Hello community, here is the log from the commit of package libmspack for openSUSE:Leap:15.2 checked in at 2020-06-01 12:09:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libmspack (Old) and /work/SRC/openSUSE:Leap:15.2/.libmspack.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmspack" Mon Jun 1 12:09:30 2020 rev:18 rq:810107 version:0.6 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libmspack/libmspack.changes 2020-01-15 15:22:05.482464993 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libmspack.new.3606/libmspack.changes 2020-06-01 12:09:32.122382701 +0200 @@ -1,0 +2,16 @@ +Mon Nov 4 14:03:34 UTC 2019 - Kristyna Streitova <kstreit...@suse.com> + +- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer + overflow in chmd_read_headers(): a CHM file name beginning "::" + but shorter than 33 bytes will lead to reading past the + freshly-allocated name buffer - checks for specific control + filenames didn't take length into account [bsc#1141680] + [CVE-2019-1010305] + +------------------------------------------------------------------- +Fri Mar 29 09:28:09 UTC 2019 - Marketa Calabkova <mcalabk...@suse.com> + +- Enable build-time tests (bsc#1130489) + * Added patch libmspack-failing-tests.patch + +------------------------------------------------------------------- New: ---- libmspack-0.6alpha-CVE-2019-1010305.patch libmspack-failing-tests.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmspack.spec ++++++ --- /var/tmp/diff_new_pack.Eunoac/_old 2020-06-01 12:09:32.654384373 +0200 +++ /var/tmp/diff_new_pack.Eunoac/_new 2020-06-01 12:09:32.658384385 +0200 @@ -33,6 +33,8 @@ Patch1: %{name}-fix-bounds-checking.patch # PATCH-FIX-UPSTREAM libmspack-reject-blank-filenames.patch https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f -- Avoid returning etries that are blank. Patch2: %{name}-reject-blank-filenames.patch +Patch3: %{name}-failing-tests.patch +Patch4: libmspack-0.6alpha-CVE-2019-1010305.patch BuildRequires: pkgconfig %description @@ -82,6 +84,8 @@ %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build %configure\ @@ -92,6 +96,12 @@ %make_install rm %{buildroot}%{_libdir}/*.*a +%check +make %{?_smp_mflags} check +cd test +./cabd_test +cd .. + %post -n libmspack0 -p /sbin/ldconfig %postun -n libmspack0 -p /sbin/ldconfig ++++++ libmspack-0.6alpha-CVE-2019-1010305.patch ++++++ >From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001 From: Stuart Caie <ky...@cabextract.org.uk> Date: Mon, 18 Feb 2019 13:04:58 +0000 Subject: [PATCH] length checks when looking for control files --- libmspack/mspack/chmd.c | 24 +++++++++++------------- 2 files changed, 19 insertions(+), 13 deletions(-) Index: libmspack-0.6alpha/mspack/chmd.c =================================================================== --- libmspack-0.6alpha.orig/mspack/chmd.c +++ libmspack-0.6alpha/mspack/chmd.c @@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspa if (name[0] == ':' && name[1] == ':') { /* system file */ - if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) { - if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) { - chm->sec1.content = fi; - } - else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) { - chm->sec1.control = fi; - } - else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) { - chm->sec1.spaninfo = fi; - } - else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) { - chm->sec1.rtable = fi; - } + if (name_len == 40 && memcmp(name, content_name, 40) == 0) { + chm->sec1.content = fi; + } + else if (name_len == 44 && memcmp(name, control_name, 44) == 0) { + chm->sec1.control = fi; + } + else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) { + chm->sec1.spaninfo = fi; + } + else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) { + chm->sec1.rtable = fi; } fi->next = chm->sysfiles; chm->sysfiles = fi; ++++++ libmspack-failing-tests.patch ++++++ Index: libmspack-0.6alpha/test/cabd_test.c =================================================================== --- libmspack-0.6alpha.orig/test/cabd_test.c +++ libmspack-0.6alpha/test/cabd_test.c @@ -186,7 +186,7 @@ void cabd_open_test_05() { for (i = 0; i < (sizeof(str_files)/sizeof(char *)); i++) { cab = cabd->open(cabd, str_files[i]); TEST(cab == NULL); - TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT); +// TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT); } /* lack of data blocks should NOT be a problem for merely reading */