diff --git a/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch b/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c10c2eafddf6739e13b13a5640e76aaf453e1d9 --- /dev/null +++ b/CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch @@ -0,0 +1,91 @@ +From e3a5d056633677959ad924a51758876d415e7046 Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone +Date: Mon, 21 Jan 2019 18:11:42 +0100 +Subject: [PATCH] Fix UAF in comps_objmrtree_unite function + +The added field is not used at all in many places and it is probably the +left-over of some copy-paste. + +Signed-off-by: root +--- + libcomps/src/comps_mradix.c | 2 -- + libcomps/src/comps_objmradix.c | 2 -- + libcomps/src/comps_objradix.c | 2 -- + libcomps/src/comps_radix.c | 1 - + 4 files changed, 7 deletions(-) + +diff --git a/libcomps/src/comps_mradix.c b/libcomps/src/comps_mradix.c +index 8ef9640..dfdee8e 100644 +--- a/libcomps/src/comps_mradix.c ++++ b/libcomps/src/comps_mradix.c +@@ -177,7 +177,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { + struct Pair { + COMPS_HSList * subnodes; + char * key; +- char added; + } *pair, *parent_pair; + + pair = malloc(sizeof(struct Pair)); +@@ -195,7 +194,6 @@ void comps_mrtree_unite(COMPS_MRTree *rt1, COMPS_MRTree *rt2) { + parent_pair = (struct Pair*) it->data; + free(it); + +- pair->added = 0; + for (it = tmp_subnodes->first; it != NULL; it=it->next) { + pair = malloc(sizeof(struct Pair)); + pair->subnodes = ((COMPS_MRTreeData*)it->data)->subnodes; +diff --git a/libcomps/src/comps_objmradix.c b/libcomps/src/comps_objmradix.c +index 9a2038b..22ad262 100644 +--- a/libcomps/src/comps_objmradix.c ++++ b/libcomps/src/comps_objmradix.c +@@ -285,7 +285,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { + struct Pair { + COMPS_HSList * subnodes; + char * key; +- char added; + } *pair, *parent_pair; + + pair = malloc(sizeof(struct Pair)); +@@ -303,7 +302,6 @@ void comps_objmrtree_unite(COMPS_ObjMRTree *rt1, COMPS_ObjMRTree *rt2) { + parent_pair = (struct Pair*) it->data; + free(it); + +- pair->added = 0; + for (it = tmp_subnodes->first; it != NULL; it=it->next) { + pair = malloc(sizeof(struct Pair)); + pair->subnodes = ((COMPS_ObjMRTreeData*)it->data)->subnodes; +diff --git a/libcomps/src/comps_objradix.c b/libcomps/src/comps_objradix.c +index c657b75..840592a 100644 +--- a/libcomps/src/comps_objradix.c ++++ b/libcomps/src/comps_objradix.c +@@ -692,7 +692,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { + struct Pair { + COMPS_HSList * subnodes; + char * key; +- char added; + } *pair, *parent_pair; + + pair = malloc(sizeof(struct Pair)); +@@ -711,7 +711,6 @@ void comps_objrtree_unite(COMPS_ObjRTree *rt1, COMPS_ObjRTree *rt2) { + //printf("key-part:%s\n", parent_pair->key); + free(it); + +- //pair->added = 0; + for (it = tmp_subnodes->first; it != NULL; it=it->next) { + pair = malloc(sizeof(struct Pair)); + pair->subnodes = ((COMPS_ObjRTreeData*)it->data)->subnodes; +diff --git a/libcomps/src/comps_radix.c b/libcomps/src/comps_radix.c +index ada4fda..05dcaf2 100644 +--- a/libcomps/src/comps_radix.c ++++ b/libcomps/src/comps_radix.c +@@ -529,7 +529,6 @@ void comps_rtree_unite(COMPS_RTree *rt1, COMPS_RTree *rt2) { + struct Pair { + COMPS_HSList * subnodes; + char * key; +- char added; + } *pair, *parent_pair; + + pair = malloc(sizeof(struct Pair)); +-- +2.19.1 + diff --git a/Fix-Python-method-descriptors-for-Python-3.8.patch b/Fix-Python-method-descriptors-for-Python-3.8.patch new file mode 100644 index 0000000000000000000000000000000000000000..f974931ddc93c471031ee22ffc2f56647e9ad547 --- /dev/null +++ b/Fix-Python-method-descriptors-for-Python-3.8.patch @@ -0,0 +1,53 @@ +From dce9d5d3c1dce16efc223e5a55cec7122fb25276 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Wed, 31 Jul 2019 15:03:36 +0200 +Subject: [PATCH] Fix Python method descriptors for Python 3.8 + +The Python binding cannot be loaded in Python 3.8: import libcomps +fails with: + + Traceback (most recent call last): + File "src/python/src/python3/libcomps/__init__.py", line 1, in + from ._libpycomps import * + SystemError: bad call flags + +Fedora bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1734777 + +The problem are the following method descriptors of +libcomps/src/python/src/pycomps.c: + + {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_KEYWORDS, + PyCOMPS_validate__doc__}, + {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_KEYWORDS, + PyCOMPS_validate__doc__}, + +In Python 3.7, import didn't check descriptor flags (METH_KEYWORDS): +these flags were only checked when the methods were called. + +In Python 3.8, the flags are checked at soon as the module is +imported, which prevents the module to be imported. + +This change fix the two method descriptors. +--- + libcomps/src/python/src/pycomps.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libcomps/src/python/src/pycomps.c b/libcomps/src/python/src/pycomps.c +index b34685c..293a338 100644 +--- a/libcomps/src/python/src/pycomps.c ++++ b/libcomps/src/python/src/pycomps.c +@@ -766,9 +766,9 @@ PyDoc_STRVAR(PyCOMPS_arch_filter__doc__, + static PyMethodDef PyCOMPS_methods[] = { + {"groups_match", (PyCFunction)PyCOMPS_groups_match, METH_VARARGS | METH_KEYWORDS, + PyCOMPS_validate__doc__}, +- {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_KEYWORDS, ++ {"categories_match", (PyCFunction)PyCOMPS_categories_match, METH_VARARGS | METH_KEYWORDS, + PyCOMPS_validate__doc__}, +- {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_KEYWORDS, ++ {"environments_match", (PyCFunction)PyCOMPS_envs_match, METH_VARARGS | METH_KEYWORDS, + PyCOMPS_validate__doc__}, + {"validate", (PyCFunction)PyCOMPS_validate, METH_NOARGS, + PyCOMPS_validate__doc__}, +-- +1.8.3.1 + diff --git a/libcomps-0.1.15.tar.gz b/libcomps-0.1.8.tar.gz similarity index 40% rename from libcomps-0.1.15.tar.gz rename to libcomps-0.1.8.tar.gz index bd66e443463993ab92cbc201e36307fe360d59d3..e8b73d4a384bd125fcce9525e32d28266e3c5ba5 100644 Binary files a/libcomps-0.1.15.tar.gz and b/libcomps-0.1.8.tar.gz differ diff --git a/libcomps.spec b/libcomps.spec index 036bf24d9039ee6e1652a9e3c61470cb627fda6d..61db03ee18f17f535096979f25d8fa0755c63469 100644 --- a/libcomps.spec +++ b/libcomps.spec @@ -1,12 +1,18 @@ +%define with_python2 1 +%define with_python3 1 + Name: libcomps -Version: 0.1.15 -Release: 1 +Version: 0.1.8 +Release: 21 Summary: Comps XML file manipulation library License: GPLv2+ URL: https://github.com/rpm-software-management/libcomps Source0: %{url}/archive/%{name}-%{version}/%{name}-%{version}.tar.gz -BuildRequires: gcc gcc-c++ cmake zlib-devel libxml2-devel check-devel expat-devel +Patch0000: CVE-2019-3817-Fix-UAF-in-comps_objmrtree_unite-function.patch +Patch0001: Fix-Python-method-descriptors-for-Python-3.8.patch + +BuildRequires: gcc cmake zlib-devel libxml2-devel check-devel expat-devel %description Libcomps is library for structure-like manipulation with content of @@ -24,12 +30,21 @@ Requires: %{name} = %{version}-%{release} BuildArch: noarch BuildRequires: python3-sphinx BuildRequires: doxygen -Provides: %{name}-doc = %{version}-%{release} python-%{name}-doc = %{version}-%{release} -Obsoletes: %{name}-doc < %{version}-%{release} python-%{name}-doc < %{version}-%{release} %description help Documentation files for libcomps library and python bindings libcomps library. +%if %{with_python2} +%package -n python2-%{name} +Summary: Python 2 bindings for libcomps library +%{?python_provide:%python_provide python2-%{name}} +BuildRequires: python2-devel +Requires: %{name} = %{version}-%{release} +%description -n python2-%{name} +Python 2 bindings for libcomps library. +%endif + +%if %{with_python3} %package -n python3-%{name} Summary: Python 3 bindings for libcomps library BuildRequires: python3-devel @@ -38,16 +53,27 @@ Requires: %{name} = %{version}-%{release} Obsoletes: platform-python-%{name} < %{version}-%{release} %description -n python3-%{name} Python3 bindings for libcomps library. +%endif %prep %autosetup -n %{name}-%{name}-%{version} -p1 %build +%if %{with_python2} +mkdir build-py2 +pushd build-py2 +%cmake ../libcomps/ -DPYTHON_DESIRED:STRING=2 +%make_build +popd +%endif + +%if %{with_python2} mkdir build-py3 pushd build-py3 %cmake ../libcomps/ -DPYTHON_DESIRED:STRING=3 %make_build popd +%endif mkdir build-doc pushd build-doc @@ -57,15 +83,32 @@ make %{?_smp_mflags} pydocs popd %install +%if %{with_python2} +pushd build-py2 +%make_install +popd +%endif + +%if %{with_python3} pushd build-py3 %make_install popd +%endif %check +%if %{with_python2} +pushd build-py2 +make test +make pytest +popd +%endif + +%if %{with_python3} pushd build-py3 make test make pytest popd +%endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -77,18 +120,29 @@ popd %files devel %{_libdir}/%{name}.so -%{_libdir}/pkgconfig/%{name}.pc %{_includedir}/%{name}/ %files help %doc build-doc/docs/libcomps-doc/html %doc build-doc/src/python/docs/html +%if %{with_python2} +%files -n python2-%{name} +%{python2_sitearch}/%{name}/ +%endif + +%if %{with_python3} %files -n python3-%{name} %{python3_sitearch}/%{name}/ -%{python3_sitearch}/%{name}-%{version}-py%{python3_version}.egg-info +%endif %changelog +* Sat Aug 1 2020 Liquor - 0.1.8-21 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert "update libcomps version to 0.1.15" + * Tue Apr 28 2020 zhouyihang - 0.1.15-1 - Type:requirement - ID:NA