diff --git a/.gitignore b/.gitignore index 00f281b..2365f0e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libyang-0.16.105-1.tar.gz +SOURCES/libyang-1.0.184.tar.gz diff --git a/.libyang.metadata b/.libyang.metadata index 76993f2..510d087 100644 --- a/.libyang.metadata +++ b/.libyang.metadata @@ -1 +1 @@ -df90b05511d961a7d3bb08ef04301bdb5b9204aa SOURCES/libyang-0.16.105-1.tar.gz +89842305651e76696a0b79370659763f55be4398 SOURCES/libyang-1.0.184.tar.gz diff --git a/SOURCES/0001-libyang-0.16.105-CVE-2019-19333.patch b/SOURCES/0001-libyang-0.16.105-CVE-2019-19333.patch deleted file mode 100644 index 7802a52..0000000 --- a/SOURCES/0001-libyang-0.16.105-CVE-2019-19333.patch +++ /dev/null @@ -1,242 +0,0 @@ -diff --git a/src/parser.c b/src/parser.c -index 38fd137b..e5d7ebbd 100644 ---- a/src/parser.c -+++ b/src/parser.c -@@ -979,7 +979,7 @@ lyp_precompile_pattern(struct ly_ctx *ctx, const char *pattern, pcre** pcre_cmp, - * @param[in] data2 If \p type is #LY_TYPE_BITS: (int *) type bit field length, - * #LY_TYPE_DEC64: (uint8_t *) number of fraction digits (position of the floating point), - * otherwise ignored. -- * @return 1 if a conversion took place, 0 if the value was kept the same. -+ * @return 1 if a conversion took place, 0 if the value was kept the same, -1 on error. - */ - static int - make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, void *data2) -@@ -994,6 +994,8 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - uint64_t unum; - uint8_t c; - -+#define LOGBUF(str) LOGERR(ctx, LY_EINVAL, "Value \"%s\" is too long.", str) -+ - switch (type) { - case LY_TYPE_BITS: - bits = (struct lys_type_bit **)data1; -@@ -1006,8 +1008,10 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - continue; - } - if (buf[0]) { -+ LY_CHECK_ERR_RETURN(strlen(buf) + 1 + strlen(bits[i]->name) > buf_len, LOGBUF(bits[i]->name), -1); - sprintf(buf + strlen(buf), " %s", bits[i]->name); - } else { -+ LY_CHECK_ERR_RETURN(strlen(bits[i]->name) > buf_len, LOGBUF(bits[i]->name), -1); - strcpy(buf, bits[i]->name); - } - } -@@ -1025,7 +1029,7 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - - case LY_TYPE_INST: - exp = lyxp_parse_expr(ctx, *value); -- LY_CHECK_ERR_RETURN(!exp, LOGINT(ctx), 0); -+ LY_CHECK_ERR_RETURN(!exp, LOGINT(ctx), -1); - - module_name = NULL; - count = 0; -@@ -1035,9 +1039,9 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - /* copy WS */ - if (i && ((end = exp->expr + exp->expr_pos[i - 1] + exp->tok_len[i - 1]) != cur_expr)) { - if (count + (cur_expr - end) > buf_len) { -- LOGINT(ctx); - lyxp_expr_free(exp); -- return 0; -+ LOGBUF(end); -+ return -1; - } - strncpy(&buf[count], end, cur_expr - end); - count += cur_expr - end; -@@ -1051,9 +1055,9 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - if (!module_name || strncmp(cur_expr, module_name, j)) { - /* print module name with colon, it does not equal to the parent one */ - if (count + j > buf_len) { -- LOGINT(ctx); - lyxp_expr_free(exp); -- return 0; -+ LOGBUF(cur_expr); -+ return -1; - } - strncpy(&buf[count], cur_expr, j); - count += j; -@@ -1062,17 +1066,17 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - - /* copy the rest */ - if (count + (exp->tok_len[i] - j) > buf_len) { -- LOGINT(ctx); - lyxp_expr_free(exp); -- return 0; -+ LOGBUF(end); -+ return -1; - } - strncpy(&buf[count], end, exp->tok_len[i] - j); - count += exp->tok_len[i] - j; - } else { - if (count + exp->tok_len[i] > buf_len) { -- LOGINT(ctx); -+ LOGBUF(&exp->expr[exp->expr_pos[i]]); - lyxp_expr_free(exp); -- return 0; -+ return -1; - } - strncpy(&buf[count], &exp->expr[exp->expr_pos[i]], exp->tok_len[i]); - count += exp->tok_len[i]; -@@ -1081,7 +1085,7 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - if (count > buf_len) { - LOGINT(ctx); - lyxp_expr_free(exp); -- return 0; -+ return -1; - } - buf[count] = '\0'; - -@@ -1146,6 +1150,8 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - } - - return 0; -+ -+#undef LOGBUF - } - - static const char * -@@ -1412,7 +1418,10 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - c = c + len; - } - -- make_canonical(ctx, LY_TYPE_BITS, value_, bits, &type->info.bits.count); -+ if (make_canonical(ctx, LY_TYPE_BITS, value_, bits, &type->info.bits.count) == -1) { -+ free(bits); -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1470,7 +1479,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_DEC64, value_, &num, &type->info.dec64.dig); -+ if (make_canonical(ctx, LY_TYPE_DEC64, value_, &num, &type->info.dec64.dig) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1598,7 +1609,10 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - type->parent->flags |= LYS_DFLTJSON; - } - -- make_canonical(ctx, LY_TYPE_IDENT, &value, (void*)lys_main_module(local_mod)->name, NULL); -+ if (make_canonical(ctx, LY_TYPE_IDENT, &value, (void*)lys_main_module(local_mod)->name, NULL) == -1) { -+ lydict_remove(ctx, value); -+ goto error; -+ } - - /* replace the old value with the new one (even if they may be the same) */ - lydict_remove(ctx, *value_); -@@ -1651,7 +1665,11 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - /* turn logging back on */ - ly_ilo_restore(NULL, prev_ilo, NULL, 0); - } else { -- if (make_canonical(ctx, LY_TYPE_INST, &value, NULL, NULL)) { -+ if ((c = make_canonical(ctx, LY_TYPE_INST, &value, NULL, NULL))) { -+ if (c == -1) { -+ goto error; -+ } -+ - /* if a change occured, value was removed from the dicionary so fix the pointers */ - *value_ = value; - } -@@ -1749,7 +1767,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_INT8, value_, &num, NULL); -+ if (make_canonical(ctx, LY_TYPE_INT8, value_, &num, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1764,7 +1784,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_INT16, value_, &num, NULL); -+ if (make_canonical(ctx, LY_TYPE_INT16, value_, &num, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1779,7 +1801,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_INT32, value_, &num, NULL); -+ if (make_canonical(ctx, LY_TYPE_INT32, value_, &num, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1795,7 +1819,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_INT64, value_, &num, NULL); -+ if (make_canonical(ctx, LY_TYPE_INT64, value_, &num, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1810,7 +1836,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_UINT8, value_, &unum, NULL); -+ if (make_canonical(ctx, LY_TYPE_UINT8, value_, &unum, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1825,7 +1853,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_UINT16, value_, &unum, NULL); -+ if (make_canonical(ctx, LY_TYPE_UINT16, value_, &unum, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1840,7 +1870,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_UINT32, value_, &unum, NULL); -+ if (make_canonical(ctx, LY_TYPE_UINT32, value_, &unum, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ -@@ -1855,7 +1887,9 @@ lyp_parse_value(struct lys_type *type, const char **value_, struct lyxml_elem *x - goto error; - } - -- make_canonical(ctx, LY_TYPE_UINT64, value_, &unum, NULL); -+ if (make_canonical(ctx, LY_TYPE_UINT64, value_, &unum, NULL) == -1) { -+ goto error; -+ } - - if (store) { - /* store the result */ diff --git a/SOURCES/0002-libyang-0.16.105-CVE-2019-19334.patch b/SOURCES/0002-libyang-0.16.105-CVE-2019-19334.patch deleted file mode 100644 index 3c6fcc7..0000000 --- a/SOURCES/0002-libyang-0.16.105-CVE-2019-19334.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/parser.c b/src/parser.c -index e5d7ebbd..4828c7c0 100644 ---- a/src/parser.c -+++ b/src/parser.c -@@ -1021,8 +1021,10 @@ make_canonical(struct ly_ctx *ctx, int type, const char **value, void *data1, vo - module_name = (const char *)data1; - /* identity must always have a prefix */ - if (!strchr(*value, ':')) { -+ LY_CHECK_ERR_RETURN(strlen(module_name) + 1 + strlen(*value) > buf_len, LOGBUF(*value), -1); - sprintf(buf, "%s:%s", module_name, *value); - } else { -+ LY_CHECK_ERR_RETURN(strlen(*value) > buf_len, LOGBUF(*value), -1); - strcpy(buf, *value); - } - break; diff --git a/SPECS/libyang.spec b/SPECS/libyang.spec index b2ed4cb..5c4625f 100644 --- a/SPECS/libyang.spec +++ b/SPECS/libyang.spec @@ -7,11 +7,11 @@ %endif Name: libyang -Version: 0.16.105 -Release: 3%{?dist}.2 +Version: 1.0.184 +Release: 1%{?dist} Summary: YANG data modeling language library Url: https://github.com/CESNET/libyang -Source: %{url}/archive/debian/libyang-%{version}-1.tar.gz +Source: %{url}/archive/libyang-%{version}.tar.gz License: BSD Requires: pcre @@ -27,10 +27,6 @@ BuildRequires: python3-devel BuildRequires: flex BuildRequires: bison BuildRequires: graphviz -BuildRequires: git-core - -Patch0001: 0001-libyang-0.16.105-CVE-2019-19333.patch -Patch0002: 0002-libyang-0.16.105-CVE-2019-19334.patch %package devel Summary: Development files for libyang @@ -76,7 +72,7 @@ Libyang is YANG data modeling language parser and toolkit written (and providing API) in C. %prep -%autosetup -S git -n libyang-debian-libyang-%{version}-1 +%autosetup -S git mkdir build %build @@ -111,8 +107,7 @@ cp -r doc/html %{buildroot}/%{_docdir}/libyang/html %{_datadir}/man/man1/yanglint.1.gz %{_datadir}/man/man1/yangre.1.gz %{_libdir}/libyang.so.* -%{_libdir}/libyang/* -%dir %{_libdir}/libyang/ +%{_libdir}/libyang1 %files devel %{_libdir}/libyang.so @@ -138,12 +133,15 @@ cp -r doc/html %{buildroot}/%{_docdir}/libyang/html %{python3_sitearch}/__pycache__/yang* %changelog -* Mon Dec 16 2019 Michal Ruprich - 0.16.105-3.2 -- Related: #1779573 - Fixing a few covscan issues +* Thu Jan 07 2021 Michal Ruprich - 1.0.184-1 +- Resolves: #1910046 - [RFE] Rebase libyang to 1.0.184 + +* Mon Dec 16 2019 Michal Ruprich - 0.16.105-5 +- Related: #1780311 - Fixing a few covscan issues -* Tue Dec 10 2019 Michal Ruprich - 0.16.105-3.1 -- Resolves: #1779573 - CVE-2019-19333 libyang: stack-based buffer overflow in make_canonical when bits leaf type is used -- Resolves: #1779576 - CVE-2019-19334 libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used +* Tue Dec 10 2019 Michal Ruprich - 0.16.105-4 +- Resolves: #1780311 - CVE-2019-19333 libyang: stack-based buffer overflow in make_canonical when bits leaf type is used +- Resolves: #1780313 - CVE-2019-19334 libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used * Mon May 27 2019 Michal Ruprich - 0.16.105-3 - Related: #1698076 - Adding gating file