!17 [sync] PR-14: fix CVE-2023-24056

From: @openeuler-sync-bot Reviewed-by: @licunlong Signed-off-by: @licunlong
fix CVE-2023-24056
2023-01-30 13:00:13 +00:00 · 2023-01-30 14:17:40 +08:00 · 2022-05-05 10:53:06 +00:00 · 2022-05-05 18:35:58 +08:00 · 2021-12-28 09:19:07 +00:00 · 2021-12-28 09:35:08 +08:00
5 changed files with 100 additions and 2 deletions
--- a/backport-CVE-2023-24056.patch
+++ b/backport-CVE-2023-24056.patch
@ -0,0 +1,71 @@
+From 628b2b2bafa5d3a2017193ddf375093e70666059 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Fri, 20 Jan 2023 22:07:03 +0000
+Subject: [PATCH] tuple: test for, and stop string processing, on truncation
+
+otherwise a buffer overflow occurs.
+this has been a bug in pkgconf since the beginning, it seems.
+instead of disclosing the bug correctly, a "hotshot" developer
+decided to blog about it instead.  sigh.
+
+https://nullprogram.com/blog/2023/01/18/
+---
+ libpkgconf/tuple.c | 28 +++++++++++++++++++++++-----
+ 1 file changed, 23 insertions(+), 5 deletions(-)
+
+diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c
+index 2d550d8..b831070 100644
+--- a/libpkgconf/tuple.c
+++ b/libpkgconf/tuple.c
+@@ -293,12 +293,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
+ 				}
+ 			}
+ 
+			size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
+ 			ptr += (pptr - ptr);
+ 			kv = pkgconf_tuple_find_global(client, varname);
+ 			if (kv != NULL)
+ 			{
+-				strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
+-				bptr += strlen(kv);
+				size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
+				if (nlen > remain)
+				{
+					pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+
+					bptr = buf + (PKGCONF_BUFSIZE - 1);
+					break;
+				}
+
+				bptr += nlen;
+ 			}
+ 			else
+ 			{
+@@ -306,12 +315,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
+ 
+ 				if (kv != NULL)
+ 				{
+					size_t nlen;
+
+ 					parsekv = pkgconf_tuple_parse(client, vars, kv);
+					nlen = pkgconf_strlcpy(bptr, parsekv, remain);
+					free(parsekv);
+ 
+-					strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
+-					bptr += strlen(parsekv);
+					if (nlen > remain)
+					{
+						pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+ 
+-					free(parsekv);
+						bptr = buf + (PKGCONF_BUFSIZE - 1);
+						break;
+					}
+
+					bptr += nlen;
+ 				}
+ 			}
+ 		}
+-- 
+2.33.0
+
--- a/pkgconf-1.6.3.tar.xz
+++ b/pkgconf-1.6.3.tar.xz
--- a/pkgconf-1.8.0.tar.xz
+++ b/pkgconf-1.8.0.tar.xz
--- a/pkgconf.spec
+++ b/pkgconf.spec
@ -1,14 +1,16 @@
 %global pkgconf_libdirs %{_libdir}/pkgconfig:%{_datadir}/pkgconfig

 Name:           pkgconf
-Version:        1.6.3
-Release:        6
+Version:        1.8.0
+Release:        3
 Summary:        Package compiler and linker metadata toolkit

 License:        ISC
 URL:            http://pkgconf.org/
 Source0:        https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz

+Patch6000:      backport-CVE-2023-24056.patch
+
 BuildRequires:  gcc, make, autoconf, automake, libtool
 #tests
 BuildRequires:  kyua, atf-tests
@ -104,6 +106,27 @@ mkdir -p %{buildroot}%{_datadir}/pkgconfig
 %{_mandir}/*/*

 %changelog
+* Sun Jan 29 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1.8.0-3
+- fix CVE-2023-24056
+
+* Thu May 05 2022 shixuantong <shixuantong@h-partners.com> - 1.8.0-2
+- Type: NA
+- ID: NA
+- SUG: NA
+- DESC:fix changelog error
+
+* Sat Dec 25 2021 tianwei <tianwei12@huawei.com> - 1.8.0-1
+- Type: NA
+- ID: NA
+- SUG: NA
+- DESC:upgrade version to 1.8.0
+
+* Thu Jul 16 2020 shixuantong <shixuantong@huawei.com> - 1.7.3-1
+- Type: NA
+- ID: NA
+- SUG: NA
+- DESC:update to 1.7.3-1 
+
 * Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.6.3-6
 - Type: enhancement
 - ID: NA
--- a/pkgconf.yaml
+++ b/pkgconf.yaml
@ -0,0 +1,4 @@
+version_control: git
+src_repo: https://git.sr.ht/~kaniini/pkgconf
+tag_prefix: ^pkgconf-
+seperator: .
Author	SHA1	Message	Date
openeuler-ci-bot	a8447605f8	!17 [sync] PR-14: fix CVE-2023-24056 From: @openeuler-sync-bot Reviewed-by: @licunlong Signed-off-by: @licunlong	2023-01-30 13:00:13 +00:00
dongyuzhen	09391e3602	fix CVE-2023-24056 (cherry picked from commit 72fd59261d9073a11ab94153e04907f76aefed7b)	2023-01-30 14:17:40 +08:00
openeuler-ci-bot	66eaad7ce7	!9 fix changelog error From: @tong_1001 Reviewed-by: @overweight Signed-off-by: @overweight	2022-05-05 10:53:06 +00:00
shixuantong	64b52431cb	fix changelog error	2022-05-05 18:35:58 +08:00
openeuler-ci-bot	f1a67eb764	!7 [sync] PR-6: upgrade version to 1.8.0 Merge pull request !7 from openeuler-sync-bot/sync-pr6-master-to-openEuler-22.03-LTS-Next	2021-12-28 09:19:07 +00:00
weiwei_tiantian	9285e4d449	upgrade version to 1.8.0 (cherry picked from commit a716a03671c308eb4feea6d4abf89bf256bcd4ad)	2021-12-28 09:35:08 +08:00
openeuler-ci-bot	251129fe45	!4 update to 1.7.3 Merge pull request !4 from 桐小哥/master	2020-07-23 11:04:40 +08:00
sxt1001	3ccaf7ecfd	update to 1.7.3	2020-07-23 10:44:44 +08:00
openeuler-ci-bot	c101516b62	!3 add yaml file in package Merge pull request !3 from Markeryang/master	2020-06-28 11:47:23 +08:00
Markeryang	666c2828fb	add pkgconf.yaml.	2020-06-24 17:10:35 +08:00