diff --git a/Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch b/Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch new file mode 100644 index 0000000000000000000000000000000000000000..9af8a53d396fd96c607346bbf9cffe62c8202747 --- /dev/null +++ b/Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch @@ -0,0 +1,31 @@ +From 8615575144e6fd3d708a30983ed2415db479ef4c Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Thu, 8 Apr 2021 12:17:09 +0200 +Subject: [PATCH] Fix: Memory leaks in SWIG generated code (for Python) + +There were memory leaks in the `Chksum_from_bin`, `Chksum_add`, +`SolvFp_write` functions wrapper for Python. + +The problem was in "freearg" typemap argument defined in "solv.i". +Therefore, the typemap was not applied. + +Conflict: NA +Reference: https://github.com/openSUSE/libsolv/commit/8615575144e6fd3d708a30983ed2415db479ef4c + +--- + bindings/solv.i | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bindings/solv.i b/bindings/solv.i +index 1882b135..3bbeca04 100644 +--- a/bindings/solv.i ++++ b/bindings/solv.i +@@ -63,7 +63,7 @@ typedef struct { + $2 = size; + } + +-%typemap(freearg,noblock=1,match="in") (const unsigned char *str, int len) { ++%typemap(freearg,noblock=1,match="in") (const unsigned char *str, size_t len) { + if (alloc$argnum == SWIG_NEWOBJ) %delete_array(buf$argnum); + } + diff --git a/Fix-memory-leaks.patch b/Fix-memory-leaks.patch new file mode 100644 index 0000000000000000000000000000000000000000..c02b8977890849bd33587aef2191747b9b2730a9 --- /dev/null +++ b/Fix-memory-leaks.patch @@ -0,0 +1,42 @@ +From 71c6b26096086926f48d8fced1a03ca52a1eb745 Mon Sep 17 00:00:00 2001 +From: Jaroslav Rohel +Date: Mon, 29 Mar 2021 12:46:31 +0200 +Subject: [PATCH] Fix memory leaks + +Conflict: NA +Reference: https://github.com/openSUSE/libsolv/commit/71c6b26096086926f48d8fced1a03ca52a1eb745 + +--- + ext/repo_deb.c | 1 + + ext/testcase.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/ext/repo_deb.c b/ext/repo_deb.c +index 8f637567..34f40fa8 100644 +--- a/ext/repo_deb.c ++++ b/ext/repo_deb.c +@@ -792,5 +792,6 @@ pool_deb_get_autoinstalled(Pool *pool, FILE *fp, Queue *q, int flags) + break; + } + } ++ solv_free(buf); + } + +diff --git a/ext/testcase.c b/ext/testcase.c +index 8fb6d793..4e9e3154 100644 +--- a/ext/testcase.c ++++ b/ext/testcase.c +@@ -1477,11 +1477,11 @@ testcase_solverresult(Solver *solv, int resultflags) + queue_init(&q); + for (rid = 1; (rclass = solver_ruleclass(solv, rid)) != SOLVER_RULE_UNKNOWN; rid++) + { +- char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " "); +- prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0); + solver_ruleliterals(solv, rid, &q); + if (rclass == SOLVER_RULE_FEATURE && q.count == 1 && q.elements[0] == -SYSTEMSOLVABLE) + continue; ++ char *prefix = solv_dupjoin("rule ", testcase_rclass2str(rclass), " "); ++ prefix = solv_dupappend(prefix, testcase_ruleid(solv, rid), 0); + for (i = 0; i < q.count; i++) + { + Id p = q.elements[i]; diff --git a/Fix-segfault-in-resolve_jobrules.patch b/Fix-segfault-in-resolve_jobrules.patch new file mode 100644 index 0000000000000000000000000000000000000000..2bde7bfff79efea50640aa30157519db7a524c4c --- /dev/null +++ b/Fix-segfault-in-resolve_jobrules.patch @@ -0,0 +1,28 @@ +From 0ecd4f310318d9bd91db48e5c9dc7e749fbed82a Mon Sep 17 00:00:00 2001 +From: Thomas Lam <79589038+tl-hbk@users.noreply.github.com> +Date: Tue, 30 Mar 2021 05:33:52 -0700 +Subject: [PATCH] Fix segfault in resolve_jobrules + +In selectandinstall sometimes rules are added and a realloc is required if there's +no more memory available in the allocated block. r-- would just decrement the old +pointer but the realloc could return a completely different block of memory + +Conflict: NA +Reference: https://github.com/openSUSE/libsolv/commit/0ecd4f310318d9bd91db48e5c9dc7e749fbed82a + +--- + src/solver.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/solver.c b/src/solver.c +index 9c02cc76..89a2ed10 100644 +--- a/src/solver.c ++++ b/src/solver.c +@@ -1629,6 +1629,7 @@ resolve_jobrules(Solver *solv, int level, int disablerules, Queue *dq) + } + olevel = level; + level = selectandinstall(solv, level, dq, disablerules, i, SOLVER_REASON_RESOLVE_JOB); ++ r = solv->rules + i; /* selectandinstall may have added more rules */ + if (level <= olevel) + { + if (level == olevel) diff --git a/libsolv.spec b/libsolv.spec index c7b9aa0890c72eb52fcc8f8fa3c61dc734c08d48..fafb3bdbbc1192aecc998a5da2549fd48d53b387 100644 --- a/libsolv.spec +++ b/libsolv.spec @@ -15,7 +15,7 @@ Name: libsolv Version: 0.7.14 -Release: 3 +Release: 4 Summary: Package dependency solver License: BSD URL: https://github.com/openSUSE/libsolv @@ -24,6 +24,10 @@ Source: https://github.com/openSUSE/libsolv/archive/%{version}/%{ Patch0: CVE-2021-3200.patch Patch1: Fix-all-memory-errors-found-in-make-test.patch Patch2: Fix-deduceq2addedap-clearing-bits-outside-of-the-added-map.patch +Patch3: Fix-memory-leaks.patch +Patch4: Fix-segfault-in-resolve_jobrules.patch +Patch5: Fix-Memory-leaks-in-SWIG-generated-code-for-Python.patch +Patch6: use-memmove-for-overlapping-regions.patch BuildRequires: cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel BuildRequires: libxml2-devel xz-devel bzip2-devel libzstd-devel @@ -191,6 +195,12 @@ Python 3 version. %{_mandir}/man3/%{name}*.3* %changelog +* Wed Sep 29 2021 zhangrui - 0.7.14-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix memory leaks and segfault + * Wed Sep 29 2021 zhuqingfu - 0.7.14-3 - Type:bugfix - CVE:NA diff --git a/use-memmove-for-overlapping-regions.patch b/use-memmove-for-overlapping-regions.patch new file mode 100644 index 0000000000000000000000000000000000000000..da9018ec3ebcc575b7a0a7c19f07aec9b0ea637c --- /dev/null +++ b/use-memmove-for-overlapping-regions.patch @@ -0,0 +1,25 @@ +From ccc2ec885a81de137c30fd0deb8c5475440e5287 Mon Sep 17 00:00:00 2001 +From: Wolf Vollprecht +Date: Thu, 8 Jul 2021 09:13:19 +0200 +Subject: [PATCH] use memmove for overlapping regions + +Conflict:NA +Reference:https://github.com/openSUSE/libsolv/commit/ccc2ec885a81de137c30fd0deb8c5475440e5287.patch + +--- + src/conda.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/conda.c b/src/conda.c +index 21ad6bfb..6f6a65a6 100644 +--- a/src/conda.c ++++ b/src/conda.c +@@ -670,7 +670,7 @@ pool_conda_matchspec(Pool *pool, const char *name) + if (build) + { + *p++ = ' '; +- memcpy(p, build, buildend - build); ++ memmove(p, build, buildend - build); + p += buildend - build; + } + evrid = pool_strn2id(pool, version, p - version, 1);