Import from AlmaLinux stable repository

SOURCES/liblouis-3.16.1-fix-CVE-2023-26767.patch

@@ -0,0 +1,42 @@
+From f432de31058b5a94874d47405216d07910c18a9a Mon Sep 17 00:00:00 2001
+From: Christian Egli <christian.egli@sbs.ch>
+Date: Wed, 8 Feb 2023 11:18:27 +0100
+Subject: [PATCH] Check the length of path before copying into dataPath
+
+See https://lwn.net/Articles/507319/ for more background on the
+security problems of strcpy.
+
+Fixes #1292
+---
+ NEWS                               | 2 ++
+ liblouis/compileTranslationTable.c | 2 +-
+ liblouis/liblouis.h.in             | 3 ++-
+ 3 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
+index cbc6ae1614..3c74929bcb 100644
+--- a/liblouis/compileTranslationTable.c
++++ b/liblouis/compileTranslationTable.c
+@@ -58,7 +58,7 @@ char *EXPORT_CALL
+ lou_setDataPath(const char *path) {
+ 	static char dataPath[MAXSTRING];
+ 	dataPathPtr = NULL;
+-	if (path == NULL) return NULL;
++	if (path == NULL || strlen(path) >= MAXSTRING) return NULL;
+ 	strcpy(dataPath, path);
+ 	dataPathPtr = dataPath;
+ 	return dataPathPtr;
+diff --git a/liblouis/liblouis.h.in b/liblouis/liblouis.h.in
+index 88d7996895..c51305f7ad 100644
+--- a/liblouis/liblouis.h.in
++++ b/liblouis/liblouis.h.in
+@@ -283,7 +283,8 @@ lou_getEmphClasses(const char *tableList);
+ /**
+  * Set the path used for searching for tables and liblouisutdml files.
+  *
+- * Overrides the installation path. */
++ * Overrides the installation path. Returns NULL if `path` is NULL or
++ * if the length of `path` is equal or longer than `MAXSTRING`. */
+ LIBLOUIS_API
+ char *EXPORT_CALL
+ lou_setDataPath(const char *path);

SOURCES/liblouis-3.16.1-fix-CVE-2023-26768.patch

@@ -0,0 +1,57 @@
+From 565ac66ec0c187ffb442226487de3db376702958 Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 18:56:21 +0800
+Subject: [PATCH 1/2] Check filename before coping to initialLogFileName
+
+---
+ liblouis/logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 9f470b45e5..7498deb758 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -126,7 +126,7 @@ lou_logFile(const char *fileName) {
+ 		fclose(logFile);
+ 		logFile = NULL;
+ 	}
+-	if (fileName == NULL || fileName[0] == 0) return;
++	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
+ 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ 	logFile = fopen(fileName, "a");
+ 	if (logFile == NULL && initialLogFileName[0] != 0)
+
+From 47822bb418fb77564c159469e3be79989b11aced Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Thu, 9 Feb 2023 21:00:36 +0800
+Subject: [PATCH 2/2] replace the magic number with a define
+
+---
+ liblouis/logging.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/liblouis/logging.c b/liblouis/logging.c
+index 7498deb758..2849cf26d4 100644
+--- a/liblouis/logging.c
++++ b/liblouis/logging.c
+@@ -117,8 +117,10 @@ _lou_logMessage(logLevels level, const char *format, ...) {
+ 	}
+ }
+ 
++#define FILENAMESIZE 256
++
+ static FILE *logFile = NULL;
+-static char initialLogFileName[256] = "";
++static char initialLogFileName[FILENAMESIZE] = "";
+ 
+ void EXPORT_CALL
+ lou_logFile(const char *fileName) {
+@@ -126,7 +128,7 @@ lou_logFile(const char *fileName) {
+ 		fclose(logFile);
+ 		logFile = NULL;
+ 	}
+-	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= 256) return;
++	if (fileName == NULL || fileName[0] == 0 || strlen(fileName) >= FILENAMESIZE) return;
+ 	if (initialLogFileName[0] == 0) strcpy(initialLogFileName, fileName);
+ 	logFile = fopen(fileName, "a");
+ 	if (logFile == NULL && initialLogFileName[0] != 0)

SOURCES/liblouis-3.16.1-fix-CVE-2023-26769.patch

@@ -0,0 +1,162 @@
+From d45430431f8c75941f863328eb3f7fc09f902b2e Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Wed, 8 Feb 2023 22:10:01 +0800
+Subject: [PATCH 1/3] Check the path length before coping into tableFile
+
+---
+ liblouis/compileTranslationTable.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
+index 3c74929bcb..2da766e169 100644
+--- a/liblouis/compileTranslationTable.c
++++ b/liblouis/compileTranslationTable.c
+@@ -4539,7 +4539,9 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 	char *tableFile;
+ 	static struct stat info;
+ 
+-	if (table == NULL || table[0] == '\0') return NULL;
++	if (table == NULL || table[0] == '\0' ||
++			strlen(table) >= MAXSTRING * sizeof(char) * 2)
++		return NULL;
+ 	tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
+ 
+ 	//
+@@ -4547,10 +4549,13 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 	//
+ 	if (base) {
+ 		int k;
++		if (strlen(base) >= MAXSTRING * sizeof(char) * 2) goto failure;
+ 		strcpy(tableFile, base);
+ 		k = (int)strlen(tableFile);
+ 		while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
+ 		tableFile[++k] = '\0';
++		if (strlen(tableFile) + strlen(table) >= MAXSTRING * sizeof(char) * 2)
++			goto failure;
+ 		strcat(tableFile, table);
+ 		if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+ 			_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
+@@ -4582,6 +4587,10 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 			last = (*cp == '\0');
+ 			*cp = '\0';
+ 			if (dir == cp) dir = ".";
++			if (strlen(dir) + strlen(table) + 1 >= MAXSTRING * sizeof(char) * 2) {
++				free(searchPath_copy);
++				goto failure;
++			}
+ 			sprintf(tableFile, "%s%c%s", dir, DIR_SEP, table);
+ 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+ 				_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
+@@ -4589,6 +4598,10 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 				return tableFile;
+ 			}
+ 			if (last) break;
++			if (strlen(dir) + strlen(table) + 16 >= MAXSTRING * sizeof(char) * 2) {
++				free(searchPath_copy);
++				goto failure;
++			}
+ 			sprintf(tableFile, "%s%c%s%c%s%c%s", dir, DIR_SEP, "liblouis", DIR_SEP,
+ 					"tables", DIR_SEP, table);
+ 			if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+@@ -4600,6 +4613,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 		}
+ 		free(searchPath_copy);
+ 	}
++failure:
+ 	free(tableFile);
+ 	return NULL;
+ }
+
+From 6f39e88745e8ec602ccc46042c305a6188f28b0a Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Wed, 8 Feb 2023 22:40:52 +0800
+Subject: [PATCH 2/3] fix format: 1. define MAX_TABLEFILE_SIZE 2. parse the
+ magic number
+
+---
+ liblouis/compileTranslationTable.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
+index 2da766e169..f334a38371 100644
+--- a/liblouis/compileTranslationTable.c
++++ b/liblouis/compileTranslationTable.c
+@@ -4539,23 +4539,21 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 	char *tableFile;
+ 	static struct stat info;
+ 
+-	if (table == NULL || table[0] == '\0' ||
+-			strlen(table) >= MAXSTRING * sizeof(char) * 2)
+-		return NULL;
+-	tableFile = (char *)malloc(MAXSTRING * sizeof(char) * 2);
++#define MAX_TABLEFILE_SIZE MAXSTRING * sizeof(char) * 2
++	if (table == NULL || table[0] == '\0') return NULL;
++	tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
+ 
+ 	//
+ 	// First try to resolve against base
+ 	//
+ 	if (base) {
+ 		int k;
+-		if (strlen(base) >= MAXSTRING * sizeof(char) * 2) goto failure;
++		if (strlen(base) >= MAX_TABLEFILE_SIZE) goto failure;
+ 		strcpy(tableFile, base);
+ 		k = (int)strlen(tableFile);
+ 		while (k >= 0 && tableFile[k] != '/' && tableFile[k] != '\\') k--;
+ 		tableFile[++k] = '\0';
+-		if (strlen(tableFile) + strlen(table) >= MAXSTRING * sizeof(char) * 2)
+-			goto failure;
++		if (strlen(tableFile) + strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
+ 		strcat(tableFile, table);
+ 		if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+ 			_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
+@@ -4567,6 +4565,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 	// It could be an absolute path, or a path relative to the current working
+ 	// directory
+ 	//
++	if (strlen(table) >= MAX_TABLEFILE_SIZE) goto failure;
+ 	strcpy(tableFile, table);
+ 	if (stat(tableFile, &info) == 0 && !(info.st_mode & S_IFDIR)) {
+ 		_lou_logMessage(LOU_LOG_DEBUG, "found table %s", tableFile);
+@@ -4587,7 +4586,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 			last = (*cp == '\0');
+ 			*cp = '\0';
+ 			if (dir == cp) dir = ".";
+-			if (strlen(dir) + strlen(table) + 1 >= MAXSTRING * sizeof(char) * 2) {
++			if (strlen(dir) + strlen(table) + 1 >= MAX_TABLEFILE_SIZE) {
+ 				free(searchPath_copy);
+ 				goto failure;
+ 			}
+@@ -4598,7 +4597,8 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 				return tableFile;
+ 			}
+ 			if (last) break;
+-			if (strlen(dir) + strlen(table) + 16 >= MAXSTRING * sizeof(char) * 2) {
++			if (strlen(dir) + strlen("liblouis") + strlen("tables") + strlen(table) + 3 >=
++					MAX_TABLEFILE_SIZE) {
+ 				free(searchPath_copy);
+ 				goto failure;
+ 			}
+
+From 9f6cec9b63c1d9396fcc32fed77267a2815b648f Mon Sep 17 00:00:00 2001
+From: Marsman1996 <lqliuyuwei@outlook.com>
+Date: Wed, 8 Feb 2023 23:01:56 +0800
+Subject: [PATCH 3/3] add parentheses for define expression
+
+---
+ liblouis/compileTranslationTable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
+index f334a38371..3575792796 100644
+--- a/liblouis/compileTranslationTable.c
++++ b/liblouis/compileTranslationTable.c
+@@ -4539,7 +4539,7 @@ resolveSubtable(const char *table, const char *base, const char *searchPath) {
+ 	char *tableFile;
+ 	static struct stat info;
+ 
+-#define MAX_TABLEFILE_SIZE MAXSTRING * sizeof(char) * 2
++#define MAX_TABLEFILE_SIZE (MAXSTRING * sizeof(char) * 2)
+ 	if (table == NULL || table[0] == '\0') return NULL;
+ 	tableFile = (char *)malloc(MAX_TABLEFILE_SIZE);
+ 

SPECS/liblouis.spec

@@ -3,12 +3,18 @@
 
 Name:           liblouis
 Version:        3.16.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Braille translation and back-translation library
 
 License:        LGPLv3+
 URL:            http://liblouis.org
 Source0:        https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181151
+Patch0:         liblouis-3.16.1-fix-CVE-2023-26767.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181151
+Patch1:         liblouis-3.16.1-fix-CVE-2023-26768.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2181149
+Patch2:         liblouis-3.16.1-fix-CVE-2023-26769.patch
 
 BuildRequires:  chrpath
 BuildRequires:  gcc
@@ -81,7 +87,7 @@ This package provides the documentation for liblouis.
 
 
 %prep
-%setup -q
+%autosetup -p1
 
 
 %build
@@ -143,6 +149,11 @@ done
 
 
 %changelog
+* Mon Apr 03 2023 David King <amigadave@amigadave.com> - 3.16.1-5
+- Fix CVE-2023-26767 (#2181147)
+- Fix CVE-2023-26768 (#2181151)
+- Fix CVE-2023-26769 (#2181149)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16.1-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688