commit pkgconf for openSUSE:Factory

Thu, 02 Feb 2023 09:31:25 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package pkgconf for openSUSE:Factory checked 
in at 2023-02-02 18:06:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pkgconf (Old)
 and      /work/SRC/openSUSE:Factory/.pkgconf.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "pkgconf"

Thu Feb  2 18:06:49 2023 rev:13 rq:1062046 version:1.8.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/pkgconf/pkgconf.changes  2021-08-28 
22:31:04.942102935 +0200
+++ /work/SRC/openSUSE:Factory/.pkgconf.new.32243/pkgconf.changes       
2023-02-02 18:31:09.496485455 +0100
@@ -1,0 +2,7 @@
+Sun Jan 29 09:26:47 UTC 2023 - Cliff Zhao <qz...@suse.com>
+
+- Add pkgconf-CVE-2023-24056.patch: Backport commit 628b2b2baf from
+  upstream, test for, and stop string processing, on truncation
+  (bsc#1207394 CVE-2023-24056). 
+
+-------------------------------------------------------------------

New:
----
  pkgconf-CVE-2023-24056.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pkgconf.spec ++++++
--- /var/tmp/diff_new_pack.cRCGlb/_old  2023-02-02 18:31:09.904487966 +0100
+++ /var/tmp/diff_new_pack.cRCGlb/_new  2023-02-02 18:31:09.908487990 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package pkgconf
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 # Copyright (c) 2020 Neal Gompa <ngomp...@gmail.com>.
 #
 # All modifications and additions to the file contributed by third parties
@@ -54,6 +54,8 @@
 Source0:        
https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz
 # Simple wrapper script to offer platform versions of pkgconfig from Fedora
 Source1:        platform-pkg-config.in
+# PATCH-FIX-UPSTREAM pkgconf-CVE-2023-24056.patch bsc#1207394 CVE-2023-24056 
qz...@suse.com -- Backport commit 628b2b2baf from upstream, test for, and stop 
string processing, on truncation.
+Patch0:         pkgconf-CVE-2023-24056.patch
 # For regenerating autotools scripts
 BuildRequires:  autoconf
 BuildRequires:  automake

++++++ pkgconf-CVE-2023-24056.patch ++++++
diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c
--- pkgconf-1.8.0/libpkgconf/tuple.c    2021-03-18 20:15:16.000000000 +0800
+++ pkgconf-1.8.0_new/libpkgconf/tuple.c        2023-01-30 16:07:40.750297141 
+0800
@@ -293,12 +293,23 @@
                                }
                        }
 
+                        PKGCONF_TRACE(client, "lookup tuple %s", varname);
+
+                        size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
                        ptr += (pptr - ptr);
                        kv = pkgconf_tuple_find_global(client, varname);
                        if (kv != NULL)
                        {
-                               strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - 
buf));
-                               bptr += strlen(kv);
+                                       size_t nlen = pkgconf_strlcpy(bptr, kv, 
remain);
+                               if (nlen > remain)
+                               {
+                                       pkgconf_warn(client, "warning: 
truncating very long variable to 64KB\n");
+
+                                       bptr = buf + (PKGCONF_BUFSIZE - 1);
+                                       break;
+                               }
+
+                               bptr += nlen;
                        }
                        else
                        {
@@ -306,12 +317,20 @@
 
                                if (kv != NULL)
                                {
+                                        size_t nlen;
+
                                        parsekv = pkgconf_tuple_parse(client, 
vars, kv);
+                                        nlen = pkgconf_strlcpy(bptr, parsekv, 
remain);
+                                       free(parsekv);
 
-                                       strncpy(bptr, parsekv, PKGCONF_BUFSIZE 
- (bptr - buf));
-                                       bptr += strlen(parsekv);
+                                        if (nlen > remain)
+                                        {
+                                                pkgconf_warn(client, "warning: 
truncating very long variable to 64KB\n");
+                                                bptr = buf + (PKGCONF_BUFSIZE 
- 1);
+                                                break;
+                                        }
 
-                                       free(parsekv);
+                                        bptr += nlen;
                                }
                        }
                }

Reply via email to