import CS libeconf-0.4.1-4.el9

2024-09-30 15:51:19 +00:00 · 2024-09-30 15:51:19 +00:00 · 0bdd081395
commit 0bdd081395
parent e8a94ada75
4 changed files with 111 additions and 1 deletions
--- a/SOURCES/0001-getfilecontents-buffer-overflow.patch
+++ b/SOURCES/0001-getfilecontents-buffer-overflow.patch
@ -0,0 +1,31 @@
 From 8d086dfc69d4299e55e4844e3573b3a4cf420f19 Mon Sep 17 00:00:00 2001
 From: Stefan Schubert <stefan@gefluegelhof-schubert.de>
 Date: Fri, 24 Mar 2023 15:14:07 +0100
 Subject: [PATCH] Aarch64 gcc13 (#183)
 * fixed buffer overflow
 ---
 lib/getfilecontents.c | 7 +++----
 4 files changed, 7 insertions(+), 4 deletions(-)
 diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
 index 94e1db9..f9b1afc 100644
 --- a/lib/getfilecontents.c
 +++ b/lib/getfilecontents.c
@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
   }
   ef->delimiter = *delim;
 -  while (fgets(buf, sizeof(buf), kf)) {
 +  while (fgets(buf, BUFSIZ-1, kf)) {
     char *p, *name, *data = NULL;
     bool quote_seen = false, delim_seen = false;
     char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
 +    buf[BUFSIZ-1] = '\0';
     line++;
     last_scanned_line_nr = line;
 -- 
 2.40.1
--- a/SOURCES/0002-cmake-no-install-html.patch
+++ b/SOURCES/0002-cmake-no-install-html.patch
@ -0,0 +1,12 @@
 diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
 index 726183a..8da1f45 100644
 --- a/doc/CMakeLists.txt
 +++ b/doc/CMakeLists.txt
@@ -18,7 +18,6 @@ if(BUILD_DOCUMENTATION)
         COMMENT "Generating API documentation with Doxygen"
         VERBATIM)
 -    install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/html DESTINATION share/doc)
 endif()
 install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/man/libeconf.3 DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)
--- a/SOURCES/0003-Fix-static-analyzer-detected-issues.patch
+++ b/SOURCES/0003-Fix-static-analyzer-detected-issues.patch
@ -0,0 +1,54 @@
 diff --git a/lib/libeconf.c b/lib/libeconf.c
 index d7de070..c6a7c73 100644
 --- a/lib/libeconf.c
 +++ b/lib/libeconf.c
@@ -158,7 +158,7 @@ econf_err econf_readDirsHistory(econf_file ***key_files,
 {
   const char *suffix, *default_dirs[3] = {NULL, NULL, NULL};
   char *distfile, *etcfile, *cp;
 -  econf_file *key_file;
 +  econf_file *key_file = NULL;
   econf_err error;
   *size = 0;
@@ -267,8 +267,12 @@ econf_err econf_readDirsHistory(econf_file ***key_files,
     const char *conf_dirs[] = {  NULL, /* "/conf.d/", ".d/", "/", */ NULL};
     char *project_path = combine_strings(default_dirs[i], project_name, '/');
     char *suffix_d = malloc (strlen(suffix) + 4); /* + strlen(".d/") */
 -    if (suffix_d == NULL)
 +    if (suffix_d == NULL) {
 +      free(project_path);
 +      free(*key_files);
 +      *key_files = NULL;
       return ECONF_NOMEM;
 +    }
     cp = stpcpy(suffix_d, suffix);
     stpcpy(cp, ".d");
     conf_dirs[0] = suffix_d;
 diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c
 index aafba45..6155a0c 100644
 --- a/lib/libeconf_ext.c
 +++ b/lib/libeconf_ext.c
@@ -86,15 +86,19 @@ econf_getExtValue(econf_file *kf, const char *group,
   {
     /* one quoted string only */
     (*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del);
 -    if ((*result)->values == NULL)
 +    if ((*result)->values == NULL) {
 +      econf_freeExtValue(*result);
       return ECONF_NOMEM; /* memory allocation failed */
 +    }
     (*result)->values[n_del-1] = strdup(value_string);
   } else {
     /* splitting into a character array */
     while ((line = strsep(&value_string, "\n")) != NULL) {
       (*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del);
 -      if ((*result)->values == NULL)
 -	return ECONF_NOMEM; /* memory allocation failed */
 +      if ((*result)->values == NULL) {
 +        econf_freeExtValue(*result);
 +	      return ECONF_NOMEM; /* memory allocation failed */
 +      }
       (*result)->values[n_del-1] = strdup(trim(line));
     }
   }
--- a/SPECS/libeconf.spec
+++ b/SPECS/libeconf.spec
@ -5,13 +5,20 @@
 Name:           libeconf
 Version:        0.4.1
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        Enhanced config file parser library
 License:        MIT
 URL:            https://github.com/openSUSE/libeconf
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 ### Patches ###
 Patch0001: 0001-getfilecontents-buffer-overflow.patch
 Patch0002: 0002-cmake-no-install-html.patch
 # https://github.com/openSUSE/libeconf/commit/7c5d0a7198eb97104952e56e43c37eb337c3cf21
 Patch0003: 0003-Fix-static-analyzer-detected-issues.patch
 BuildRequires:  cmake >= 3.12
 BuildRequires:  gcc
 BuildRequires:  make
@ -76,6 +83,12 @@ configuration files from applications that use %{name}.
 %changelog
 * Thu Apr 11 2024 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-4
 - Fix static analyzer detected issues. Resolves: RHEL-24989
 * Wed Jun  7 2023 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-3
 - Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652)
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688