Package init

2019-09-30 10:57:07 -04:00 · 2019-09-30 10:57:07 -04:00 · 1bf9447d62
commit 1bf9447d62
4 changed files with 152 additions and 0 deletions
--- a/CVE-2019-1010305.patch
+++ b/CVE-2019-1010305.patch
@ -0,0 +1,41 @@
 Backported of:
 From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001
 From: Stuart Caie <kyzer@cabextract.org.uk>
 Date: Mon, 18 Feb 2019 13:04:58 +0000
 Subject: [PATCH] length checks when looking for control files
 diff --git a/mspack/chmd.c b/mspack/chmd.c
 index 91d926e..4813ccc 100644
 --- a/mspack/chmd.c
 +++ b/mspack/chmd.c
@@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
       if (name[0] == ':' && name[1] == ':') {
 	/* system file */
 -	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
 -	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
 -	    chm->sec1.content = fi;
 -	  }
 -	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
 -	    chm->sec1.control = fi;
 -	  }
 -	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
 -	    chm->sec1.spaninfo = fi;
 -	  }
 -	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
 -	    chm->sec1.rtable = fi;
 -	  }
 +        if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
 +          chm->sec1.content = fi;
 +        }
 +        else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
 +          chm->sec1.control = fi;
 +        }
 +        else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
 +          chm->sec1.spaninfo = fi;
 +        }
 +        else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
 +          chm->sec1.rtable = fi;
 	}
 	fi->next = chm->sysfiles;
 	chm->sysfiles = fi;
--- a/libmspack-0.4alpha-doc.patch
+++ b/libmspack-0.4alpha-doc.patch
@ -0,0 +1,12 @@
 diff -up libmspack-0.4alpha/doc/Doxyfile.in.orig libmspack-0.4alpha/doc/Doxyfile.in
 --- libmspack-0.4alpha/doc/Doxyfile.in.orig	2013-05-28 12:25:42.000000000 +0200
 +++ libmspack-0.4alpha/doc/Doxyfile.in	2013-05-28 17:30:57.000000000 +0200
@@ -10,7 +10,7 @@ SHOW_USED_FILES        = YES
 INPUT                  = @top_srcdir@/mspack/mspack.h
 FULL_PATH_NAMES        = NO
 GENERATE_HTML          = YES
 -HTML_OUTPUT            = .
 +HTML_OUTPUT            = html
 HTML_FILE_EXTENSION    = .html
 HTML_TIMESTAMP         = NO
 GENERATE_HTMLHELP      = NO
--- a/libmspack-v0.7alpha.tar.gz
+++ b/libmspack-v0.7alpha.tar.gz
--- a/libmspack.spec
+++ b/libmspack.spec
@ -0,0 +1,99 @@
 Name:           libmspack
 Version:        0.7
 Release:        0.1.4
 Summary:        Library for CAB and related files compression and decompression
 License:        LGPLv2.1
 URL:            http://www.cabextract.org.uk/libmspack/
 Source0:        https://github.com/kyz/libmspack/archive/v0.7alpha/%{name}-v0.7alpha.tar.gz
 Patch0:         %{name}-0.4alpha-doc.patch
 Patch6000:	CVE-2019-1010305.patch
 BuildRequires:  doxygen gcc autoconf automake libtool
 %description
 The purpose of libmspack is to provide both compression and decompression of
 some loosely related file formats used by Microsoft.
 %package        devel
 Summary:        Development files for %{name}
 Requires:       %{name} = %{version}-%{release}
 %description    devel
 The %{name}-devel package contains libraries, header files and documentation
 for developing applications that use %{name}.
 %package        help
 Summary:        Help documents for %{name}
 Obsoletes:      %{name}-doc < 0.2
 %description    help
 The %{name}-help package contains README, TODO, COPYING.LIB, ChangeLog, AUTHORS
 and documentation for %{name}.
 %prep
 %autosetup -n %{name}-%{version}alpha/libmspack -p1
 chmod a-x mspack/mspack.h
 autoreconf -i
 %build
 CFLAGS="%{optflags} -fno-strict-aliasing" \
 %configure --disable-silent-rules --disable-static
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 make %{?_smp_mflags}
 %install
 make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
 iconv -f ISO_8859-1 -t utf8 ChangeLog --output Changelog.utf8
 touch -r ChangeLog Changelog.utf8
 mv Changelog.utf8 ChangeLog
 cd doc
 doxygen
 find html -type f | xargs touch -r %{SOURCE0}
 rm -f html/installdox
 cd ..
 %files
 %{_libdir}/%{name}.so.*
 %{_bindir}/*
 %doc COPYING.LIB
 %exclude %{_libdir}/libmspack.la
 %files devel
 %{_includedir}/mspack.h
 %{_libdir}/%{name}.so
 %{_libdir}/pkgconfig/%{name}.pc
 %files help
 %doc README TODO ChangeLog AUTHORS
 %doc doc/html
 %changelog
 * Mon Aug 12 2019 zhuguodong <zhuguodong7@huawei.com> - 0.7-0.1.4
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC: revert openeuler debranding
 * Fri Aug 02 2019 liujing<liujing144@huawei.com> - 0.7-0.1.3
 - Type:cves
 - ID:CVE-2019-1010305
 - SUG:restart
 - DESC:fix CVE-2019-1010305
 * Thu Aug 01 2019 zhuguodong <zhuguodong7@huawei.com> - 0.7-0.1.2
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC: openEuler Debranding
 * Wed Aug 01 2018 openEuler Buildteam <buildteam@openeuler.org> - 0.7-0.1.1
 - Package init