diff --git a/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch b/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch deleted file mode 100644 index 5c10c2eafddf6739e13b13a5640e76aaf453e1d9..0000000000000000000000000000000000000000 --- a/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch +++ /dev/null @@ -1,91 +0,0 @@ -From e3a5d056633677959ad924a51758876d415e7046 Mon Sep 17 00:00:00 2001 -From: Riccardo Schirone -Date: Mon, 21 Jan 2019 18:11:42 +0100 -Subject: [PATCH] Fix UAF in comps_objmrtree_unite function - -The added field is not used at all in many places and it is probably the -left-over of some copy-paste. - -Signed-off-by: root ---- - libcomps/src/comps_mradix.c | 2 -- - libcomps/src/comps_objmradix.c | 2 -- - libcomps/src/comps_objradix.c | 2 -- - libcomps/src/comps_radix.c | 1 - - 4 files changed, 7 deletions(-) - -diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c -index 8ef9640..dfdee8e 100644 ---- a/libcomps/src/comps_mradix.c -+++ b/libcomps/src/comps_mradix.c -@@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { - struct Pair { - COMPS_HSList * subnodes; - char * key; -- char added; - } *pair, *parent_pair; - - pair = malloc(sizeof(struct Pair)); -@@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { - parent_pair = (struct Pair*) it->data; - free(it); - -- pair->added = 0; - for (it = tmp_subnodes->first; it != NULL; it=it->next) { - pair = malloc(sizeof(struct Pair)); - pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes; -diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c -index 9a2038b..22ad262 100644 ---- a/libcomps/src/comps_objmradix.c -+++ b/libcomps/src/comps_objmradix.c -@@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { - struct Pair { - COMPS_HSList * subnodes; - char * key; -- char added; - } *pair, *parent_pair; - - pair = malloc(sizeof(struct Pair)); -@@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { - parent_pair = (struct Pair*) it->data; - free(it); - -- pair->added = 0; - for (it = tmp_subnodes->first; it != NULL; it=it->next) { - pair = malloc(sizeof(struct Pair)); - pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes; -diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c -index c657b75..840592a 100644 ---- a/libcomps/src/comps_objradix.c -+++ b/libcomps/src/comps_objradix.c -@@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { - struct Pair { - COMPS_HSList * subnodes; - char * key; -- char added; - } *pair, *parent_pair; - - pair = malloc(sizeof(struct Pair)); -@@ -711,7 +711,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { - //printf("key-part:%s\n", parent_pair->key); - free(it); - -- //pair->added = 0; - for (it = tmp_subnodes->first; it != NULL; it=it->next) { - pair = malloc(sizeof(struct Pair)); - pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes; -diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c -index ada4fda..05dcaf2 100644 ---- a/libcomps/src/comps_radix.c -+++ b/libcomps/src/comps_radix.c -@@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) { - struct Pair { - COMPS_HSList * subnodes; - char * key; -- char added; - } *pair, *parent_pair; - - pair = malloc(sizeof(struct Pair)); --- -2.19.1 - diff --git a/Fix-Python-method-descriptors-for-Python-3.8.patch b/Fix-Python-method-descriptors-for-Python-3.8.patch deleted file mode 100644 index f974931ddc93c471031ee22ffc2f56647e9ad547..0000000000000000000000000000000000000000 --- a/Fix-Python-method-descriptors-for-Python-3.8.patch +++ /dev/null @@ -1,53 +0,0 @@ -From dce9d5d3c1dce16efc223e5a55cec7122fb25276 Mon Sep 17 00:00:00 2001 -From: Victor Stinner -Date: Wed, 31 Jul 2019 15:03:36 +0200 -Subject: [PATCH] Fix Python method descriptors for Python 3.8 - -The Python binding cannot be loaded in Python 3.8: import libcomps -fails with: - - Traceback (most recent call last): - File "src/python/src/python3/libcomps/__init__.py", line 1, in - from ._libpycomps import * - SystemError: bad call flags - -Fedora bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1734777 - -The problem are the following method descriptors of -libcomps/src/python/src/pycomps.c: - - {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_KEYWORDS, - PyCOMPS_validate__doc__}, - {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_KEYWORDS, - PyCOMPS_validate__doc__}, - -In Python 3.7, import didn't check descriptor flags (METH_KEYWORDS): -these flags were only checked when the methods were called. - -In Python 3.8, the flags are checked at soon as the module is -imported, which prevents the module to be imported. - -This change fix the two method descriptors. ---- - libcomps/src/python/src/pycomps.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libcomps/src/python/src/pycomps.c b/libcomps/src/python/src/pycomps.c -index b34685c..293a338 100644 ---- a/libcomps/src/python/src/pycomps.c -+++ b/libcomps/src/python/src/pycomps.c -@@ -766,9 +766,9 @@ PyDoc_STRVAR(PyCOMPS_arch_filter__doc__, - static PyMethodDef PyCOMPS_methods[] = { - {"groups_match", (PyCFunction)PyCOMPS_groups_match, METH_VARARGS | METH_KEYWORDS, - PyCOMPS_validate__doc__}, -- {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_KEYWORDS, -+ {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_VARARGS | METH_KEYWORDS, - PyCOMPS_validate__doc__}, -- {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_KEYWORDS, -+ {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_VARARGS | METH_KEYWORDS, - PyCOMPS_validate__doc__}, - {"validate", (PyCFunction)PyCOMPS_validate, METH_NOARGS, - PyCOMPS_validate__doc__}, --- -1.8.3.1 - diff --git a/libcomps-0.1.8.tar.gz b/libcomps-0.1.15.tar.gz similarity index 40% rename from libcomps-0.1.8.tar.gz rename to libcomps-0.1.15.tar.gz index e8b73d4a384bd125fcce9525e32d28266e3c5ba5..bd66e443463993ab92cbc201e36307fe360d59d3 100644 Binary files a/libcomps-0.1.8.tar.gz and b/libcomps-0.1.15.tar.gz differ diff --git a/libcomps.spec b/libcomps.spec index b06b67204eb21c18f0598a4e3306084226c82fc9..036bf24d9039ee6e1652a9e3c61470cb627fda6d 100644 --- a/libcomps.spec +++ b/libcomps.spec @@ -1,18 +1,12 @@ -%define with_python2 1 -%define with_python3 1 - Name: libcomps -Version: 0.1.8 -Release: 21 +Version: 0.1.15 +Release: 1 Summary: Comps XML file manipulation library License: GPLv2+ URL: https://github.com/rpm-software-management/libcomps Source0: %{url}/archive/%{name}-%{version}/%{name}-%{version}.tar.gz -Patch0000: CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch -Patch0001: Fix-Python-method-descriptors-for-Python-3.8.patch - -BuildRequires: gcc cmake zlib-devel libxml2-devel check-devel expat-devel +BuildRequires: gcc gcc-c++ cmake zlib-devel libxml2-devel check-devel expat-devel %description Libcomps is library for structure-like manipulation with content of @@ -30,21 +24,12 @@ Requires: %{name} = %{version}-%{release} BuildArch: noarch BuildRequires: python3-sphinx BuildRequires: doxygen +Provides: %{name}-doc = %{version}-%{release} python-%{name}-doc = %{version}-%{release} +Obsoletes: %{name}-doc < %{version}-%{release} python-%{name}-doc < %{version}-%{release} %description help Documentation files for libcomps library and python bindings libcomps library. -%if %{with_python2} -%package -n python2-%{name} -Summary: Python 2 bindings for libcomps library -%{?python_provide:%python_provide python2-%{name}} -BuildRequires: python2-devel -Requires: %{name} = %{version}-%{release} -%description -n python2-%{name} -Python 2 bindings for libcomps library. -%endif - -%if %{with_python3} %package -n python3-%{name} Summary: Python 3 bindings for libcomps library BuildRequires: python3-devel @@ -53,27 +38,16 @@ Requires: %{name} = %{version}-%{release} Obsoletes: platform-python-%{name} < %{version}-%{release} %description -n python3-%{name} Python3 bindings for libcomps library. -%endif %prep %autosetup -n %{name}-%{name}-%{version} -p1 %build -%if %{with_python2} -mkdir build-py2 -pushd build-py2 -%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=2 -%make_build -popd -%endif - -%if %{with_python2} mkdir build-py3 pushd build-py3 %cmake ../libcomps/ -DPYTHON_DESIRED:STRING=3 %make_build popd -%endif mkdir build-doc pushd build-doc @@ -83,32 +57,15 @@ make %{?_smp_mflags} pydocs popd %install -%if %{with_python2} -pushd build-py2 -%make_install -popd -%endif - -%if %{with_python3} pushd build-py3 %make_install popd -%endif %check -%if %{with_python2} -pushd build-py2 -make test -make pytest -popd -%endif - -%if %{with_python3} pushd build-py3 make test make pytest popd -%endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -120,23 +77,24 @@ popd %files devel %{_libdir}/%{name}.so +%{_libdir}/pkgconfig/%{name}.pc %{_includedir}/%{name}/ %files help %doc build-doc/docs/libcomps-doc/html %doc build-doc/src/python/docs/html -%if %{with_python2} -%files -n python2-%{name} -%{python2_sitearch}/%{name}/ -%endif - -%if %{with_python3} %files -n python3-%{name} %{python3_sitearch}/%{name}/ -%endif +%{python3_sitearch}/%{name}-%{version}-py%{python3_version}.egg-info %changelog +* Tue Apr 28 2020 zhouyihang - 0.1.15-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update libcomps version to 0.1.15 + * Mon Jun 22 2020 chenditang - 0.1.8-21 - Type:enhancement - ID:NA