pool/libical
SHA256
12
0
Fork 2
Code Issues Pull Requests Activity

Accepting request 505726 from home:mgorse:branches:devel:libraries:c_c++

Browse Source 
- Add fixes for various crashes:
  libical-boo986631-read-past-end.patch
  libical-boo986631-check-prev-char.patch
  libical-parser-sanity-check.patch
  libical-timezone-use-after-free.patch
  libical-boo1015964-use-after-free.patch
  Fixes boo#986631 (CVE-2016-5827), boo#986639 (CVE-2016-5824),
  boo#1015964 (CVE-2016-9584), and boo#1044995.

OBS-URL: https://build.opensuse.org/request/show/505726
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libical?expand=0&rev=43
This commit is contained in:
Michal Vyskocil
2017-06-26 06:09:35 +00:00
committed by Git OBS Bridge
parent 1688dfea79
commit d2fbb3222f
7 changed files with 267 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libical.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package libical
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,16 @@ Url: http://sourceforge.net/projects/freeassociation/
Source: https://github.com/libical/libical/releases/download/v%{version}/%{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch1: 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch
# PATCH-FIX-UPSTREAM libical-boo986631-read-past-end.patch boo#986631 mgorse@suse.com -- fix for reading passed end of string (CVE-2016-5827)
Patch2: libical-boo986631-read-past-end.patch
# PATCH-FIX-UPSTREAM libical-boo986631-check-prev-char.patch boo#986631 mgorse@suse.com -- make sure we have a prev_char before checking it
Patch3: libical-boo986631-check-prev-char.patch
# PATCH-FIX-UPSTREAM libical-parser-sanity-check.patch mgorse@suse.com -- sanity check value parameter against what is allowed.
Patch4: libical-parser-sanity-check.patch
# PATCH-FIX-UPSTREAM libical-timezone-use-after-free.patch mgorse@suse.com -- fix use after free in fetch_lat_long_from_string
Patch5: libical-timezone-use-after-free.patch
# PATCH-FIX-UPSTREAM libical-boo1015964-use-after-free.patch boo#986639 boo#1015984 mgorse@suse.com -- copy reqstattype's debug string into its own memory (CVE-2016-5824 CVE-2016-9584).
Patch6: libical-boo1015964-use-after-free.patch
BuildRequires: cmake >= 2.4
BuildRequires: gcc-c++
BuildRequires: pkg-config
@@ -91,6 +101,11 @@ component properties, parameters, and subcomponents.
%prep
%setup -q
%patch -P 1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%build
%cmake