Package init

2019-09-30 10:55:13 -04:00 · 2019-09-30 10:55:13 -04:00 · a7eb244438
commit a7eb244438
3 changed files with 268 additions and 0 deletions
--- a/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch
+++ b/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch
@ -0,0 +1,91 @@
+From e3a5d056633677959ad924a51758876d415e7046 Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <rschiron@redhat.com>
+Date: Mon, 21 Jan 2019 18:11:42 +0100
+Subject: [PATCH] Fix UAF in comps_objmrtree_unite function
+
+The added field is not used at all in many places and it is probably the
+left-over of some copy-paste.
+
+Signed-off-by: root <root@localhost.localdomain>
+---
+ libcomps/src/comps_mradix.c    | 2 --
+ libcomps/src/comps_objmradix.c | 2 --
+ libcomps/src/comps_objradix.c  | 2 --
+ libcomps/src/comps_radix.c     | 1 -
+ 4 files changed, 7 deletions(-)
+
+diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c
+index 8ef9640..dfdee8e 100644
+--- a/libcomps/src/comps_mradix.c
+++ b/libcomps/src/comps_mradix.c
+@@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
+     struct Pair {
+         COMPS_HSList * subnodes;
+         char * key;
+-        char added;
+     } *pair, *parent_pair;
+ 
+     pair = malloc(sizeof(struct Pair));
+@@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) {
+         parent_pair = (struct Pair*) it->data;
+         free(it);
+ 
+-        pair->added = 0;
+         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+             pair = malloc(sizeof(struct Pair));
+             pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c
+index 9a2038b..22ad262 100644
+--- a/libcomps/src/comps_objmradix.c
+++ b/libcomps/src/comps_objmradix.c
+@@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
+     struct Pair {
+         COMPS_HSList * subnodes;
+         char * key;
+-        char added;
+     } *pair, *parent_pair;
+ 
+     pair = malloc(sizeof(struct Pair));
+@@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) {
+         parent_pair = (struct Pair*) it->data;
+         free(it);
+ 
+-        pair->added = 0;
+         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+             pair = malloc(sizeof(struct Pair));
+             pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c
+index c657b75..840592a 100644
+--- a/libcomps/src/comps_objradix.c
+++ b/libcomps/src/comps_objradix.c
+@@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
+     struct Pair {
+         COMPS_HSList * subnodes;
+         char * key;
+-        char added;
+     } *pair, *parent_pair;
+ 
+     pair = malloc(sizeof(struct Pair));
+@@ -711,7 +711,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) {
+         //printf("key-part:%s\n", parent_pair->key);
+         free(it);
+ 
+-        //pair->added = 0;
+         for (it = tmp_subnodes->first; it != NULL; it=it->next) {
+             pair = malloc(sizeof(struct Pair));
+             pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes;
+diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c
+index ada4fda..05dcaf2 100644
+--- a/libcomps/src/comps_radix.c
+++ b/libcomps/src/comps_radix.c
+@@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) {
+     struct Pair {
+         COMPS_HSList * subnodes;
+         char * key;
+-        char added;
+     } *pair, *parent_pair;
+ 
+     pair = malloc(sizeof(struct Pair));
+-- 
+2.19.1
+
--- a/libcomps-0.1.8.tar.gz
+++ b/libcomps-0.1.8.tar.gz
--- a/libcomps.spec
+++ b/libcomps.spec
@ -0,0 +1,177 @@
+%define with_python2 1
+%define with_python3 1
+
+Name:           libcomps
+Version:        0.1.8
+Release:        19
+Summary:        Comps XML file manipulation library
+License:        GPLv2+
+URL:            https://github.com/rpm-software-management/libcomps
+Source0:        %{url}/archive/%{name}-%{version}/%{name}-%{version}.tar.gz
+
+Patch6000:      CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch
+
+BuildRequires:  gcc cmake zlib-devel libxml2-devel check-devel expat-devel
+
+%description
+Libcomps is library for structure-like manipulation with content of
+comps XML files. Supports read/write XML file, structure(s) modification.
+
+%package        devel
+Summary:        Development files for libcomps library
+Requires:       %{name} = %{version}-%{release}
+%description    devel
+Development files for libcomps library.
+
+%package        help
+Summary:        Documentation files for libcomps library
+Requires:       %{name} = %{version}-%{release}
+BuildArch:      noarch
+%if %{with_python2}
+BuildRequires:  python2-sphinx
+%else
+BuildRequires:  python3-sphinx
+%endif
+BuildRequires:  doxygen
+
+%description    help
+Documentation files for libcomps library and python bindings libcomps library.
+
+%if %{with_python2}
+%package -n     python2-%{name}
+Summary:        Python 2 bindings for libcomps library
+%{?python_provide:%python_provide python2-%{name}}
+BuildRequires:  python2-devel
+Requires:       %{name} = %{version}-%{release}
+%description -n python2-%{name}
+Python 2 bindings for libcomps library.
+%endif
+
+%if %{with_python3}
+%package -n     python3-%{name}
+Summary:        Python 3 bindings for libcomps library
+BuildRequires:  python3-devel
+%{?python_provide:%python_provide python3-%{name}}
+Requires:       %{name} = %{version}-%{release}
+Obsoletes:      platform-python-%{name} < %{version}-%{release}
+%description -n python3-%{name}
+Python3 bindings for libcomps library.
+%endif
+
+%prep
+%autosetup -n %{name}-%{name}-%{version} -p1
+
+%build
+%if %{with_python2}
+mkdir build-py2
+pushd build-py2
+%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=2
+%make_build
+popd
+%endif
+
+%if %{with_python2}
+mkdir build-py3
+pushd build-py3
+%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=3
+%make_build
+popd
+%endif
+
+mkdir build-doc
+pushd build-doc
+%if %{with_python2}
+%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=2
+%else
+%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=3
+%endif
+make %{?_smp_mflags} docs
+make %{?_smp_mflags} pydocs
+popd
+
+%install
+%if %{with_python2}
+pushd build-py2
+%make_install
+popd
+%endif
+
+
+%if %{with_python3}
+pushd build-py3
+%make_install
+popd
+%endif
+
+%check
+%if %{with_python2}
+pushd build-py2
+make test
+make pytest
+popd
+%endif
+
+%if %{with_python3}
+pushd build-py3
+make test
+make pytest
+popd
+%endif
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%license COPYING
+%doc README.md
+%{_libdir}/%{name}.so.*
+
+%files devel
+%{_libdir}/%{name}.so
+%{_includedir}/%{name}/
+
+%files help
+%doc build-doc/docs/libcomps-doc/html
+%doc build-doc/src/python/docs/html
+
+%if %{with_python2}
+%files -n python2-%{name}
+%{python2_sitearch}/%{name}/
+%endif
+
+%if %{with_python3}
+%files -n python3-%{name}
+%{python3_sitearch}/%{name}/
+%endif
+
+%changelog
+* Wed Sep 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.1.8-18
+- del requires
+
+* Tue Sep 24 2019 shenyangyang<shenyangyang4@huawei.com> - 0.1.8-18
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:revise help package
+
+* Thu Aug 22 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.1.8-17
+- Type:NA
+- ID:NA
+- SUG:NA
+- DESC:rewrite spec file
+
+* Wed Aug 21 2019 Zhipeng Xie <xiezhipeng1@huawei.com> - 0.1.8-16
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:modify patch name
+
+* Mon Jun 3 2019 gaoyi <gaoyi15@huawei.com> - 0.1.8-15
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:CVE for libcomps
+       https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046
+
+* Fri Jul 13 2018 openEuler Buildteam <buildteam@openeuler.org> - 0.1.8-14
+- Package init