From a8624a983dcca6809ef50b72444b1e6518c892d5 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Sat, 12 Jan 2019 10:18:41 +0100 Subject: [PATCH] Fix small security issues Signed-off-by: Igor Gnatenko --- 0001-Fix-Dereference-of-null-pointer.patch | 25 ++++++++++++++ 0001-Fix-testsolv-segfault.patch | 32 ++++++++++++++++++ 0001-Fix-testsolv-segfaults.patch | 38 ++++++++++++++++++++++ libsolv.spec | 10 +++++- 4 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-Dereference-of-null-pointer.patch create mode 100644 0001-Fix-testsolv-segfault.patch create mode 100644 0001-Fix-testsolv-segfaults.patch diff --git a/0001-Fix-Dereference-of-null-pointer.patch b/0001-Fix-Dereference-of-null-pointer.patch new file mode 100644 index 0000000..1422c0b --- /dev/null +++ b/0001-Fix-Dereference-of-null-pointer.patch @@ -0,0 +1,25 @@ +From c5883b20b7b021ee94111cb72777ab3ba3f50950 Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Fri, 7 Dec 2018 07:05:10 +0100 +Subject: [PATCH] Fix: Dereference of null pointer + +--- + ext/repo_repomdxml.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/repo_repomdxml.c b/ext/repo_repomdxml.c +index fd46272b..46d83615 100644 +--- a/ext/repo_repomdxml.c ++++ b/ext/repo_repomdxml.c +@@ -181,7 +181,7 @@ startElement(struct solv_xmlparser *xmlp, int state, const char *name, const cha + while (value) + { + char *p = strchr(value, ','); +- if (*p) ++ if (p) + *p++ = 0; + if (*value) + repodata_add_poolstr_array(pd->data, SOLVID_META, REPOSITORY_UPDATES, value); +-- +2.20.1 + diff --git a/0001-Fix-testsolv-segfault.patch b/0001-Fix-testsolv-segfault.patch new file mode 100644 index 0000000..8a81848 --- /dev/null +++ b/0001-Fix-testsolv-segfault.patch @@ -0,0 +1,32 @@ +From 95c3d1b3aad7a003d129b957cf449d11edaca67b Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Tue, 11 Dec 2018 10:22:09 +0100 +Subject: [PATCH] Fix: testsolv segfault + +ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fab0e11bf2b bp 0x7ffdfc044b70 sp 0x7ffdfc044a90 T0) +0 0x7fab0e11bf2a in testcase_str2dep_complex /home/company/real_sanitize/libsolv-master/ext/testcase.c:577 +1 0x7fab0e11c80f in testcase_str2dep /home/company/real_sanitize/libsolv-master/ext/testcase.c:656 +2 0x7fab0e12e64a in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2952 +3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 +4 0x7fab0d9d2a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) +5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) +--- + ext/testcase.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ext/testcase.c b/ext/testcase.c +index 33998d47..fe2636cb 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -576,6 +576,8 @@ testcase_str2dep_complex(Pool *pool, const char **sp, int relop) + Id flags, id, id2, namespaceid = 0; + struct oplist *op; + ++ if (!s) ++ return 0; + while (*s == ' ' || *s == '\t') + s++; + if (!strncmp(s, "namespace:", 10)) +-- +2.20.1 + diff --git a/0001-Fix-testsolv-segfaults.patch b/0001-Fix-testsolv-segfaults.patch new file mode 100644 index 0000000..5203597 --- /dev/null +++ b/0001-Fix-testsolv-segfaults.patch @@ -0,0 +1,38 @@ +From 6de825c4d27022e48570824f0be77132c5b6d45a Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Tue, 11 Dec 2018 10:27:15 +0100 +Subject: [PATCH] Fix: testsolv segfaults + +ERROR: AddressSanitizer: SEGV on unknown address 0x0000000002f0 (pc 0x7f31501d3bd2 bp 0x7ffcfe4d4a50 sp 0x7ffcfe4d4a30 T0) +0 0x7f31501d3bd1 in pool_whatprovides /home/company/real_sanitize/libsolv-master/src/pool.h:331 +1 0x7f31501d895e in testcase_str2solvid /home/company/real_sanitize/libsolv-master/ext/testcase.c:793 +2 0x7f31501e8388 in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2807 +3 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 +4 0x7f314fa8da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) +5 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) + +ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f5af9e7815f bp 0x7ffc4c843a40 sp 0x7ffc4c8436c0 T0) +0 0x7f5af9e7815e in testcase_read /home/company/real_sanitize/libsolv-master/ext/testcase.c:2799 +1 0x402aa5 in main /home/company/real_sanitize/libsolv-master/tools/testsolv.c:148 +2 0x7f5af971da3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) +3 0x401bb8 in _start (/home/company/real_sanitize/libsolv-master/build/install/bin/testsolv+0x401bb8) +--- + ext/testcase.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/testcase.c b/ext/testcase.c +index fe2636cb..c8dd14ee 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -2795,7 +2795,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res + { + int i = strlen(pieces[1]); + s = strchr(pieces[1], '('); +- if (!s && pieces[1][i - 1] != ')') ++ if (!s || pieces[1][i - 1] != ')') + { + pool_error(pool, 0, "testcase_read: bad namespace '%s'", pieces[1]); + } +-- +2.20.1 + diff --git a/libsolv.spec b/libsolv.spec index 6c5e4f6..0e96b78 100644 --- a/libsolv.spec +++ b/libsolv.spec @@ -40,12 +40,17 @@ Name: lib%{libname} Version: 0.7.2 -Release: 1%{?dist} +Release: 2%{?dist}.test Summary: Package dependency solver License: BSD URL: https://github.com/openSUSE/libsolv Source: %{url}/archive/%{version}/%{name}-%{version}.tar.gz +Patch0001: 0001-Fix-Dereference-of-null-pointer.patch +Patch0002: 0001-Fix-testsolv-segfault.patch +Patch0003: 0001-Fix-testsolv-segfaults.patch + +Patch666: test.diff BuildRequires: cmake BuildRequires: gcc-c++ @@ -288,6 +293,9 @@ Python 3 version. %endif %changelog +* Sat Jan 12 2019 Igor Gnatenko - 0.7.2-2 +- Fix small security issues + * Mon Dec 10 2018 Igor Gnatenko - 0.7.2-1 - Update to 0.7.2