From cb492132adaec84a26852d2d674a66fab448a7f400583ce683ee3733434f1f63 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Mon, 25 May 2020 07:09:38 +0000 Subject: [PATCH] Accepting request 808288 from home:Kieltux:branches:M17N - Add no-config-h.diff - copied from Debian Remove HAVE_CONFIG_H from public API - Add Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff - copied from Debian, CVE-2019-18397 Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL - Run spec-cleaner The patch no-config-h.diff fixes building of some programs in OBS, e.g. Warmux. CVE-2019-18397. I think the assumption in https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-18397 is wrong. OBS-URL: https://build.opensuse.org/request/show/808288 OBS-URL: https://build.opensuse.org/package/show/M17N/fribidi?expand=0&rev=24 --- ...e_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff | 28 +++ fribidi.changes | 10 + fribidi.spec | 17 +- no-config-h.diff | 211 ++++++++++++++++++ 4 files changed, 258 insertions(+), 8 deletions(-) create mode 100644 Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff create mode 100644 no-config-h.diff diff --git a/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff b/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff new file mode 100644 index 0000000..a5a47bb --- /dev/null +++ b/Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff @@ -0,0 +1,28 @@ +From: Dov Grobgeld +Date: Thu, 24 Oct 2019 09:37:29 +0300 +Subject: Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL +Origin: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-18397 + +--- + lib/fribidi-bidi.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c +index 6c843922685c..d38487852fe7 100644 +--- a/lib/fribidi-bidi.c ++++ b/lib/fribidi-bidi.c +@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex ( + } + + RL_LEVEL (pp) = level; +- RL_ISOLATE_LEVEL (pp) = isolate_level++; ++ RL_ISOLATE_LEVEL (pp) = isolate_level; ++ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1) ++ isolate_level++; + base_level_per_iso_level[isolate_level] = new_level; + + if (!FRIBIDI_IS_NEUTRAL (override)) +-- +2.24.0 + diff --git a/fribidi.changes b/fribidi.changes index 7d343cb..4b14121 100644 --- a/fribidi.changes +++ b/fribidi.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri May 22 14:43:34 UTC 2020 - Carsten Ziepke + +- Add no-config-h.diff - copied from Debian + Remove HAVE_CONFIG_H from public API +- Add Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff - + copied from Debian, CVE-2019-18397 + Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL +- Run spec-cleaner + ------------------------------------------------------------------- Fri Nov 29 09:56:25 UTC 2019 - Martin Liška diff --git a/fribidi.spec b/fribidi.spec index 934a81b..c8c95e8 100644 --- a/fribidi.spec +++ b/fribidi.spec @@ -1,7 +1,7 @@ # # spec file for package fribidi # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,10 +26,13 @@ Group: Development/Libraries/C and C++ URL: https://github.com/fribidi/fribidi Source: https://github.com/fribidi/fribidi/releases/download/v%{version}/%{name}-%{version}.tar.bz2 Source2: baselibs.conf -BuildRequires: pkg-config +# PATCH-FIX-UPSTREAM no-config-h.diff - copied from Debian +Patch1: no-config-h.diff +# PATCH-FIX-UPSTREAM Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff - copied from Debian +Patch2: Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.diff +BuildRequires: pkgconfig # Provides: locale(ar;he) -BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: fribidi-64bit @@ -64,6 +67,8 @@ This package provides headers and manual files for FriBiDi. %prep %setup -q +%patch1 -p1 +%patch2 -p1 %build %configure --disable-static @@ -77,23 +82,19 @@ This package provides headers and manual files for FriBiDi. find %{buildroot} -type f -name "*.la" -delete -print %post -n %{lname} -p /sbin/ldconfig - %postun -n %{lname} -p /sbin/ldconfig %files -%defattr(-,root,root) %doc NEWS README %{_bindir}/fribidi %files -n %{lname} -%defattr(-,root,root) %license COPYING %{_libdir}/libfribidi.so.0* %files devel -%defattr(-, root, root) %doc AUTHORS ChangeLog THANKS TODO -%doc %{_mandir}/man3/fribidi_* +%{_mandir}/man3/fribidi_* %{_includedir}/fribidi/ %{_libdir}/libfribidi.so %{_libdir}/pkgconfig/fribidi.pc diff --git a/no-config-h.diff b/no-config-h.diff new file mode 100644 index 0000000..f2b0f4d --- /dev/null +++ b/no-config-h.diff @@ -0,0 +1,211 @@ +Description: Removed HAVE_CONFIG_H from public API +Origin: commit:b534ab2642f694c3106d5bc8d0a8beae60bf60d3 +Author: Dov Grobgeld +Date: Sat Aug 18 20:37:22 2018 +0300 + +diff --git a/bin/fribidi-benchmark.c b/bin/fribidi-benchmark.c +index e5fc9c0..07ac336 100644 +--- a/bin/fribidi-benchmark.c ++++ b/bin/fribidi-benchmark.c +@@ -33,6 +33,11 @@ + #include + + #include ++ ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/bin/fribidi-main.c b/bin/fribidi-main.c +index cd359a9..33e1630 100644 +--- a/bin/fribidi-main.c ++++ b/bin/fribidi-main.c +@@ -33,6 +33,11 @@ + #include + + #include ++ ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-arabic-shaping-tab.c b/gen.tab/gen-arabic-shaping-tab.c +index e613768..369501c 100644 +--- a/gen.tab/gen-arabic-shaping-tab.c ++++ b/gen.tab/gen-arabic-shaping-tab.c +@@ -30,6 +30,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-bidi-type-tab.c b/gen.tab/gen-bidi-type-tab.c +index a0a61ef..05b1d16 100644 +--- a/gen.tab/gen-bidi-type-tab.c ++++ b/gen.tab/gen-bidi-type-tab.c +@@ -30,6 +30,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-brackets-tab.c b/gen.tab/gen-brackets-tab.c +index 8c1f1df..cd99e01 100644 +--- a/gen.tab/gen-brackets-tab.c ++++ b/gen.tab/gen-brackets-tab.c +@@ -32,6 +32,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-brackets-type-tab.c b/gen.tab/gen-brackets-type-tab.c +index 221db07..9ec60cc 100644 +--- a/gen.tab/gen-brackets-type-tab.c ++++ b/gen.tab/gen-brackets-type-tab.c +@@ -32,6 +32,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-joining-type-tab.c b/gen.tab/gen-joining-type-tab.c +index 07c0953..29ab3ed 100644 +--- a/gen.tab/gen-joining-type-tab.c ++++ b/gen.tab/gen-joining-type-tab.c +@@ -30,6 +30,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-mirroring-tab.c b/gen.tab/gen-mirroring-tab.c +index 21d33cf..e19be91 100644 +--- a/gen.tab/gen-mirroring-tab.c ++++ b/gen.tab/gen-mirroring-tab.c +@@ -30,6 +30,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/gen.tab/gen-unicode-version.c b/gen.tab/gen-unicode-version.c +index 4291551..35306ca 100644 +--- a/gen.tab/gen-unicode-version.c ++++ b/gen.tab/gen-unicode-version.c +@@ -28,6 +28,10 @@ + #include + + #include ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef STDC_HEADERS + # include + # include +diff --git a/lib/bidi-types.h b/lib/bidi-types.h +index 385ef05..86f3d02 100644 +--- a/lib/bidi-types.h ++++ b/lib/bidi-types.h +@@ -27,7 +27,7 @@ + #ifndef _BIDI_TYPES_H + #define _BIDI_TYPES_H + +-#include "common.h" ++#include "fribidi-common.h" + + #include + #include +diff --git a/lib/fribidi-arabic.c b/lib/fribidi-arabic.c +index dbfdc09..e12074c 100644 +--- a/lib/fribidi-arabic.c ++++ b/lib/fribidi-arabic.c +@@ -27,6 +27,10 @@ + + #include "common.h" + ++#ifdef HAVE_CONFIG_H ++# include ++#endif ++ + #ifdef HAVE_STDLIB_H + # include + #endif +diff --git a/lib/fribidi-types.h b/lib/fribidi-types.h +index 9f1746f..90238b4 100644 +--- a/lib/fribidi-types.h ++++ b/lib/fribidi-types.h +@@ -27,10 +27,6 @@ + #ifndef _FRIBIDI_TYPES_H + #define _FRIBIDI_TYPES_H + +-#ifdef HAVE_CONFIG_H +-# include +-#endif +- + #include "fribidi-common.h" + + #include "fribidi-begindecls.h" +diff --git a/lib/joining-types.h b/lib/joining-types.h +index 94b9fe3..6e11fa1 100644 +--- a/lib/joining-types.h ++++ b/lib/joining-types.h +@@ -27,7 +27,7 @@ + #ifndef _JOINING_TYPES_H + #define _JOINING_TYPES_H + +-#include "common.h" ++#include "fribidi-common.h" + + #include + #include +diff --git a/lib/run.h b/lib/run.h +index 8c4e259..44ddfec 100644 +--- a/lib/run.h ++++ b/lib/run.h +@@ -29,7 +29,7 @@ + #ifndef _RUN_H + #define _RUN_H + +-#include "common.h" ++#include "fribidi-common.h" + + #include +