import libmspack-0.7-0.3.alpha.el8.4

2020-04-28 04:49:53 -04:00 · 2020-04-28 04:49:53 -04:00 · 72fa26116a
commit 72fa26116a
parent 765f8aa40c
5 changed files with 75 additions and 44 deletions
--- a/SOURCES/0001-Avoid-returning-CHM-file-entries-that-are-blank-beca.patch
+++ b/SOURCES/0001-Avoid-returning-CHM-file-entries-that-are-blank-beca.patch
@ -1,7 +1,7 @@
-From a68e54542c6f83eb2ee95a88482badbf36840049 Mon Sep 17 00:00:00 2001
+From b86a2e455cc4d3f586367ab05af1f1be00c6df65 Mon Sep 17 00:00:00 2001
 From: Stuart Caie <kyzer@cabextract.org.uk>
 Date: Wed, 17 Oct 2018 11:29:03 +0100
-Subject: [PATCH 2/3] Avoid returning CHM file entries that are "blank" because
+Subject: [PATCH 1/3] Avoid returning CHM file entries that are "blank" because
 they have embedded null bytes

 (cherry picked from commit 8759da8db6ec9e866cb8eb143313f397f925bb4f)
@ -32,5 +32,5 @@ index b3f7fee..1d198bf 100644
        * offset 0 with length 0. We want to keep empty files, but not
        * directory names, which end with a "/" */
 -- 
-2.19.0.rc0
+2.22.0

--- a/SOURCES/0002-CAB-block-input-buffer-is-one-byte-too-small-for-max.patch
+++ b/SOURCES/0002-CAB-block-input-buffer-is-one-byte-too-small-for-max.patch
@ -1,7 +1,7 @@
-From c04c748cc922561d4461b2929cbf1b3c1ccd42a3 Mon Sep 17 00:00:00 2001
+From e31767785bc0922a953bbd1ef6428bf319ba2d2b Mon Sep 17 00:00:00 2001
 From: Stuart Caie <kyzer@cabextract.org.uk>
 Date: Wed, 17 Oct 2018 11:33:35 +0100
-Subject: [PATCH 1/3] CAB block input buffer is one byte too small for maximal
+Subject: [PATCH 2/3] CAB block input buffer is one byte too small for maximal
 Quantum block

 (cherry picked from commit 40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2)
@ -45,5 +45,5 @@ index 59cf95e..25cebcb 100644
 
 struct mscab_decompressor_p {
 -- 
-2.19.0.rc0
+2.22.0

--- a/SOURCES/0003-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
+++ b/SOURCES/0003-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
@ -1,33 +0,0 @@
-From 86cca984516664267a3f783dcdf84ac918494a02 Mon Sep 17 00:00:00 2001
-From: Stuart Caie <kyzer@cabextract.org.uk>
-Date: Sat, 12 May 2018 10:51:34 +0100
-Subject: [PATCH 3/3] =?UTF-8?q?Fix=20off-by-one=20bounds=20check=20on=20CH?=
- =?UTF-8?q?M=20PMGI/PMGL=20chunk=20numbers=20and=20reject=20empty=20filena?=
- =?UTF-8?q?mes.=20Thanks=20to=20Hanno=20B=C3=B6ck=20for=20reporting?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-(cherry picked from commit 72e70a921f0f07fee748aec2274b30784e1d312a)
---
- libmspack/mspack/chmd.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/libmspack/mspack/chmd.c b/libmspack/mspack/chmd.c
-index 1d198bf..45fa0ec 100644
--- a/libmspack/mspack/chmd.c
-+++ b/libmspack/mspack/chmd.c
-@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
-     while (num_entries--) {
-       READ_ENCINT(name_len);
-       if (name_len > (unsigned int) (end - p)) goto chunk_end;
-+      /* consider blank filenames to be an error */
-+      if (name_len == 0) goto chunk_end;
-       name = p; p += name_len;
-+
-       READ_ENCINT(section);
-       READ_ENCINT(offset);
-       READ_ENCINT(length);
-- 
-2.19.0.rc0
-
--- a/SOURCES/0003-length-checks-when-looking-for-control-files.patch
+++ b/SOURCES/0003-length-checks-when-looking-for-control-files.patch
@ -0,0 +1,56 @@
+From e50806b8d3eb2af019def3fa932e7edf602ce51f Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Mon, 18 Feb 2019 13:04:58 +0000
+Subject: [PATCH 3/3] length checks when looking for control files
+
+(cherry picked from commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d)
+---
+ libmspack/mspack/chmd.c | 32 +++++++++++++++-----------------
+ 1 file changed, 15 insertions(+), 17 deletions(-)
+
+diff --git a/libmspack/mspack/chmd.c b/libmspack/mspack/chmd.c
+index 1d198bf..4c46db8 100644
+--- a/libmspack/mspack/chmd.c
+++ b/libmspack/mspack/chmd.c
+@@ -482,23 +482,21 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+       fi->filename[name_len] = '\0';
+ 
+       if (name[0] == ':' && name[1] == ':') {
+-	/* system file */
+-	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
+-	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
+-	    chm->sec1.content = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
+-	    chm->sec1.control = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
+-	    chm->sec1.spaninfo = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+-	    chm->sec1.rtable = fi;
+-	  }
+-	}
+-	fi->next = chm->sysfiles;
+-	chm->sysfiles = fi;
+        /* system file */
+        if (name_len == 40 && mspack_memcmp(name, content_name, 40) == 0) {
+          chm->sec1.content = fi;
+        }
+        else if (name_len == 44 && mspack_memcmp(name, control_name, 44) == 0) {
+          chm->sec1.control = fi;
+        }
+        else if (name_len == 41 && mspack_memcmp(name, spaninfo_name, 41) == 0) {
+          chm->sec1.spaninfo = fi;
+        }
+        else if (name_len == 105 && mspack_memcmp(name, rtable_name, 105) == 0) {
+          chm->sec1.rtable = fi;
+        }
+        fi->next = chm->sysfiles;
+        chm->sysfiles = fi;
+       }
+       else {
+ 	/* normal file */
+-- 
+2.22.0
+
--- a/SPECS/libmspack.spec
+++ b/SPECS/libmspack.spec
@ -1,6 +1,6 @@
 Name:           libmspack
 Version:        0.7
-Release:        0.1.alpha%{?dist}.3
+Release:        0.3.alpha%{?dist}.4
 Summary:        Library for CAB and related files compression and decompression

 Group:          System Environment/Libraries
@ -11,10 +11,10 @@ Source0:        https://github.com/kyz/libmspack/archive/v0.7alpha/%{name}-v0.7a
 Patch0:         %{name}-0.4alpha-doc.patch

 # Fixes for CVE-2018-18584 CVE-2018-18585
-Patch1:         0001-CAB-block-input-buffer-is-one-byte-too-small-for-max.patch
-Patch2:         0002-Avoid-returning-CHM-file-entries-that-are-blank-beca.patch
-# Fix for CVE-2018-14680
-Patch3:         0003-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
+Patch1:         0001-Avoid-returning-CHM-file-entries-that-are-blank-beca.patch
+Patch2:         0002-CAB-block-input-buffer-is-one-byte-too-small-for-max.patch
+# Fix for CVE-CVE-2019-1010305
+Patch3:         0003-length-checks-when-looking-for-control-files.patch

 BuildRequires:  doxygen
 BuildRequires:  gcc
@ -98,6 +98,14 @@ rm $RPM_BUILD_ROOT%{_bindir}/oabextract


 %changelog
+* Fri Aug  2 2019 Richard W.M. Jones <rjones@redhat.com> - 0.7-0.2.alpha.4
+- Fix for CVE-2019-1010305
+- Remove "fix" for CVE-2018-14680 as this fix is included in base tar ball.
+  resolves: rhbz#1736745, rhbz#1736743
+
+* Thu Mar 21 2019 Richard W.M. Jones <rjones@redhat.com> - 0.7-0.2.alpha.3
+- Add gating tests resolves: rhbz#1682770
+
 * Mon Dec 10 2018 Richard W.M. Jones <rjones@redhat.com> - 0.7-0.1.alpha.3
 - Fix for CVE-2018-14680
  resolves: rhbz#1610937