From f0656b6111d66381cda45d67f6a3024768d68bb4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Nov 2024 10:33:57 +0000 Subject: [PATCH] import UBI xmlsec1-1.2.29-13.el9 --- SOURCES/0001-resource-leaks.patch | 97 +++++++++++++++++++++++++++++++ SPECS/xmlsec1.spec | 22 ++++++- 2 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 SOURCES/0001-resource-leaks.patch diff --git a/SOURCES/0001-resource-leaks.patch b/SOURCES/0001-resource-leaks.patch new file mode 100644 index 0000000..67190a8 --- /dev/null +++ b/SOURCES/0001-resource-leaks.patch @@ -0,0 +1,97 @@ +diff -up xmlsec1-1.2.29/src/c14n.c.orig xmlsec1-1.2.29/src/c14n.c +--- xmlsec1-1.2.29/src/c14n.c.orig 2024-05-10 13:47:12.698153446 +0200 ++++ xmlsec1-1.2.29/src/c14n.c 2024-05-10 18:30:35.148285625 +0200 +@@ -233,7 +233,10 @@ xmlSecTransformC14NPushXml(xmlSecTransfo + /* we are using a semi-hack here: we know that xmlSecPtrList keeps + * all pointers in the big array */ + nsList = xmlSecTransformC14NGetNsList(transform); +- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); ++ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) { ++ xmlOutputBufferClose(buf); ++ xmlSecAssert2(0, -1); ++ }; + + ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf); + if(ret < 0) { +@@ -297,7 +300,10 @@ xmlSecTransformC14NPopBin(xmlSecTransfor + /* we are using a semi-hack here: we know that xmlSecPtrList keeps + * all pointers in the big array */ + nsList = xmlSecTransformC14NGetNsList(transform); +- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1); ++ if (! xmlSecPtrListCheckId(nsList, xmlSecStringListId)) { ++ xmlOutputBufferClose(buf); ++ xmlSecAssert2(0, -1); ++ } + + ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf); + if(ret < 0) { +@@ -737,4 +743,3 @@ xmlSecTransformId + xmlSecTransformRemoveXmlTagsC14NGetKlass(void) { + return(&xmlSecTransformRemoveXmlTagsC14NKlass); + } +- +diff -up xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig xmlsec1-1.2.29/src/gcrypt/asymkeys.c +--- xmlsec1-1.2.29/src/gcrypt/asymkeys.c.orig 2024-05-10 18:47:45.800368678 +0200 ++++ xmlsec1-1.2.29/src/gcrypt/asymkeys.c 2024-05-13 09:11:08.784351577 +0200 +@@ -186,6 +186,9 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKe + pub_key = NULL; /* data owns it now */ + priv_key = NULL; /* data owns it now */ + ++ /* Adopt functions assume ownership thus the caller would expect this to be released */ ++ gcry_sexp_release(key_pair); ++ + /* success */ + res = 0; + +diff -up xmlsec1-1.2.29/src/parser.c.orig xmlsec1-1.2.29/src/parser.c +--- xmlsec1-1.2.29/src/parser.c.orig 2024-05-10 13:46:59.217160842 +0200 ++++ xmlsec1-1.2.29/src/parser.c 2024-05-10 17:28:22.848994008 +0200 +@@ -368,7 +368,6 @@ xmlDocPtr + xmlSecParseFile(const char *filename) { + xmlParserCtxtPtr ctxt; + xmlDocPtr res = NULL; +- char *directory = NULL; + int ret; + + xmlSecAssert2(filename != NULL, NULL); +@@ -385,23 +384,15 @@ xmlSecParseFile(const char *filename) { + /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */ + + /* todo: set directories from current doc? */ +- if ((ctxt->directory == NULL) && (directory == NULL)) { +- directory = xmlParserGetDirectory(filename); +- if(directory == NULL) { ++ if (ctxt->directory == NULL) { ++ ctxt->directory = xmlParserGetDirectory(filename); ++ if(ctxt->directory == NULL) { + xmlSecXmlError2("xmlParserGetDirectory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlFreeParserCtxt(ctxt); + return(NULL); + } + } +- if ((ctxt->directory == NULL) && (directory != NULL)) { +- ctxt->directory = (char *) xmlStrdup(BAD_CAST directory); +- if(ctxt->directory == NULL) { +- xmlSecStrdupError(BAD_CAST directory, NULL); +- xmlFreeParserCtxt(ctxt); +- return(NULL); +- } +- } + + /* required for c14n! */ + ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; +@@ -559,7 +550,7 @@ xmlSecParseMemory(const xmlSecByte *buff + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; +- } ++ } + xmlFreeParserCtxt(ctxt); + return(NULL); + } +@@ -580,4 +571,3 @@ xmlSecParseMemory(const xmlSecByte *buff + xmlFreeParserCtxt(ctxt); + return(res); + } +- diff --git a/SPECS/xmlsec1.spec b/SPECS/xmlsec1.spec index 04dec6a..65f1579 100644 --- a/SPECS/xmlsec1.spec +++ b/SPECS/xmlsec1.spec @@ -1,7 +1,7 @@ Summary: Library providing support for "XML Signature" and "XML Encryption" standards Name: xmlsec1 Version: 1.2.29 -Release: 9%{?dist}%{?extra_release} +Release: 13%{?dist}%{?extra_release} License: MIT Source0: https://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz URL: http://www.aleksey.com/xmlsec/ @@ -19,6 +19,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: gettext-devel BuildRequires: libtool +Patch0: 0001-resource-leaks.patch %description XML Security Library is a C library based on LibXML2 and OpenSSL. @@ -69,6 +70,7 @@ Libraries, includes, etc. for developing XML Security applications with GCrypt. %package gnutls Summary: GNUTls crypto plugin for XML Security Library Requires: xmlsec1%{?_isa} = %{version}-%{release} +Requires: xmlsec1-gcrypt%{?_isa} = %{version}-%{release} %description gnutls GNUTls plugin for XML Security Library provides GNUTls based crypto services @@ -101,7 +103,7 @@ Requires: xmlsec1-nss%{?_isa} = %{version}-%{release} Libraries, includes, etc. for developing XML Security applications with NSS. %prep -%setup -q +%autosetup -p1 %build autoreconf -vfi @@ -176,6 +178,22 @@ mv %{buildroot}%{_docdir}/xmlsec1/* __tmp_doc %{_libdir}/pkgconfig/xmlsec1-nss.pc %changelog +* Mon May 20 2024 Tomas Halman - 1.2.29-12 +- Fix adopt function the same way as in upstream + Related: RHEL-35381 + +* Fri May 17 2024 Tomas Halman - 1.2.29-12 +- Fix double free in xmlSecGCryptAsymKeyDataGenerate + Related: RHEL-35381 + +* Fri May 17 2024 Tomas Halman - 1.2.29-11 +- Add xmlsec1-gnutls dependency on xmlsec1-gcrypt + Related: RHEL-35381 + +* Mon May 13 2024 Tomas Halman - 1.2.29-10 +- Fix memory leaks found by SAST + Resolves: RHEL-35381 + * Tue Aug 10 2021 Mohan Boddu - 1.2.29-9 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688