rpms/fribidi
5
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream release.

Browse Source 
Resolves: rhbz#2077311
This commit is contained in:
Akira TAGOH 2022-04-21 15:11:53 +09:00
parent f7d679387e
commit 47d70eb96d
6 changed files with 8 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@
/fribidi-1.0.9.tar.xz /fribidi-1.0.9.tar.xz
/fribidi-1.0.10.tar.xz /fribidi-1.0.10.tar.xz
/fribidi-1.0.11.tar.xz /fribidi-1.0.11.tar.xz
/fribidi-1.0.12.tar.xz

48
fribidi-CVE-2022-25308.patch
View File

@ -1,48 +0,0 @@
From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Thu, 17 Feb 2022 17:30:12 +0900
Subject: [PATCH 1/3] Fix the stack buffer overflow issue
strlen() could returns 0. Without a conditional check for len,
accessing S_ pointer with len - 1 may causes a stack buffer overflow.
AddressSanitizer reports this like:
==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0
43b30 sp 0x7ffdce043b28
READ of size 1 at 0x7ffdce043c1f thread T0
#0 0x403546 in main ../bin/fribidi-main.c:393
#1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f)
#2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648)
#3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4)
Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame
#0 0x4022bf in main ../bin/fribidi-main.c:193
This frame has 5 object(s):
[32, 36) 'option_index' (line 233)
[48, 52) 'base' (line 386)
[64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable
[65328, 130328) 'outstring' (line 385)
[130592, 390592) 'logical' (line 384)
This fixes https://github.com/fribidi/fribidi/issues/181
---
bin/fribidi-main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c
index 3cf9fe1..3ae4fb6 100644
--- a/bin/fribidi-main.c
+++ b/bin/fribidi-main.c
@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS
S_[sizeof (S_) - 1] = 0;
len = strlen (S_);
/* chop */
- if (S_[len - 1] == '\n')
+ if (len > 0 && S_[len - 1] == '\n')
{
len--;
S_[len] = '\0';
--
2.35.1

30
fribidi-CVE-2022-25309.patch
View File

@ -1,30 +0,0 @@
From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001
From: Dov Grobgeld <dov.grobgeld@gmail.com>
Date: Fri, 25 Mar 2022 09:09:49 +0300
Subject: [PATCH 2/3] Protected against garbage in the CapRTL encoder
---
lib/fribidi-char-sets-cap-rtl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c
index b0c0e4a..f74e010 100644
--- a/lib/fribidi-char-sets-cap-rtl.c
+++ b/lib/fribidi-char-sets-cap-rtl.c
@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode (
}
}
else
- us[j++] = caprtl_to_unicode[(int) s[i]];
+ {
+ if ((int)s[i] < 0)
+ us[j++] = '?';
+ else
+ us[j++] = caprtl_to_unicode[(int) s[i]];
+ }
}
return j;
--
2.35.1

28
fribidi-CVE-2022-25310.patch
View File

@ -1,28 +0,0 @@
From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira@tagoh.org>
Date: Thu, 17 Feb 2022 19:06:10 +0900
Subject: [PATCH 3/3] Fix SEGV issue in fribidi_remove_bidi_marks
Escape from fribidi_remove_bidi_marks() immediately if str is null.
This fixes https://github.com/fribidi/fribidi/issues/183
---
lib/fribidi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/fribidi.c b/lib/fribidi.c
index f5da0da..70bdab2 100644
--- a/lib/fribidi.c
+++ b/lib/fribidi.c
@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks (
fribidi_boolean status = false;
if UNLIKELY
- (len == 0)
+ (len == 0 || str == NULL)
{
status = true;
goto out;
--
2.35.1

11
fribidi.spec
View File

@ -1,7 +1,7 @@
Summary: Library implementing the Unicode Bidirectional Algorithm Summary: Library implementing the Unicode Bidirectional Algorithm
Name: fribidi Name: fribidi
Version: 1.0.11 Version: 1.0.12
Release: 3%{?dist} Release: 1%{?dist}
URL: https://github.com/fribidi/fribidi/ URL: https://github.com/fribidi/fribidi/
Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
License: LGPLv2+ and UCD License: LGPLv2+ and UCD
@ -13,9 +13,6 @@ BuildRequires: meson
%endif %endif
BuildRequires: make BuildRequires: make
Patch0: fribidi-drop-bundled-gnulib.patch Patch0: fribidi-drop-bundled-gnulib.patch
Patch1: fribidi-CVE-2022-25308.patch
Patch2: fribidi-CVE-2022-25309.patch
Patch3: fribidi-CVE-2022-25310.patch
%description %description
A library to handle bidirectional scripts (for example Hebrew, Arabic), A library to handle bidirectional scripts (for example Hebrew, Arabic),
@ -87,6 +84,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
#%%{_mandir}/man3/*.gz #%%{_mandir}/man3/*.gz
%changelog %changelog
* Thu Apr 21 2022 Akira TAGOH <tagoh@redhat.com> - 1.0.12-1
- New upstream release.
Resolves: rhbz#2077311
* Fri Apr 1 2022 Akira TAGOH <tagoh@redhat.com> - 1.0.11-3 * Fri Apr 1 2022 Akira TAGOH <tagoh@redhat.com> - 1.0.11-3
- Fix security issues, CVE-2022-25308, CVE-2022-25309, CVE-2022-25310. - Fix security issues, CVE-2022-25308, CVE-2022-25309, CVE-2022-25310.
Resolves: rhbz#2067039, rhbz#2067043, rhbz#2067045 Resolves: rhbz#2067039, rhbz#2067043, rhbz#2067045

2
sources
View File

@ -1 +1 @@
SHA512 (fribidi-1.0.11.tar.xz) = 6afde86784de06759f18235ccb44f23261a975f7cce0021b16755065a6a8ed84d7d5fb7fdcaadd691b48011efb4bfc2ee67555e5133a294a418cca1a0c85476c SHA512 (fribidi-1.0.12.tar.xz) = cd624f519b270303e89139ced4020115abe3b6a0d774ba57f17fa69c6036edebd76c635a42c468786e76c6ffb0c7d63b435cd2663bc2fba08dec405840dd8e49