rpms/bcel
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream version 6.8.0

Browse Source
This commit is contained in:
Marian Koncek 2023-12-11 13:42:50 +01:00
parent 69830a1f2e
commit b8f75e8f0c
4 changed files with 7 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@
/bcel-6.4.1-src.tar.gz
/bcel-6.5.0-src.tar.gz
/bcel-6.7.0-src.tar.gz
/bcel-6.8.0-src.tar.gz

67
0001-CVE-2022-42920.patch
View File

@ -1,67 +0,0 @@
From 60a3e8874e1646c1198252e531029a6f78ff7a51 Mon Sep 17 00:00:00 2001
From: Richard Atkins <rjatkins359@gmail.com>
Date: Wed, 21 Sep 2022 23:18:58 +1000
Subject: [PATCH] CVE-2022-42920
---
.../java/org/apache/bcel/classfile/ConstantPool.java | 11 +++++++++--
.../java/org/apache/bcel/generic/ConstantPoolGen.java | 11 ++++++++++-
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
index c2926c08..b4177771 100644
--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
@@ -218,8 +218,15 @@ public class ConstantPool implements Cloneable, Node {
* @throws IOException
*/
public void dump( final DataOutputStream file ) throws IOException {
- file.writeShort(constantPool.length);
- for (int i = 1; i < constantPool.length; i++) {
+ /*
+ * Constants over the size of the constant pool shall not be written out.
+ * This is a redundant measure as the ConstantPoolGen should have already
+ * reported an error back in the situation.
+ */
+ final int size = Math.min(constantPool.length, Const.MAX_CP_ENTRIES);
+
+ file.writeShort(size);
+ for (int i = 1; i < size; i++) {
if (constantPool[i] != null) {
constantPool[i].dump(file);
}
diff --git a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
index 5a09e0d3..ce783549 100644
--- a/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
+++ b/src/main/java/org/apache/bcel/generic/ConstantPoolGen.java
@@ -95,7 +95,7 @@ public class ConstantPoolGen {
public ConstantPoolGen(final Constant[] cs) {
final StringBuilder sb = new StringBuilder(DEFAULT_BUFFER_SIZE);
- size = Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64);
+ size = Math.min(Math.max(DEFAULT_BUFFER_SIZE, cs.length + 64), Const.MAX_CP_ENTRIES + 1);
constants = new Constant[size];
System.arraycopy(cs, 0, constants, 0, cs.length);
@@ -224,9 +224,18 @@ public class ConstantPoolGen {
/** Resize internal array of constants.
*/
protected void adjustSize() {
+ // 3 extra spaces are needed as some entries may take 3 slots
+ if (index + 3 >= Const.MAX_CP_ENTRIES + 1) {
+ throw new IllegalStateException("The number of constants " + (index + 3)
+ + " is over the size of the constant pool: "
+ + Const.MAX_CP_ENTRIES);
+ }
+
if (index + 3 >= size) {
final Constant[] cs = constants;
size *= 2;
+ // the constant array shall not exceed the size of the constant pool
+ size = Math.min(size, Const.MAX_CP_ENTRIES + 1);
constants = new Constant[size];
System.arraycopy(cs, 0, constants, 0, index);
}
--
2.38.1

7
bcel.spec
View File

@ -1,6 +1,6 @@
Name: bcel
Version: 6.7.0
Release: 3%{?dist}
Version: 6.8.0
Release: 1%{?dist}
Summary: Byte Code Engineering Library
License: Apache-2.0
URL: http://commons.apache.org/proper/commons-bcel/
@ -60,6 +60,9 @@ This package provides %{summary}.
%license LICENSE.txt NOTICE.txt
%changelog
* Mon Dec 11 2023 Marian Koncek <mkoncek@redhat.com> - 6.8.0-1
- Update to upstream version 6.8.0
* Fri Sep 01 2023 Mikolaj Izdebski <mizdebsk@redhat.com> - 6.7.0-3
- Convert License tag to SPDX format

2
sources
View File

@ -1 +1 @@
SHA512 (bcel-6.7.0-src.tar.gz) = 71f0e227dbc558296f535507b3640ce4c91dddf12ef06502b5fca95b35510b02d09ca649f121427b4b47deb96c2edfe0de70999261cffbcbe170a835730096a0
SHA512 (bcel-6.8.0-src.tar.gz) = fcec4920f841b9b22b7fe05190ed09a31e2edd32dbc9bc6217981af34fecab0725249bbaf0e5810e0c7ef8a347dbe07fa1dfc1a80a7b651368ad4ea852f54f6e