sync 24.04-LTS to 22.03-LTS

(cherry picked from commit ac60632376726d9fcde828b65f5ca922579fb74c)
2024-05-08 16:14:04 +08:00 · 2024-05-08 16:14:04 +08:00 · 28de47baf5
commit 28de47baf5
parent fe434e6830
3 changed files with 79 additions and 12 deletions
--- a/1559.patch
+++ b/1559.patch
@ -0,0 +1,25 @@
+From 3741e6fea656d3f1b9578d59f14d8945aea92a10 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
+Date: Thu, 19 Oct 2023 17:07:26 +0200
+Subject: [PATCH] Out of bounds heap buffer write
+ (`GHSL-2023-171/CVE-2023-45681`)
+
+---
+ stb_vorbis.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/stb_vorbis.c b/stb_vorbis.c
+index 3e5c2504c0..6ebd7dcb95 100644
+--- a/stb_vorbis.c
+++ b/stb_vorbis.c
+@@ -3661,6 +3661,10 @@ static int start_decoder(vorb *f)
+    f->comment_list = NULL;
+    if (f->comment_list_length > 0)
+    {
+      if (INT_MAX / sizeof(char*) < f->comment_list_length) {
+         f->comment_list_length = 0;
+         return error(f, VORBIS_outofmem);
+      }
+       f->comment_list = (char**) setup_malloc(f, sizeof(char*) * (f->comment_list_length));
+       if (f->comment_list == NULL)                  return error(f, VORBIS_outofmem);
+    }
--- a/fix-build-on-riscv64.patch
+++ b/fix-build-on-riscv64.patch
@ -0,0 +1,22 @@
+From 3cf93a58ad15d6d8a124dadca8fca3dbb2ea357c Mon Sep 17 00:00:00 2001
+From: Eric Long <i@hack3r.moe>
+Date: Sat, 23 Sep 2023 22:43:11 +0800
+Subject: [PATCH] Fix stbsp__uintptr on riscv64
+
+---
+ stb_sprintf.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stb_sprintf.h b/stb_sprintf.h
+index ca432a6bca..2add83e2a5 100644
+--- a/stb_sprintf.h
+++ b/stb_sprintf.h
+@@ -230,7 +230,7 @@ STBSP__PUBLICDEC void STB_SPRINTF_DECORATE(set_separators)(char comma, char peri
+ #define stbsp__uint16 unsigned short
+ 
+ #ifndef stbsp__uintptr
+-#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__)
+#if defined(__ppc64__) || defined(__powerpc64__) || defined(__aarch64__) || defined(_M_X64) || defined(__x86_64__) || defined(__x86_64) || defined(__s390x__) || defined(__riscv) && __riscv_xlen == 64
+ #define stbsp__uintptr stbsp__uint64
+ #else
+ #define stbsp__uintptr stbsp__uint32
--- a/stb.spec
+++ b/stb.spec
@ -23,7 +23,7 @@ Name:           stb
 #   https://github.com/nothings/stb/issues/1101
 %global snapinfo .20220908git8b5f1f3
 Version:        0%{snapinfo}
-Release:        0.13
+Release:        0.16
 Summary:        Single-file public domain libraries for C/C++

 # See LICENSE.
@ -129,7 +129,7 @@ Patch08:        1230.patch
 #
 # Fix Null pointer dereference in stbi__convert_format
 # https://github.com/nothings/stb/pull/1547
-Patch:          1454.patch
+Patch09:        1454.patch

 # Fix integer overflow
 # https://github.com/nothings/stb/pull/1530
@ -138,7 +138,7 @@ Patch:          1454.patch
 #
 # Integer overflow in stbi__convert_8_to_16
 # https://github.com/nothings/stb/issues/1529
-Patch:          1530.patch
+Patch10:        1530.patch

 # Add overflow checks
 # https://github.com/nothings/stb/pull/1532
@ -147,7 +147,7 @@ Patch:          1530.patch
 #
 # Integer overflow in stbi__load_gif_main
 # https://github.com/nothings/stb/issues/1531
-Patch:          1532.patch
+Patch11:        1532.patch

 # Fix int overflow
 # https://github.com/nothings/stb/pull/1534
@ -156,7 +156,7 @@ Patch:          1532.patch
 #
 # Integer overflow in stbi__jpeg_decode_block
 # https://github.com/nothings/stb/pull/1533
-Patch:          1534.patch
+Patch12:        1534.patch

 # Fix wild address read in stbi__gif_load_next
 # https://github.com/nothings/stb/pull/1539
@ -165,7 +165,7 @@ Patch:          1534.patch
 #
 # Wild address read in stbi__gif_load_next (GHSL-2023-145/CVE-2023-45661)
 # https://github.com/nothings/stb/issues/1538
-Patch:          1539.patch
+Patch13:        1539.patch

 # Fix multi-byte read heap buffer overflow in stbi__vertical_flip
 # https://github.com/nothings/stb/pull/1541
@ -175,7 +175,7 @@ Patch:          1539.patch
 # Multi-byte read heap buffer overflow in stbi__vertical_flip
 # (GHSL-2023-146/CVE-2023-45662)
 # https://github.com/nothings/stb/issues/1540
-Patch:          1541.patch
+Patch14:        1541.patch

 # Fix disclosure of uninitialized memory in stbi__tga_load
 # https://github.com/nothings/stb/pull/1543
@ -185,7 +185,7 @@ Patch:          1541.patch
 # Disclosure of uninitialized memory in stbi__tga_load
 # (GHSL-2023-147/CVE-2023-45663)
 # https://github.com/nothings/stb/issues/1542
-Patch:          1543.patch
+Patch15:        1543.patch

 # Fix double-free in stbi__load_gif_main_outofmem
 # https://github.com/nothings/stb/pull/1545
@ -196,7 +196,7 @@ Patch:          1543.patch
 # https://github.com/nothings/stb/issues/1544
 #
 # Rebased on top of https://github.com/nothings/stb/pull/1539.
-Patch:        0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
+Patch16:        0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch

 # Fix possible double-free or memory leak in stbi__load_gif_main
 # https://github.com/nothings/stb/pull/1549
@ -209,7 +209,7 @@ Patch:        0001-Fix-double-free-in-stbi__load_gif_main_outofmem.patch
 #
 # Rebased on top of https://github.com/nothings/stb/pull/1539 and
 # https://github.com/nothings/stb/pull/1545.
-Patch:          0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
+Patch17:        0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch

 # Fix Null pointer dereference because of an uninitialized variable
 # https://github.com/nothings/stb/pull/1551
@ -221,7 +221,7 @@ Patch:          0002-Fix-possible-double-free-or-memory-leak-in-stbi__loa.patch
 # https://github.com/nothings/stb/issues/1550
 #
 # Rebased on top of https://github.com/nothings/stb/pull/1541.
-Patch:          0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
+Patch18:        0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch

 # Fix 0 byte write heap buffer overflow in start_decoder
 # https://github.com/nothings/stb/pull/1553
@ -231,7 +231,18 @@ Patch:          0001-Fix-Null-pointer-dereference-because-of-an-uninitial.patch
 # 0 byte write heap buffer overflow in start_decoder
 # (GHSL-2023-165/CVE-2023-45675)
 # https://github.com/nothings/stb/issues/1552
-Patch:          %{url}/pull/1553.patch
+Patch19:        1553.patch
+
+%ifarch riscv64
+Patch1000:      fix-build-on-riscv64.patch
+%endif
+
+# Out of bounds heap buffer write (GHSL-2023-171/CVE-2023-45681)
+# https://github.com/nothings/stb/pull/1559
+# Fixes CVE-2023-45681 and duplicate CVE-2023-47212
+# https://bugzilla.redhat.com/show_bug.cgi?id=2278402
+Patch20:        1559.patch
+

 %global stb_c_lexer_version 0.12
 %global stb_connected_components_version 0.96
@ -990,6 +1001,15 @@ EOF


 %changelog
+* Wed May 08 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.16
+- Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212
+
+* Thu Mar 28 2024 misaka00251 <liuxin@iscas.ac.cn> - 0.20220908git8b5f1f3-0.15
+- Add new line to riscv64 patch to avoid build issue
+
+* Fri Mar 22 2024 misaka00251 <liuxin@iscas.ac.cn> - 0.20220908git8b5f1f3-0.14
+- Fix build on riscv64
+
 * Fri Mar 08 2024 peijiankang <peijiankang@kylinos.cn> - 0.20220908git8b5f1f3-0.13
 - stb_vorbis: fix GHSL-2023-165 / fix CVE-2023-45675