From 99d4ac43d989a249fb98b0aa48da5b2011e06c46 Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: Tue, 10 Aug 2021 14:43:57 +0200 Subject: [PATCH] Resolves: #1991915 - Rebase libyang to new version --- .gitignore | 1 + libyang-1.0.184-doc.patch | 19 -------- libyang-1.0.225-CVE-2021-28902.patch | 66 -------------------------- libyang-1.0.225-CVE-2021-28903.patch | 70 ---------------------------- libyang.spec | 61 ++++-------------------- sources | 2 +- 6 files changed, 11 insertions(+), 208 deletions(-) delete mode 100644 libyang-1.0.184-doc.patch delete mode 100644 libyang-1.0.225-CVE-2021-28902.patch delete mode 100644 libyang-1.0.225-CVE-2021-28903.patch diff --git a/.gitignore b/.gitignore index 9c68509..a6aeffa 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /v1.0.184.tar.gz /v1.0.215.tar.gz /v1.0.225.tar.gz +/v2.0.7.tar.gz diff --git a/libyang-1.0.184-doc.patch b/libyang-1.0.184-doc.patch deleted file mode 100644 index 53a1b69..0000000 --- a/libyang-1.0.184-doc.patch +++ /dev/null @@ -1,19 +0,0 @@ -commit 66db639f2c6c1b9dda8cf18e2a212f160b268a3b -Author: Tomas Korbar -Date: Thu Jul 23 09:35:56 2020 +0200 - - Search for libyang.h in build directory - -diff --git a/Doxyfile.in b/Doxyfile.in -index 2534da3..272248e 100644 ---- a/Doxyfile.in -+++ b/Doxyfile.in -@@ -781,7 +781,7 @@ WARN_LOGFILE = - # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING - # Note: If this tag is empty the current directory is searched. - --INPUT = @CMAKE_BINARY_DIR@/src/libyang.h \ -+INPUT = ./build/src/libyang.h \ - ./src/tree_data.h \ - ./src/tree_schema.h \ - ./src/extensions.h \ diff --git a/libyang-1.0.225-CVE-2021-28902.patch b/libyang-1.0.225-CVE-2021-28902.patch deleted file mode 100644 index 8a09fc5..0000000 --- a/libyang-1.0.225-CVE-2021-28902.patch +++ /dev/null @@ -1,66 +0,0 @@ -From a3917d95d516e3de267d3cfa5d4d3715a90e8777 Mon Sep 17 00:00:00 2001 -From: Michal Vasko -Date: Mon, 8 Mar 2021 14:08:05 +0100 -Subject: [PATCH] yin parser BUGFIX invalid memory access - -... in case there were some unresolved -extensions. -Fixes #1454 -Fixes #1455 ---- - src/parser_yin.c | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/src/parser_yin.c b/src/parser_yin.c -index 275991644..256325415 100644 ---- a/src/parser_yin.c -+++ b/src/parser_yin.c -@@ -4572,7 +4572,7 @@ read_yin_anydata(struct lys_module *module, struct lys_node *parent, struct lyxm - - for (r = 0; r < retval->ext_size; ++r) { - /* set flag, which represent LYEXT_OPT_VALID */ -- if (retval->ext[r]->flags & LYEXT_OPT_VALID) { -+ if (retval->ext[r] && (retval->ext[r]->flags & LYEXT_OPT_VALID)) { - retval->flags |= LYS_VALID_EXT; - break; - } -@@ -4794,7 +4794,7 @@ read_yin_leaf(struct lys_module *module, struct lys_node *parent, struct lyxml_e - - for (r = 0; r < retval->ext_size; ++r) { - /* set flag, which represent LYEXT_OPT_VALID */ -- if (retval->ext[r]->flags & LYEXT_OPT_VALID) { -+ if (retval->ext[r] && (retval->ext[r]->flags & LYEXT_OPT_VALID)) { - retval->flags |= LYS_VALID_EXT; - break; - } -@@ -5108,7 +5108,7 @@ read_yin_leaflist(struct lys_module *module, struct lys_node *parent, struct lyx - - for (r = 0; r < retval->ext_size; ++r) { - /* set flag, which represent LYEXT_OPT_VALID */ -- if (retval->ext[r]->flags & LYEXT_OPT_VALID) { -+ if (retval->ext[r] && (retval->ext[r]->flags & LYEXT_OPT_VALID)) { - retval->flags |= LYS_VALID_EXT; - break; - } -@@ -5477,7 +5477,7 @@ read_yin_list(struct lys_module *module, struct lys_node *parent, struct lyxml_e - - for (r = 0; r < retval->ext_size; ++r) { - /* set flag, which represent LYEXT_OPT_VALID */ -- if (retval->ext[r]->flags & LYEXT_OPT_VALID) { -+ if (retval->ext[r] && (retval->ext[r]->flags & LYEXT_OPT_VALID)) { - retval->flags |= LYS_VALID_EXT; - if (retval->ext[r]->flags & LYEXT_OPT_VALID_SUBTREE) { - retval->flags |= LYS_VALID_EXT_SUBTREE; -@@ -5701,8 +5701,9 @@ read_yin_container(struct lys_module *module, struct lys_node *parent, struct ly - } - - for (r = 0; r < retval->ext_size; ++r) { -- /* set flag, which represent LYEXT_OPT_VALID */ -- if (retval->ext[r]->flags & LYEXT_OPT_VALID) { -+ /* extension instance may not yet be resolved */ -+ if (retval->ext[r] && (retval->ext[r]->flags & LYEXT_OPT_VALID)) { -+ /* set flag, which represent LYEXT_OPT_VALID */ - retval->flags |= LYS_VALID_EXT; - if (retval->ext[r]->flags & LYEXT_OPT_VALID_SUBTREE) { - retval->flags |= LYS_VALID_EXT_SUBTREE; - diff --git a/libyang-1.0.225-CVE-2021-28903.patch b/libyang-1.0.225-CVE-2021-28903.patch deleted file mode 100644 index 4fa14b4..0000000 --- a/libyang-1.0.225-CVE-2021-28903.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 298b30ea4ebee137226acf9bb38678bd82704582 Mon Sep 17 00:00:00 2001 -From: Michal Vasko -Date: Mon, 8 Mar 2021 14:32:58 +0100 -Subject: [PATCH] common FEATURE add a hard limit for recursion - -Fixes #1453 ---- - src/common.h.in | 3 +++ - src/xml.c | 12 +++++++++--- - 2 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/common.h.in b/src/common.h.in -index a5bf2b038..624beba9f 100644 ---- a/src/common.h.in -+++ b/src/common.h.in -@@ -53,6 +53,9 @@ - /* how many bytes add when enlarging buffers */ - #define LY_BUF_STEP 128 - -+/* hard limit on recursion for cases with theoretical unlimited recursion */ -+#define LY_RECURSION_LIMIT 10000 -+ - /* internal logging options */ - enum int_log_opts { - ILO_LOG = 0, /* log normally */ -diff --git a/src/xml.c b/src/xml.c -index 1bc4fdfa5..7e4760976 100644 ---- a/src/xml.c -+++ b/src/xml.c -@@ -943,7 +943,8 @@ parse_attr(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml - - /* logs directly */ - struct lyxml_elem * --lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml_elem *parent, int options) -+lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct lyxml_elem *parent, int options, -+ int bt_count) - { - const char *c = data, *start, *e; - const char *lws; /* leading white space for handling mixed content */ -@@ -958,6 +959,11 @@ lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct - - *len = 0; - -+ if (bt_count > LY_RECURSION_LIMIT) { -+ LOGVAL(ctx, LYE_XML_INVAL, LY_VLOG_NONE, NULL, "Recursion limit %d reached", LY_RECURSION_LIMIT); -+ return NULL; -+ } -+ - if (*c != '<') { - return NULL; - } -@@ -1141,7 +1147,7 @@ lyxml_parse_elem(struct ly_ctx *ctx, const char *data, unsigned int *len, struct - lyxml_add_child(ctx, elem, child); - elem->flags |= LYXML_ELEM_MIXED; - } -- child = lyxml_parse_elem(ctx, c, &size, elem, options); -+ child = lyxml_parse_elem(ctx, c, &size, elem, options, bt_count + 1); - if (!child) { - goto error; - } -@@ -1295,7 +1301,7 @@ lyxml_parse_mem(struct ly_ctx *ctx, const char *data, int options) - } - } - -- root = lyxml_parse_elem(ctx, c, &len, NULL, options); -+ root = lyxml_parse_elem(ctx, c, &len, NULL, options, 0); - if (!root) { - goto error; - } else if (!first) { - diff --git a/libyang.spec b/libyang.spec index 55fc807..9eb2bbd 100644 --- a/libyang.spec +++ b/libyang.spec @@ -7,21 +7,16 @@ %endif Name: libyang -Version: 1.0.225 -Release: 4%{?dist} +Version: 2.0.7 +Release: 1%{?dist} Summary: YANG data modeling language library Url: https://github.com/CESNET/libyang Source: %{url}/archive/v%{version}.tar.gz License: BSD -Patch0: libyang-1.0.184-doc.patch -Patch1: libyang-1.0.225-CVE-2021-28902.patch -Patch2: libyang-1.0.225-CVE-2021-28903.patch - -Requires: pcre BuildRequires: cmake BuildRequires: doxygen -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: gcc BuildRequires: valgrind BuildRequires: gcc-c++ @@ -42,30 +37,6 @@ Requires: pcre-devel %package devel-doc Summary: Documentation of libyang API Requires: %{name} = %{version}-%{release} -BuildArch: noarch - -%package -n libyang-cpp -Summary: C++ bindings for libyang -Requires: %{name}%{?_isa} = %{version}-%{release} - -%package -n libyang-cpp-devel -Summary: Development files for libyang-cpp -Requires: libyang-cpp%{?_isa} = %{version}-%{release} -Requires: pcre-devel - -%package -n python3-libyang -Summary: Python3 bindings for libyang -Requires: libyang-cpp%{?_isa} = %{version}-%{release} -%{?python_provide:%python_provide python3-libyang} - -%description -n libyang-cpp -Bindings of libyang library to C++ language. - -%description -n libyang-cpp-devel -Headers of bindings to c++ language. - -%description -n python3-libyang -Bindings of libyang library to python language. %description devel Headers of libyang library. @@ -91,7 +62,7 @@ written (and providing API) in C. -DENABLE_VALGRIND_TESTS=%{run_valgrind_tests} .. %cmake_build mkdir build -cp ./%_target_platform/src/libyang.h ./build/libyang.h +cp ./src/libyang.h ./build/libyang.h pushd %_target_platform make doc popd @@ -111,10 +82,8 @@ cp -r doc/html %{buildroot}/%{_docdir}/libyang/html %{_bindir}/yanglint %{_bindir}/yangre %{_datadir}/man/man1/yanglint.1.gz -%{_datadir}/man/man1/yangre.1.gz -%{_libdir}/libyang.so.1 -%{_libdir}/libyang.so.1.* -%{_libdir}/libyang1 +%{_libdir}/libyang.so.2 +%{_libdir}/libyang.so.2.* %files devel %{_libdir}/libyang.so @@ -125,22 +94,10 @@ cp -r doc/html %{buildroot}/%{_docdir}/libyang/html %files devel-doc %{_docdir}/libyang -%files -n libyang-cpp -%{_libdir}/libyang-cpp.so.1 -%{_libdir}/libyang-cpp.so.1.* - -%files -n libyang-cpp-devel -%{_libdir}/libyang-cpp.so -%{_includedir}/libyang/*.hpp -%{_libdir}/pkgconfig/libyang-cpp.pc -%dir %{_includedir}/libyang/ - -%files -n python3-libyang -%{python3_sitearch}/yang.py -%{python3_sitearch}/_yang.so -%{python3_sitearch}/__pycache__/yang* - %changelog +* Tue Aug 10 2021 Michal Ruprich - 2.0.7-1 +- Resolves: #1991915 - Rebase libyang to new version + * Mon Aug 09 2021 Mohan Boddu - 1.0.225-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index ff4eb17..470802c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.0.225.tar.gz) = 3366df8c2869454b6da456010ca62b538876cba16fa84e1ed9053acca6d7756c15329c0fb8a62477a1887d6c00cce8449f29954b2d2b0e556d81baa11dc9776d +SHA512 (v2.0.7.tar.gz) = edb1d8d372b25ed820fa312e0dc96d4af7c8cd5ddeb785964de73f64774062ea7a5586bb27e2039ad24189d4a2ba04268921ca86e82423fc48647d1d10a2a0a7