backport fix for CVE-2023-52339 (#2258048 , #2258046 )

Merge branch 'epel7' into epel8
remove package.cfg per new epel-playground policy
2 changed files with 44 additions and 15 deletions
--- a/libebml-cve-2023-52339.patch
+++ b/libebml-cve-2023-52339.patch
@ -0,0 +1,31 @@
 diff -up libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339 libebml-1.3.9/src/MemIOCallback.cpp
 --- libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339	2024-02-02 13:48:28.626522658 +0100
 +++ libebml-1.3.9/src/MemIOCallback.cpp	2024-02-02 13:49:59.620078963 +0100
@@ -68,7 +68,8 @@ uint32 MemIOCallback::read(void *Buffer,
   if (Buffer == NULL || Size < 1)
     return 0;
   //If the size is larger than than the amount left in the buffer
 -  if (Size + dataBufferPos > dataBufferTotalSize) {
 +  if (Size + dataBufferPos < Size || // overflow, reading too much
 +      Size + dataBufferPos > dataBufferTotalSize) {
     //We will only return the remaining data
     memcpy(Buffer, dataBuffer + dataBufferPos, dataBufferTotalSize - dataBufferPos);
     uint64 oldDataPos = dataBufferPos;
@@ -95,6 +96,8 @@ void MemIOCallback::setFilePointer(int64
 size_t MemIOCallback::write(const void *Buffer, size_t Size)
 {
 +  if (dataBufferPos + Size < Size) // overflow, we can't hold that much
 +    return 0;
   if (dataBufferMemorySize < dataBufferPos + Size) {
     //We need more memory!
     dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);
@@ -109,6 +112,8 @@ size_t MemIOCallback::write(const void *
 uint32 MemIOCallback::write(IOCallback & IOToRead, size_t Size)
 {
 +  if (dataBufferPos + Size < Size) // overflow, we can't hold that much
 +    return 0;
   if (dataBufferMemorySize < dataBufferPos + Size) {
     //We need more memory!
     dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);
--- a/libebml.spec
+++ b/libebml.spec
@ -1,12 +1,13 @@
 Summary:    Extensible Binary Meta Language library
 Name:       libebml
 Version:    1.3.9
-Release:    1%{?dist}
+Release:    2%{?dist}
 License:    LGPLv2+
 Group:      System Environment/Libraries
 URL:        https://www.matroska.org/
 Source:     https://dl.matroska.org/downloads/%{name}/%{name}-%{version}.tar.xz
 Patch0:     %{name}-use-system-utf8cpp.patch
 # https://github.com/Matroska-Org/libebml/pull/148
 Patch1:     %{name}-cve-2023-52339.patch
 BuildRequires: cmake3
 BuildRequires: gcc-c++
 BuildRequires: utf8cpp-devel
@ -19,7 +20,6 @@ pendant to XML.
 %package    devel
 Summary:    Development files for the Extensible Binary Meta Language library
 Group:      Development/Libraries
 Requires:   %{name}%{?_isa} = %{version}-%{release}
 Requires:   %{_libdir}/cmake
 Requires:   pkgconfig
@ -36,6 +36,7 @@ will use the Extensible Binary Meta Language library.
 %prep
 %setup -q
 %patch0 -p1 -b .utf8cpp
 %patch1 -p1 -b .cve-2023-52339
 rm -r src/lib/utf8-cpp
@ -68,6 +69,9 @@ make %{?_smp_mflags}
 %changelog
 * Fri Feb 02 2024 Dominik Mierzejewski <rpm@greysector.net> - 1.3.9-2
 - backport fix for CVE-2023-52339 (#2258048, #2258046)
 * Tue Sep 10 2019 Dominik Mierzejewski <rpm@greysector.net> - 1.3.9-1
 - update to 1.3.9 (#1688001)
@ -76,6 +80,12 @@ make %{?_smp_mflags}
 - unbundle utf8cpp
 - fix unowned %%{_libdir}/cmake/ebml directory
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Wed Jan 23 2019 Björn Esser <besser82@fedoraproject.org> - 1.3.6-2
 - Append curdir to CMake invokation. (#1668512)
 * Mon Jul 23 2018 Dominik Mierzejewski <rpm@greysector.net> - 1.3.6-1
 - update to 1.3.6 (#1570224)
 - add BR: gcc for https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
@ -83,21 +93,9 @@ make %{?_smp_mflags}
 - add missing dependencies to -devel subpackage
 - use license and ldconfig_scriptlets macros
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 * Wed Aug 23 2017 Dominik Mierzejewski <rpm@greysector.net> - 1.3.5-1
 - update to 1.3.5 (#1483228)
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 * Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
Author	SHA1	Message	Date
Dominik Mierzejewski	6202225dd0	backport fix for CVE-2023-52339 (#2258048 , #2258046 )	1 year ago
Dominik Mierzejewski	3ed16b4d62	Merge branch 'epel7' into epel8	1 year ago
Troy Dawson	40ae9cc8c7	remove package.cfg per new epel-playground policy	4 years ago
Dominik 'Rathann' Mierzejewski	472da4f488	drop Fedora-only changelog entries	5 years ago
Nicolas Chauvet	702aebace5	Merge branch 'master' into epel8	6 years ago
Gwyn Ciesla	3794b920aa	"Adding package.cfg file"	6 years ago
Fedora Release Engineering	4ac6f773b7	- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	6 years ago
Dominik 'Rathann' Mierzejewski	48e5024718	Merge branch 'f29' into f30	6 years ago
Fedora Release Engineering	cd5ea1d86d	- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	6 years ago
Igor Gnatenko	f0fa9d5e47	Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag	6 years ago
Björn Esser	7f096cae14	Append curdir to CMake invokation. (#1668512 )	6 years ago