Compare commits
No commits in common. "c8-stream-rhel" and "c9-beta" have entirely different histories.
c8-stream-
...
c9-beta
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/hivex-1.3.18.tar.gz
|
||||
SOURCES/hivex-1.3.21.tar.gz
|
||||
SOURCES/libguestfs.keyring
|
||||
|
@ -1,2 +1,2 @@
|
||||
d66131981d2c978ab9cfc7e28dd052e7e273ae18 SOURCES/hivex-1.3.18.tar.gz
|
||||
3d39d9210e92d809fc3d1e692ff27ee7e9fb0b4c SOURCES/hivex-1.3.21.tar.gz
|
||||
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
|
||||
|
@ -1,24 +0,0 @@
|
||||
From 564a923a91d042e24e9259d86f69e0061f28ef4f Mon Sep 17 00:00:00 2001
|
||||
From: Vladimir Panteleev <git@thecybershadow.net>
|
||||
Date: Thu, 16 Jan 2020 12:11:20 +0000
|
||||
Subject: [PATCH 1/2] Win::Hivex::Regedit: Accept CRLF line endings
|
||||
|
||||
---
|
||||
perl/lib/Win/Hivex/Regedit.pm | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/perl/lib/Win/Hivex/Regedit.pm b/perl/lib/Win/Hivex/Regedit.pm
|
||||
index 34426f1..2b17036 100644
|
||||
--- a/perl/lib/Win/Hivex/Regedit.pm
|
||||
+++ b/perl/lib/Win/Hivex/Regedit.pm
|
||||
@@ -144,6 +144,7 @@ sub reg_import
|
||||
# this is fairly common in pasted regedit files.
|
||||
$lineno++;
|
||||
chomp;
|
||||
+ s/\r$//;
|
||||
if (s/\\\s*$//) {
|
||||
$_ .= <$fh>;
|
||||
redo unless eof ($fh);
|
||||
--
|
||||
2.24.1
|
||||
|
@ -1,75 +0,0 @@
|
||||
From 61f4928dcc31b91aaf3bcbcf2898f8f09586a213 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 15 Apr 2021 15:50:13 +0100
|
||||
Subject: [PATCH] lib/handle.c: Bounds check for block exceeding page length
|
||||
(CVE-2021-3504)
|
||||
|
||||
Hives are encoded as fixed-sized pages containing smaller variable-
|
||||
length blocks:
|
||||
|
||||
+-------------------+-------------------+-------------------+--
|
||||
| header |[ blk ][blk][ blk ]|[blk][blk][blk] |
|
||||
+-------------------+-------------------+-------------------+--
|
||||
|
||||
Blocks should not straddle a page boundary. However because blocks
|
||||
contain a 32 bit length field it is possible to construct an invalid
|
||||
hive where the last block in a page overlaps either the next page or
|
||||
the end of the file:
|
||||
|
||||
+-------------------+-------------------+
|
||||
| header |[ blk ][blk][ blk ..... ]
|
||||
+-------------------+-------------------+
|
||||
|
||||
Hivex lacked a bounds check and would process the registry. Because
|
||||
the rest of the code assumes this situation can never happen it was
|
||||
possible to have a block containing some field (eg. a registry key
|
||||
name) which would extend beyond the end of the file. Hivex mmaps or
|
||||
mallocs the file, causing hivex to read memory beyond the end of the
|
||||
mapped region, resulting in reading other memory structures or a
|
||||
crash. (Writing beyond the end of the mapped region seems to be
|
||||
impossible because we always allocate a new page before writing.)
|
||||
|
||||
This commit adds a check which rejects the malformed registry on
|
||||
hivex_open.
|
||||
|
||||
Credit: Jeremy Galindo, Sr Security Engineer, Datto.com
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Fixes: CVE-2021-3504
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1949687
|
||||
---
|
||||
lib/handle.c | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/handle.c b/lib/handle.c
|
||||
index 88b1563f..2e4231a5 100644
|
||||
--- a/lib/handle.c
|
||||
+++ b/lib/handle.c
|
||||
@@ -353,8 +353,8 @@ hivex_open (const char *filename, int flags)
|
||||
#pragma GCC diagnostic pop
|
||||
if (is_root || !h->unsafe) {
|
||||
SET_ERRNO (ENOTSUP,
|
||||
- "%s, the block at 0x%zx has invalid size %" PRIu32
|
||||
- ", bad registry",
|
||||
+ "%s, the block at 0x%zx size %" PRIu32
|
||||
+ " <= 4 or not a multiple of 4, bad registry",
|
||||
filename, blkoff, le32toh (block->seg_len));
|
||||
goto error;
|
||||
} else {
|
||||
@@ -365,6 +365,14 @@ hivex_open (const char *filename, int flags)
|
||||
}
|
||||
}
|
||||
|
||||
+ if (blkoff + seg_len > off + page_size) {
|
||||
+ SET_ERRNO (ENOTSUP,
|
||||
+ "%s, the block at 0x%zx size %" PRIu32
|
||||
+ " extends beyond the current page, bad registry",
|
||||
+ filename, blkoff, le32toh (block->seg_len));
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
if (h->msglvl >= 2) {
|
||||
unsigned char *id = (unsigned char *) block->id;
|
||||
int id0 = id[0], id1 = id[1];
|
||||
--
|
||||
2.29.2
|
||||
|
@ -1,95 +0,0 @@
|
||||
From 771728218dac2fbf6997a7e53225e75a4c6b7255 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 8 Jul 2021 19:00:45 +0100
|
||||
Subject: [PATCH] lib/node.c: Limit recursion in ri-records (CVE-2021-3622)
|
||||
|
||||
Windows Registry hive "ri"-records are arbitrarily nested B-tree-like
|
||||
structures:
|
||||
|
||||
+-------------+
|
||||
| ri |
|
||||
|-------------|
|
||||
| nr_offsets |
|
||||
| offset[0] ------> points to another lf/lh/li/ri block
|
||||
| offset[1] ------>
|
||||
| offset[2] ------>
|
||||
+-------------+
|
||||
|
||||
It is possible to construct a hive with a very deeply nested tree of
|
||||
ri-records, causing the internal _get_children function to recurse to
|
||||
any depth which can cause programs linked to hivex to crash with a
|
||||
stack overflow.
|
||||
|
||||
Since it is not thought that deeply nested ri-records occur in real
|
||||
hives, limit recursion depth. If you hit this limit you will see the
|
||||
following error and the operation will return an error instead of
|
||||
crashing:
|
||||
|
||||
\> ls
|
||||
hivex: _get_children: returning EINVAL because: ri-record nested to depth >= 32
|
||||
ls: Invalid argument
|
||||
|
||||
Thanks to Jeremy Galindo for finding and reporting this bug.
|
||||
|
||||
Reported-by: Jeremy Galindo, Sr Security Engineer, Datto.com
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Fixes: CVE-2021-3622
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1975489
|
||||
(cherry picked from commit 781a12c4a49dd81365c9c567c5aa5e19e894ba0e)
|
||||
---
|
||||
lib/node.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/node.c b/lib/node.c
|
||||
index 7b002a46..eb7fe93c 100644
|
||||
--- a/lib/node.c
|
||||
+++ b/lib/node.c
|
||||
@@ -203,7 +203,7 @@ hivex_node_classname (hive_h *h, hive_node_h node)
|
||||
|
||||
static int _get_children (hive_h *h, hive_node_h blkoff,
|
||||
offset_list *children, offset_list *blocks,
|
||||
- int flags);
|
||||
+ int flags, unsigned depth);
|
||||
static int check_child_is_nk_block (hive_h *h, hive_node_h child, int flags);
|
||||
|
||||
/* Iterate over children (ie. subkeys of a node), returning child
|
||||
@@ -335,7 +335,7 @@ _hivex_get_children (hive_h *h, hive_node_h node,
|
||||
goto error;
|
||||
}
|
||||
|
||||
- if (_get_children (h, subkey_lf, &children, &blocks, flags) == -1)
|
||||
+ if (_get_children (h, subkey_lf, &children, &blocks, flags, 0) == -1)
|
||||
goto error;
|
||||
|
||||
/* Check the number of children we ended up reading matches
|
||||
@@ -383,7 +383,7 @@ _hivex_get_children (hive_h *h, hive_node_h node,
|
||||
static int
|
||||
_get_children (hive_h *h, hive_node_h blkoff,
|
||||
offset_list *children, offset_list *blocks,
|
||||
- int flags)
|
||||
+ int flags, unsigned depth)
|
||||
{
|
||||
/* Add this intermediate block. */
|
||||
if (_hivex_add_to_offset_list (blocks, blkoff) == -1)
|
||||
@@ -486,7 +486,17 @@ _get_children (hive_h *h, hive_node_h blkoff,
|
||||
}
|
||||
}
|
||||
|
||||
- if (_get_children (h, offset, children, blocks, flags) == -1)
|
||||
+ /* Although in theory hive ri records might be nested to any
|
||||
+ * depth, in practice this is unlikely. Recursing here caused
|
||||
+ * CVE-2021-3622. Thus limit the depth we will recurse to
|
||||
+ * something small.
|
||||
+ */
|
||||
+ if (depth >= 32) {
|
||||
+ SET_ERRNO (EINVAL, "ri-record nested to depth >= %u", depth);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (_get_children (h, offset, children, blocks, flags, depth+1) == -1)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
@ -0,0 +1,80 @@
|
||||
From d5a522c0bb738efdd7cc1e762840b579fc9ea3de Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Fri, 10 Sep 2021 01:06:17 +0200
|
||||
Subject: [PATCH] lib: write: improve key collation compatibility with Windows
|
||||
|
||||
There are multiple problems with using strcasecmp() for ordering registry
|
||||
keys:
|
||||
|
||||
(1) strcasecmp() is influenced by LC_CTYPE.
|
||||
|
||||
(2) strcasecmp() cannot implement case conversion for multibyte UTF-8
|
||||
sequences.
|
||||
|
||||
(3) Even with LC_CTYPE=POSIX and key names consisting solely of ASCII
|
||||
characters, strcasecmp() converts characters to lowercase, for
|
||||
comparison. But on Windows, the CompareStringOrdinal() function
|
||||
converts characters to uppercase. This makes a difference when
|
||||
comparing a letter to one of the characters that fall between 'Z'
|
||||
(0x5A) and 'a' (0x61), namely {'[', '\\', ']', '^', '_', '`'}. For
|
||||
example,
|
||||
|
||||
'c' (0x63) > '_' (0x5F)
|
||||
'C' (0x43) < '_' (0x5F)
|
||||
|
||||
Compare key names byte for byte, eliminating problems (1) and (3).
|
||||
|
||||
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1648520
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20210909230617.31256-1-lersek@redhat.com>
|
||||
Acked-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
---
|
||||
lib/write.c | 32 +++++++++++++++++++++++++++++++-
|
||||
1 file changed, 31 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/write.c b/lib/write.c
|
||||
index 70105c9d9907..d9a13a3c18b6 100644
|
||||
--- a/lib/write.c
|
||||
+++ b/lib/write.c
|
||||
@@ -462,7 +462,37 @@ compare_name_with_nk_name (hive_h *h, const char *name, hive_node_h nk_offs)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- int r = strcasecmp (name, nname);
|
||||
+ /* Perform a limited case-insensitive comparison. ASCII letters will be
|
||||
+ * *upper-cased*. Multibyte sequences will produce nonsensical orderings.
|
||||
+ */
|
||||
+ int r = 0;
|
||||
+ const char *s1 = name;
|
||||
+ const char *s2 = nname;
|
||||
+
|
||||
+ for (;;) {
|
||||
+ unsigned char c1 = *(s1++);
|
||||
+ unsigned char c2 = *(s2++);
|
||||
+
|
||||
+ if (c1 >= 'a' && c1 <= 'z')
|
||||
+ c1 = 'A' + (c1 - 'a');
|
||||
+ if (c2 >= 'a' && c2 <= 'z')
|
||||
+ c2 = 'A' + (c2 - 'a');
|
||||
+ if (c1 < c2) {
|
||||
+ /* Also covers the case when "name" is a prefix of "nname". */
|
||||
+ r = -1;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (c1 > c2) {
|
||||
+ /* Also covers the case when "nname" is a prefix of "name". */
|
||||
+ r = 1;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (c1 == '\0') {
|
||||
+ /* Both strings end. */
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
free (nname);
|
||||
|
||||
return r;
|
||||
--
|
||||
2.19.1.3.g30247aa5d201
|
||||
|
@ -1,36 +0,0 @@
|
||||
From 003028c3c0d33e952430d3f4e1a987a777674eb3 Mon Sep 17 00:00:00 2001
|
||||
From: Vladimir Panteleev <git@thecybershadow.net>
|
||||
Date: Thu, 16 Jan 2020 12:11:21 +0000
|
||||
Subject: [PATCH 2/2] Win::Hivex::Regedit: Ignore comments
|
||||
|
||||
---
|
||||
perl/lib/Win/Hivex/Regedit.pm | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/perl/lib/Win/Hivex/Regedit.pm b/perl/lib/Win/Hivex/Regedit.pm
|
||||
index 2b17036..f0dbb50 100644
|
||||
--- a/perl/lib/Win/Hivex/Regedit.pm
|
||||
+++ b/perl/lib/Win/Hivex/Regedit.pm
|
||||
@@ -153,8 +153,8 @@ sub reg_import
|
||||
#print STDERR "reg_import: parsing <<<$_>>>\n";
|
||||
|
||||
if ($state eq "outer") {
|
||||
- # Ignore blank lines, headers.
|
||||
- next if /^\s*$/;
|
||||
+ # Ignore blank lines, headers, comments.
|
||||
+ next if /^\s*(;.*)?$/;
|
||||
|
||||
# .* is needed before Windows Registry Editor Version.. in
|
||||
# order to eat a possible Unicode BOM which regedit writes
|
||||
@@ -193,7 +193,7 @@ sub reg_import
|
||||
my $value = _parse_value ("", $1, $encoding);
|
||||
croak (_parse_error ($_, $lineno)) unless defined $value;
|
||||
push @newvalues, $value;
|
||||
- } elsif (/^\s*$/) { # blank line after values
|
||||
+ } elsif (/^\s*(;.*)?$/) { # blank line after values
|
||||
_merge_node ($hmap, \%params, $newnode, \@newvalues, \@delvalues);
|
||||
$state = "outer";
|
||||
} else {
|
||||
--
|
||||
2.24.1
|
||||
|
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAlxJfxkRHHJpY2hAYW5u
|
||||
ZXhpYS5vcmcACgkQkXOPc+G3aKCZBRAAqXBbrDyf+TtXCLZBIrs0MkfrYtQFDxps
|
||||
nTNz6sdNXftYl0LKJ6dhEkNwVg0QP31ifX1mQfU4EmJiEOI7qW6xqNLPlwhkKaIP
|
||||
qoB7ctesELb3LBhcgjI9lUjaCeGXrWkIHxp9SWC3esGqHIxWVu+BwKmFt1DfAZtH
|
||||
KE9gtVO6g5sbCdZEP2b4d/PwsL1vO0glekCkEZ0n3PcOgf0isVU0IUSz2IVhcy6e
|
||||
DqY4puYFwopVEpPzzRI9oW/y2XJTTssCM9F420HDnemtUQpx0Uw637MiCRLoN6Or
|
||||
PA1IkTzx/01Ub6OKl3gbMoY3s27yOFJToBVkTmYDvZHUJpNRCj7ytaKAIiZ4aan7
|
||||
WOi+7h9cvkjcr0OhomN+5bDLg6XpaVj9SPuM3W/AgDaYu6PeSvpr5yAtg3VEArJ3
|
||||
Lh4y8b+fh1pzdkLJsvGxK+YpL+ollgTP2y2CAXxgTDv0oMrUI9O4vrNKaOSE4Qnl
|
||||
TinMMFaYvuBWzzTKfjhtnFOMI8YvAFHHVDhBSWost2ZR5W6SCd9xXAvMdUQDL3aD
|
||||
ReesInrLptdklyKL+4l8miokUfq+U0ASi1PC3+Ek/yk13LtUXHEvXfb9rQlPhOc3
|
||||
Fp1278JziKQd7xlkvMuo+Q2PSRGSDaBACqmqjwBaLsPDoz8jsiZOZ/qPg6qcx0kM
|
||||
y93C/w1pCcA=
|
||||
=YBlx
|
||||
-----END PGP SIGNATURE-----
|
17
SOURCES/hivex-1.3.21.tar.gz.sig
Normal file
17
SOURCES/hivex-1.3.21.tar.gz.sig
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmEHr1sRHHJpY2hAYW5u
|
||||
ZXhpYS5vcmcACgkQkXOPc+G3aKAdQRAAnKp8vh3Mn73YpNBzA4PgQm/wkhwU0vlG
|
||||
WEpcbz5sJnxd51XsLfPbHLC99CN3A47WBbwvUVlbY6QIzEgonKJvsWYPnRi9DURG
|
||||
9rrHGPNixitS+eZCwyhhqjDXzujQOC7h0YBRxOHp2HTE2uQ+l15o6H0i6sr2vNkG
|
||||
QwiUI50YVhtaAi3DVaXpPbb2vlA+3K6ImeLPQrSB+em1+n0g40Wze6B2tHN5wtxB
|
||||
XMRN8Hlw+Emc3Fe0Bx/4apg6YRqnXXCGyTyx25zHgtnf8cocOvjamt/cqsN3IspP
|
||||
pOi9aD4+LmPuToLzTfReLwmacch3p+QA4ZjSfcqmSXOpdl6ZtIBGHg3587Zv3j5+
|
||||
1WvpVVTeRsV8neRg9H+bnLFhjvCjbU+pPylmW+HdWargqFrzlhFrLAvGTzKhxWNy
|
||||
r3Xmbe/XnHHTWYeojg8mTZQ5mYt5MYfpbmywZusoyqhWVZV+bAHKJFk1q0UWLjfo
|
||||
L+TkJLka9wjB4r4uPylZion92hW4QEh3lRg7SJU6qfIvmOJMaihRWK77c4S7BvZ2
|
||||
NG05XST/cRyZviSRtGbllqhzBjS50zl5oCCmwu/L4muZGaBYT0/DiQgvM8TI1XeB
|
||||
9si16xg+KdE76tR+5g+Hn9Mh6ywi7hwp55UZHnRmgvvXHB6spBG2LQNqVNtPkWJV
|
||||
CzY9MsNqjVc=
|
||||
=y80J
|
||||
-----END PGP SIGNATURE-----
|
294
SPECS/hivex.spec
294
SPECS/hivex.spec
@ -9,8 +9,8 @@
|
||||
%global verify_tarball_signature 1
|
||||
|
||||
Name: hivex
|
||||
Version: 1.3.18
|
||||
Release: 23%{?dist}
|
||||
Version: 1.3.21
|
||||
Release: 3%{?dist}
|
||||
Summary: Read and write Windows Registry binary hive files
|
||||
|
||||
License: LGPLv2
|
||||
@ -26,15 +26,7 @@ Source1: http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz.s
|
||||
Source2: libguestfs.keyring
|
||||
%endif
|
||||
|
||||
# Patches - all upstream since 1.3.18.
|
||||
Patch0001: 0001-Win-Hivex-Regedit-Accept-CRLF-line-endings.patch
|
||||
Patch0002: 0002-Win-Hivex-Regedit-Ignore-comments.patch
|
||||
|
||||
# Bounds check for block exceeding page length (CVE-2021-3504).
|
||||
Patch0003: 0001-lib-handle.c-Bounds-check-for-block-exceeding-page-l.patch
|
||||
|
||||
# Limit recursion in ri-records (CVE-2021-3622).
|
||||
Patch0004: 0001-lib-node.c-Limit-recursion-in-ri-records-CVE-2021-36.patch
|
||||
Patch0000: 0001-lib-write-improve-key-collation-compatibility-with-Windows.patch
|
||||
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: perl-devel
|
||||
@ -72,6 +64,12 @@ BuildRequires: libxml2-devel
|
||||
%if 0%{verify_tarball_signature}
|
||||
BuildRequires: gnupg2
|
||||
%endif
|
||||
BuildRequires: make
|
||||
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
Conflicts: %{name} < 1.3.20-6
|
||||
Obsoletes: %{name} < 1.3.20-6
|
||||
|
||||
# https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions
|
||||
Provides: bundled(gnulib)
|
||||
@ -108,9 +106,19 @@ For Python 3 bindings, see 'python3-hivex'.
|
||||
For Ruby bindings, see 'ruby-hivex'.
|
||||
|
||||
|
||||
%package libs
|
||||
Summary: Library for %{name}
|
||||
Conflicts: %{name} < 1.3.20-6
|
||||
Obsoletes: %{name} < 1.3.20-6
|
||||
|
||||
|
||||
%description libs
|
||||
%{name}-libs contains the library for %{name}.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Development tools and libraries for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
|
||||
|
||||
@ -119,10 +127,22 @@ Requires: pkgconfig
|
||||
for %{name}.
|
||||
|
||||
|
||||
%if !0%{?rhel}
|
||||
%package static
|
||||
Summary: Statically linked library for %{name}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
|
||||
%description static
|
||||
%{name}-static contains the statically linked library
|
||||
for %{name}.
|
||||
%endif
|
||||
|
||||
|
||||
%if %{with ocaml}
|
||||
%package -n ocaml-%{name}
|
||||
Summary: OCaml bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
|
||||
%description -n ocaml-%{name}
|
||||
@ -146,7 +166,7 @@ required to use the OCaml bindings for %{name}.
|
||||
|
||||
%package -n perl-%{name}
|
||||
Summary: Perl bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
|
||||
|
||||
@ -156,7 +176,7 @@ perl-%{name} contains Perl bindings for %{name}.
|
||||
|
||||
%package -n python3-%{name}
|
||||
Summary: Python 3 bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
%description -n python3-%{name}
|
||||
python3-%{name} contains Python 3 bindings for %{name}.
|
||||
@ -164,7 +184,7 @@ python3-%{name} contains Python 3 bindings for %{name}.
|
||||
|
||||
%package -n ruby-%{name}
|
||||
Summary: Ruby bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: ruby(release)
|
||||
Requires: ruby
|
||||
Provides: ruby(hivex) = %{version}
|
||||
@ -175,8 +195,7 @@ ruby-%{name} contains Ruby bindings for %{name}.
|
||||
|
||||
%prep
|
||||
%if 0%{verify_tarball_signature}
|
||||
tmphome="$(mktemp -d)"
|
||||
gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%endif
|
||||
%setup -q
|
||||
%autopatch -p1
|
||||
@ -185,9 +204,11 @@ gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
%build
|
||||
%configure \
|
||||
PYTHON=%{__python3} \
|
||||
--disable-static \
|
||||
%if !%{with ocaml}
|
||||
--disable-ocaml \
|
||||
%endif
|
||||
%if 0%{?rhel}
|
||||
--disable-static \
|
||||
%endif
|
||||
%{nil}
|
||||
make V=1 INSTALLDIRS=vendor %{?_smp_mflags}
|
||||
@ -211,6 +232,17 @@ rm $RPM_BUILD_ROOT%{python3_sitearch}/libhivexmod.la
|
||||
|
||||
|
||||
%check
|
||||
# Disable some gnulib tests which fail on Arm and POWER and S/390
|
||||
# (2020-07, 2020-12):
|
||||
for f in test-float test-perror2 test-pthread_sigmask1 test-strerror_r; do
|
||||
pushd gnulib/tests
|
||||
make $f
|
||||
rm -f $f
|
||||
touch $f
|
||||
chmod +x $f
|
||||
popd
|
||||
done
|
||||
|
||||
if ! make check -k; then
|
||||
for f in $( find -name test-suite.log | xargs grep -l ^FAIL: ); do
|
||||
echo
|
||||
@ -222,24 +254,37 @@ if ! make check -k; then
|
||||
fi
|
||||
|
||||
%files -f %{name}.lang
|
||||
%doc README LICENSE
|
||||
%doc README
|
||||
%license LICENSE
|
||||
%{_bindir}/hivexget
|
||||
%{_bindir}/hivexml
|
||||
%{_bindir}/hivexsh
|
||||
%{_libdir}/libhivex.so.*
|
||||
%{_mandir}/man1/hivexget.1*
|
||||
%{_mandir}/man1/hivexml.1*
|
||||
%{_mandir}/man1/hivexsh.1*
|
||||
|
||||
|
||||
%files libs
|
||||
%doc README
|
||||
%license LICENSE
|
||||
%{_libdir}/libhivex.so.*
|
||||
|
||||
|
||||
%files devel
|
||||
%doc LICENSE
|
||||
%license LICENSE
|
||||
%{_libdir}/libhivex.so
|
||||
%{_mandir}/man3/hivex.3*
|
||||
%{_includedir}/hivex.h
|
||||
%{_libdir}/pkgconfig/hivex.pc
|
||||
|
||||
|
||||
%if !0%{?rhel}
|
||||
%files static
|
||||
%license LICENSE
|
||||
%{_libdir}/libhivex.a
|
||||
%endif
|
||||
|
||||
|
||||
%if %{with ocaml}
|
||||
%files -n ocaml-%{name}
|
||||
%doc README
|
||||
@ -280,41 +325,192 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Sep 6 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-23
|
||||
- Limit recursion in ri-records (CVE-2021-3622)
|
||||
resolves: rhbz#1976194
|
||||
* Tue Sep 14 2021 Laszlo Ersek <lersek@redhat.com> - 1.3.21-3
|
||||
- Bring key collation order closer to that of Windows.
|
||||
- Resolves: RHBZ#1648524.
|
||||
|
||||
* Thu Sep 2 2021 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.3.18-22.el8
|
||||
- Resolves: bz#2000225
|
||||
(Rebase virt:rhel module:stream based on AV-8.6)
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.3.21-2
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Sat Apr 17 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-21
|
||||
- Bounds check for block exceeding page length (CVE-2021-3504)
|
||||
resolves: rhbz#1950501
|
||||
* Mon Aug 2 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.21-1
|
||||
- New upstream version 1.3.21.
|
||||
- Fixes CVE-2021-3622 limit recursion in ri-records.
|
||||
|
||||
* Mon Apr 27 2020 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.3.18
|
||||
- Resolves: bz#1810193
|
||||
(Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
|
||||
* Wed Jun 23 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.20-7
|
||||
- Bump and rebuild
|
||||
resolves: rhbz#1975314
|
||||
|
||||
* Mon Apr 27 2020 Danilo C. L. de Paula <ddepaula@redhat.com> - 1.3.18
|
||||
- Resolves: bz#1810193
|
||||
(Upgrade components in virt:rhel module:stream for RHEL-8.3 release)
|
||||
* Fri Jun 11 2021 Matt Coleman <matt@datto.com> - 1.3.20-6
|
||||
- Move the library into a separate package: hivex-libs
|
||||
|
||||
* Fri Jun 28 2019 Danilo de Paula <ddepaula@redhat.com> - 1.3.15-7
|
||||
- Rebuild all virt packages to fix RHEL's upgrade path
|
||||
- Resolves: rhbz#1695587
|
||||
(Ensure modular RPM upgrade path)
|
||||
* Fri Jun 11 2021 Matt Coleman <matt@datto.com> - 1.3.20-5
|
||||
- Mark LICENSE as a license file
|
||||
|
||||
* Fri Dec 14 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-6
|
||||
- Drop hivex-static subpackage
|
||||
resolves: rhbz#1560207
|
||||
* Wed Jun 2 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.20-3
|
||||
- Add gating tests (for RHEL 9)
|
||||
|
||||
* Fri Jul 20 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-5
|
||||
- Rebuild for OCaml 4.07.0.
|
||||
* Mon May 3 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.20-1
|
||||
- New upstream version 1.3.20.
|
||||
- Fixes CVE-2021-3504 missing bounds check in hivex_open.
|
||||
|
||||
* Fri Mar 23 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-4
|
||||
- Remove python2 support
|
||||
resolves: rhbz#1559086
|
||||
* Tue Mar 30 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-10
|
||||
- Bump and rebuild for ELN.
|
||||
|
||||
* Mon Mar 1 13:12:08 GMT 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-9
|
||||
- OCaml 4.12.0 build
|
||||
|
||||
* Wed Jan 27 2021 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-8
|
||||
- Bump and rebuild for s390.
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.19-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Thu Jan 07 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.3.19-6
|
||||
- F-34: rebuild against ruby 3.0
|
||||
|
||||
* Thu Dec 03 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-5
|
||||
- Disable static subpackage on RHEL.
|
||||
|
||||
* Tue Sep 01 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-4
|
||||
- OCaml 4.11.1 rebuild
|
||||
|
||||
* Fri Aug 21 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-3
|
||||
- OCaml 4.11.0 rebuild
|
||||
|
||||
* Thu Jul 30 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-2
|
||||
- Disable some failing gnulib tests.
|
||||
|
||||
* Wed Jul 29 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.19-1
|
||||
- New upstream version 1.3.19.
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.18-28
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.3.18-27
|
||||
- Perl 5.32 rebuild
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.3.18-26
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Mon May 04 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-25
|
||||
- OCaml 4.11.0+dev2-2020-04-22 rebuild
|
||||
|
||||
* Tue Apr 21 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-24
|
||||
- OCaml 4.11.0 pre-release attempt 2
|
||||
|
||||
* Fri Apr 17 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-23
|
||||
- OCaml 4.11.0 pre-release
|
||||
|
||||
* Thu Apr 02 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-22
|
||||
- Update all OCaml dependencies for RPM 4.16.
|
||||
|
||||
* Wed Feb 26 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-21
|
||||
- OCaml 4.10.0 final.
|
||||
|
||||
* Wed Jan 29 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-20
|
||||
- Add a couple of upstream patches.
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.18-19
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 20 2020 Vít Ondruch <vondruch@redhat.com> - 1.3.18-18
|
||||
- Another rebuild against Ruby 2.7.
|
||||
|
||||
* Sun Jan 19 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-17
|
||||
- OCaml 4.10.0+beta1 rebuild.
|
||||
|
||||
* Sat Jan 18 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.3.18-16
|
||||
- F-32: rebuild against ruby27
|
||||
|
||||
* Thu Jan 09 2020 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-15
|
||||
- OCaml 4.09.0 for riscv64
|
||||
|
||||
* Fri Dec 06 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-14
|
||||
- OCaml 4.09.0 (final) rebuild.
|
||||
|
||||
* Wed Nov 27 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-13
|
||||
- Use gpgverify macro instead of explicit gpgv2 command.
|
||||
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.3.18-12
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.3.18-11
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Fri Aug 16 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-10
|
||||
- OCaml 4.08.1 (final) rebuild.
|
||||
|
||||
* Wed Jul 31 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-9
|
||||
- OCaml 4.08.1 (rc2) rebuild.
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.18-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Jun 27 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-7
|
||||
- OCaml 4.08.0 (final) rebuild.
|
||||
|
||||
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.3.18-6
|
||||
- Perl 5.30 rebuild
|
||||
|
||||
* Mon Apr 29 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-5
|
||||
- OCaml 4.08.0 (beta 3) rebuild.
|
||||
|
||||
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.3.18-4
|
||||
- Rebuild for readline 8.0
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.18-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Thu Jan 24 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.3.18-2
|
||||
- F-30: rebuild again against ruby26
|
||||
|
||||
* Thu Jan 24 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.18-1
|
||||
- New upstream version 1.3.18.
|
||||
- Revert: Undefine _ld_as_needed which breaks gnulib tests.
|
||||
|
||||
* Thu Jan 24 2019 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.3.17-3
|
||||
- F-30: rebuild against ruby26
|
||||
|
||||
* Wed Jan 23 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.17-2
|
||||
- Undefine _ld_as_needed which breaks gnulib tests.
|
||||
|
||||
* Tue Jan 22 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.17-1
|
||||
- New upstream version 1.3.17.
|
||||
- Fixes regression of RHBZ#1145056.
|
||||
|
||||
* Thu Jan 17 2019 Richard W.M. Jones <rjones@redhat.com> - 1.3.16-1
|
||||
- New upstream version 1.3.16.
|
||||
|
||||
* Thu Jan 10 2019 Miro Hrončok <mhroncok@redhat.com> - 1.3.15-12
|
||||
- Remove Python 2 subpackage
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.15-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jul 11 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-10
|
||||
- OCaml 4.07.0 (final) rebuild.
|
||||
|
||||
* Fri Jul 06 2018 Petr Pisar <ppisar@redhat.com> - 1.3.15-9
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Thu Jul 05 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-8
|
||||
- Remove ldconfig
|
||||
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/SU3LJVDZ7LUSJGZR5MS72BMRAFP3PQQL/
|
||||
- BR on python-unversioned-command
|
||||
https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package
|
||||
|
||||
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com> - 1.3.15-7
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.3.15-6
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Tue Jun 19 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-5
|
||||
- OCaml 4.07.0-rc1 rebuild.
|
||||
|
||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.3.15-4
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Mon Mar 19 2018 Richard W.M. Jones <rjones@redhat.com> - 1.3.15-3
|
||||
- Add upstream patch to fix injection of LDFLAGS (RHBZ#1548536).
|
||||
|
Loading…
Reference in New Issue
Block a user