Compare commits

...

No commits in common. 'c9' and 'c8' have entirely different histories.
c9 ... c8

2
.gitignore vendored

@ -1 +1 @@
SOURCES/libksba-1.5.1.tar.bz2
SOURCES/libksba-1.3.5.tar.bz2

@ -1 +1 @@
740ac2551b33110e879aff100c6a6749284daf97 SOURCES/libksba-1.5.1.tar.bz2
a98385734a0c3f5b713198e8d6e6e4aeb0b76fde SOURCES/libksba-1.3.5.tar.bz2

Binary file not shown.

@ -1,157 +0,0 @@
From f47ac49c068f1bc640f391b8b4a9594486ed0bb7 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:33:17 +0200
Subject: [PATCH 1/5] tests: reset freed pointer for next iteration
* tests/t-oid.c (main): reset freed pointer for next iteration
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/t-oid.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/t-oid.c b/tests/t-oid.c
index 0fe5944..04156b6 100644
--- a/tests/t-oid.c
+++ b/tests/t-oid.c
@@ -183,6 +183,7 @@ main (int argc, char **argv)
printf (" %02X", buffer[n]);
putchar ('\n');
free (buffer);
+ buffer = NULL;
}
}
else if (!strcmp (*argv, "--to-str"))
--
2.30.2
From 8c410c22a0366b4ce43d37b62598d8429c3ffc30 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:36:56 +0200
Subject: [PATCH 2/5] time: avoid buffer overrun
* src/time.c (_ksba_current_time): Use snprintf to avoid buffer overrun
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/time.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/time.c b/src/time.c
index d793476..f5f3a03 100644
--- a/src/time.c
+++ b/src/time.c
@@ -160,7 +160,7 @@ _ksba_current_time (ksba_isotime_t timebuf)
#else
tp = gmtime ( &epoch );
#endif
- sprintf (timebuf,"%04d%02d%02dT%02d%02d%02d",
- 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
- tp->tm_hour, tp->tm_min, tp->tm_sec);
+ snprintf (timebuf, sizeof(ksba_isotime_t), "%04d%02d%02dT%02d%02d%02d",
+ 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday,
+ tp->tm_hour, tp->tm_min, tp->tm_sec);
}
--
2.30.2
From b8581032f492b4c17d20e966f11afd591ca177ef Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 22:44:43 +0200
Subject: [PATCH 3/5] asn1-func: Initialize buffer
* src/asn1-func.c (_ksba_asn_expand_object_id): Initialize name2 buffer
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/asn1-func.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/asn1-func.c b/src/asn1-func.c
index e64c479..05ec897 100755
--- a/src/asn1-func.c
+++ b/src/asn1-func.c
@@ -882,7 +882,7 @@ int
_ksba_asn_expand_object_id (AsnNode node)
{
AsnNode p, p2, p3, p4, p5;
- char name_root[129], name2[129*2+1];
+ char name_root[129], name2[129*2+1] = "";
/* Fixme: Make a cleaner implementation */
if (!node)
--
2.30.2
From ff510b0511443c181b9b9af87bd2596b6a5751fc Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 10:28:10 +0200
Subject: [PATCH 4/5] ber-decoder: Avoid null pointer dereference on error
* src/ber-decoder.c (_ksba_ber_decoder_dump): break on error
--
The above branches set err if stuff go wrong, but it is never checked
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/ber-decoder.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ber-decoder.c b/src/ber-decoder.c
index 755c1d7..87e58a9 100644
--- a/src/ber-decoder.c
+++ b/src/ber-decoder.c
@@ -1149,6 +1149,8 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp)
err = gpg_error_from_syserror ();
}
}
+ if (err)
+ break;
for (n=0; !err && n < d->val.length; n++)
{
--
2.30.2
From 0431c56f4e1b6d6c3ff302648730da36a18ae93c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 10:30:59 +0200
Subject: [PATCH 5/5] Mark the idential branches as intentional for coverity
* src/ber-help.c (_ksba_ber_count_tl): Mark identical branches as
intentional for coverity
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/ber-help.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ber-help.c b/src/ber-help.c
index 1b72bf0..81c31ed 100644
--- a/src/ber-help.c
+++ b/src/ber-help.c
@@ -440,6 +440,7 @@ _ksba_ber_count_tl (unsigned long tag,
(void)constructed; /* Not used, but passed for uniformity of such calls. */
+ /* coverity[identical_branches] */
if (tag < 0x1f)
{
buflen++;
--
2.30.2

Binary file not shown.

@ -1,25 +1,24 @@
Summary: CMS and X.509 library
Name: libksba
Version: 1.5.1
Release: 6%{?dist}
Version: 1.3.5
Release: 9%{?dist}
# The library is licensed under LGPLv3+ or GPLv2+,
# the rest of the package under GPLv3+
License: (LGPLv3+ or GPLv2+) and GPLv3+
URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libksba/libksba-%{version}.tar.bz2.sig
Group: System Environment/Libraries
URL: http://www.gnupg.org/
Source0: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-%{version}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/libksba/libksba-%{version}.tar.bz2.sig
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: libksba-1.3.0-multilib.patch
Patch2: libksba-1.5.1-coverity.patch
# Fix for CVE-2022-3515
Patch3: libksba-1.5.1-overflow.patch
Patch2: libksba-1.5.1-overflow.patch
BuildRequires: gcc
BuildRequires: gawk
BuildRequires: libgpg-error-devel >= 1.8
BuildRequires: libgcrypt-devel >= 1.2.0
BuildRequires: make
%description
KSBA (pronounced Kasbah) is a library to make X.509 certificates as
@ -28,9 +27,10 @@ specifications are building blocks of S/MIME and TLS.
%package devel
Summary: Development headers and libraries for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
%description devel
%{summary}.
@ -39,26 +39,21 @@ Requires: pkgconfig
%setup -q
%patch1 -p1 -b .multilib
%patch2 -p1 -b .coverity
%patch3 -p1 -b .overflow
%patch2 -p1 -b .overflow
# Convert to utf-8
for file in THANKS; do
iconv -f ISO-8859-1 -t UTF-8 -o $file.new $file && \
touch -r $file $file.new && \
mv $file.new $file
done
%build
%configure \
--disable-dependency-tracking \
--disable-static
%make_build
make %{?_smp_mflags}
%install
%make_install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
@ -70,67 +65,36 @@ make check
%ldconfig_scriptlets
%post devel
install-info %{_infodir}/ksba.info %{_infodir}/dir ||:
%preun devel
if [ $1 -eq 0 ]; then
install-info --delete %{_infodir}/ksba.info %{_infodir}/dir ||:
fi
%files
%defattr(-,root,root,-)
%license COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv3
%doc AUTHORS ChangeLog NEWS README* THANKS TODO
%{_libdir}/libksba.so.8*
%files devel
%defattr(-,root,root,-)
%{_bindir}/ksba-config
%{_libdir}/libksba.so
%{_includedir}/ksba.h
%{_datadir}/aclocal/ksba.m4
%{_libdir}/pkgconfig/ksba.pc
%{_infodir}/ksba.info*
%changelog
* Wed Jan 25 2023 Jakub Jelen <jjelen@redhat.com> - 1.5.1-6
* Wed Jan 25 2023 Jakub Jelen <jjelen@redhat.com> - 1.3.5-9
- Fix for CVE-2022-47629 (#2161571)
* Wed Oct 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.5.1-5
- Fix for CVE-2022-3515 (#2135703)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-2
- Address issues reported by coverity
* Wed Apr 07 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-1
- New upstream release (#1946544)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 1.5.0-1
- New upstream release (#1899183)
* Tue Oct 6 2020 Tomas Mraz <tmraz@redhat.com> - 1.4.0-1
- New upstream version 1.4.0
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.3.5-12
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Oct 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.3.5-8
- Fix for CVE-2022-3515 (#2135702)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Loading…
Cancel
Save