Hello community,
here is the log from the commit of package libical.15271 for
openSUSE:Leap:15.1:Update checked in at 2020-12-09 14:13:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/libical.15271 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.libical.15271.new.2328 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libical.15271"
Wed Dec 9 14:13:44 2020 rev:1 rq:853671 version:2.0.0
Changes:
--------
New Changes file:
--- /dev/null 2020-12-09 01:05:43.965003977 +0100
+++ /work/SRC/openSUSE:Leap:15.1:Update/.libical.15271.new.2328/libical.changes
2020-12-09 14:13:45.770868937 +0100
@@ -0,0 +1,388 @@
+-------------------------------------------------------------------
+Tue Nov 17 18:49:00 UTC 2020 - Michael Gorse <mgo...@suse.com>
+
+- Add libical-read-v2-v3-data.patch: correctly read slim timezone
+ data (bsc#1178412).
+
+-------------------------------------------------------------------
+Mon Jun 19 19:54:50 UTC 2017 - mgo...@suse.com
+
+- Add fixes for various crashes:
+ libical-boo986631-read-past-end.patch
+ libical-boo986631-check-prev-char.patch
+ libical-parser-sanity-check.patch
+ libical-timezone-use-after-free.patch
+ libical-boo1015964-use-after-free.patch
+ Fixes boo#986631 (CVE-2016-5827), boo#986639 (CVE-2016-5824),
+ boo#1015964 (CVE-2016-9584), and boo#1044995.
+
+-------------------------------------------------------------------
+Mon Oct 3 08:38:07 UTC 2016 - jeng...@inai.de
+
+- Add 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch
+
+-------------------------------------------------------------------
+Thu Sep 29 14:06:35 UTC 2016 - jeng...@inai.de
+
+- Fix wrong baselibs provides
+
+-------------------------------------------------------------------
+Fri Sep 9 07:36:22 UTC 2016 - zai...@opensuse.org
+
+- Add pkgconfig(icu-i18n) BuildRequires: Build the new RSCALE
+ support.
+
+-------------------------------------------------------------------
+Thu Jul 21 07:42:45 UTC 2016 - dims...@opensuse.org
+
+- Update to version 2.0.0:
+ + Lots of source code scrubbing.
+ + RSCALE support (requires libicu).
+ + CalDAV attachment support (draft-daboo-caldav-attachments).
+ + Resurrect the Berkeley DB storage support.
+ + Incorrect recurrence generation for weekly pattern
+ (gh#libical/libical#83)
+ + Handle RRULEs better.
+ + Handle threading better.
+- Drop reproducible-generator.patch: fixed upstream.
+- Bump sonum to 2, following upstream (also update baselibs.conf).
+
+-------------------------------------------------------------------
+Thu Apr 14 15:11:40 UTC 2016 - mgo...@suse.com
+
+- Update to GNOME 3.20 Fate#318572
+- Drop libical-sle12-abi.patch:
+ use standard libical 1.0.1 ABI for SP2.
+
+-------------------------------------------------------------------
+Tue Feb 3 19:04:34 UTC 2015 - co...@suse.com
+
+- add reproducible-generator.patch from debian bug report to
+ get reproducible builds (and predicatable API actually)
+
+-------------------------------------------------------------------
+Fri Dec 26 20:45:25 UTC 2014 - badshah...@gmail.com
+
+- Update to version 1.0.1:
+ + Bug fixes:
+ - issue74: Do not escape double quote character
+ - issue80,issue92: fix crashes using
+ icaltimezone_load_builtin_timezone() recursively
+ - Fix icalcomponent_foreach_recurrence() and large durations
+ between recurrences (e.g. FREQ=YEARLY)
+ - Properly handle UTCOFFSETs of the form +/-00mmss
+ - Properly skip bogus dates (e.g. 2/30, 4/31) in
+ RRULE:FREQ=MONTHLY
+ - Properly handle RRULE:FREQ=MONTHLY;BYDAY;BYMONTHDAY when
+ DTSTART isn't on BYDAY
+ - Fix RRULE:FREQ=YEARLY;BYDAY;BYWEEKNO - MUST use ISO weeks
+ - Properly skip bogus dates (e.g. 2/29) in
+ RRULE:FREQ=YEARLY[;BYMONTH][;BYMONTHDAY]
+ + Build fixes/features:
+ - Autotools build system is removed
+ - CMake version 2.8.9 (or higher) is required (was CMake
+ version 2.4.0)
+ - Add new -DSHARED_ONLY and -DSTATIC_ONLY CMake options
+ - Remove -DSTATIC_LIBRARY CMake option
+ - MSYS2 builds (fixed instructions)
+ - Now can build api documentation with make docs
+ + Update tzdata to version 2014g
+ + Support added for schedule params: agent, status, force-send
+ + Added a UID to the VFREEBUSY component
+ + Allow dates > 2038 if sizeof(time_t) > 4
+ + Add properties from draft-ietf-tzdist-service
+ + Add support for RRULE:FREQ=YEARLY;BYDAY;BYYEARDAY and fixed
+ RRULE:FREQ=YEARLY;BYYEARDAY with negative days
+ + More regression tests added, in particular for recurrence
+ + Almost all compile warnings silenced
+ + A bunch of Coverity Scan warnings silenced
+ + Package cmake macros installed by package.
+- Add libical-sle12-abi.patch:
+ use enum values used in prior SLE12 package, for ABI
+ compatibility (bsc#954161).
+- Drop 941609-typo-fix_icaltime_days_in_year.patch:
+ fixed upstream (bsc#941609).
+
+-------------------------------------------------------------------
+Thu Oct 20 08:31:46 UTC 2014 - cxi...@suse.com
+
+- Add 941609-typo-fix_icaltime_days_in_year.patch:
+ Typo fix "icaltime_days_in_year". This bug doesn't affect any
+ functionality of SLE-12, backport for code correctness and
+ completeness (bsc#941609).
+
+-------------------------------------------------------------------
+Fri Sep 26 05:25:01 UTC 2014 - co...@suse.com
+
+- disable parallel build, too unreliable
+
+-------------------------------------------------------------------
+Thu Sep 18 08:28:26 UTC 2014 - jeng...@inai.de
+
+- Use %cmake macros so that %optflags reliably lands on the build
+ command lines
+- Improve on RPM group classification
+- Drop strange Recommends: from libical-doc to libical1
+ (the latter does not offer any directly-usable feature when
+ the docs are installed).
+- Documentation subpackage should be noarch
+
+-------------------------------------------------------------------
+Sat Jun 15 20:38:04 UTC 2013 - sch...@linux-m68k.org
+
+- Build with %{optflags}
+
+-------------------------------------------------------------------
+Sun Jun 9 09:18:41 UTC 2013 - toddrme2...@gmail.com
+
+- New 1.x package.
+ This version uses the cmake build system
+- Add devel-static subpackage
+- Remove unneeded buildrequires
+- Changed license from MPL-1.1 to MPL-1.0. That is the license
+ listed in the COPYING file and the headers.
+- Removed scripts directory from documentation. Putting perl
+ files in the documentation directory is apparently no longer
+ allowed.
+- Ran spec-cleaner
+
+-------------------------------------------------------------------
+Sat Jan 28 18:37:35 UTC 2012 - jeng...@medozas.de
+
+- Changed: The -devel subpackage should require the lib package,
+ not the main one
+
+-------------------------------------------------------------------
+Sat Jan 28 17:40:52 UTC 2012 - tabra...@novell.com
+
+- Update to version 0.48
+ + Allow duration specifications containing week along with day
+ and time. even though this is against the RFC, but apparently
+ we generate such durations so we need to be able to read them
+ back. + handle the case of the ATTACH type be explicitly set
+ to URI + added a lock to avoid threading problems when
+ icaltimezone_parse_zone_tab is called on multiple threads
+ + bugfixes
+- removed patches deprecated by this release:
+ - libical-0.46-fix-race.patch
+ - libical-0.46-fix-fatal-error-macro-usage.patch
+ - libical-0.46-fix-endless-loop.patch
+
+-------------------------------------------------------------------
+Mon Jan 23 17:50:24 UTC 2012 - cdenic...@suse.com
+
+- license update: MPL-1.1 or LGPL-2.1
+ is a dual license: MPL-1.1 or LGPL-2.1
+
+-------------------------------------------------------------------
+Thu Jan 12 11:30:43 UTC 2012 - co...@suse.com
+
+- change license to be in spdx.org format
+
+-------------------------------------------------------------------
+Sun Nov 20 20:10:20 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+
+-------------------------------------------------------------------
+Sat Nov 19 15:58:14 UTC 2011 - co...@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Fri Mar 11 20:04:22 UTC 2011 - g...@opensuse.org
+
+- update to version 0.46
+ + allow control over how components, properties and parameters
+ with unknown names are handled
++++ 191 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.1:Update/.libical.15271.new.2328/libical.changes
New:
----
0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch
baselibs.conf
libical-2.0.0.tar.gz
libical-boo1015964-use-after-free.patch
libical-boo986631-check-prev-char.patch
libical-boo986631-read-past-end.patch
libical-parser-sanity-check.patch
libical-read-v2-v3-data.patch
libical-timezone-use-after-free.patch
libical.changes
libical.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libical.spec ++++++
#
# spec file for package libical
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: libical
Version: 2.0.0
Release: 0
%define sonum 2
Summary: An Implementation of Basic iCAL Protocols
License: MPL-1.0 or LGPL-2.1
Group: Development/Libraries/C and C++
Url: http://sourceforge.net/projects/freeassociation/
#Git-Clone: https://github.com/libical/libical
Source:
https://github.com/libical/libical/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch1: 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch
# PATCH-FIX-UPSTREAM libical-boo986631-read-past-end.patch boo#986631
mgo...@suse.com -- fix for reading passed end of string (CVE-2016-5827)
Patch2: libical-boo986631-read-past-end.patch
# PATCH-FIX-UPSTREAM libical-boo986631-check-prev-char.patch boo#986631
mgo...@suse.com -- make sure we have a prev_char before checking it
Patch3: libical-boo986631-check-prev-char.patch
# PATCH-FIX-UPSTREAM libical-parser-sanity-check.patch mgo...@suse.com --
sanity check value parameter against what is allowed.
Patch4: libical-parser-sanity-check.patch
# PATCH-FIX-UPSTREAM libical-timezone-use-after-free.patch
mgo...@suse.com -- fix use after free in fetch_lat_long_from_string
Patch5: libical-timezone-use-after-free.patch
# PATCH-FIX-UPSTREAM libical-boo1015964-use-after-free.patch boo#986639
boo#1015984 mgo...@suse.com -- copy reqstattype's debug string into its own
memory (CVE-2016-5824 CVE-2016-9584).
Patch6: libical-boo1015964-use-after-free.patch
# PATCH-FIX-UPSTREAM libical-read-v2-v3-data.patch boo#1178412 mgo...@suse.com
-- correctly read slim timezone data.
Patch7: libical-read-v2-v3-data.patch
BuildRequires: cmake >= 2.4
BuildRequires: gcc-c++
BuildRequires: pkg-config
BuildRequires: pkgconfig(icu-i18n)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Libical is an open source implementation of the IETF's iCalendar
calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It
parses iCal components and provides a C API for manipulating the
component properties, parameters, and subcomponents.
%package -n %{name}%{sonum}
Summary: An Implementation of Basic iCAL Protocols
Group: System/Libraries
Provides: %{name} = %{version}
Obsoletes: %{name} < %{version}
%description -n %{name}%{sonum}
Libical is an open source implementation of the IETF's iCalendar
calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It
parses iCal components and provides a C API for manipulating the
component properties, parameters, and subcomponents.
%package devel
Summary: Development files for libical, an implementation of basic iCAL
protocols
Group: Development/Libraries/C and C++
Requires: %{name}%{sonum} = %{version}
%description devel
Libical is an Open Source implementation of the IETF's iCalendar
Calendaring and Scheduling protocols. (RFC 2445, 2446, and 2447). It
parses iCal components and provides a C API for manipulating the
component properties, parameters, and subcomponents.
%package devel-static
Summary: Additional static library for development with libical
Group: Development/Libraries/C and C++
Requires: %{name}-devel = %{version}
%description devel-static
Libical is an Open Source implementation of the IETF's iCalendar
Calendaring and Scheduling protocols. (RFC 2445, 2446, and 2447). It
parses iCal components and provides a C API for manipulating the
component properties, parameters, and subcomponents.
%package doc
Summary: Example source code for libical-using programs
Group: Documentation/Other
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description doc
Libical is an open source implementation of the IETF's iCalendar
calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It
parses iCal components and provides a C API for manipulating the
component properties, parameters, and subcomponents.
%prep
%setup -q
%patch -P 1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
%cmake
make -j1
%install
%cmake_install
rm examples/CMakeLists.txt
%post -n %{name}%{sonum} -p /sbin/ldconfig
%postun -n %{name}%{sonum} -p /sbin/ldconfig
%files -n %{name}%{sonum}
%defattr(-,root,root)
%doc AUTHORS ReadMe.txt ReleaseNotes.txt COPYING LICENSE TEST THANKS TODO
%{_libdir}/*.so.*
%files devel
%defattr(-,root,root)
%{_libdir}/*.so
%{_libdir}/pkgconfig/libical.pc
%{_includedir}/libical/
%{_libdir}/cmake/LibIcal/
%files devel-static
%defattr(-,root,root)
%{_libdir}/*.a
%files doc
%defattr(-,root,root)
%doc doc/*.txt
%doc examples/
%changelog
++++++ 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch ++++++
From 101a29ef57341a786012eb07dcfcec5c597f4493 Mon Sep 17 00:00:00 2001
X-Backport: Rediff for 2.0.0
From: Jan Engelhardt <jeng...@inai.de>
Date: Mon, 3 Oct 2016 10:25:00 +0200
Subject: [PATCH] build: ICU must appear as Requires in pkgconfig
References: https://github.com/libical/libical/pull/244
libical.pc specifies -licu-i18n in its Libs: field,
but no Requires: icu-i18n. As a result, the automatic dependency
generator in Linux distributions won't see the ICU requirement,
won't install it, and builds of secondary software fails.
$ gcc icalthing.c `pkg-config libical --cflags --libs`
[...]
gcc: error: /usr/lib64/libicuuc.so: No such file or directory
Move ICU from Libs to Requires, so the dependency scanner can do its
job. Specifically move it to Requires.private, since specifying -licu*
is not normally needed when libical is a shared library since it
already has it recorded in the ELF.
---
libical.pc.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Index: libical-2.0.0/libical.pc.in
===================================================================
--- libical-2.0.0.orig/libical.pc.in
+++ libical-2.0.0/libical.pc.in
@@ -2,11 +2,11 @@ prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
-threadslib=@PTHREAD_LIBS@
-iculib=@ICU_LIBRARIES@ @ICU_I18N_LIBRARIES@
Name: libical
Description: An implementation of basic iCAL protocols
Version: @VERSION@
-Libs: -L${libdir} -lical -licalss -licalvcal ${threadslib} ${iculib}
+Libs: -L${libdir} -lical -licalss -licalvcal
+Libs.private: @PTHREAD_LIBS@
+Requires.private: icu-i18n
Cflags: -I${includedir}
++++++ baselibs.conf ++++++
libical2
obsoletes "libical-<targettype> <= <version>"
provides "libical2-<targettype> = <version>"
++++++ libical-boo1015964-use-after-free.patch ++++++
From 6b9438d746cec6e4e632d78c5244f4be6314d1c9 Mon Sep 17 00:00:00 2001
From: Allen Winter <allen.win...@kdab.com>
Date: Sun, 28 May 2017 12:51:10 -0400
Subject: [PATCH] icaltypes.c - icalreqstattype_from_string(), copy the
reqstattype's debug string into its own memory in the ring buffer.
Issue#253
---
src/libical/icaltypes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libical/icaltypes.c b/src/libical/icaltypes.c
index 70c50d29..85c33545 100644
--- a/src/libical/icaltypes.c
+++ b/src/libical/icaltypes.c
@@ -140,7 +140,7 @@ struct icalreqstattype icalreqstattype_from_string(const
char *str)
p2 = strchr(p1 + 1, ';');
if (p2 != 0 && *p2 != 0) {
- stat.debug = p2 + 1;
+ stat.debug = icalmemory_tmp_copy(p2 + 1);
}
return stat;
--
2.12.3
++++++ libical-boo986631-check-prev-char.patch ++++++
From 04d84749e53db08c71ed0ce8b6ba5c11082743cd Mon Sep 17 00:00:00 2001
From: Ken Murchison <mu...@andrew.cmu.edu>
Date: Fri, 2 Dec 2016 14:14:03 -0500
Subject: [PATCH] icalparser.c: make sure we have a prev_char before checking
it
---
src/libical/icalparser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
index 9d332375..2735c9ac 100644
--- a/src/libical/icalparser.c
+++ b/src/libical/icalparser.c
@@ -148,7 +148,7 @@ static char *parser_get_next_char(char c, char *str, int qm)
char prev_char = 0;
while (next_char != 0) {
- if (prev_char != '\\') {
+ if (prev_char && prev_char != '\\') {
if (qm == 1 && next_char == '"') {
/* Encountered a quote, toggle quote mode */
quote_mode = !quote_mode;
--
2.12.3
++++++ libical-boo986631-read-past-end.patch ++++++
From 38757abb495ea6cb40faa5418052278bf75040f7 Mon Sep 17 00:00:00 2001
From: Ken Murchison <mu...@andrew.cmu.edu>
Date: Fri, 2 Dec 2016 14:13:22 -0500
Subject: [PATCH] icaltime.c: don't read past end of string (can't check
str[19] if length is 16)
---
src/libical/icaltime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c
index ca647633..4077ce75 100644
--- a/src/libical/icaltime.c
+++ b/src/libical/icaltime.c
@@ -445,7 +445,7 @@ struct icaltimetype icaltime_from_string(const char *str)
tt.is_utc = 0;
tt.is_date = 0;
} else if ((size == 16) || (size == 20)) { /* UTC time, ends in 'Z' */
- if ((str[15] != 'Z') && (str[19] != 'Z'))
+ if ((str[size-1] != 'Z'))
goto FAIL;
tt.is_utc = 1;
--
2.12.3
++++++ libical-parser-sanity-check.patch ++++++
From 53e68ff6e2133c54ff44df53e8b75ef21125fb3d Mon Sep 17 00:00:00 2001
From: Ken Murchison <mu...@andrew.cmu.edu>
Date: Tue, 13 Dec 2016 16:22:42 -0500
Subject: [PATCH] icalparser.c: sanity check VALUE parameter against what is
allowed
Backported by Mike Gorse <mgo...@suse.com>
---
src/libical/icalparser.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 67 insertions(+), 2 deletions(-)
diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c
index 998bc96d..62e3a401 100644
--- a/src/libical/icalparser.c
+++ b/src/libical/icalparser.c
@@ -1023,6 +1023,12 @@ icalcomponent *icalparser_add_line(icalparser *parser,
char *line)
/* If it is a VALUE parameter, set the kind of value */
if (icalparameter_isa(param) == ICAL_VALUE_PARAMETER) {
+ const char unknown_type[] =
+ "Got a VALUE parameter with an unknown type";
+ const char illegal_type[] =
+ "Got a VALUE parameter with an illegal type for property";
+ const char *value_err = NULL;
+
value_kind =
(icalvalue_kind)icalparameter_value_to_value_kind(
icalparameter_get_value(param));
@@ -1033,8 +1039,66 @@ icalcomponent *icalparser_add_line(icalparser *parser,
char *line)
parameter ( it was not one of the defined
values ), so reset the value_kind */
- insert_error(tail, str,
- "Got a VALUE parameter with an unknown type",
+ value_err = unknown_type;
+ }
+ else if (value_kind !=
+
icalproperty_kind_to_value_kind(icalproperty_isa(prop))) {
+ /* VALUE parameter type does not match default type
+ for this property (check for allowed alternate types) */
+
+ switch (prop_kind) {
+ case ICAL_ATTACH_PROPERTY:
+ /* Accept BINARY */
+ if (value_kind != ICAL_BINARY_VALUE)
+ value_err = illegal_type;
+ break;
+
+ case ICAL_DTEND_PROPERTY:
+ case ICAL_DUE_PROPERTY:
+ case ICAL_DTSTART_PROPERTY:
+ case ICAL_EXDATE_PROPERTY:
+ case ICAL_RECURRENCEID_PROPERTY:
+ /* Accept DATE */
+ if (value_kind != ICAL_DATE_VALUE)
+ value_err = illegal_type;
+ break;
+
+ case ICAL_GEO_PROPERTY:
+ /* Accept FLOAT (but change to GEO) */
+ if (value_kind != ICAL_FLOAT_VALUE)
+ value_err = illegal_type;
+ else value_kind = ICAL_GEO_VALUE;
+ break;
+
+ case ICAL_RDATE_PROPERTY:
+ /* Accept DATE or PERIOD */
+ if (value_kind != ICAL_DATE_VALUE &&
+ value_kind != ICAL_PERIOD_VALUE)
+ value_err = illegal_type;
+ break;
+
+ case ICAL_TRIGGER_PROPERTY:
+ /* Accept DATE-TIME */
+ if (value_kind != ICAL_DATETIME_VALUE)
+ value_err = illegal_type;
+ break;
+
+ case ICAL_X_PROPERTY:
+ /* Accept ANY value type */
+ break;
+
+ default:
+ /* ONLY default type is allowed */
+ value_err = illegal_type;
+ break;
+ }
+ }
+
+ if (value_err != NULL) {
+ /* Ooops, unknown/illegal VALUE parameter,
+ so reset the value_kind */
+
+ insert_error(tail, str, value_err,
ICAL_XLICERRORTYPE_PARAMETERVALUEPARSEERROR);
value_kind =
icalproperty_kind_to_value_kind(icalproperty_isa(prop));
--
2.12.3
++++++ libical-read-v2-v3-data.patch ++++++
From c7e767bfe1d218aaf845686f9811195cecc7be2a Mon Sep 17 00:00:00 2001
From: Ken Murchison <mu...@fastmail.com>
Date: Wed, 11 Nov 2020 08:50:54 -0500
Subject: [PATCH] icaltzutil_fetch_timezone() should read v2/v3 data when
available
Rebased by Mike Gorse <mgo...@suse.com>
---
diff -urp libical-2.0.0.orig/src/libical/icaltz-util.c
libical-2.0.0/src/libical/icaltz-util.c
--- libical-2.0.0.orig/src/libical/icaltz-util.c 2015-12-28
15:44:53.000000000 -0600
+++ libical-2.0.0/src/libical/icaltz-util.c 2020-11-30 14:35:43.179227567
-0600
@@ -85,6 +85,9 @@
typedef struct
{
+ char magic[4];
+ char version;
+ char unused[15];
char ttisgmtcnt[4];
char ttisstdcnt[4];
char leapcnt[4];
@@ -153,6 +156,23 @@ static int decode(const void *ptr)
}
}
+static long long int decode64(const void *ptr)
+{
+#if defined(sun) && defined(__SVR4)
+#if defined(_BIG_ENDIAN)
+ return *(const long long int *)ptr;
+#else
+ return BSWAP_64(*(const long long int *)ptr);
+#endif
+#else
+ if ((BYTE_ORDER == BIG_ENDIAN)) {
+ return *(const long long int *)ptr;
+ } else {
+ return (int)bswap_64(*(const long long int *)ptr);
+ }
+#endif
+}
+
static char *zname_from_stridx(char *str, long idx)
{
long i;
@@ -294,13 +314,14 @@ static void adjust_dtstart_day_to_rrule(
icalcomponent *icaltzutil_fetch_timezone(const char *location)
{
- tzinfo type_cnts;
+ tzinfo header;
size_t i, num_trans, num_chars, num_leaps, num_isstd, num_isgmt;
size_t num_types = 0;
size_t size;
time_t trans;
int dstidx = -1, stdidx = -1, pos, sign, zidx, zp_idx;
icalcomponent *std_comp = NULL;
+ int trans_size = 4;
const char *zonedir;
FILE *f = NULL;
@@ -342,32 +363,74 @@ icalcomponent *icaltzutil_fetch_timezone
goto error;
}
- if (fseek(f, 20, SEEK_SET) != 0) {
- icalerror_set_errno(ICAL_FILE_ERROR);
+ /* read version 1 header */
+ EFREAD(&header, 44, 1, f);
+ if (memcmp(header.magic, "TZif", 4)) {
+ icalerror_set_errno(ICAL_MALFORMEDDATA_ERROR);
+ goto error;
+ }
+ switch (header.version) {
+ case 0:
+ break;
+ case '2':
+ case '3':
+ if (sizeof(time_t) == 8)
+ trans_size = 8;
+ break;
+ default:
+ icalerror_set_errno(ICAL_MALFORMEDDATA_ERROR);
goto error;
}
- EFREAD(&type_cnts, 24, 1, f);
-
- num_isgmt = (size_t)decode(type_cnts.ttisgmtcnt);
- num_leaps = (size_t)decode(type_cnts.leapcnt);
- num_chars = (size_t)decode(type_cnts.charcnt);
- num_trans = (size_t)decode(type_cnts.timecnt);
- num_isstd = (size_t)decode(type_cnts.ttisstdcnt);
- num_types = (size_t)decode(type_cnts.typecnt);
+ num_isgmt = (size_t)decode(header.ttisgmtcnt);
+ num_leaps = (size_t)decode(header.leapcnt);
+ num_chars = (size_t)decode(header.charcnt);
+ num_trans = (size_t)decode(header.timecnt);
+ num_isstd = (size_t)decode(header.ttisstdcnt);
+ num_types = (size_t)decode(header.typecnt);
+
+ if (trans_size == 8) {
+ long skip = num_trans * 5 + num_types * 6 +
+ num_chars + num_leaps * 8 + num_isstd + num_isgmt;
+
+ /* skip version 1 data block */
+ if (fseek(f, skip, SEEK_CUR) != 0) {
+ icalerror_set_errno(ICAL_FILE_ERROR);
+ goto error;
+ }
- transitions = calloc(num_trans, sizeof(time_t));
- if (transitions == NULL) {
- icalerror_set_errno(ICAL_NEWFAILED_ERROR);
- goto error;
+ /* read version 2+ header */
+ EFREAD(&header, 44, 1, f);
+ if (memcmp(header.magic, "TZif", 4)) {
+ icalerror_set_errno(ICAL_MALFORMEDDATA_ERROR);
+ goto error;
+ }
+
+ num_isgmt = (size_t)decode(header.ttisgmtcnt);
+ num_leaps = (size_t)decode(header.leapcnt);
+ num_chars = (size_t)decode(header.charcnt);
+ num_trans = (size_t)decode(header.timecnt);
+ num_isstd = (size_t)decode(header.ttisstdcnt);
+ num_types = (size_t)decode(header.typecnt);
}
- r_trans = calloc(num_trans, 4);
- if (r_trans == NULL) {
- icalerror_set_errno(ICAL_NEWFAILED_ERROR);
+
+ /* read data block */
+ if (num_trans > 0) {
+ transitions = calloc(num_trans, sizeof(time_t));
+ if (transitions == NULL) {
+ icalerror_set_errno(ICAL_NEWFAILED_ERROR);
+ goto error;
+ }
+ r_trans = calloc(num_trans, trans_size);
+ if (r_trans == NULL) {
+ icalerror_set_errno(ICAL_NEWFAILED_ERROR);
+ goto error;
+ }
+ } else {
+ icalerror_set_errno(ICAL_FILE_ERROR);
goto error;
}
-
- EFREAD(r_trans, 4, num_trans, f);
+ EFREAD(r_trans, trans_size, num_trans, f);
temp = r_trans;
if (num_trans) {
trans_idx = calloc(num_trans, sizeof(int));
@@ -377,8 +440,11 @@ icalcomponent *icaltzutil_fetch_timezone
}
for (i = 0; i < num_trans; i++) {
trans_idx[i] = fgetc(f);
- transitions[i] = (time_t) decode(r_trans);
- r_trans += 4;
+ if (trans_size == 8)
+ transitions[i] = (time_t) decode64(r_trans);
+ else
+ transitions[i] = (time_t) decode(r_trans);
+ r_trans += trans_size;
}
}
r_trans = temp;
@@ -417,10 +483,13 @@ icalcomponent *icaltzutil_fetch_timezone
goto error;
}
for (i = 0; i < num_leaps; i++) {
- char c[4];
+ char c[8];
- EFREAD(c, 4, 1, f);
- leaps[i].transition = (time_t)decode(c);
+ EFREAD(c, trans_size, 1, f);
+ if (trans_size == 8)
+ leaps[i].transition = (time_t)decode64(c);
+ else
+ leaps[i].transition = (time_t)decode(c);
EFREAD(c, 4, 1, f);
leaps[i].change = decode(c);
@@ -445,6 +514,10 @@ icalcomponent *icaltzutil_fetch_timezone
types[i++].isgmt = 0;
}
+ if (trans_size == 8) {
+ /* XXX Do we need/want to read and use the footer? */
+ }
+
/* Read all the contents now */
for (i = 0; i < num_types; i++) {
++++++ libical-timezone-use-after-free.patch ++++++
From 6bcc779a17a2d286e4c3cb958ddf369cc01cb42c Mon Sep 17 00:00:00 2001
From: Allen Winter <allen.win...@kdab.com>
Date: Thu, 15 Dec 2016 18:17:10 -0500
Subject: [PATCH] icaltimezone.c - fix heap-use-after-free caused by
fetch_lat_long_from_string() issue#262
Backported by Mike Gorse <mgo...@suse.com>
---
diff -urp libical-2.0.0.orig/src/libical/icaltimezone.c
libical-2.0.0/src/libical/icaltimezone.c
--- libical-2.0.0.orig/src/libical/icaltimezone.c 2015-12-28
15:44:53.000000000 -0600
+++ libical-2.0.0/src/libical/icaltimezone.c 2017-06-19 15:48:27.789017341
-0500
@@ -1520,39 +1520,39 @@ static int fetch_lat_long_from_string(co
/* We need to parse the latitude/longitude co-ordinates and location
fields */
sptr = (char *)str;
- while (*sptr != '\t') {
+ while ((*sptr != '\t') && (*sptr != '\0')) {
sptr++;
}
temp = ++sptr;
- while (*sptr != '\t') {
+ while (*sptr != '\t' && *sptr != '\0') {
sptr++;
}
len = (ptrdiff_t) (sptr - temp);
lat = (char *)malloc(len + 1);
lat = strncpy(lat, temp, len);
lat[len] = '\0';
- while (*sptr != '\t') {
+ while ((*sptr != '\t') && (*sptr != '\0')) {
sptr++;
}
loc = ++sptr;
- while (!isspace((int)(*sptr))) {
+ while (!isspace((int)(*sptr)) && (*sptr != '\0')) {
sptr++;
}
- len = (ptrdiff_t) (sptr - loc);
+ len = (ptrdiff_t)(sptr - loc);
location = strncpy(location, loc, len);
location[len] = '\0';
#if defined(sun) && defined(__SVR4)
/* Handle EET, MET and WET in zone_sun.tab. */
if (!strcmp(location, "Europe/")) {
- while (*sptr != '\t') {
+ while ((*sptr != '\t') && (*sptr != '\0')) {
sptr++;
}
loc = ++sptr;
- while (!isspace(*sptr)) {
+ while (!isspace(*sptr) && (*sptr != '\0')) {
sptr++;
}
- len = sptr - loc;
+ len = (ptrdiff_t)(sptr - loc);
location = strncpy(location, loc, len);
location[len] = '\0';
}
Only in libical-2.0.0/src/libical: icaltimezone.c.orig
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
