Browse Source

gcap package update

Signed-off-by: guibuilder_pel7x64builder0 <guibuilder@powerel.org>
master
guibuilder_pel7x64builder0 6 years ago
parent
commit
d177426528
  1. 47
      SOURCES/0001-Do-not-crash-when-ncbytes-is-larger-than-the-buffer-.patch
  2. 53
      SOURCES/0001-Fix-a-few-Dereference-of-null-pointer-warnings.patch
  3. 30
      SOURCES/0002-Always-check-the-return-value-when-writing-to-the-st.patch
  4. 29
      SOURCES/0003-Fix-a-theoretical-crash-when-building-the-table-entr.patch
  5. 27
      SOURCES/0004-Fix-buffer-overrun-when-generating-Huffman-codes.patch
  6. 157
      SPECS/gcab.spec

47
SOURCES/0001-Do-not-crash-when-ncbytes-is-larger-than-the-buffer-.patch

@ -0,0 +1,47 @@ @@ -0,0 +1,47 @@
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index a675d1b..9847f1c 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -460,18 +460,38 @@ cdata_read (cdata_t *cd, u1 res_data, gint comptype,
gboolean success = FALSE;
int ret, zret = Z_OK;
gint compression = comptype & GCAB_COMPRESSION_MASK;
- guint8 *buf = compression == GCAB_COMPRESSION_NONE ? cd->out : cd->in;
+ gsize buf_sz;
+ guint8 *buf = NULL;
CHECKSUM datacsum;
- if (compression > GCAB_COMPRESSION_MSZIP &&
- compression != GCAB_COMPRESSION_LZX) {
+ /* decompress directly into ->out for no decompression */
+ switch (compression) {
+ case GCAB_COMPRESSION_NONE:
+ buf = cd->out;
+ buf_sz = sizeof(cd->out);
+ break;
+ case GCAB_COMPRESSION_MSZIP:
+ case GCAB_COMPRESSION_LZX:
+ buf = cd->in;
+ buf_sz = sizeof(cd->in);
+ break;
+ default:
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
_("unsupported compression method %d"), compression);
- return FALSE;
+ break;
}
+ if (buf == NULL)
+ return FALSE;
R4 (cd->checksum);
R2 (cd->ncbytes);
+ if (cd->ncbytes > buf_sz) {
+ g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
+ "tried to decompress %" G_GUINT16_FORMAT " bytes "
+ "into buffer of size %" G_GSIZE_FORMAT,
+ cd->ncbytes, buf_sz);
+ return FALSE;
+ }
R2 (cd->nubytes);
cd->reserved = g_malloc (res_data);
RN (cd->reserved, res_data);

53
SOURCES/0001-Fix-a-few-Dereference-of-null-pointer-warnings.patch

@ -0,0 +1,53 @@ @@ -0,0 +1,53 @@
From 411ce03bdeddd7cbf69cb7c68845c99908657bf9 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 1 Mar 2017 16:39:27 +0000
Subject: [PATCH 1/4] Fix a few 'Dereference of null pointer' warnings

---
libgcab/cabinet.c | 2 +-
libgcab/gcab-cabinet.c | 2 +-
libgcab/gcab-folder.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index 1fa2af8..4df9024 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -562,7 +562,7 @@ end:
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
"zlib failed: %s", zError (zret));
- if (!*error && !success)
+ if (error != NULL && *error == NULL && !success)
g_set_error (error, GCAB_ERROR, GCAB_ERROR_FAILED,
"Invalid cabinet chunk");
diff --git a/libgcab/gcab-cabinet.c b/libgcab/gcab-cabinet.c
index e81b052..a6cc4f0 100644
--- a/libgcab/gcab-cabinet.c
+++ b/libgcab/gcab-cabinet.c
@@ -257,7 +257,7 @@ gcab_cabinet_write (GCabCabinet *self,
g_clear_object (&in);
in = G_INPUT_STREAM (g_file_read (file->file, cancellable, error));
- if (*error)
+ if (in == NULL)
goto end;
while ((len = g_input_stream_read (in,
diff --git a/libgcab/gcab-folder.c b/libgcab/gcab-folder.c
index e724097..dc33b6a 100644
--- a/libgcab/gcab-folder.c
+++ b/libgcab/gcab-folder.c
@@ -240,7 +240,7 @@ gcab_folder_add_file (GCabFolder *self, GCabFile *file,
g_return_val_if_fail (G_IS_FILE (gfile), FALSE);
GFileInfo *info = g_file_query_info (gfile, FILE_ATTRS, 0, NULL, error);
- if (*error)
+ if (info == NULL)
return FALSE;
success = add_file_info (self, file, info,
--
2.9.3

30
SOURCES/0002-Always-check-the-return-value-when-writing-to-the-st.patch

@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
From 4d2c600f54d2f00d1604aaeb20e2285e9ab0cad9 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 1 Mar 2017 16:40:05 +0000
Subject: [PATCH 2/4] Always check the return value when writing to the stream

---
libgcab/cabinet.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index 4df9024..a675d1b 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -190,9 +190,10 @@ cheader_write (cheader_t *ch, GDataOutputStream *out,
return FALSE;
if (ch->flags & CABINET_HEADER_RESERVE) {
- W2 (ch->res_header);
- W1 (ch->res_folder);
- W1 (ch->res_data);
+ if (!W2 (ch->res_header) ||
+ !W1 (ch->res_folder) ||
+ !W1 (ch->res_data))
+ return FALSE;
if (g_output_stream_write (stream, ch->reserved, ch->res_header,
cancellable, error) == -1)
return FALSE;
--
2.9.3

29
SOURCES/0003-Fix-a-theoretical-crash-when-building-the-table-entr.patch

@ -0,0 +1,29 @@ @@ -0,0 +1,29 @@
From 42c5e4f6d227b0dcee7e01702e9338f15dfa1568 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 1 Mar 2017 17:02:05 +0000
Subject: [PATCH 3/4] Fix a theoretical crash when building the table entries

I can't actually see a way to construct the ZIPstate with no tables, but this
at least this stops Coverity complaining.
---
libgcab/decomp.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/libgcab/decomp.c b/libgcab/decomp.c
index cce368e..52445e8 100644
--- a/libgcab/decomp.c
+++ b/libgcab/decomp.c
@@ -248,6 +248,10 @@ struct Ziphuft **t, cab_LONG *m, fdi_decomp_state *decomp_state)
i ^= j;
i ^= j;
+ /* no tables */
+ if (h < 0)
+ return 2; /* corrupt */
+
/* backup over finished tables */
while ((i & ((1 << w) - 1)) != ZIP(x)[h])
w -= l[--h]; /* don't need to update q */
--
2.9.3

27
SOURCES/0004-Fix-buffer-overrun-when-generating-Huffman-codes.patch

@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
From 42a8b8af21af24bb35548bcd2499c792d1a8c1a3 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 1 Mar 2017 17:15:10 +0000
Subject: [PATCH 4/4] Fix buffer overrun when generating Huffman codes

---
libgcab/decomp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libgcab/decomp.c b/libgcab/decomp.c
index 52445e8..3ee8f9b 100644
--- a/libgcab/decomp.c
+++ b/libgcab/decomp.c
@@ -190,7 +190,9 @@ struct Ziphuft **t, cab_LONG *m, fdi_decomp_state *decomp_state)
xp = ZIP(c) + k;
while (++j < z) /* try smaller tables up to z bits */
{
- if ((f <<= 1) <= *++xp)
+ if (*++xp > ZIPBMAX)
+ return 2; /* corrupt */
+ if ((f <<= 1) <= *xp)
break; /* enough codes to use up j bits */
f -= *xp; /* else deduct codes from patterns */
}
--
2.9.3

157
SPECS/gcab.spec

@ -0,0 +1,157 @@ @@ -0,0 +1,157 @@
Name: gcab
Version: 0.7
Release: 4%{?dist}
Summary: Cabinet file library and tool

License: LGPLv2+
#VCS: git:git://git.gnome.org/gcab
URL: http://ftp.gnome.org/pub/GNOME/sources/gcab
Source0: http://ftp.gnome.org/pub/GNOME/sources/gcab/%{version}/%{name}-%{version}.tar.xz

# Already upstream
Patch1: 0001-Fix-a-few-Dereference-of-null-pointer-warnings.patch
Patch2: 0002-Always-check-the-return-value-when-writing-to-the-st.patch
Patch3: 0003-Fix-a-theoretical-crash-when-building-the-table-entr.patch
Patch4: 0004-Fix-buffer-overrun-when-generating-Huffman-codes.patch
Patch5: 0001-Do-not-crash-when-ncbytes-is-larger-than-the-buffer-.patch

BuildRequires: intltool
BuildRequires: vala-tools
BuildRequires: glib2-devel
BuildRequires: gobject-introspection-devel
BuildRequires: zlib-devel

Requires: libgcab1%{?_isa} = %{version}-%{release}

%description
gcab is a tool to manipulate Cabinet archive.

%package -n libgcab1
Summary: Library to create Cabinet archives

%description -n libgcab1
libgcab is a library to manipulate Cabinet archive using GIO/GObject.

%package -n libgcab1-devel
Summary: Development files to create Cabinet archives
Requires: libgcab1%{?_isa} = %{version}-%{release}
Requires: glib2-devel
Requires: pkgconfig

%description -n libgcab1-devel
libgcab is a library to manipulate Cabinet archive.

Libraries, includes, etc. to compile with the gcab library.

%prep
%setup -q
%patch1 -p1 -b .coverity1
%patch2 -p1 -b .coverity2
%patch3 -p1 -b .coverity3
%patch4 -p1 -b .coverity4
%patch5 -p1 -b .cve20185345

%build
%configure --disable-silent-rules --disable-static
make %{?_smp_mflags}

%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install

rm -f %{buildroot}%{_libdir}/*.a
rm -f %{buildroot}%{_libdir}/*.la

%find_lang %{name}

%post -n libgcab1 -p /sbin/ldconfig
%postun -n libgcab1 -p /sbin/ldconfig

%files
%doc COPYING NEWS
%{_bindir}/gcab
%{_mandir}/man1/gcab.1*

%files -n libgcab1 -f %{name}.lang
%doc COPYING NEWS
%{_libdir}/girepository-1.0/GCab-1.0.typelib
%{_libdir}/libgcab-1.0.so.*

%files -n libgcab1-devel
%{_datadir}/gir-1.0/GCab-1.0.gir
%{_datadir}/gtk-doc/html/gcab/*
%{_datadir}/vala/vapi/libgcab-1.0.vapi
%{_includedir}/libgcab-1.0/*
%{_libdir}/libgcab-1.0.so
%{_libdir}/pkgconfig/libgcab-1.0.pc

%changelog
* Wed Feb 14 2018 Richard Hughes <rhughes@redhat.com> - 0.7-4
- Fixes the security issue known as CVE-2018-5345
- Resolves: #1533174

* Mon Mar 06 2017 Richard Hughes <rhughes@redhat.com> - 0.7-3
- Fix some more bugs spotted by coverity and RPMDiff.
- Resolves: #1388476

* Thu Mar 02 2017 Richard Hughes <rhughes@redhat.com> - 0.7-2
- Fix some bugs spotted by coverity and RPMDiff.
- Resolves: #1388476

* Wed Mar 09 2016 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.7-1
- 0.7 release update.

* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.6-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Dec 01 2015 Fabiano Fidêncio <fidencio@redhat.com> - 0.6-5
- Bump NVR and rebuild due to a mistakenly deleted build

* Thu Jul 30 2015 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6-4
- Fix wrong file modification date when creating cab.

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Mon Mar 23 2015 Kalev Lember <kalevlember@gmail.com> - 0.6-2
- Pull in the base library package when installing -devel

* Tue Mar 17 2015 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.6-1
- Update to upstream release v0.6

* Tue Jan 06 2015 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4-7
- Avoid directory traversal CVE-2015-0552. rhbz#1179126

* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 0.4-5
- Rebuilt for gobject-introspection 1.41.4

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Tue Feb 12 2013 Simone Caronni <negativo17@gmail.com> - 0.4-2
- Removed rpm 4.5 macros/tags, it cannot be built with the vala in el5/el6.
- Removed redundant requirement on libgcab1%%{_isa}, added automatically by rpm.

* Fri Feb 8 2013 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.4-1
- Update to upstream v0.4.

* Fri Feb 8 2013 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.3-3
- Align more fields.
- Use double percentage in comment.
- Include COPYING file in gcab package too.

* Fri Feb 8 2013 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.3-2
- Untabify.
- Use %%{buildroot} consitantly.
- Do not use -1.0 in package names.
- Add more tags based on the el5 spec template.
- Re-add --enable-fast-install trick, to make gcab relink.

* Sun Jan 26 2013 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.3-1
- Initial package (rhbz#895757)
Loading…
Cancel
Save