microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

gb: CVE-2021-38115 and CVE-2021-40812, hivex: CVE-2021-3504 and CVE-2021-3622 (#3084) 

* Hivex: Upgrade to 1.3.21 to fix CVE-2021-3504 and CVE-2021-3622

* hivex: Upgrade to 1.3.21 to fix CVE-2021-3504 and CVE-2021-3622

* gd: Upgrade to 2.3.3 to address CVE-2021-38115 and CVE-2021-40812

* Upgrade to 2.3.3 to address CVE-2021-38115 and CVE-2021-40812

* upgrade hivex to 1.3.20

* gd: Upgrade to 2.3.3 to address CVE-2021-38115 and CVE-2021-40812

* gd: Upgrade to 2.3.3 to address CVE-2021-38115 and CVE-2021-40812

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
This commit is contained in:
nicolas guibourge 2022-06-01 10:00:48 -07:00 коммит произвёл GitHub
Родитель 33a7e5ab6a
Коммит 04c14466ba
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
8 изменённых файлов: 16 добавлений и 151 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

76
SPECS/gd/CVE-2021-40145.patch
Просмотреть файл

@ -1,76 +0,0 @@
From 9226aa87861d7f597284ad401f506fd0b8ee9323 Mon Sep 17 00:00:00 2001
From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
Date: Mon, 19 Jul 2021 18:52:50 +0430
Subject: [PATCH] gdImageGd2Ptr memory leak
Backported from upstream by mfrw
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
src/gd_gd2.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
index 760e85b..9c0cdd7 100644
--- a/src/gd_gd2.c
+++ b/src/gd_gd2.c
@@ -910,9 +910,11 @@ _gd2PutHeader (gdImagePtr im, gdIOCtx * out, int cs, int fmt, int cx, int cy)
}
-static void
+/* returns 0 on success, 1 on failure */
+static int
_gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
{
+ int ret = 0;
int ncx, ncy, cx, cy;
int x, y, ylo, yhi, xlo, xhi;
int chunkLen;
@@ -974,10 +976,12 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
/* */
chunkData = gdCalloc (cs * bytesPerPixel * cs, 1);
if (!chunkData) {
+ ret = 1;
goto fail;
}
compData = gdCalloc (compMax, 1);
if (!compData) {
+ ret = 1;
goto fail;
}
@@ -992,6 +996,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
chunkIdx = gdCalloc (idxSize * sizeof (t_chunk_info), 1);
if (!chunkIdx) {
+ ret = 1;
goto fail;
}
};
@@ -1107,6 +1112,8 @@ fail:
}
GD2_DBG (printf ("Done\n"));
+ return ret;
+
}
/*
@@ -1128,8 +1135,11 @@ BGD_DECLARE(void *) gdImageGd2Ptr (gdImagePtr im, int cs, int fmt, int *size)
void *rv;
gdIOCtx *out = gdNewDynamicCtx (2048, NULL);
if (out == NULL) return NULL;
- _gdImageGd2 (im, out, cs, fmt);
- rv = gdDPExtractData (out, size);
+ if (_gdImageGd2(im, out, cs, fmt)) {
+ rv = NULL;
+ } else {
+ rv = gdDPExtractData(out, size);
+ }
out->gd_free (out);
return rv;
}
--
2.17.1

2
SPECS/gd/gd.signatures.json
Просмотреть файл

@ -1,6 +1,6 @@
{
"Signatures": {
"baselibs.conf": "51b92d2adf44c9aaee5c22084a0b0c36a809c61e5e618927eef00265476360ef",
"libgd-2.3.0.tar.xz": "ecd9155b9a417fb3f837f29e5966323796de247789163761dd72dbf83bfcac58"
"libgd-2.3.3.tar.xz": "3fe822ece20796060af63b7c60acb151e5844204d289da0ce08f8fdf131e5a61"
}
}

9
SPECS/gd/gd.spec
Просмотреть файл

@ -19,8 +19,8 @@
%define prjname libgd
%define lname libgd3
Name: gd
Version: 2.3.0
Release: 5%{?dist}
Version: 2.3.3
Release: 1%{?dist}
Summary: A Drawing Library for Programs That Use PNG and JPEG Output
License: MIT
Vendor: Microsoft Corporation
@ -34,7 +34,6 @@ Patch1: gd-fontpath.patch
Patch2: gd-format.patch
# could be upstreamed
Patch3: gd-aliasing.patch
Patch4: CVE-2021-40145.patch
BuildRequires: fontconfig-devel
# needed for tests
BuildRequires: libjpeg-devel
@ -84,7 +83,6 @@ the formats accepted for inline images by most browsers.
%patch1
%patch2
%patch3
%patch4 -p1
chmod 644 COPYING
%build
@ -158,6 +156,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
%{_libdir}/pkgconfig/gdlib.pc
%changelog
* Tue May 31 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 2.3.3-1
- Upgrade to 2.3.3 to address CVE-2021-38115 and CVE-2021-40812
* Tue Apr 12 2022 Muhammad Falak <mwani@microsoft.com> - 2.3.0-5
- Backport patch from upstream to address CVE-2021-40145

24
SPECS/hivex/0001-Win-Hivex-Regedit-Accept-CRLF-line-endings.patch
Просмотреть файл

@ -1,24 +0,0 @@
From 564a923a91d042e24e9259d86f69e0061f28ef4f Mon Sep 17 00:00:00 2001
From: Vladimir Panteleev <git@thecybershadow.net>
Date: Thu, 16 Jan 2020 12:11:20 +0000
Subject: [PATCH 1/2] Win::Hivex::Regedit: Accept CRLF line endings
---
perl/lib/Win/Hivex/Regedit.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/perl/lib/Win/Hivex/Regedit.pm b/perl/lib/Win/Hivex/Regedit.pm
index 34426f1..2b17036 100644
--- a/perl/lib/Win/Hivex/Regedit.pm
+++ b/perl/lib/Win/Hivex/Regedit.pm
@@ -144,6 +144,7 @@ sub reg_import
# this is fairly common in pasted regedit files.
$lineno++;
chomp;
+ s/\r$//;
if (s/\\\s*$//) {
$_ .= <$fh>;
redo unless eof ($fh);
--
2.24.1

36
SPECS/hivex/0002-Win-Hivex-Regedit-Ignore-comments.patch
Просмотреть файл

@ -1,36 +0,0 @@
From 003028c3c0d33e952430d3f4e1a987a777674eb3 Mon Sep 17 00:00:00 2001
From: Vladimir Panteleev <git@thecybershadow.net>
Date: Thu, 16 Jan 2020 12:11:21 +0000
Subject: [PATCH 2/2] Win::Hivex::Regedit: Ignore comments
---
perl/lib/Win/Hivex/Regedit.pm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/perl/lib/Win/Hivex/Regedit.pm b/perl/lib/Win/Hivex/Regedit.pm
index 2b17036..f0dbb50 100644
--- a/perl/lib/Win/Hivex/Regedit.pm
+++ b/perl/lib/Win/Hivex/Regedit.pm
@@ -153,8 +153,8 @@ sub reg_import
#print STDERR "reg_import: parsing <<<$_>>>\n";
if ($state eq "outer") {
- # Ignore blank lines, headers.
- next if /^\s*$/;
+ # Ignore blank lines, headers, comments.
+ next if /^\s*(;.*)?$/;
# .* is needed before Windows Registry Editor Version.. in
# order to eat a possible Unicode BOM which regedit writes
@@ -193,7 +193,7 @@ sub reg_import
my $value = _parse_value ("", $1, $encoding);
croak (_parse_error ($_, $lineno)) unless defined $value;
push @newvalues, $value;
- } elsif (/^\s*$/) { # blank line after values
+ } elsif (/^\s*(;.*)?$/) { # blank line after values
_merge_node ($hmap, \%params, $newnode, \@newvalues, \@delvalues);
$state = "outer";
} else {
--
2.24.1

2
SPECS/hivex/hivex.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{
"Signatures": {
"hivex-1.3.18.tar.gz": "8a1e788fd9ea9b6e8a99705ebd0ff8a65b1bdee28e319c89c4a965430d0a7445"
"hivex-1.3.21.tar.gz": "9ace3ef4a2ff2ca50a99be068b60fb1fdbc9eab8af53e345e97ce75ba4b63b56"
}
}

10
SPECS/hivex/hivex.spec
Просмотреть файл

@ -7,16 +7,13 @@
Summary: Read and write Windows Registry binary hive files
Name: hivex
Version: 1.3.18
Release: 24%{?dist}
Version: 1.3.21
Release: 1%{?dist}
License: LGPLv2+
Vendor: Microsoft Corporation
Distribution: Mariner
URL: https://libguestfs.org/
Source0: http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz
# Patches - all upstream since 1.3.18.
Patch0001: 0001-Win-Hivex-Regedit-Accept-CRLF-line-endings.patch
Patch0002: 0002-Win-Hivex-Regedit-Ignore-comments.patch
BuildRequires: %{_bindir}/pod2html
BuildRequires: %{_bindir}/pod2man
@ -247,6 +244,9 @@ fi
%{ruby_vendorarchdir}/_hivex.so
%changelog
* Tue May 31 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 1.3.20-1
- Upgrade to 1.3.21 to fix CVE-2021-3504 and CVE-2021-3622.
* Wed Mar 30 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.3.18-24
- Updating dependencies, conflicts, and provides.

8
cgmanifest.json
Просмотреть файл

@ -3540,8 +3540,8 @@
"type": "other",
"other": {
"name": "gd",
"version": "2.3.0",
"downloadUrl": "https://github.com/libgd/libgd/releases/download/gd-2.3.0/libgd-2.3.0.tar.xz"
"version": "2.3.3",
"downloadUrl": "https://github.com/libgd/libgd/releases/download/gd-2.3.3/libgd-2.3.3.tar.xz"
}
}
},
@ -4520,8 +4520,8 @@
"type": "other",
"other": {
"name": "hivex",
"version": "1.3.18",
"downloadUrl": "http://libguestfs.org/download/hivex/hivex-1.3.18.tar.gz"
"version": "1.3.21",
"downloadUrl": "http://libguestfs.org/download/hivex/hivex-1.3.21.tar.gz"
}
}
},