Merge pull request #31002 from yegortimoshenko/bchunk/CVE-2017-15953

bchunk: fix recent CVEs, simplify installPhase
NixOS · Oct 30, 2017 · 7d04f9f · 7d04f9f
2 parents 9d74a61 + 94b7368
commit 7d04f9f
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 12 deletions.
diff --git a/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch
@@ -0,0 +1,25 @@
+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c	2017-10-30 19:40:25.558131619 +0000
+@@ -18,6 +18,7 @@
+   *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+   */
+
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -271,11 +272,10 @@
+ 	int16_t i;
+ 	float fl;
+
+-	if (!(fname = malloc(strlen(bname) + 8))) {
+-		fprintf(stderr, "main(): malloc() failed, out of memory\n");
++	if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) {
++		fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n");
+ 		exit(4);
+ 	}
+-	sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension);
+
+ 	printf("%2d: %s ", track->num, fname);
+
+
diff --git a/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch b/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch
@@ -0,0 +1,33 @@
+diff -urNZ bchunk-1.2.0.orig/bchunk.c bchunk-1.2.0/bchunk.c
+--- a/bchunk.c	2017-10-30 18:03:58.658741629 +0000
++++ b/bchunk.c	2017-10-30 19:17:36.732855884 +0000
+@@ -426,11 +426,11 @@
+ 			printf("\nTrack ");
+ 			if (!(p = strchr(p, ' '))) {
+ 				fprintf(stderr, "... ouch, no space after TRACK.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			p++;
+ 			if (!(t = strchr(p, ' '))) {
+ 				fprintf(stderr, "... ouch, no space after track number.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			*t = '\0';
+
+@@ -460,12 +460,12 @@
+ 		} else if ((p = strstr(s, "INDEX"))) {
+ 			if (!(p = strchr(p, ' '))) {
+ 				printf("... ouch, no space after INDEX.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			p++;
+ 			if (!(t = strchr(p, ' '))) {
+ 				printf("... ouch, no space after index number.\n");
+-				continue;
++				exit(3);
+ 			}
+ 			*t = '\0';
+ 			t++;
diff --git a/pkgs/tools/cd-dvd/bchunk/default.nix b/pkgs/tools/cd-dvd/bchunk/default.nix
@@ -8,20 +8,16 @@ stdenv.mkDerivation rec {
     sha256 = "0pcbyx3689cbl23dcij497hb3q5f1wmki7cxic5nzldx71g9vp5g";
   };
 
-  preConfigure =
-    ''
-      substituteInPlace Makefile \
-        --replace "-o root -g root" "" \
-        --replace "-o bin -g bin" ""
-    '';
+  patches = [ ./CVE-2017-15953.patch ./CVE-2017-15955.patch ];
 
-  makeFlags = "PREFIX=$(out) MAN_DIR=$(out)/share/man";
+  installPhase = ''
+    install -Dt $out/bin bchunk
+    install -Dt $out/share/man/man1 bchunk.1    
+  '';
 
-  preInstall = "mkdir -p $out/bin $out/share/man/man1";
-
-  meta = {
+  meta = with stdenv.lib; {
     homepage = http://he.fi/bchunk/;
-    description = "A program that converts CD-ROM images in BIN/CUE format into a set of ISO and CDR tracks";
-    platforms = stdenv.lib.platforms.linux;
+    description = "A program that converts CD images in BIN/CUE format into a set of ISO and CDR tracks";
+    platforms = platforms.unix;
   };
 }