From f74bf63f6e40d487c677d87065899cb678ce1e3c Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Mon, 7 Oct 2024 21:05:04 +0300 Subject: [PATCH] import orc-0.4.31-8.el9 --- .gitignore | 1 + .orc.metadata | 1 + ...-available-for-error-messages-and-ot.patch | 102 ++++++ SPECS/orc.spec | 319 ++++++++++++++++++ 4 files changed, 423 insertions(+) create mode 100644 .gitignore create mode 100644 .orc.metadata create mode 100644 SOURCES/0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch create mode 100644 SPECS/orc.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9a40cb0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/orc-0.4.31.tar.xz diff --git a/.orc.metadata b/.orc.metadata new file mode 100644 index 0000000..3e9ee58 --- /dev/null +++ b/.orc.metadata @@ -0,0 +1 @@ +5d714f43f6c8a5d909b5f483e2e70447d6fe478a SOURCES/orc-0.4.31.tar.xz diff --git a/SOURCES/0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch b/SOURCES/0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch new file mode 100644 index 0000000..0a18f0d --- /dev/null +++ b/SOURCES/0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch @@ -0,0 +1,102 @@ +From 734766c2596b6ff940778f659bd664b3d72abd61 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Wed, 31 Jul 2024 11:12:48 +0200 +Subject: [PATCH] Use vasprintf() if available for error messages and otherwise + vsnprintf() + +vasprintf() is a GNU/BSD extension and would allocate as much memory as required +on the heap, similar to g_strdup_printf(). It's ridiculous that such a function +is still not provided as part of standard C. + +If it's not available, use vsnprintf() to at least avoid stack/heap buffer +overflows, which can lead to arbitrary code execution. + +Thanks to Noriko Totsuka for reporting. + +Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897 +Fixes #69 + +Part-of: +--- + meson.build | 1 + + orc/orccompiler.c | 6 +++++- + orc/orcparse.c | 18 +++++++++++++++--- + 3 files changed, 21 insertions(+), 4 deletions(-) + +diff --git a/meson.build b/meson.build +index 41d5e5b..0e0d83b 100644 +--- a/meson.build ++++ b/meson.build +@@ -118,6 +118,7 @@ int main() { + ''' + cdata.set('HAVE_MONOTONIC_CLOCK', cc.compiles(monotonic_test)) + cdata.set('HAVE_GETTIMEOFDAY', cc.has_function('gettimeofday')) ++cdata.set('HAVE_VASPRINTF', cc.has_function('vasprintf')) + cdata.set('HAVE_POSIX_MEMALIGN', cc.has_function('posix_memalign', prefix : '#include ')) + cdata.set('HAVE_MMAP', cc.has_function('mmap')) + +diff --git a/orc/orccompiler.c b/orc/orccompiler.c +index 8d92cbe..ea0853c 100644 +--- a/orc/orccompiler.c ++++ b/orc/orccompiler.c +@@ -1210,8 +1210,12 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt, + + if (compiler->error_msg) return; + ++#ifdef HAVE_VASPRINTF ++ vasprintf (&s, fmt, args); ++#else + s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE); +- vsprintf (s, fmt, args); ++ vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args); ++#endif + compiler->error_msg = s; + compiler->error = TRUE; + compiler->result = ORC_COMPILE_RESULT_UNKNOWN_COMPILE; +diff --git a/orc/orcparse.c b/orc/orcparse.c +index f46b0be..56a9c3a 100644 +--- a/orc/orcparse.c ++++ b/orc/orcparse.c +@@ -401,9 +401,13 @@ opcode_arg_size (OrcStaticOpcode *opcode, int arg) + static void + orc_parse_log_valist (OrcParser *parser, const char *format, va_list args) + { +- char s[100]; ++#ifdef HAVE_VASPRINTF ++ char *s; ++#else ++ char s[100] = { '\0' }; ++#endif + int len; +- ++ + if (parser->error_program != parser->program) { + sprintf(s, "In function %s:\n", parser->program->name); + len = strlen(s); +@@ -418,7 +422,11 @@ orc_parse_log_valist (OrcParser *parser, const char *format, va_list args) + parser->error_program = parser->program; + } + +- vsprintf(s, format, args); ++#ifdef HAVE_VASPRINTF ++ vasprintf (&s, format, args); ++#else ++ vsnprintf (s, sizeof (s), format, args); ++#endif + len = strlen(s); + + if (parser->log_size + len + 1 >= parser->log_alloc) { +@@ -428,6 +436,10 @@ orc_parse_log_valist (OrcParser *parser, const char *format, va_list args) + + strcpy (parser->log + parser->log_size, s); + parser->log_size += len; ++ ++#ifdef HAVE_VASPRINTF ++ free (s); ++#endif + } + + static void +-- +2.45.2 + diff --git a/SPECS/orc.spec b/SPECS/orc.spec new file mode 100644 index 0000000..dff819e --- /dev/null +++ b/SPECS/orc.spec @@ -0,0 +1,319 @@ +Name: orc +Version: 0.4.31 +Release: 8%{?dist} +Summary: The Oil Run-time Compiler + +License: BSD +URL: http://cgit.freedesktop.org/gstreamer/orc/ +Source0: http://gstreamer.freedesktop.org/src/orc/%{name}-%{version}.tar.xz + +Patch0001: 0001-Use-vasprintf-if-available-for-error-messages-and-ot.patch + +BuildRequires: meson >= 0.47.0 +BuildRequires: gcc +BuildRequires: gtk-doc + +%description +Orc is a library and set of tools for compiling and executing +very simple programs that operate on arrays of data. The "language" +is a generic assembly language that represents many of the features +available in SIMD architectures, including saturated addition and +subtraction, and many arithmetic operations. + +%package doc +Summary: Documentation for Orc +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description doc +Documentation for Orc. + +%package devel +Summary: Development files and libraries for Orc +Requires: %{name} = %{version}-%{release} +Requires: %{name}-compiler +Requires: pkgconfig + +%description devel +This package contains the files needed to build packages that depend +on orc. + +%package compiler +Summary: Orc compiler +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description compiler +The Orc compiler, to produce optimized code. + + +%prep +%autosetup -p1 + +%build +%meson -D default_library=shared +%meson_build + +%install +%meson_install + +# Remove unneeded files. +find %{buildroot}/%{_libdir} -name \*.a -delete +rm -rf %{buildroot}/%{_libdir}/orc + +%check +%ifnarch s390 s390x ppc %{power64} %{arm} i686 aarch64 +%meson_test +%endif + +%ldconfig_scriptlets + + +%files +%doc COPYING README +%{_libdir}/liborc-*.so.* +%{_bindir}/orc-bugreport + +%files doc +%doc %{_datadir}/gtk-doc/html/orc/ + +%files devel +%doc examples/*.c +%{_includedir}/%{name}-0.4/ +%{_libdir}/liborc-*.so +%{_libdir}/pkgconfig/orc-0.4.pc +%{_libdir}/pkgconfig/orc-test-0.4.pc +%{_datadir}/aclocal/orc.m4 + +%files compiler +%{_bindir}/orcc + + +%changelog +* Wed Jul 31 2024 Wim Taymans 0.4.31-8 +- Bump version for upgrade with z-stream +- Resolves: RHEL-50700 + +* Wed Jul 31 2024 Wim Taymans 0.4.31-7 +- Add patch for CVE-2024-40897 +- Resolves: RHEL-50700 + +* Mon Aug 09 2021 Mohan Boddu - 0.4.31-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.4.31-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.4.31-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.4.31-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 0.4.31-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 12 2019 Wim Taymans 0.4.31-1 +- Update to 0.4.31 + +* Tue Sep 24 2019 Wim Taymans 0.4.30-1 +- Update to 0.4.30 +- Use meson as autogen was removed, add meson buildrequires + +* Thu Jul 25 2019 Fedora Release Engineering - 0.4.29-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 10 2019 Dan Horák 0.4.29-2 +- revert commits changing ppc64/ppc64le support + +* Tue Apr 23 2019 Wim Taymans 0.4.29-1 +- Update to 0.4.29 +- Add orc-test pkgconfig file + +* Fri Feb 01 2019 Fedora Release Engineering - 0.4.28-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 0.4.28-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Feb 08 2018 Fedora Release Engineering - 0.4.28-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Dec 11 2017 Wim Taymans 0.4.28-1 +- Update to 0.4.28 +- Disable regeneration of docs + +* Thu Aug 03 2017 Fedora Release Engineering - 0.4.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.4.27-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 18 2017 Wim Taymans 0.4.27-1 +- Update to 0.4.27 + +* Sat Feb 11 2017 Fedora Release Engineering - 0.4.26-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Aug 31 2016 Wim Taymans 0.4.26-1 +- Update to 0.4.26 + +* Mon Mar 07 2016 Wim Taymans 0.4.25-1 +- Update to 0.4.25 + +* Thu Feb 04 2016 Fedora Release Engineering - 0.4.24-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 25 2015 Wim Taymans 0.4.24-1 +- Update to 0.4.24 + +* Thu Jun 18 2015 Fedora Release Engineering - 0.4.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 5 2015 Wim Taymans 0.4.23-1 +- Update to 0.4.23 + +* Sat Feb 21 2015 Till Maas - 0.4.22-4 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Thu Sep 11 2014 Yaakov Selkowitz - 0.4.22-3 +- Do not run tests on aarch64 + +* Thu Sep 4 2014 Peter Robinson 0.4.22-2 +- Add upstream patch for selinux issue with tmp files + +* Fri Aug 29 2014 Peter Robinson 0.4.22-1 +- Update to 0.4.22 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.4.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.4.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Sep 19 2013 Brian Pepple - 0.4.18-1 +- Update to 0.4.18. + +* Sat Aug 03 2013 Fedora Release Engineering - 0.4.17-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 20 2013 Fabian Deutsch - 0.4.17-2 +- Fix typo rhbz#817944 + +* Wed Feb 20 2013 Fabian Deutsch - 0.4.17-1 +- Update to latest upstream release +- Removed obsolete patches + +* Thu Feb 14 2013 Fedora Release Engineering - 0.4.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jan 19 2013 Daniel Drake - 0.4.16-7 +- Fix fallback path when register allocation fails +- Fixes gstreamer-1.0 crash on OLPC XO-1.75 + +* Fri Jul 27 2012 Fedora Release Engineering - 0.4.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 07 2012 Fabian Deutsch - 0.4.16-5 +- Updated subdir patch. + +* Wed Oct 26 2011 Fedora Release Engineering - 0.4.16-4 +- Rebuilt for glibc bug#747377 + +* Sun Oct 16 2011 Fabian Deutsch - 0.4.16-3 +- Add Fedora specific patch for tempfiles in subdirs + +* Sun Oct 16 2011 Daniel Drake - 0.4.16-2 +- Add upstream patches to fix gstreamer crash on Geode (#746185) + +* Mon Oct 03 2011 Fabian Deutsch - 0.4.16-1 +- Update to 0.4.16 +- Fixing regression introdcued by 0.4.15 (#742534 and #734911) + +* Mon Sep 26 2011 Fabian Deutsch - 0.4.15-1 +- Update to 0.4.15 + +* Mon Jun 20 2011 Peter Robinson - 0.4.14-3 +- Add ARM platforms to the make check exclusion + +* Sat May 07 2011 Fabian Deutsch - 0.4.14-2 +- Add orc-bugreport to the main package (#702727) + +* Sat Apr 30 2011 Fabian Deutsch - 0.4.14-1 +- Update to 0.4.14 + +* Tue Apr 19 2011 Fabian Deutsch - 0.4.13-1 +- Update to 0.4.13, another bug fixing release + +* Fri Apr 15 2011 Fabian Deutsch - 0.4.12-1 +- Update to 0.4.12, a bug fixing release + +* Wed Feb 23 2011 Karsten Hopp 0.4.11-3 +- don't run tests on ppc, ppc64 + +* Tue Feb 08 2011 Fedora Release Engineering - 0.4.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Oct 24 2010 Fabian Deutsch - 0.4.11-1 +- Update to 0.4.11. +- More bug fixes for CPUs that do not have backends, mmx and sse. + +* Fri Oct 08 2010 Fabian Deutsch - 0.4.10-1 +- Update to 0.4.10. +- Fixes some bugs related to SELinux. + +* Mon Sep 06 2010 Fabian Deutsch - 0.4.9-1 +- Update to 0.4.9, a pimarily bug fixing release. + +* Thu Aug 19 2010 Fabian Deutsch - 0.4.7-1 +- Updated to 0.4.7. + +* Thu Jul 22 2010 Fabian Deutsch - 0.4.6-1 +- Updated to 0.4.6. +- New orc-bugreport added. + +* Tue Jul 13 2010 Dan Horák - 0.4.5-3 +- don't run test on s390(x) + +* Sun Jun 13 2010 Fabian Deutsch - 0.4.5-2 +- Added removed testing libraries to package. + +* Sun Jun 13 2010 Fabian Deutsch - 0.4.5-1 +- Updated to 0.4.5. +- Removed testing libraries from package. + +* Mon Apr 05 2010 Fabian Deutsch - 0.4.4-2 +- Docs as noarch. +- Sanitize timestamps of header files. +- orcc in -compiler subpackage. + +* Tue Mar 30 2010 Fabian Deutsch - 0.4.4-1 +- Updated to 0.4.4: Includes bugfixes for x86_64. + +* Wed Mar 17 2010 Fabian Deutsch - 0.4.3-2 +- Running autoreconf to prevent building problems. +- Added missing files to docs. +- Added examples to devel docs. + +* Thu Mar 04 2010 Fabian Deutsch - 0.4.3-1 +- Updated to 0.4.3 + +* Sun Oct 18 2009 Fabian Deutsch - 0.4.2-4 +- Removed unused libdir + +* Sun Oct 18 2009 Fabian Deutsch - 0.4.2-3 +- Specfile cleanup +- Removed tools subpackage +- Added docs subpackage + +* Sat Oct 03 2009 Fabian Deutsch - 0.4.2-2 +- Use orc as pakage name +- spec-file cleanup +- Added devel requirements +- Removed an rpath issue + +* Fri Oct 02 2009 Fabian Deutsch - 0.4.2-1 +- Initial release +