Accepting request 859209 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/859209
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libproxy?expand=0&rev=79

0.4.15.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:18f58b0a0043b6881774187427ead158d310127fc46a1c668ad6d207fb28b4e0
-size 93084

libproxy-0.4.17.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc89f842f654ee1985a31c0ba56dc7e2ce8044a0264ddca84e650f46cd7f8b05
+size 80136

libproxy-CVE-2020-25219.patch

@@ -1,60 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- 	return m_orig;
- }
- 
--static inline string recvline(int fd) {
--	// Read a character.
--	// If we don't get a character, return empty string.
--	// If we are at the end of the line, return empty string.
--	char c = '\0';
--	
--	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
--		return "";
--
--	return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+	string line;
-+	int ret;
-+
-+	// Reserve arbitrary amount of space to avoid small memory reallocations.
-+	line.reserve(128);
-+
-+	do {
-+		char c;
-+		ret = recv(fd, &c, 1, 0);
-+		if (ret == 1) {
-+			if (c == '\n')
-+				return line;
-+			line += c;
-+		}
-+	} while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+	return line;
- }
- 
- char* url::get_pac() {
--- 
-2.28.0
-

libproxy-fix-pac-buffer-overflow.patch

@@ -1,93 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
----
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
- 
- // This is the maximum pac size (to avoid memory attacks)
--#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
- 
-@@ -478,15 +478,13 @@ char* url::get_pac() {
- 		}
- 
- 		// Get content
--		unsigned int recvd = 0;
--		buffer = new char[PAC_MAX_SIZE];
--		memset(buffer, 0, PAC_MAX_SIZE);
-+		std::vector<char> dynamic_buffer;
- 		do {
- 			unsigned int chunk_length;
- 
- 			if (chunked) {
- 				// Discard the empty line if we received a previous chunk
--				if (recvd > 0) recvline(sock);
-+				if (!dynamic_buffer.empty()) recvline(sock);
- 
- 				// Get the chunk-length line as an integer
- 				if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
- 
- 			if (content_length >= PAC_MAX_SIZE) break;
- 
--			while (content_length == 0 || recvd != content_length) {
--				int r = recv(sock, buffer + recvd,
--				             content_length == 0 ? PAC_HTTP_BLOCK_SIZE
--				                                 : content_length - recvd, 0);
-+			while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+				// Calculate length to recv
-+				unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+				if (content_length > 0)
-+					length_to_read = content_length - dynamic_buffer.size();
-+
-+				// Prepare buffer
-+				dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+				int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+				// Shrink buffer to fit
-+				if (r >= 0)
-+					dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+				// PAC size too large, discard
-+				if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+					chunked = false;
-+					dynamic_buffer.clear();
-+					break;
-+				}
-+
- 				if (r <= 0) {
- 					chunked = false;
- 					break;
- 				}
--				recvd += r;
- 			}
- 		} while (chunked);
- 
--		if (content_length != 0 && string(buffer).size() != content_length) {
--			delete[] buffer;
--			buffer = NULL;
-+		if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+			buffer = new char[dynamic_buffer.size() + 1];
-+			if (!dynamic_buffer.empty()) {
-+				memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+			}
-+			buffer[dynamic_buffer.size()] = '\0';
- 		}
- 	}
- 

libproxy-pxgsettings.patch

@@ -1,26 +0,0 @@
-From 29c908647eec8e05674ba1c298d4f1c565d9f872 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Corentin=20No=C3=ABl?= <corentin@elementary.io>
-Date: Sun, 26 Apr 2020 11:54:46 +0200
-Subject: [PATCH] pxgsettings: use the correct syntax to connect to the changed
- signal
-
-As it is a detailed signal, it only makes sense to append a :: when there is a specific property to target.
-It used to be accepted but triggers a runtime warning with latest GLib.
----
- libproxy/modules/pxgsettings.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libproxy/modules/pxgsettings.cpp b/libproxy/modules/pxgsettings.cpp
-index 9ed4333..0db5a6a 100644
---- a/libproxy/modules/pxgsettings.cpp
-+++ b/libproxy/modules/pxgsettings.cpp
-@@ -158,7 +158,7 @@ int main(int argc, char **argv) {
- #else
- 		gchar** keys = g_settings_list_keys(settings);
- #endif
--		g_signal_connect(settings, "changed::", G_CALLBACK (on_value_change), argv[i]);
-+		g_signal_connect(settings, "changed", G_CALLBACK (on_value_change), argv[i]);
- 		for (int j=0; keys[j]; on_value_change(settings, keys[j++],argv[i] ));
- 		g_strfreev(keys);
- 	}
-

libproxy-python3.7.patch

@@ -1,21 +0,0 @@
-commit 2d6da65598b90480b4a62c4633eda035ea51681f
-Author: David King <amigadave@amigadave.com>
-Date:   Wed Jun 27 06:36:00 2018 +0100
-
-    python: support Python 3.7 and 3.8
-    
-    Add 3.7 and 3.8 to the list of accepted Python 3 versions.
-
-diff --git a/cmake/FindPython3Interp.cmake b/cmake/FindPython3Interp.cmake
-index c6cbe3d..8e5e409 100644
---- a/cmake/FindPython3Interp.cmake
-+++ b/cmake/FindPython3Interp.cmake
-@@ -39,7 +39,7 @@
- 
- unset(_Python3_NAMES)
- 
--set(_Python3_VERSIONS 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
-+set(_Python3_VERSIONS 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
- 
- if(Python3Interp_FIND_VERSION)
-     if(Python3Interp_FIND_VERSION_COUNT GREATER 1)

libproxy.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Tue Dec 29 11:35:09 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 0.4.17:
+  + python bindings: fix "TypeError: argtypes must be a sequence of
+    types".
+- Drop 147.patch: fixed upstream.
+
+-------------------------------------------------------------------
+Mon Dec 14 16:37:32 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Add 147.patch: python bindings: fix "TypeError: _argtypes_ must
+  be a sequence of types".
+
+-------------------------------------------------------------------
+Fri Dec  4 11:11:52 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 0.4.16:
+  + Port to, and require, SpiderMonkey 6.
+  + Use closesocket() instead of close() on Windows.
+  + Add symbol versions - be ready to introduce new APIs as needed.
+  + Add public px_proxy_factory_free_proxies function.
+  + Add PacRunner config backend (largely untested; feedback
+    welcome!).
+  + Small performance improvements.
+  + pxgsettings: use the correct syntax to connect to the changed
+    signal (silences annoying output on console).
+  + Support python3 up to version 3.9.
+  + Fix buffer overflow when PAC is enabled (CVE-2020-26154).
+  + Rewrite url::recvline to be nonrecursive (CVE-2020-25219).
+  + Remove nonfunctional and crashy pacrunner caching.
+  + Never use system libmodman (no other consumers, not
+    maintained).
+- Drop upstream merged patches:
+  + libproxy-python3.7.patch
+  + libproxy-pxgsettings.patch
+  + libproxy-CVE-2020-25219.patch
+  libproxy-fix-pac-buffer-overflow.patch
+- Create new sub-package libproxy1-config-pacrunner.
+
 -------------------------------------------------------------------
 Wed Sep 30 18:50:44 UTC 2020 - Michael Gorse <mgorse@suse.com>
 

libproxy.spec

@@ -39,22 +39,14 @@
 %bcond_without python2
 %{!?_assemblies_dir: %global _assemblies_dir %(pkg-config cecil --variable=assemblies_dir)}
 Name:           libproxy%{?dash}%{?name_suffix}
-Version:        0.4.15
+Version:        0.4.17
 Release:        0
 Summary:        Automatic proxy configuration management for applications
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 URL:            http://libproxy.github.io/libproxy/
-Source:         https://github.com/libproxy/%{_name}/archive/%{version}.tar.gz
+Source:         https://github.com/libproxy/libproxy/releases/download/%{version}/%{_name}-%{version}.tar.xz
 Source99:       baselibs.conf
-# PATCH-FIX-UPSTREAM libproxy-python3.7.patch dimstar@opensuse.org -- Add support for python 3.7 and 3.8, taken from upstream
-Patch0:         libproxy-python3.7.patch
-# PATCH-FIX-UPSTREAM libproxy-pxgsettings.patch dimstar@opensuse.org -- pxgsettings: use the correct syntax to connect to the changed signal
-Patch1:         libproxy-pxgsettings.patch
-# PATCH-FIX-UPSTREAM libproxy-CVE-2020-25219.patch boo#1176410 mgorse@suse.com -- Rewrite url::recvline to be nonrecursive.
-Patch2:         libproxy-CVE-2020-25219.patch
-# PATCH-FIX-UPSTREAM libproxy-fix-pac-buffer-overflow.patch boo#1177143 mgorse@suse.com -- fix buffer overflow when PAC is enabled.
-Patch3:         libproxy-fix-pac-buffer-overflow.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  libmodman-devel
@@ -182,6 +174,16 @@ Requires:       libproxy1-pacrunner = %{version}
 A module to extend libproxy with capabilities to query KDE4 about proxy
 settings.
 
+%package -n libproxy1-config-pacrunner
+Summary:        Libproxy module for PacRunner configuration
+Group:          System/Libraries
+Requires:       libproxy1 = %{version}
+
+%description -n libproxy1-config-pacrunner
+
+A module to extend libproxy with capabilities to query PacRunner about
+proxy settings.
+
 %package -n libproxy1-pacrunner-mozjs
 Summary:        Libproxy module to support WPAD/PAC parsing via the Mozilla JavaScript Engine
 Group:          System/Libraries
@@ -274,14 +276,10 @@ management.
 
 This package contains the Mono/.NET for libproxy.
 
-%endif # build_core_not_modules
+%endif %dnl build_core_not_modules
 
 %prep
-%setup -q -n %{_sourcename}
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%autosetup -n %{_sourcename} -p1
 mkdir build
 
 %build
@@ -406,6 +404,9 @@ make test
 %{_libdir}/libproxy-%{version}/modules/config_gnome3.so
 %{_libexecdir}/libproxy-%{version}/pxgsettings
 
+%files -n libproxy1-config-pacrunner
+%{_libdir}/libproxy-%{version}/modules/config_pacrunner.so
+
 %files -n libproxy1-networkmanager
 %defattr(-, root, root)
 %{_libdir}/libproxy-%{version}/modules/network_networkmanager.so