From 8721763f5c744e8eca229edfe1afd52a77cf2842 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 15 Mar 2020 19:08:29 +0100 Subject: [PATCH] dev-libs/iniparser: Fix out-of-bounds read Bug: https://bugs.gentoo.org/647588 Signed-off-by: Sebastian Pipping Package-Manager: Portage-2.3.92, Repoman-2.3.20 --- .../iniparser-4.0-out-of-bounds-read.patch | 22 +++++++++ dev-libs/iniparser/iniparser-3.1-r2.ebuild | 47 +++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch create mode 100644 dev-libs/iniparser/iniparser-3.1-r2.ebuild diff --git a/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch b/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch new file mode 100644 index 000000000000..962566cd5b7f --- /dev/null +++ b/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch @@ -0,0 +1,22 @@ +From 4f870752abbb756911d7b11405d49e9769d082bd Mon Sep 17 00:00:00 2001 +From: Emmanuel Leblond +Date: Fri, 8 Apr 2016 22:13:36 +0200 +Subject: [PATCH] Fix #68 when reading file with only \0 char + +--- + src/iniparser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index be37fec..fb1b549 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -678,7 +678,7 @@ dictionary * iniparser_load(const char * ininame) + while (fgets(line+last, ASCIILINESZ-last, in)!=NULL) { + lineno++ ; + len = (int)strlen(line)-1; +- if (len==0) ++ if (len<=0) + continue; + /* Safety check against buffer overflows */ + if (line[len]!='\n' && !feof(in)) { diff --git a/dev-libs/iniparser/iniparser-3.1-r2.ebuild b/dev-libs/iniparser/iniparser-3.1-r2.ebuild new file mode 100644 index 000000000000..3d8e93facd09 --- /dev/null +++ b/dev-libs/iniparser/iniparser-3.1-r2.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=4 + +AUTOTOOLS_AUTORECONF=1 +inherit autotools-utils autotools-multilib + +DESCRIPTION="A free stand-alone ini file parsing library" +HOMEPAGE="http://ndevilla.free.fr/iniparser/" + +SRC_URI="http://ndevilla.free.fr/iniparser/${P}.tar.gz" +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="doc examples static-libs" + +DEPEND="doc? ( app-doc/doxygen ) + sys-devel/libtool" +RDEPEND="" + +# the tests are rather examples than tests, no point in running them +RESTRICT="test" + +S="${WORKDIR}/${PN}" + +DOCS=( AUTHORS README ) + +PATCHES=( + "${FILESDIR}/${PN}-3.0b-cpp.patch" + "${FILESDIR}/${PN}-3.0-autotools.patch" + "${FILESDIR}/${PN}-4.0-out-of-bounds-read.patch" +) + +src_install() { + autotools-multilib_src_install + + if use doc; then + emake -C doc + dohtml -r html/* + fi + + if use examples ; then + insinto /usr/share/doc/${PF}/examples + doins test/*.{c,ini,py} + fi +} -- 2.26.2