ++# define MAX_PATH 1024 + + #endif + typedef /*@special@*/ /*@only@*/ /*@out@*/ osal_handle_t* osal_handle_p_t; + +the magic field is 32 bytes, so strcpy-ing 32 bytes will add a 33rd NUL char. +this isn't a problem in practice as the 33rd char is "unknown_0x02", but let's +fix the issue anyways. + +--- a/apa.c ++++ b/apa.c +@@ -1270,7 +1270,7 @@ apa_initialize_ex (hio_t *hio) + set_u32 (&header.length, 128 * 1024 * 2); + set_u16 (&header.type, 0x0001); + set_ps2fs_datetime (&header.created, time (NULL)); +- strcpy (header.mbr.magic, "Sony Computer Entertainment Inc."); ++ memcpy (header.mbr.magic, "Sony Computer Entertainment Inc.", 32); + header.mbr.unknown_0x02 = 0x02; + set_ps2fs_datetime (&header.mbr.created, time (NULL)); + set_u32 (&header.checksum, apa_partition_checksum (&header)); diff --git a/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild b/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild index 9e0880f7bef2..13aed3f1a7d1 100644 --- a/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild +++ b/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild @@ -1,9 +1,10 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild,v 1.4 2010/05/20 00:39:16 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-games/hdl_dump/hdl_dump-0.8.6.20060901.ebuild,v 1.5 2010/11/23 12:53:04 vapier Exp $ -EAPI=2 -inherit toolchain-funcs versionator +EAPI="2" + +inherit eutils toolchain-funcs versionator MY_PV=$(replace_version_separator 3 -) DESCRIPTION="game installer for playstation 2 HD Loader" @@ -18,14 +19,15 @@ IUSE="" S=${WORKDIR}/${PN} src_prepare() { + epatch "${FILESDIR}"/${P}-fortify.patch #340145 sed -i \ -e "s/-O0 -g/${CFLAGS}/" \ -e "s/@\$(CC)/$(tc-getCC)/" \ -e '/LDFLAGS =/d' \ - Makefile || die "sed failed" + Makefile || die } src_install() { - dobin hdl_dump || die "dobin failed" + dobin hdl_dump || die dodoc AUTHORS CHANGELOG README TODO } |