From 6c28a06213fc6d7e2b8a8449479f10241c586e94 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 19:08:44 +0000 Subject: [PATCH] import UBI libeconf-0.6.2-4.el10 --- .gitignore | 2 +- .libeconf.metadata | 1 - ...-Fix-static-analyzer-detected-issues.patch | 103 ++++++++++++++++++ ....patch => 0001-cmake-no-install-html.patch | 9 +- ...0001-getfilecontents-buffer-overflow.patch | 31 ------ ...-Fix-static-analyzer-detected-issues.patch | 54 --------- SPECS/libeconf.spec => libeconf.spec | 64 +++++++---- sources | 1 + 8 files changed, 155 insertions(+), 110 deletions(-) delete mode 100644 .libeconf.metadata create mode 100644 0001-Fix-static-analyzer-detected-issues.patch rename SOURCES/0002-cmake-no-install-html.patch => 0001-cmake-no-install-html.patch (58%) delete mode 100644 SOURCES/0001-getfilecontents-buffer-overflow.patch delete mode 100644 SOURCES/0003-Fix-static-analyzer-detected-issues.patch rename SPECS/libeconf.spec => libeconf.spec (56%) create mode 100644 sources diff --git a/.gitignore b/.gitignore index 3cbb839..2c77039 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libeconf-0.4.1.tar.gz +libeconf-0.6.2.tar.gz diff --git a/.libeconf.metadata b/.libeconf.metadata deleted file mode 100644 index 923d9d6..0000000 --- a/.libeconf.metadata +++ /dev/null @@ -1 +0,0 @@ -5c0327c3a760a85f80016412771d701bd8a8dab6 SOURCES/libeconf-0.4.1.tar.gz diff --git a/0001-Fix-static-analyzer-detected-issues.patch b/0001-Fix-static-analyzer-detected-issues.patch new file mode 100644 index 0000000..94b829f --- /dev/null +++ b/0001-Fix-static-analyzer-detected-issues.patch @@ -0,0 +1,103 @@ +From 6f8c673a181762931d5997bc5e7bea9c69d0b7cb Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Wed, 15 May 2024 09:02:53 +0200 +Subject: [PATCH] Fix static analyzer detected issues (#202) + +Error: UNINIT (CWE-457): +libeconf-0.6.2/lib/helpers.c:217:3: var_decl: Declaring variable "copied_fe" without initializer. +libeconf-0.6.2/lib/helpers.c:233:3: uninit_use: Using uninitialized value "copied_fe". Field "copied_fe.quotes" is uninitialized. +231| copied_fe.comment_after_value = NULL; +232| copied_fe.line_number = fe.line_number; +233|-> return copied_fe; +234| } + +Error: UNINIT (CWE-457): +libeconf-0.6.2/lib/readconfig.c:30:3: var_decl: Declaring variable "suffix" without initializer. +libeconf-0.6.2/lib/readconfig.c:201:5: uninit_use_in_call: Using uninitialized value "suffix" when calling "traverse_conf_dirs". +199| while (default_dirs[i]) { +200| char *project_path = combine_strings(default_dirs[i], config_name, '/'); +201|-> error = traverse_conf_dirs(key_files, configure_dirs, size, project_path, +202| suffix, delim, comment, callback, callback_data); +203| free(project_path); + +Error: UNINIT (CWE-457): +libeconf-0.6.2/lib/readconfig.c:30:3: var_decl: Declaring variable "suffix" without initializer. +libeconf-0.6.2/lib/readconfig.c:172:5: uninit_use_in_call: Using uninitialized value "suffix" when calling "strlen". +170| if (conf_count == 0) +171| { +172|-> char *suffix_d = malloc (strlen(suffix) + 4); /* + strlen(".d/") */ +173| if (suffix_d == NULL) { +174| free(*key_files); + +Error: RESOURCE_LEAK (CWE-772): +libeconf-0.6.2/lib/readconfig.c:162:3: alloc_fn: Storage is returned from allocation function "malloc". +libeconf-0.6.2/lib/readconfig.c:162:3: var_assign: Assigning: "configure_dirs" = storage returned from "malloc(8UL * (conf_count + 2))". +libeconf-0.6.2/lib/readconfig.c:176:7: leaked_storage: Variable "configure_dirs" going out of scope leaks the storage it points to. +174| free(*key_files); +175| *key_files = NULL; +176|-> return ECONF_NOMEM; +177| } +178| cp = stpcpy(suffix_d, suffix); + +Error: CPPCHECK_WARNING (CWE-401): +libeconf-0.6.2/lib/readconfig.c:176: error[memleak]: Memory leak: configure_dirs +174| free(*key_files); +175| *key_files = NULL; +176|-> return ECONF_NOMEM; +177| } +178| cp = stpcpy(suffix_d, suffix); +``` + +Resolves: https://issues.redhat.com/browse/RHEL-35252 + +Signed-off-by: Iker Pedrosa +--- + lib/helpers.c | 1 + + lib/readconfig.c | 6 +++--- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/lib/helpers.c b/lib/helpers.c +index 3e1541a..8c82510 100644 +--- a/lib/helpers.c ++++ b/lib/helpers.c +@@ -230,5 +230,6 @@ struct file_entry cpy_file_entry(struct file_entry fe) { + else + copied_fe.comment_after_value = NULL; + copied_fe.line_number = fe.line_number; ++ copied_fe.quotes = false; + return copied_fe; + } +diff --git a/lib/readconfig.c b/lib/readconfig.c +index 419e0f3..9948e6a 100644 +--- a/lib/readconfig.c ++++ b/lib/readconfig.c +@@ -27,7 +27,8 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files, + bool (*callback)(const char *filename, const void *data), + const void *callback_data) + { +- const char *suffix, *default_dirs[4] = {NULL, NULL, NULL, NULL}; ++ const char *suffix = ""; ++ const char *default_dirs[4] = {NULL, NULL, NULL, NULL}; + char *distfile, *runfile, *etcfile, *cp; + econf_file *key_file = NULL; + econf_err error; +@@ -52,8 +53,6 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files, + strcpy(cp+1, config_suffix); + suffix = cp; + } +- } else { +- suffix = ""; + } + + /* create file names for etc, run and distribution config */ +@@ -173,6 +172,7 @@ econf_err readConfigHistoryWithCallback(econf_file ***key_files, + if (suffix_d == NULL) { + free(*key_files); + *key_files = NULL; ++ econf_freeArray(configure_dirs); + return ECONF_NOMEM; + } + cp = stpcpy(suffix_d, suffix); +-- +2.45.2 + diff --git a/SOURCES/0002-cmake-no-install-html.patch b/0001-cmake-no-install-html.patch similarity index 58% rename from SOURCES/0002-cmake-no-install-html.patch rename to 0001-cmake-no-install-html.patch index be9a3a9..612f12f 100644 --- a/SOURCES/0002-cmake-no-install-html.patch +++ b/0001-cmake-no-install-html.patch @@ -1,12 +1,13 @@ diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt -index 726183a..8da1f45 100644 +index f1a43c6..3b58d80 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt -@@ -18,7 +18,6 @@ if(BUILD_DOCUMENTATION) +@@ -17,8 +17,6 @@ if(BUILD_DOCUMENTATION) + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} COMMENT "Generating API documentation with Doxygen" VERBATIM) - -- install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/html DESTINATION share/doc) +- +- install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/../html DESTINATION share/doc) endif() install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/man/libeconf.3 DESTINATION ${CMAKE_INSTALL_MANDIR}/man3) diff --git a/SOURCES/0001-getfilecontents-buffer-overflow.patch b/SOURCES/0001-getfilecontents-buffer-overflow.patch deleted file mode 100644 index ab86dfa..0000000 --- a/SOURCES/0001-getfilecontents-buffer-overflow.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 8d086dfc69d4299e55e4844e3573b3a4cf420f19 Mon Sep 17 00:00:00 2001 -From: Stefan Schubert -Date: Fri, 24 Mar 2023 15:14:07 +0100 -Subject: [PATCH] Aarch64 gcc13 (#183) - -* fixed buffer overflow ---- - lib/getfilecontents.c | 7 +++---- - 4 files changed, 7 insertions(+), 4 deletions(-) - -diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c -index 94e1db9..f9b1afc 100644 ---- a/lib/getfilecontents.c -+++ b/lib/getfilecontents.c -@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file, - } - ef->delimiter = *delim; - -- while (fgets(buf, sizeof(buf), kf)) { -+ while (fgets(buf, BUFSIZ-1, kf)) { - char *p, *name, *data = NULL; - bool quote_seen = false, delim_seen = false; - char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf); - -+ buf[BUFSIZ-1] = '\0'; - line++; - last_scanned_line_nr = line; - --- -2.40.1 - diff --git a/SOURCES/0003-Fix-static-analyzer-detected-issues.patch b/SOURCES/0003-Fix-static-analyzer-detected-issues.patch deleted file mode 100644 index cfb8c9e..0000000 --- a/SOURCES/0003-Fix-static-analyzer-detected-issues.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff --git a/lib/libeconf.c b/lib/libeconf.c -index d7de070..c6a7c73 100644 ---- a/lib/libeconf.c -+++ b/lib/libeconf.c -@@ -158,7 +158,7 @@ econf_err econf_readDirsHistory(econf_file ***key_files, - { - const char *suffix, *default_dirs[3] = {NULL, NULL, NULL}; - char *distfile, *etcfile, *cp; -- econf_file *key_file; -+ econf_file *key_file = NULL; - econf_err error; - - *size = 0; -@@ -267,8 +267,12 @@ econf_err econf_readDirsHistory(econf_file ***key_files, - const char *conf_dirs[] = { NULL, /* "/conf.d/", ".d/", "/", */ NULL}; - char *project_path = combine_strings(default_dirs[i], project_name, '/'); - char *suffix_d = malloc (strlen(suffix) + 4); /* + strlen(".d/") */ -- if (suffix_d == NULL) -+ if (suffix_d == NULL) { -+ free(project_path); -+ free(*key_files); -+ *key_files = NULL; - return ECONF_NOMEM; -+ } - cp = stpcpy(suffix_d, suffix); - stpcpy(cp, ".d"); - conf_dirs[0] = suffix_d; -diff --git a/lib/libeconf_ext.c b/lib/libeconf_ext.c -index aafba45..6155a0c 100644 ---- a/lib/libeconf_ext.c -+++ b/lib/libeconf_ext.c -@@ -86,15 +86,19 @@ econf_getExtValue(econf_file *kf, const char *group, - { - /* one quoted string only */ - (*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del); -- if ((*result)->values == NULL) -+ if ((*result)->values == NULL) { -+ econf_freeExtValue(*result); - return ECONF_NOMEM; /* memory allocation failed */ -+ } - (*result)->values[n_del-1] = strdup(value_string); - } else { - /* splitting into a character array */ - while ((line = strsep(&value_string, "\n")) != NULL) { - (*result)->values = realloc ((*result)->values, sizeof (char*) * ++n_del); -- if ((*result)->values == NULL) -- return ECONF_NOMEM; /* memory allocation failed */ -+ if ((*result)->values == NULL) { -+ econf_freeExtValue(*result); -+ return ECONF_NOMEM; /* memory allocation failed */ -+ } - (*result)->values[n_del-1] = strdup(trim(line)); - } - } diff --git a/SPECS/libeconf.spec b/libeconf.spec similarity index 56% rename from SPECS/libeconf.spec rename to libeconf.spec index 0481497..631d6e4 100644 --- a/SPECS/libeconf.spec +++ b/libeconf.spec @@ -4,7 +4,7 @@ %global somajor 0 Name: libeconf -Version: 0.4.1 +Version: 0.6.2 Release: 4%{?dist} Summary: Enhanced config file parser library @@ -12,12 +12,12 @@ License: MIT URL: https://github.com/openSUSE/libeconf Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz - ### Patches ### -Patch0001: 0001-getfilecontents-buffer-overflow.patch -Patch0002: 0002-cmake-no-install-html.patch -# https://github.com/openSUSE/libeconf/commit/7c5d0a7198eb97104952e56e43c37eb337c3cf21 -Patch0003: 0003-Fix-static-analyzer-detected-issues.patch +# This should be a temporary workaround. I don't have enough time to check what's happening, but since we aren't shipping the html documentation it's fine to stop installing it +Patch0101: 0001-cmake-no-install-html.patch + +# https://github.com/openSUSE/libeconf/commit/6f8c673a181762931d5997bc5e7bea9c69d0b7cb +Patch0001: 0001-Fix-static-analyzer-detected-issues.patch BuildRequires: cmake >= 3.12 BuildRequires: gcc @@ -79,25 +79,51 @@ configuration files from applications that use %{name}. %files utils %{_bindir}/econftool -%{_mandir}/man8/econftool.8* - +%{_mandir}/man8/econftool.8* %changelog -* Thu Apr 11 2024 Iker Pedrosa - 0.4.1-4 -- Fix static analyzer detected issues. Resolves: RHEL-24989 +* Tue Oct 29 2024 Troy Dawson - 0.6.2-4 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Wed Jun 7 2023 Iker Pedrosa - 0.4.1-3 -- Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652) +* Mon Jun 24 2024 Troy Dawson - 0.6.2-3 +- Bump release for June 2024 mass rebuild -* Mon Aug 09 2021 Mohan Boddu - 0.4.1-2 -- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Related: rhbz#1991688 +* Tue Jun 18 2024 Iker Pedrosa - 0.6.2-2 +- Fix static analyzer detected issues. Resolves: RHEL-35252 -* Tue Jul 13 2021 Iker Pedrosa - 0.4.1-1 -- Rebase to 0.4.1. Resolves: #1938762 +* Wed Mar 6 2024 Iker Pedrosa - 0.6.2-1 +- Rebase to 0.6.2 -* Fri Apr 16 2021 Mohan Boddu - 0.3.8-6 -- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 +* Thu Jan 25 2024 Fedora Release Engineering - 0.5.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 0.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Aug 28 2023 Iker Pedrosa - 0.5.2-1 +- Update to 0.5.2 (RH#1980774) +- Fix CVE-2023-22652 (RH#2212464) +- Fix CVE-2023-30079 (RH#2235236) + +* Thu Jul 20 2023 Fedora Release Engineering - 0.4.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 0.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jul 21 2022 Fedora Release Engineering - 0.4.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jul 08 2021 Neal Gompa - 0.4.0-1 +- Update to 0.4.0 (RH#1980289) +- Add fixes to install econftool and man pages * Tue Jan 26 2021 Fedora Release Engineering - 0.3.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources new file mode 100644 index 0000000..f3e1361 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libeconf-0.6.2.tar.gz) = 913f21ad356dbdf6ae91a4f8a2e3eb9b90a98308a901df0ec1c34b6d2f14a758564133fab23df5f64b19211e64fae30b74301d325e6442b4ccdbd3f1809ed159