import fribidi-1.0.10-6.el9.2
This commit is contained in:
parent
477869e764
commit
6d27b9f085
48
SOURCES/fribidi-CVE-2022-25308.patch
Normal file
48
SOURCES/fribidi-CVE-2022-25308.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From ad3a19e6372b1e667128ed1ea2f49919884587e1 Mon Sep 17 00:00:00 2001
|
||||
From: Akira TAGOH <akira@tagoh.org>
|
||||
Date: Thu, 17 Feb 2022 17:30:12 +0900
|
||||
Subject: [PATCH 1/3] Fix the stack buffer overflow issue
|
||||
|
||||
strlen() could returns 0. Without a conditional check for len,
|
||||
accessing S_ pointer with len - 1 may causes a stack buffer overflow.
|
||||
|
||||
AddressSanitizer reports this like:
|
||||
==1219243==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdce043c1f at pc 0x000000403547 bp 0x7ffdce0
|
||||
43b30 sp 0x7ffdce043b28
|
||||
READ of size 1 at 0x7ffdce043c1f thread T0
|
||||
#0 0x403546 in main ../bin/fribidi-main.c:393
|
||||
#1 0x7f226804e58f in __libc_start_call_main (/lib64/libc.so.6+0x2d58f)
|
||||
#2 0x7f226804e648 in __libc_start_main_impl (/lib64/libc.so.6+0x2d648)
|
||||
#3 0x4036f4 in _start (/tmp/fribidi/build/bin/fribidi+0x4036f4)
|
||||
|
||||
Address 0x7ffdce043c1f is located in stack of thread T0 at offset 63 in frame
|
||||
#0 0x4022bf in main ../bin/fribidi-main.c:193
|
||||
|
||||
This frame has 5 object(s):
|
||||
[32, 36) 'option_index' (line 233)
|
||||
[48, 52) 'base' (line 386)
|
||||
[64, 65064) 'S_' (line 375) <== Memory access at offset 63 underflows this variable
|
||||
[65328, 130328) 'outstring' (line 385)
|
||||
[130592, 390592) 'logical' (line 384)
|
||||
|
||||
This fixes https://github.com/fribidi/fribidi/issues/181
|
||||
---
|
||||
bin/fribidi-main.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c
|
||||
index 3cf9fe1..3ae4fb6 100644
|
||||
--- a/bin/fribidi-main.c
|
||||
+++ b/bin/fribidi-main.c
|
||||
@@ -390,7 +390,7 @@ FRIBIDI_END_IGNORE_DEPRECATIONS
|
||||
S_[sizeof (S_) - 1] = 0;
|
||||
len = strlen (S_);
|
||||
/* chop */
|
||||
- if (S_[len - 1] == '\n')
|
||||
+ if (len > 0 && S_[len - 1] == '\n')
|
||||
{
|
||||
len--;
|
||||
S_[len] = '\0';
|
||||
--
|
||||
2.35.1
|
||||
|
30
SOURCES/fribidi-CVE-2022-25309.patch
Normal file
30
SOURCES/fribidi-CVE-2022-25309.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From f22593b82b5d1668d1997dbccd10a9c31ffea3b3 Mon Sep 17 00:00:00 2001
|
||||
From: Dov Grobgeld <dov.grobgeld@gmail.com>
|
||||
Date: Fri, 25 Mar 2022 09:09:49 +0300
|
||||
Subject: [PATCH 2/3] Protected against garbage in the CapRTL encoder
|
||||
|
||||
---
|
||||
lib/fribidi-char-sets-cap-rtl.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fribidi-char-sets-cap-rtl.c b/lib/fribidi-char-sets-cap-rtl.c
|
||||
index b0c0e4a..f74e010 100644
|
||||
--- a/lib/fribidi-char-sets-cap-rtl.c
|
||||
+++ b/lib/fribidi-char-sets-cap-rtl.c
|
||||
@@ -232,7 +232,12 @@ fribidi_cap_rtl_to_unicode (
|
||||
}
|
||||
}
|
||||
else
|
||||
- us[j++] = caprtl_to_unicode[(int) s[i]];
|
||||
+ {
|
||||
+ if ((int)s[i] < 0)
|
||||
+ us[j++] = '?';
|
||||
+ else
|
||||
+ us[j++] = caprtl_to_unicode[(int) s[i]];
|
||||
+ }
|
||||
}
|
||||
|
||||
return j;
|
||||
--
|
||||
2.35.1
|
||||
|
28
SOURCES/fribidi-CVE-2022-25310.patch
Normal file
28
SOURCES/fribidi-CVE-2022-25310.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001
|
||||
From: Akira TAGOH <akira@tagoh.org>
|
||||
Date: Thu, 17 Feb 2022 19:06:10 +0900
|
||||
Subject: [PATCH 3/3] Fix SEGV issue in fribidi_remove_bidi_marks
|
||||
|
||||
Escape from fribidi_remove_bidi_marks() immediately if str is null.
|
||||
|
||||
This fixes https://github.com/fribidi/fribidi/issues/183
|
||||
---
|
||||
lib/fribidi.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fribidi.c b/lib/fribidi.c
|
||||
index f5da0da..70bdab2 100644
|
||||
--- a/lib/fribidi.c
|
||||
+++ b/lib/fribidi.c
|
||||
@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks (
|
||||
fribidi_boolean status = false;
|
||||
|
||||
if UNLIKELY
|
||||
- (len == 0)
|
||||
+ (len == 0 || str == NULL)
|
||||
{
|
||||
status = true;
|
||||
goto out;
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: Library implementing the Unicode Bidirectional Algorithm
|
||||
Name: fribidi
|
||||
Version: 1.0.10
|
||||
Release: 6%{?dist}
|
||||
Release: 6%{?dist}.2
|
||||
URL: https://github.com/fribidi/fribidi/
|
||||
Source: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
|
||||
License: LGPLv2+ and UCD
|
||||
@ -13,6 +13,9 @@ BuildRequires: meson
|
||||
%endif
|
||||
BuildRequires: make
|
||||
Patch0: fribidi-drop-bundled-gnulib.patch
|
||||
Patch1: fribidi-CVE-2022-25308.patch
|
||||
Patch2: fribidi-CVE-2022-25309.patch
|
||||
Patch3: fribidi-CVE-2022-25310.patch
|
||||
|
||||
%description
|
||||
A library to handle bidirectional scripts (for example Hebrew, Arabic),
|
||||
@ -47,7 +50,7 @@ export CFLAGS="$CFLAGS -DPAGE_SIZE=4096"
|
||||
export CFLAGS="$RPM_OPT_FLAGS -DPAGE_SIZE=4096"
|
||||
%endif
|
||||
%endif
|
||||
%configure --disable-static --disable-docs
|
||||
%configure --disable-static
|
||||
make %{?_smp_mflags} V=1
|
||||
%else
|
||||
%meson -Ddocs=false
|
||||
@ -84,6 +87,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
#%%{_mandir}/man3/*.gz
|
||||
|
||||
%changelog
|
||||
* Thu Apr 14 2022 Akira TAGOH <tagoh@redhat.com> - 1.0.10-6.el9.2
|
||||
- Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310
|
||||
Resolves: rhbz#2050086, rhbz#2050069, rhbz#2050063
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.10-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user