!14 [sync] PR-13: fix CVE-2020-10759

From: @openeuler-sync-bot Reviewed-by: @gitee-cmd Signed-off-by: @gitee-cmd
2022-07-27 10:23:22 +00:00 · 2022-07-27 10:23:22 +00:00 · 4b15a49dd0
commit 4b15a49dd0
parent 3919d4e37d 879ac6935d
3 changed files with 59 additions and 1 deletions
--- a/0002-Compilation-failure-due-to-assertion-error.patch
+++ b/0002-Compilation-failure-due-to-assertion-error.patch
@ -0,0 +1,35 @@
 diff -Naru fwupd-1.2.9/src/fu-self-test.c fwupd-1.2.9-new/src/fu-self-test.c
 --- fwupd-1.2.9/src/fu-self-test.c	2019-05-20 18:18:00.000000000 +0800
 +++ fwupd-1.2.9-new/src/fu-self-test.c	2022-07-25 11:22:05.787729000 +0800
@@ -2823,23 +2823,6 @@
 	g_assert_cmpint (lines, ==, 6);
 }
 -static void
 -fu_common_spawn_timeout_func (void)
 -{
 -	gboolean ret;
 -	guint lines = 0;
 -	g_autoptr(GError) error = NULL;
 -	g_autofree gchar *fn = NULL;
 -	const gchar *argv[3] = { "replace", "test", NULL };
 -
 -	fn = fu_test_get_filename (TESTDATADIR, "spawn.sh");
 -	g_assert (fn != NULL);
 -	argv[0] = fn;
 -	ret = fu_common_spawn_sync (argv, fu_test_stdout_cb, &lines, 50, NULL, &error);
 -	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED);
 -	g_assert (!ret);
 -	g_assert_cmpint (lines, ==, 1);
 -}
 static void
 fu_progressbar_func (void)
@@ -3751,7 +3734,6 @@
 	g_test_add_func ("/fwupd/common{cab-error-missing-file}", fu_common_store_cab_error_missing_file_func);
 	g_test_add_func ("/fwupd/common{cab-error-size}", fu_common_store_cab_error_size_func);
 	g_test_add_func ("/fwupd/common{spawn)", fu_common_spawn_func);
 -	g_test_add_func ("/fwupd/common{spawn-timeout)", fu_common_spawn_timeout_func);
 	g_test_add_func ("/fwupd/common{firmware-builder}", fu_common_firmware_builder_func);
 	return g_test_run ();
 }
--- a/CVE-2020-10759.patch
+++ b/CVE-2020-10759.patch
@ -0,0 +1,17 @@
 diff -Naru fwupd-1.2.9/src/fu-keyring-gpg.c fwupd-1.2.9-new/src/fu-keyring-gpg.c
 --- fwupd-1.2.9/src/fu-keyring-gpg.c	2019-05-20 18:18:00.000000000 +0800
 +++ fwupd-1.2.9-new/src/fu-keyring-gpg.c	2022-07-25 10:51:37.434242000 +0800
@@ -297,6 +297,13 @@
 				     "no result record from libgpgme");
 		return NULL;
 	}
 +	if (result->signatures == NULL) {
 +		g_set_error_literal (error,
 +				     FWUPD_ERROR,
 +				     FWUPD_ERROR_INTERNAL,
 +				     "no signatures from libgpgme");
 +		return NULL;
 +	}
 	/* look at each signature */
 	for (s = result->signatures; s != NULL ; s = s->next ) {
--- a/fwupd.spec
+++ b/fwupd.spec
@ -9,7 +9,7 @@
 Name:           fwupd
 Version:        1.2.9
-Release:        3
+Release:        4
 Summary:        Make updating firmware on Linux automatic, safe and reliable
 License:        LGPLv2+
 URL:            https://github.com/fwupd/fwupd/releases
@ -18,6 +18,8 @@ Source0:        http://people.freedesktop.org/~hughsient/releases/%{name}-%{vers
 #Self-tests are failing due to an expired cert #1264
 Patch0000:         0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
 Patch6000:         Set-polling-self-tests-to-slow.patch
 Patch0002:         0002-Compilation-failure-due-to-assertion-error.patch
 Patch0003:         CVE-2020-10759.patch
 BuildRequires:	gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
 BuildRequires:  gpgme-devel libgudev1-devel libgusb-devel libsoup-devel polkit-devel sqlite-devel libxslt
@ -175,6 +177,10 @@ mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
 %{_datadir}/man/man1/*
 %changelog
 * Thu Jul 14 2022 yangweidong <yangweidong9@huawei.com> - 1.2.9-4
 - Solve 0002-Compilation-failure-due-to-assertion-error
 - Fix CVE-2020-10759.patch
 * Sun Jun 28 2020 huanghaitao <huanghaitao@huawei.com> - 1.2.9-3
 - Solve build problem with check