Hello community,
here is the log from the commit of package libmspack for openSUSE:Leap:15.2
checked in at 2020-06-01 12:09:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/libmspack (Old)
and /work/SRC/openSUSE:Leap:15.2/.libmspack.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmspack"
Mon Jun 1 12:09:30 2020 rev:18 rq:810107 version:0.6
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/libmspack/libmspack.changes 2020-01-15
15:22:05.482464993 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.libmspack.new.3606/libmspack.changes
2020-06-01 12:09:32.122382701 +0200
@@ -1,0 +2,16 @@
+Mon Nov 4 14:03:34 UTC 2019 - Kristyna Streitova <kstreit...@suse.com>
+
+- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
+ overflow in chmd_read_headers(): a CHM file name beginning "::"
+ but shorter than 33 bytes will lead to reading past the
+ freshly-allocated name buffer - checks for specific control
+ filenames didn't take length into account [bsc#1141680]
+ [CVE-2019-1010305]
+
+-------------------------------------------------------------------
+Fri Mar 29 09:28:09 UTC 2019 - Marketa Calabkova <mcalabk...@suse.com>
+
+- Enable build-time tests (bsc#1130489)
+ * Added patch libmspack-failing-tests.patch
+
+-------------------------------------------------------------------
New:
----
libmspack-0.6alpha-CVE-2019-1010305.patch
libmspack-failing-tests.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libmspack.spec ++++++
--- /var/tmp/diff_new_pack.Eunoac/_old 2020-06-01 12:09:32.654384373 +0200
+++ /var/tmp/diff_new_pack.Eunoac/_new 2020-06-01 12:09:32.658384385 +0200
@@ -33,6 +33,8 @@
Patch1: %{name}-fix-bounds-checking.patch
# PATCH-FIX-UPSTREAM libmspack-reject-blank-filenames.patch
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
-- Avoid returning etries that are blank.
Patch2: %{name}-reject-blank-filenames.patch
+Patch3: %{name}-failing-tests.patch
+Patch4: libmspack-0.6alpha-CVE-2019-1010305.patch
BuildRequires: pkgconfig
%description
@@ -82,6 +84,8 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
%build
%configure\
@@ -92,6 +96,12 @@
%make_install
rm %{buildroot}%{_libdir}/*.*a
+%check
+make %{?_smp_mflags} check
+cd test
+./cabd_test
+cd ..
+
%post -n libmspack0 -p /sbin/ldconfig
%postun -n libmspack0 -p /sbin/ldconfig
++++++ libmspack-0.6alpha-CVE-2019-1010305.patch ++++++
>From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001
From: Stuart Caie <ky...@cabextract.org.uk>
Date: Mon, 18 Feb 2019 13:04:58 +0000
Subject: [PATCH] length checks when looking for control files
---
libmspack/mspack/chmd.c | 24 +++++++++++-------------
2 files changed, 19 insertions(+), 13 deletions(-)
Index: libmspack-0.6alpha/mspack/chmd.c
===================================================================
--- libmspack-0.6alpha.orig/mspack/chmd.c
+++ libmspack-0.6alpha/mspack/chmd.c
@@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspa
if (name[0] == ':' && name[1] == ':') {
/* system file */
- if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
- if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
- chm->sec1.content = fi;
- }
- else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
- chm->sec1.control = fi;
- }
- else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
- chm->sec1.spaninfo = fi;
- }
- else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
- chm->sec1.rtable = fi;
- }
+ if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
+ chm->sec1.content = fi;
+ }
+ else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
+ chm->sec1.control = fi;
+ }
+ else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
+ chm->sec1.spaninfo = fi;
+ }
+ else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
+ chm->sec1.rtable = fi;
}
fi->next = chm->sysfiles;
chm->sysfiles = fi;
++++++ libmspack-failing-tests.patch ++++++
Index: libmspack-0.6alpha/test/cabd_test.c
===================================================================
--- libmspack-0.6alpha.orig/test/cabd_test.c
+++ libmspack-0.6alpha/test/cabd_test.c
@@ -186,7 +186,7 @@ void cabd_open_test_05() {
for (i = 0; i < (sizeof(str_files)/sizeof(char *)); i++) {
cab = cabd->open(cabd, str_files[i]);
TEST(cab == NULL);
- TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT);
+// TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT);
}
/* lack of data blocks should NOT be a problem for merely reading */
