Sanity-check-size-passed-to-malloc.patch

@@ -0,0 +1,33 @@
+From 435a2ca802358a3debb6d164d2c33049131df81c Mon Sep 17 00:00:00 2001
+From: Phillip Hellewell <sshock@gmail.com>
+Date: Sat, 10 Mar 2018 18:05:39 -0700
+Subject: [PATCH 3/4] Sanity check size passed to malloc...
+
+Add sanity check before calling malloc in af_get_page() function to
+avoid undefined behavior (e.g., seg fault) when dealing with a corrupt
+AFF image with an invalid pagesize.
+
+Issue found by Luis Rocha (luiscrocha@gmail.com).
+---
+ lib/afflib_pages.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/afflib_pages.cpp b/lib/afflib_pages.cpp
+index 2569c2a..f8cf775 100644
+--- a/lib/afflib_pages.cpp
++++ b/lib/afflib_pages.cpp
+@@ -219,6 +219,11 @@ int af_get_page(AFFILE *af,int64_t pagenum,unsigned char *data,size_t *bytes)
+ 	    return -3;			// read error
+ 	}
+ 
++	/* Sanity check to avoid undefined behaviour when calling malloc below with pagesize from a corrupt AFF image. */
++	if(af->image_pagesize <= 0 || af->image_pagesize > 16*1024*1024)
++	    return -1;
++
++
+ 	/* Now uncompress directly into the buffer provided by the caller, unless the caller didn't
+ 	 * provide a buffer. If that happens, allocate our own...
+ 	 */
+-- 
+2.13.6
+

afflib.spec

@@ -1,24 +1,22 @@
 Name:           afflib
-Version:        3.7.18
+Version:        3.7.16
-Release:        6
+Release:        9
-Summary:        Library to support the Advanced Forensic Format
+Summary:        Libraries supporting advanced forensic formats
-License:        LGPL-2.0 and LGPL-2.1 and GPL-2.0+ and Public Domain
+
+License:        BSD with advertising
 URL:            https://github.com/sshock/AFFLIBv3
-Source0:        %{url}/archive/v%{version}.tar.gz
+Source0:        %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-BuildRequires:  gcc-c++ libtool curl-devel expat-devel ncurses-devel
+Patch0:         Sanity-check-size-passed-to-malloc.patch
-BuildRequires:  libtermcap-devel openssl-devel zlib-devel
+
-BuildRequires:  python3 python3-devel python3-setuptools python3-Cython
+BuildRequires:  gcc-c++ libtool curl-devel expat-devel lzma-devel zlib-devel
-Provides:       bundled(lzma) = 443
+BuildRequires:  ncurses-devel openssl-devel python2-devel
+
+Provides:      afftools = %{version}-%{release}
+Obsoletes:     afftools < %{version}-%{release}
 
 %description
-Afflib is a library for support of the Advanced Forensic Format.
+AFF® is an open and extensible file format designed to store
-
+disk images and associated metadata.
-%package -n     afftools
-Summary:        The Utility for %{name}
-Requires:       %{name} = %{version}-%{release}
-
-%description -n afftools
-The %{name}-utils package contains utilities to use %{name}.
 
 %package        devel
 Summary:        Development files for %{name}
@@ -26,54 +24,44 @@ Requires:       %{name} = %{version}-%{release}
 Requires:       openssl-devel pkgconfig
 
 %description    devel
-The %{name}-devel package contains libraries for developing 
+The %{name}-devel package contains libraries for
-applications that use %{name}.
+developing applications that use %{name}.
 
-%package -n python3-pyaff
+%package        help
-Summary:        The python3 binding for the AFFLIB
+Summary:        Help for %{name}
-Provides:       python-pyaff(aarch-64) = 3.7.18-3
-Provides:       python-pyaff = 3.7.18-3
-Obsoletes:      python-pyaff < 3.7.18-3
 
-%description -n python3-pyaff
+%description  help
-Python3 bindings currently support a read-only file-like interface to AFFLIB and
+The %{name}-help package contains help for %{name}.
-basic metadata accessor functions. These bindings are not currently complete.
 
 %prep
 %autosetup -p1 -n AFFLIBv3-%{version}
+
 find lzma443 -type f -exec chmod 0644 {} ';'
 chmod 0644 lib/base64.{h,cpp}
+
 ./bootstrap.sh
 
 %build
-%configure --enable-shared --disable-static --enable-python=no --enable-s3=yes
+%configure --enable-shared --disable-static --enable-python=yes --enable-s3=yes
+
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
 %make_build
-cd pyaff
+
-%global py_setup_args build_ext --include-dirs %{_builddir}/AFFLIBv3-%{version}/include --library-dirs %{_builddir}/AFFLIBv3-%{version}/lib/.libs
-%py3_build
 
 %install
 %make_install
 %delete_la
-cd pyaff
-%py3_install
 
-%post
+%post -p /sbin/ldconfig
-/sbin/ldconfig
+%postun -p /sbin/ldconfig
-%postun
-/sbin/ldconfig
 
 %files
-%doc AUTHORS BUGLIST.txt ChangeLog NEWS README COPYING
+%license COPYING
-%doc doc/announce_2.2.txt
 %{_libdir}/*.so.*
-
-%files -n afftools
 %{_bindir}/aff*
-%{_mandir}/man1/aff*.1.*
+%{python2_sitearch}/*
 
 %files devel
 %doc doc/crypto_design.txt doc/crypto_doc.txt
@@ -81,26 +69,14 @@ cd pyaff
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/afflib.pc
 
-%files -n python3-pyaff
+%files help
-%doc pyaff/README COPYING
+%doc AUTHORS BUGLIST.txt ChangeLog NEWS README
-%{python3_sitearch}/PyAFF*
+%doc doc/announce_2.2.txt
-%{python3_sitearch}/pyaff*
+%{_mandir}/man1/aff*.1.*
 
 %changelog
-* Tue Jan 11 2022 houyingchao <houyingchao@huawei.com> - 3.7.18-6
+* Wed Mar 04 2019 yangjian<yangjian79@huawei.com> - 3.7.16-9
-- Resolve compilation failure of afflib
-
-* Thu Dec 03 2020 Ge Wang <wangge20@huawei.com> - 3.7.18-5
-- modify license
-
-* Wed Oct 21 2020 wutao <wutao61@huawei.com> - 3.7.18-4
-- delete python2 modules
-
-* Mon Jun 1 2020 wangyue <wangyue92@huawei.com> - 3.7.18-3
-- Upgrade package
-
-* Mon Mar 04 2019 yangjian<yangjian79@huawei.com> - 3.7.16-9
 - Change  buildrequires
 
-* Fri Feb 22 2019 yangjian<yangjian79@huawei.com> - 3.7.16-8
+* Wed Feb 22 2019 yangjian<yangjian79@huawei.com> - 3.7.16-8
 - Package init