rpms
/
libebml
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:epel9
Branches Tags
rpms:i10fe
rpms:i8ce
rpms:i9ce
rpms:epel9
rpms:epel8
...
pull from: rpms:i8ce
Branches Tags
rpms:i10fe
rpms:i8ce
rpms:i9ce
rpms:epel9
rpms:epel8

No commits in common. 'epel9' and 'i8ce' have entirely different histories.
epel9 ... i8ce

7 changed files with 59 additions and 102 deletions
Show Stats

19
.gitignore vendored
Unescape View File

@ -1,18 +1 @@
libebml-1.0.0.tar.bz2
/libebml-1.2.0.tar.bz2
/libebml-1.2.1.tar.bz2
/libebml-1.2.2.tar.bz2
/libebml-1.3.0.tar.bz2
/libebml-1.3.1.tar.bz2
/libebml-1.3.3.tar.bz2
/libebml-1.3.4.tar.bz2
/libebml-1.3.5.tar.xz
/libebml-1.3.6.tar.xz
/libebml-1.3.7.tar.xz
/libebml-1.3.9.tar.xz
/libebml-1.3.10.tar.xz
/libebml-1.4.0.tar.xz
/libebml-1.4.1.tar.xz
/libebml-1.4.2.tar.xz
/libebml-1.4.4.tar.xz
/libebml-1.4.5.tar.xz
SOURCES/libebml-1.3.9.tar.xz

1
.libebml.metadata
Unescape View File

@ -0,0 +1 @@
abdcaac0f10756271ad6a15a2147e9bc51cd8661 SOURCES/libebml-1.3.9.tar.xz

31
SOURCES/libebml-cve-2023-52339.patch
Unescape View File

@ -0,0 +1,31 @@
diff -up libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339 libebml-1.3.9/src/MemIOCallback.cpp
--- libebml-1.3.9/src/MemIOCallback.cpp.cve-2023-52339 2024-02-02 13:48:28.626522658 +0100
+++ libebml-1.3.9/src/MemIOCallback.cpp 2024-02-02 13:49:59.620078963 +0100
@@ -68,7 +68,8 @@ uint32 MemIOCallback::read(void *Buffer,
if (Buffer == NULL || Size < 1)
return 0;
//If the size is larger than than the amount left in the buffer
- if (Size + dataBufferPos > dataBufferTotalSize) {
+ if (Size + dataBufferPos < Size || // overflow, reading too much
+ Size + dataBufferPos > dataBufferTotalSize) {
//We will only return the remaining data
memcpy(Buffer, dataBuffer + dataBufferPos, dataBufferTotalSize - dataBufferPos);
uint64 oldDataPos = dataBufferPos;
@@ -95,6 +96,8 @@ void MemIOCallback::setFilePointer(int64
size_t MemIOCallback::write(const void *Buffer, size_t Size)
{
+ if (dataBufferPos + Size < Size) // overflow, we can't hold that much
+ return 0;
if (dataBufferMemorySize < dataBufferPos + Size) {
//We need more memory!
dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);
@@ -109,6 +112,8 @@ size_t MemIOCallback::write(const void *
uint32 MemIOCallback::write(IOCallback & IOToRead, size_t Size)
{
+ if (dataBufferPos + Size < Size) // overflow, we can't hold that much
+ return 0;
if (dataBufferMemorySize < dataBufferPos + Size) {
//We need more memory!
dataBuffer = (binary *)realloc((void *)dataBuffer, dataBufferPos + Size);

12
SOURCES/libebml-use-system-utf8cpp.patch
Unescape View File

@ -0,0 +1,12 @@
diff -up libebml-1.3.7/src/EbmlUnicodeString.cpp.utf8cpp libebml-1.3.7/src/EbmlUnicodeString.cpp
--- libebml-1.3.7/src/EbmlUnicodeString.cpp.utf8cpp 2019-03-12 20:27:42.000000000 +0100
+++ libebml-1.3.7/src/EbmlUnicodeString.cpp 2019-06-07 22:54:39.002363241 +0200
@@ -39,7 +39,7 @@
#include "ebml/EbmlUnicodeString.h"
-#include "lib/utf8-cpp/source/utf8/checked.h"
+#include <utf8/checked.h>
START_LIBEBML_NAMESPACE

85
libebml.spec → SPECS/libebml.spec
Unescape View File

@ -1,11 +1,13 @@
Summary: Extensible Binary Meta Language library
Name: libebml
Version: 1.4.5
Release: 1%{?dist}
Version: 1.3.9
Release: 2%{?dist}
License: LGPLv2+
URL: https://www.matroska.org/
Source: https://dl.matroska.org/downloads/%{name}/%{name}-%{version}.tar.xz
Patch0: %{name}-use-system-utf8cpp.patch
# https://github.com/Matroska-Org/libebml/pull/148
Patch1: %{name}-cve-2023-52339.patch
BuildRequires: cmake3
BuildRequires: gcc-c++
BuildRequires: utf8cpp-devel
@ -34,16 +36,17 @@ will use the Extensible Binary Meta Language library.
%prep
%setup -q
%patch0 -p1 -b .utf8cpp
%patch1 -p1 -b .cve-2023-52339
rm -r src/lib/utf8-cpp
%build
%cmake3
%cmake3_build
%cmake3 .
make %{?_smp_mflags}
%install
%cmake3_install
%make_install
%ldconfig_scriptlets
@ -51,8 +54,8 @@ rm -r src/lib/utf8-cpp
%files
%license LICENSE.LGPL
%doc NEWS.md
%{_libdir}/%{name}.so.5*
%doc ChangeLog
%{_libdir}/%{name}.so.4*
%files devel
%{_includedir}/ebml/
@ -66,63 +69,15 @@ rm -r src/lib/utf8-cpp
%changelog
* Fri Feb 02 2024 Dominik Mierzejewski <dominik@greysector.net> - 1.4.5-1
- update to 1.4.5 (#2254413)
- fixes CVE-2023-52339 (#2258046, #2258047)
* Thu Feb 29 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 1.3.9-2
- Rebuilt for MSVSphere 8.9
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Oct 11 2022 Dominik Mierzejewski <dominik@greysector.net> - 1.4.4-1
- update to 1.4.4 (#2131232)
- drop obsolete patch
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Feb 24 2021 Dominik Mierzejewski <rpm@greysector.net> - 1.4.2-1
- update to 1.4.2 (#1930172)
- fixes CVE-2021-3405 (#1926991)
- fix build with GCC-11
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 25 2021 Dominik Mierzejewski <rpm@greysector.net> - 1.4.1-1
- update to 1.4.1 (#1912485)
- fixes heap use-after-free when parsing malformed file (https://gitlab.com/mbunkus/mkvtoolnix/-/issues/2989)
* Mon Aug 10 2020 Hans de Goede <hdegoede@redhat.com> - 1.4.0-4
- Fix FTBFS, straight-forward cmake macro fix (rhbz#1863992)
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 07 2020 Dominik Mierzejewski <rpm@greysector.net> - 1.4.0-1
- update to 1.4.0 (#1851593), ABI bump
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Dec 24 2019 Dominik Mierzejewski <rpm@greysector.net> - 1.3.10-1
- update to 1.3.10 (#1782287)
* Fri Feb 02 2024 Dominik Mierzejewski <rpm@greysector.net> - 1.3.9-2
- backport fix for CVE-2023-52339 (#2258048, #2258046)
* Tue Sep 10 2019 Dominik Mierzejewski <rpm@greysector.net> - 1.3.9-1
- update to 1.3.9 (#1688001)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 07 2019 Dominik Mierzejewski <rpm@greysector.net> - 1.3.7-1
- update to 1.3.7
- unbundle utf8cpp
@ -141,21 +96,9 @@ rm -r src/lib/utf8-cpp
- add missing dependencies to -devel subpackage
- use license and ldconfig_scriptlets macros
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 23 2017 Dominik Mierzejewski <rpm@greysector.net> - 1.3.5-1
- update to 1.3.5 (#1483228)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

12
libebml-use-system-utf8cpp.patch
Unescape View File

@ -1,12 +0,0 @@
diff -up libebml-1.4.4/src/EbmlUnicodeString.cpp.utf8cpp libebml-1.4.4/src/EbmlUnicodeString.cpp
--- libebml-1.4.4/src/EbmlUnicodeString.cpp.utf8cpp 2022-10-11 13:11:14.129418820 +0200
+++ libebml-1.4.4/src/EbmlUnicodeString.cpp 2022-10-11 13:11:44.405608490 +0200
@@ -40,7 +40,7 @@
#include "ebml/EbmlUnicodeString.h"
-#include "lib/utf8-cpp/source/utf8/checked.h"
+#include <utf8/checked.h>
namespace libebml {

1
sources
Unescape View File

@ -1 +0,0 @@
SHA512 (libebml-1.4.5.tar.xz) = 6ee2afd538de8b028a1acd4a0f00a8aa230deac297573d868683e96f22fa4953858d3a1d8ab414ac27757f35699e6149f0aaef6eb4d235baa79226d8f36ccb5c
Write Preview
Loading…
Cancel
Save