commit libical for openSUSE:Factory
Hello community, here is the log from the commit of package libical for openSUSE:Factory checked in at 2017-06-30 18:41:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libical (Old) and /work/SRC/openSUSE:Factory/.libical.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libical" Fri Jun 30 18:41:12 2017 rev:38 rq:506161 version:2.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libical/libical.changes 2016-10-13 11:23:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libical.new/libical.changes 2017-06-30 18:41:18.147073772 +0200 @@ -1,0 +2,12 @@ +Mon Jun 19 19:54:50 UTC 2017 - mgorse@suse.com + +- Add fixes for various crashes: + libical-boo986631-read-past-end.patch + libical-boo986631-check-prev-char.patch + libical-parser-sanity-check.patch + libical-timezone-use-after-free.patch + libical-boo1015964-use-after-free.patch + Fixes boo#986631 (CVE-2016-5827), boo#986639 (CVE-2016-5824), + boo#1015964 (CVE-2016-9584), and boo#1044995. + +------------------------------------------------------------------- New: ---- libical-boo1015964-use-after-free.patch libical-boo986631-check-prev-char.patch libical-boo986631-read-past-end.patch libical-parser-sanity-check.patch libical-timezone-use-after-free.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libical.spec ++++++ --- /var/tmp/diff_new_pack.qNm91V/_old 2017-06-30 18:41:18.706995015 +0200 +++ /var/tmp/diff_new_pack.qNm91V/_new 2017-06-30 18:41:18.710994453 +0200 @@ -1,7 +1,7 @@ # # spec file for package libical # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,16 @@ Source: https://github.com/libical/libical/releases/download/v%{version}/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch1: 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch +# PATCH-FIX-UPSTREAM libical-boo986631-read-past-end.patch boo#986631 mgorse@suse.com -- fix for reading passed end of string (CVE-2016-5827) +Patch2: libical-boo986631-read-past-end.patch +# PATCH-FIX-UPSTREAM libical-boo986631-check-prev-char.patch boo#986631 mgorse@suse.com -- make sure we have a prev_char before checking it +Patch3: libical-boo986631-check-prev-char.patch +# PATCH-FIX-UPSTREAM libical-parser-sanity-check.patch mgorse@suse.com -- sanity check value parameter against what is allowed. +Patch4: libical-parser-sanity-check.patch +# PATCH-FIX-UPSTREAM libical-timezone-use-after-free.patch mgorse@suse.com -- fix use after free in fetch_lat_long_from_string +Patch5: libical-timezone-use-after-free.patch +# PATCH-FIX-UPSTREAM libical-boo1015964-use-after-free.patch boo#986639 boo#1015984 mgorse@suse.com -- copy reqstattype's debug string into its own memory (CVE-2016-5824 CVE-2016-9584). +Patch6: libical-boo1015964-use-after-free.patch BuildRequires: cmake >= 2.4 BuildRequires: gcc-c++ BuildRequires: pkg-config @@ -91,6 +101,11 @@ %prep %setup -q %patch -P 1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build %cmake ++++++ libical-boo1015964-use-after-free.patch ++++++
From 6b9438d746cec6e4e632d78c5244f4be6314d1c9 Mon Sep 17 00:00:00 2001 From: Allen Winter
Date: Sun, 28 May 2017 12:51:10 -0400 Subject: [PATCH] icaltypes.c - icalreqstattype_from_string(), copy the reqstattype's debug string into its own memory in the ring buffer.
Issue#253 --- src/libical/icaltypes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libical/icaltypes.c b/src/libical/icaltypes.c index 70c50d29..85c33545 100644 --- a/src/libical/icaltypes.c +++ b/src/libical/icaltypes.c @@ -140,7 +140,7 @@ struct icalreqstattype icalreqstattype_from_string(const char *str) p2 = strchr(p1 + 1, ';'); if (p2 != 0 && *p2 != 0) { - stat.debug = p2 + 1; + stat.debug = icalmemory_tmp_copy(p2 + 1); } return stat; -- 2.12.3 ++++++ libical-boo986631-check-prev-char.patch ++++++
From 04d84749e53db08c71ed0ce8b6ba5c11082743cd Mon Sep 17 00:00:00 2001 From: Ken Murchison
Date: Fri, 2 Dec 2016 14:14:03 -0500 Subject: [PATCH] icalparser.c: make sure we have a prev_char before checking it
--- src/libical/icalparser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c index 9d332375..2735c9ac 100644 --- a/src/libical/icalparser.c +++ b/src/libical/icalparser.c @@ -148,7 +148,7 @@ static char *parser_get_next_char(char c, char *str, int qm) char prev_char = 0; while (next_char != 0) { - if (prev_char != '\\') { + if (prev_char && prev_char != '\\') { if (qm == 1 && next_char == '"') { /* Encountered a quote, toggle quote mode */ quote_mode = !quote_mode; -- 2.12.3 ++++++ libical-boo986631-read-past-end.patch ++++++
From 38757abb495ea6cb40faa5418052278bf75040f7 Mon Sep 17 00:00:00 2001 From: Ken Murchison
Date: Fri, 2 Dec 2016 14:13:22 -0500 Subject: [PATCH] icaltime.c: don't read past end of string (can't check str[19] if length is 16)
--- src/libical/icaltime.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c index ca647633..4077ce75 100644 --- a/src/libical/icaltime.c +++ b/src/libical/icaltime.c @@ -445,7 +445,7 @@ struct icaltimetype icaltime_from_string(const char *str) tt.is_utc = 0; tt.is_date = 0; } else if ((size == 16) || (size == 20)) { /* UTC time, ends in 'Z' */ - if ((str[15] != 'Z') && (str[19] != 'Z')) + if ((str[size-1] != 'Z')) goto FAIL; tt.is_utc = 1; -- 2.12.3 ++++++ libical-parser-sanity-check.patch ++++++
From 53e68ff6e2133c54ff44df53e8b75ef21125fb3d Mon Sep 17 00:00:00 2001 From: Ken Murchison
Date: Tue, 13 Dec 2016 16:22:42 -0500 Subject: [PATCH] icalparser.c: sanity check VALUE parameter against what is allowed
Backported by Mike Gorse
From 6bcc779a17a2d286e4c3cb958ddf369cc01cb42c Mon Sep 17 00:00:00 2001 From: Allen Winter
Date: Thu, 15 Dec 2016 18:17:10 -0500 Subject: [PATCH] icaltimezone.c - fix heap-use-after-free caused by fetch_lat_long_from_string() issue#262
Backported by Mike Gorse
participants (1)
-
root@hilbert.suse.de