diff --git a/0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch b/0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch deleted file mode 100644 index 4a4f9f8..0000000 --- a/0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 101a29ef57341a786012eb07dcfcec5c597f4493 Mon Sep 17 00:00:00 2001 -X-Backport: Rediff for 2.0.0 -From: Jan Engelhardt -Date: Mon, 3 Oct 2016 10:25:00 +0200 -Subject: [PATCH] build: ICU must appear as Requires in pkgconfig -References: https://github.com/libical/libical/pull/244 - -libical.pc specifies -licu-i18n in its Libs: field, -but no Requires: icu-i18n. As a result, the automatic dependency -generator in Linux distributions won't see the ICU requirement, -won't install it, and builds of secondary software fails. - -$ gcc icalthing.c `pkg-config libical --cflags --libs` -[...] -gcc: error: /usr/lib64/libicuuc.so: No such file or directory - -Move ICU from Libs to Requires, so the dependency scanner can do its -job. Specifically move it to Requires.private, since specifying -licu* -is not normally needed when libical is a shared library since it -already has it recorded in the ELF. ---- - libical.pc.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -Index: libical-2.0.0/libical.pc.in -=================================================================== ---- libical-2.0.0.orig/libical.pc.in -+++ libical-2.0.0/libical.pc.in -@@ -2,11 +2,11 @@ prefix=@prefix@ - exec_prefix=@exec_prefix@ - libdir=@libdir@ - includedir=@includedir@ --threadslib=@PTHREAD_LIBS@ --iculib=@ICU_LIBRARIES@ @ICU_I18N_LIBRARIES@ - - Name: libical - Description: An implementation of basic iCAL protocols - Version: @VERSION@ --Libs: -L${libdir} -lical -licalss -licalvcal ${threadslib} ${iculib} -+Libs: -L${libdir} -lical -licalss -licalvcal -+Libs.private: @PTHREAD_LIBS@ -+Requires.private: icu-i18n - Cflags: -I${includedir} diff --git a/baselibs.conf b/baselibs.conf index 02ab568..e46b5c6 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1 @@ -libical2 - obsoletes "libical- <= " - provides "libical2- = " +libical3 diff --git a/libical-2.0.0.tar.gz b/libical-2.0.0.tar.gz deleted file mode 100644 index ca2f6ff..0000000 --- a/libical-2.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:654c11f759c19237be39f6ad401d917e5a05f36f1736385ed958e60cf21456da -size 699099 diff --git a/libical-3.0.3.tar.gz b/libical-3.0.3.tar.gz new file mode 100644 index 0000000..852d059 --- /dev/null +++ b/libical-3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5b91eb8ad2d2dcada39d2f81d5e3ac15895823611dc7df91df39a35586f39241 +size 866624 diff --git a/libical-boo1015964-use-after-free.patch b/libical-boo1015964-use-after-free.patch deleted file mode 100644 index 467260c..0000000 --- a/libical-boo1015964-use-after-free.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 6b9438d746cec6e4e632d78c5244f4be6314d1c9 Mon Sep 17 00:00:00 2001 -From: Allen Winter -Date: Sun, 28 May 2017 12:51:10 -0400 -Subject: [PATCH] icaltypes.c - icalreqstattype_from_string(), copy the - reqstattype's debug string into its own memory in the ring buffer. - -Issue#253 ---- - src/libical/icaltypes.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libical/icaltypes.c b/src/libical/icaltypes.c -index 70c50d29..85c33545 100644 ---- a/src/libical/icaltypes.c -+++ b/src/libical/icaltypes.c -@@ -140,7 +140,7 @@ struct icalreqstattype icalreqstattype_from_string(const char *str) - - p2 = strchr(p1 + 1, ';'); - if (p2 != 0 && *p2 != 0) { -- stat.debug = p2 + 1; -+ stat.debug = icalmemory_tmp_copy(p2 + 1); - } - - return stat; --- -2.12.3 - diff --git a/libical-boo986631-check-prev-char.patch b/libical-boo986631-check-prev-char.patch deleted file mode 100644 index df729d3..0000000 --- a/libical-boo986631-check-prev-char.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 04d84749e53db08c71ed0ce8b6ba5c11082743cd Mon Sep 17 00:00:00 2001 -From: Ken Murchison -Date: Fri, 2 Dec 2016 14:14:03 -0500 -Subject: [PATCH] icalparser.c: make sure we have a prev_char before checking - it - ---- - src/libical/icalparser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c -index 9d332375..2735c9ac 100644 ---- a/src/libical/icalparser.c -+++ b/src/libical/icalparser.c -@@ -148,7 +148,7 @@ static char *parser_get_next_char(char c, char *str, int qm) - char prev_char = 0; - - while (next_char != 0) { -- if (prev_char != '\\') { -+ if (prev_char && prev_char != '\\') { - if (qm == 1 && next_char == '"') { - /* Encountered a quote, toggle quote mode */ - quote_mode = !quote_mode; --- -2.12.3 - diff --git a/libical-boo986631-read-past-end.patch b/libical-boo986631-read-past-end.patch deleted file mode 100644 index 768c734..0000000 --- a/libical-boo986631-read-past-end.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 38757abb495ea6cb40faa5418052278bf75040f7 Mon Sep 17 00:00:00 2001 -From: Ken Murchison -Date: Fri, 2 Dec 2016 14:13:22 -0500 -Subject: [PATCH] icaltime.c: don't read past end of string (can't check - str[19] if length is 16) - ---- - src/libical/icaltime.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libical/icaltime.c b/src/libical/icaltime.c -index ca647633..4077ce75 100644 ---- a/src/libical/icaltime.c -+++ b/src/libical/icaltime.c -@@ -445,7 +445,7 @@ struct icaltimetype icaltime_from_string(const char *str) - tt.is_utc = 0; - tt.is_date = 0; - } else if ((size == 16) || (size == 20)) { /* UTC time, ends in 'Z' */ -- if ((str[15] != 'Z') && (str[19] != 'Z')) -+ if ((str[size-1] != 'Z')) - goto FAIL; - - tt.is_utc = 1; --- -2.12.3 - diff --git a/libical-parser-sanity-check.patch b/libical-parser-sanity-check.patch deleted file mode 100644 index 4c85968..0000000 --- a/libical-parser-sanity-check.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 53e68ff6e2133c54ff44df53e8b75ef21125fb3d Mon Sep 17 00:00:00 2001 -From: Ken Murchison -Date: Tue, 13 Dec 2016 16:22:42 -0500 -Subject: [PATCH] icalparser.c: sanity check VALUE parameter against what is - allowed - -Backported by Mike Gorse ---- - src/libical/icalparser.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 67 insertions(+), 2 deletions(-) - -diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c -index 998bc96d..62e3a401 100644 ---- a/src/libical/icalparser.c -+++ b/src/libical/icalparser.c -@@ -1023,6 +1023,12 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line) - - /* If it is a VALUE parameter, set the kind of value */ - if (icalparameter_isa(param) == ICAL_VALUE_PARAMETER) { -+ const char unknown_type[] = -+ "Got a VALUE parameter with an unknown type"; -+ const char illegal_type[] = -+ "Got a VALUE parameter with an illegal type for property"; -+ const char *value_err = NULL; -+ - value_kind = - (icalvalue_kind)icalparameter_value_to_value_kind( - icalparameter_get_value(param)); -@@ -1033,8 +1039,66 @@ icalcomponent *icalparser_add_line(icalparser *parser, char *line) - parameter ( it was not one of the defined - values ), so reset the value_kind */ - -- insert_error(tail, str, -- "Got a VALUE parameter with an unknown type", -+ value_err = unknown_type; -+ } -+ else if (value_kind != -+ icalproperty_kind_to_value_kind(icalproperty_isa(prop))) { -+ /* VALUE parameter type does not match default type -+ for this property (check for allowed alternate types) */ -+ -+ switch (prop_kind) { -+ case ICAL_ATTACH_PROPERTY: -+ /* Accept BINARY */ -+ if (value_kind != ICAL_BINARY_VALUE) -+ value_err = illegal_type; -+ break; -+ -+ case ICAL_DTEND_PROPERTY: -+ case ICAL_DUE_PROPERTY: -+ case ICAL_DTSTART_PROPERTY: -+ case ICAL_EXDATE_PROPERTY: -+ case ICAL_RECURRENCEID_PROPERTY: -+ /* Accept DATE */ -+ if (value_kind != ICAL_DATE_VALUE) -+ value_err = illegal_type; -+ break; -+ -+ case ICAL_GEO_PROPERTY: -+ /* Accept FLOAT (but change to GEO) */ -+ if (value_kind != ICAL_FLOAT_VALUE) -+ value_err = illegal_type; -+ else value_kind = ICAL_GEO_VALUE; -+ break; -+ -+ case ICAL_RDATE_PROPERTY: -+ /* Accept DATE or PERIOD */ -+ if (value_kind != ICAL_DATE_VALUE && -+ value_kind != ICAL_PERIOD_VALUE) -+ value_err = illegal_type; -+ break; -+ -+ case ICAL_TRIGGER_PROPERTY: -+ /* Accept DATE-TIME */ -+ if (value_kind != ICAL_DATETIME_VALUE) -+ value_err = illegal_type; -+ break; -+ -+ case ICAL_X_PROPERTY: -+ /* Accept ANY value type */ -+ break; -+ -+ default: -+ /* ONLY default type is allowed */ -+ value_err = illegal_type; -+ break; -+ } -+ } -+ -+ if (value_err != NULL) { -+ /* Ooops, unknown/illegal VALUE parameter, -+ so reset the value_kind */ -+ -+ insert_error(tail, str, value_err, - ICAL_XLICERRORTYPE_PARAMETERVALUEPARSEERROR); - - value_kind = icalproperty_kind_to_value_kind(icalproperty_isa(prop)); --- -2.12.3 - diff --git a/libical-timezone-use-after-free.patch b/libical-timezone-use-after-free.patch deleted file mode 100644 index ababc09..0000000 --- a/libical-timezone-use-after-free.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 6bcc779a17a2d286e4c3cb958ddf369cc01cb42c Mon Sep 17 00:00:00 2001 -From: Allen Winter -Date: Thu, 15 Dec 2016 18:17:10 -0500 -Subject: [PATCH] icaltimezone.c - fix heap-use-after-free caused by - fetch_lat_long_from_string() issue#262 - -Backported by Mike Gorse ---- -diff -urp libical-2.0.0.orig/src/libical/icaltimezone.c libical-2.0.0/src/libical/icaltimezone.c ---- libical-2.0.0.orig/src/libical/icaltimezone.c 2015-12-28 15:44:53.000000000 -0600 -+++ libical-2.0.0/src/libical/icaltimezone.c 2017-06-19 15:48:27.789017341 -0500 -@@ -1520,39 +1520,39 @@ static int fetch_lat_long_from_string(co - - /* We need to parse the latitude/longitude co-ordinates and location fields */ - sptr = (char *)str; -- while (*sptr != '\t') { -+ while ((*sptr != '\t') && (*sptr != '\0')) { - sptr++; - } - temp = ++sptr; -- while (*sptr != '\t') { -+ while (*sptr != '\t' && *sptr != '\0') { - sptr++; - } - len = (ptrdiff_t) (sptr - temp); - lat = (char *)malloc(len + 1); - lat = strncpy(lat, temp, len); - lat[len] = '\0'; -- while (*sptr != '\t') { -+ while ((*sptr != '\t') && (*sptr != '\0')) { - sptr++; - } - loc = ++sptr; -- while (!isspace((int)(*sptr))) { -+ while (!isspace((int)(*sptr)) && (*sptr != '\0')) { - sptr++; - } -- len = (ptrdiff_t) (sptr - loc); -+ len = (ptrdiff_t)(sptr - loc); - location = strncpy(location, loc, len); - location[len] = '\0'; - - #if defined(sun) && defined(__SVR4) - /* Handle EET, MET and WET in zone_sun.tab. */ - if (!strcmp(location, "Europe/")) { -- while (*sptr != '\t') { -+ while ((*sptr != '\t') && (*sptr != '\0')) { - sptr++; - } - loc = ++sptr; -- while (!isspace(*sptr)) { -+ while (!isspace(*sptr) && (*sptr != '\0')) { - sptr++; - } -- len = sptr - loc; -+ len = (ptrdiff_t)(sptr - loc); - location = strncpy(location, loc, len); - location[len] = '\0'; - } -Only in libical-2.0.0/src/libical: icaltimezone.c.orig diff --git a/libical.changes b/libical.changes index 1bf03dd..daa2053 100644 --- a/libical.changes +++ b/libical.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sat Mar 3 10:36:33 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 3.0.3 + * Various changes to the API over 2.x. + * Fixed use-after-free issues and some memory leaks + * More accurate VTIMEZONE generation when using the system time + zone data (when USE_BUILTIN_TZDATA=False) + * icalvalue_new/set_date and icalvalue_new/set_datetime now + enforce DATE and DATE-TIME values respectively. + * draft-ietf-calext-extensions (RFC 7986) support added. + * Parameter values are now en/decoded per RFC 6868. + * Added support for VPATCH component. +- Disable building static libs, nothing seems to be using it. +- Remove 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch, + libical-boo986631-read-past-end.patch, + libical-boo986631-check-prev-char.patch, + libical-parser-sanity-check.patch, + libical-timezone-use-after-free.patch, + libical-boo1015964-use-after-free.patch (all are upstream) + ------------------------------------------------------------------- Wed Feb 28 16:35:25 UTC 2018 - dimstar@opensuse.org diff --git a/libical.spec b/libical.spec index 5ce79cc..0b1a4f2 100644 --- a/libical.spec +++ b/libical.spec @@ -16,35 +16,24 @@ # -%define sonum 2 +%define sonum 3 Name: libical -Version: 2.0.0 +Version: 3.0.3 Release: 0 Summary: An Implementation of Basic iCAL Protocols -License: MPL-1.0 OR LGPL-2.1-only +License: MPL-2.0 OR LGPL-2.1-only Group: Development/Libraries/C and C++ -URL: http://sourceforge.net/projects/freeassociation/ +Url: http://sourceforge.net/projects/freeassociation/ #Git-Clone: https://github.com/libical/libical Source: https://github.com/libical/libical/releases/download/v%{version}/%{name}-%{version}.tar.gz Source2: baselibs.conf -Patch1: 0001-build-ICU-must-appear-as-Requires-in-pkgconfig.patch -# PATCH-FIX-UPSTREAM libical-boo986631-read-past-end.patch boo#986631 mgorse@suse.com -- fix for reading passed end of string (CVE-2016-5827) -Patch2: libical-boo986631-read-past-end.patch -# PATCH-FIX-UPSTREAM libical-boo986631-check-prev-char.patch boo#986631 mgorse@suse.com -- make sure we have a prev_char before checking it -Patch3: libical-boo986631-check-prev-char.patch -# PATCH-FIX-UPSTREAM libical-parser-sanity-check.patch mgorse@suse.com -- sanity check value parameter against what is allowed. -Patch4: libical-parser-sanity-check.patch -# PATCH-FIX-UPSTREAM libical-timezone-use-after-free.patch mgorse@suse.com -- fix use after free in fetch_lat_long_from_string -Patch5: libical-timezone-use-after-free.patch -# PATCH-FIX-UPSTREAM libical-boo1015964-use-after-free.patch boo#986639 boo#1015984 mgorse@suse.com -- copy reqstattype's debug string into its own memory (CVE-2016-5824 CVE-2016-9584). -Patch6: libical-boo1015964-use-after-free.patch -BuildRequires: cmake >= 2.4 +BuildRequires: cmake >= 3.1 BuildRequires: gcc-c++ BuildRequires: pkgconfig BuildRequires: pkgconfig(icu-i18n) %description -Libical is an open source implementation of the IETF's iCalendar +Libical is an implementation of the IETF's iCalendar calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It parses iCal components and provides a C API for manipulating the component properties, parameters, and subcomponents. @@ -56,7 +45,7 @@ Provides: %{name} = %{version} Obsoletes: %{name} < %{version} %description -n %{name}%{sonum} -Libical is an open source implementation of the IETF's iCalendar +Libical is an implementation of the IETF's iCalendar calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It parses iCal components and provides a C API for manipulating the component properties, parameters, and subcomponents. @@ -67,46 +56,29 @@ Group: Development/Libraries/C and C++ Requires: %{name}%{sonum} = %{version} %description devel -Libical is an Open Source implementation of the IETF's iCalendar -Calendaring and Scheduling protocols. (RFC 2445, 2446, and 2447). It -parses iCal components and provides a C API for manipulating the -component properties, parameters, and subcomponents. - -%package devel-static -Summary: Additional static library for development with libical -Group: Development/Libraries/C and C++ -Requires: %{name}-devel = %{version} - -%description devel-static -Libical is an Open Source implementation of the IETF's iCalendar +Libical is an implementation of the IETF's iCalendar Calendaring and Scheduling protocols. (RFC 2445, 2446, and 2447). It parses iCal components and provides a C API for manipulating the component properties, parameters, and subcomponents. %package doc -Summary: Example source code for libical-using programs +Summary: Example source code for programs to use libical Group: Documentation/Other %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc -Libical is an open source implementation of the IETF's iCalendar +Libical is an implementation of the IETF's iCalendar calendaring and scheduling protocols (RFC 2445, 2446, and 2447). It parses iCal components and provides a C API for manipulating the component properties, parameters, and subcomponents. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 %build -%cmake +%cmake -DICAL_GLIB=false -DSHARED_ONLY=true make -j1 %install @@ -127,9 +99,6 @@ rm examples/CMakeLists.txt %{_includedir}/libical/ %{_libdir}/cmake/LibIcal/ -%files devel-static -%{_libdir}/*.a - %files doc %doc doc/*.txt %doc examples/