开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 2

_service:tar_scm:unbound.spec Changed

@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.17.1
-Release:       7
+Release:       10
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD-3-Clause
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -29,7 +29,11 @@
 Patch6:        backport-pre-CVE-2024-33655-Fix-out-of-bounds-read-in-parse_edns_options_from_query.patch
 Patch7:        backport-CVE-2024-33655.patch
 Patch8:        backport-CVE-2024-43167.patch
-Patch9:        backport-CVE-2024-43168.patch
+Patch9:        backport-001-CVE-2024-43168.patch
+Patch10:       backport-002-CVE-2024-43168.patch
+Patch11:       backport-003-CVE-2024-43168.patch
+Patch12:       backport-004-CVE-2024-43168.patch
+Patch13:       backport-CVE-2024-8508.patch
 
 BuildRequires: make flex swig pkgconfig systemd
 BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@@ -266,6 +270,24 @@
 %{_mandir}/man*
 
 %changelog
+* Wed Oct 16 2024 gaihuiying <eaglegai@163.com> - 1.17.1-10
+- Type:cves
+- CVE:CVE-2024-8508
+- SUG:NA
+- DESC:fix CVE-2024-8508
+
+* Thu Aug 29 2024 gaihuiying <eaglegai@163.com> - 1.17.1-9
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:correct cve number
+
+* Mon Aug 26 2024 gaihuiying <eaglegai@163.com> - 1.17.1-8
+- Type:cves
+- CVE:CVE-2024-43168
+- SUG:NA
+- DESC:fix CVE-2024-43168 better
+
 * Mon Aug 19 2024 gaihuiying <eaglegai@163.com> - 1.17.1-7
 - Type:cves
 - CVE:CVE-2024-43167 CVE-2024-43168
@@ -328,9 +350,9 @@
 
 * Wed Aug 03 2022 yanglu <yanglu72@h-partners.com> - 1.13.2-5
 - Type:cves
-- CVE:CVE-2022-30689 CVE-2022-30699
+- CVE:CVE-2022-30698 CVE-2022-30699
 - SUG:NA
-- DESC:fix CVE-2022-30689 and CVE-2022-30699
+- DESC:fix CVE-2022-30698 and CVE-2022-30699
 
 * Tue Aug 02 2022 gaihuiying <eaglegai@163.com> - 1.13.2-4
 - Type:bugfix

_service:tar_scm:backport-001-CVE-2024-43168.patch Added

_service:tar_scm:backport-002-CVE-2024-43168.patch Added

@@ -0,0 +1,56 @@
+From dfff8d23cf4145c58e5c1e99d4159d3a91a70ab7 Mon Sep 17 00:00:00 2001
+From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
+Date: Wed, 3 Apr 2024 10:16:18 +0200
+Subject: PATCH - For #1040: adjust error text and disallow negative ports in
+ other   parts of cfg_mark_ports.
+
+---
+ util/config_file.c | 14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/util/config_file.c b/util/config_file.c
+index e7b2f195..74554286 100644
+--- a/util/config_file.c
++++ b/util/config_file.c
+@@ -1762,7 +1762,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ 	if(!mid) {
+ 		int port = atoi(str);
+ 		if(port < 0) {
+-			log_err("Prevent out-of-bounds access to array avail");
++			log_err("port number is negative: %d", port);
+ 			return 0;
+ 		}
+ 		if(port == 0 && strcmp(str, "0") != 0) {
+@@ -1774,6 +1774,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ 	} else {
+ 		int i, low, high = atoi(mid+1);
+ 		char buf16;
++		if(high < 0) {
++			log_err("port number is negative: %d", high);
++			return 0;
++		}
+ 		if(high == 0 && strcmp(mid+1, "0") != 0) {
+ 			log_err("cannot parse port number '%s'", mid+1);
+ 			return 0;
+@@ -1786,10 +1790,18 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ 			memcpy(buf, str, (size_t)(mid-str));
+ 		bufmid-str = 0;
+ 		low = atoi(buf);
++		if(low < 0) {
++			log_err("port number is negative: %d", low);
++			return 0;
++		}
+ 		if(low == 0 && strcmp(buf, "0") != 0) {
+ 			log_err("cannot parse port number '%s'", buf);
+ 			return 0;
+ 		}
++		if(high > num) {
++			/* Stop very high values from taking a long time. */
++			high = num;
++		}
+ 		for(i=low; i<=high; i++) {
+ 			if(i < num)
+ 				availi = (allow?i:0);
+-- 
+2.33.0
+

_service:tar_scm:backport-003-CVE-2024-43168.patch Added

@@ -0,0 +1,135 @@
+From 4497e8a154f53cd5947a6ee5aa65cf99be57152e Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 May 2024 11:35:52 +0000
+Subject: PATCH Fix potential overflow bug while parsing port in function
+ cfg_mark_ports
+
+---
+ util/config_file.c | 76 ++++++++++++++++++++++++++++++----------------
+ 1 file changed, 50 insertions(+), 26 deletions(-)
+
+diff --git a/util/config_file.c b/util/config_file.c
+index 2b67d4c1..4a3b7d77 100644
+--- a/util/config_file.c
++++ b/util/config_file.c
+@@ -42,6 +42,7 @@
+ #include "config.h"
+ #include <ctype.h>
+ #include <stdarg.h>
++#include <errno.h>
+ #ifdef HAVE_TIME_H
+ #include <time.h>
+ #endif
+@@ -1772,6 +1773,38 @@ init_outgoing_availports(int* a, int num)
+ 	}
+ }
+ 
++static int
++extract_port_from_str(const char* str, int max_port) {
++	char* endptr;
++	if (str == NULL || *str == '\0') {
++		log_err("str: '%s' is invalid", str);
++		return -1;
++	}
++
++	long int value = strtol(str, &endptr, 10);
++	if ((endptr == str) || (*endptr != '\0'))  {
++		log_err("cannot parse port number '%s'", str);
++		return -1;
++	}
++
++	if (errno == ERANGE) {
++                log_err("overflow occurred when parsing '%s'", str);
++		return -1;
++	}
++
++	if (value == 0 && strcmp(str, "0") != 0) {
++		log_err("cannot parse port number '%s'", str);
++		return -1;
++	}
++
++	if (value < 0 || value >= max_port) {
++		log_err(" '%s' is out of bounds 0, %d)", str, max_port);
++		return -1;
++	}
++
++	return (int)value;
++}
++
+ int 
+ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ {
+@@ -1782,53 +1815,44 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ 		"options");
+ #endif
+ 	if(!mid) {
+-		int port = atoi(str);
+-		if(port < 0) {
+-			log_err("port number is negative: %d", port);
++		int port = extract_port_from_str(str, num);
++		if (port < 0) {
++			log_err("Failed to parse the port number");
+ 			return 0;
+ 		}
+-		if(port == 0 && strcmp(str, "0") != 0) {
+-			log_err("cannot parse port number '%s'", str);
+-			return 0;
+-		}
+-		if(port < num)
+-			availport = (allow?port:0);
++		availport = (allow?port:0);
+ 	} else {
+-		int i, low, high = atoi(mid+1);
+ 		char buf16;
+-		if(high < 0) {
+-			log_err("port number is negative: %d", high);
+-			return 0;
+-		}
+-		if(high == 0 && strcmp(mid+1, "0") != 0) {
+-			log_err("cannot parse port number '%s'", mid+1);
++		int i, low;
++		int high = extract_port_from_str(mid+1, num);
++		if (high < 0) {
++			log_err("Failed to parse the port number");
+ 			return 0;
+ 		}
++
+ 		if( (int)(mid-str)+1 >= (int)sizeof(buf) ) {
+ 			log_err("cannot parse port number '%s'", str);
+ 			return 0;
+ 		}
++
+ 		if(mid > str)
+ 			memcpy(buf, str, (size_t)(mid-str));
+ 		bufmid-str = 0;
+-		low = atoi(buf);
+-		if(low < 0) {
+-			log_err("port number is negative: %d", low);
++		low = extract_port_from_str(buf, num);
++		if (low < 0) {
++			log_err("Failed to parse the port number");
+ 			return 0;
+ 		}
+-		if(low == 0 && strcmp(buf, "0") != 0) {
+-			log_err("cannot parse port number '%s'", buf);
++
++		if (low > high) {
++			log_err("Low value is greater than high value");
+ 			return 0;
+ 		}
+-		if(high > num) {
+-			/* Stop very high values from taking a long time. */
+-			high = num;
+-		}
++
+ 		for(i=low; i<=high; i++) {
+ 			if(i < num)
+ 				availi = (allow?i:0);
+ 		}
+-		return 1;
+ 	}
+ 	return 1;
+ }
+-- 
+2.33.0
+

_service:tar_scm:backport-004-CVE-2024-43168.patch Added

@@ -0,0 +1,44 @@
+From c085a53268940dfbb907cbaa7a690740b6c8210c Mon Sep 17 00:00:00 2001
+From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
+Date: Tue, 7 May 2024 14:05:21 +0200
+Subject: PATCH - Fix for #1062: declaration before statement, avoid print of
+ null,   and redundant check for array size. And changelog note for merge of
+ #1062.
+
+---
+ util/config_file.c | 8 +++++---
+ 1 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/util/config_file.c b/util/config_file.c
+index 4a3b7d77..2ac6c468 100644
+--- a/util/config_file.c
++++ b/util/config_file.c
+@@ -1776,12 +1776,13 @@ init_outgoing_availports(int* a, int num)
+ static int
+ extract_port_from_str(const char* str, int max_port) {
+ 	char* endptr;
++	long int value;
+ 	if (str == NULL || *str == '\0') {
+-		log_err("str: '%s' is invalid", str);
++		log_err("str: '%s' is invalid", (str?str:"NULL"));
+ 		return -1;
+ 	}
+ 
+-	long int value = strtol(str, &endptr, 10);
++	value = strtol(str, &endptr, 10);
+ 	if ((endptr == str) || (*endptr != '\0'))  {
+ 		log_err("cannot parse port number '%s'", str);
+ 		return -1;
+@@ -1820,7 +1821,8 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ 			log_err("Failed to parse the port number");
+ 			return 0;
+ 		}
+-		availport = (allow?port:0);
++		if(port < num)
++			availport = (allow?port:0);
+ 	} else {
+ 		char buf16;
+ 		int i, low;
+-- 
+2.33.0
+

_service:tar_scm:backport-CVE-2024-43168.patch -> _service:tar_scm:backport-CVE-2024-8508.patch Changed

@@ -1,28 +1,246 @@
-From 193401e7543a1e561dd634a3eaae932fa462a2b9 Mon Sep 17 00:00:00 2001
-From: zhailiangliang <zhailiangliang@loongson.cn>
-Date: Wed, 3 Apr 2024 15:40:58 +0800
-Subject: PATCH fix heap-buffer-overflow issue in function cfg_mark_ports of
- file util/config_file.c
+From b7c61d7cc256d6a174e6179622c7fa968272c259 Mon Sep 17 00:00:00 2001
+From: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
+Date: Thu, 3 Oct 2024 14:46:57 +0200
+Subject: PATCH - Fix CVE-2024-8508, unbounded name compression could lead to
+ denial of   service.
 
 ---
- util/config_file.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/util/config_file.c b/util/config_file.c
-index 26185da0..e7b2f195 100644
---- a/util/config_file.c
-+++ b/util/config_file.c
-@@ -1761,6 +1761,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
- #endif
- 	if(!mid) {
- 		int port = atoi(str);
-+		if(port < 0) {
-+			log_err("Prevent out-of-bounds access to array avail");
-+			return 0;
-+		}
- 		if(port == 0 && strcmp(str, "0") != 0) {
- 			log_err("cannot parse port number '%s'", str);
- 			return 0;
--- 
-2.33.0
+ util/data/msgencode.c | 77 ++++++++++++++++++++++++++-----------------
+ 1 file changed, 46 insertions(+), 31 deletions(-)
 
+diff --git a/util/data/msgencode.c b/util/data/msgencode.c
+index 898ff8412..6d116fb52 100644
+--- a/util/data/msgencode.c
++++ b/util/data/msgencode.c
+@@ -62,6 +62,10 @@
+ #define RETVAL_TRUNC	-4
+ /** return code that means all is peachy keen. Equal to DNS rcode NOERROR */
+ #define RETVAL_OK	0
++/** Max compressions we are willing to perform; more than that will result
++ *  in semi-compressed messages, or truncated even on TCP for huge messages, to
++ *  avoid locking the CPU for long */
++#define MAX_COMPRESSION_PER_MESSAGE 120
+ 
+ /**
+  * Data structure to help domain name compression in outgoing messages.
+@@ -284,15 +288,17 @@ write_compressed_dname(sldns_buffer* pkt, uint8_t* dname, int labs,
+ 
+ /** compress owner name of RR, return RETVAL_OUTMEM RETVAL_TRUNC */
+ static int
+-compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt, 
+-	struct regional* region, struct compress_tree_node** tree, 
+-	size_t owner_pos, uint16_t* owner_ptr, int owner_labs)
++compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
++	struct regional* region, struct compress_tree_node** tree,
++	size_t owner_pos, uint16_t* owner_ptr, int owner_labs,
++	size_t* compress_count)
+ {
+ 	struct compress_tree_node* p;
+ 	struct compress_tree_node** insertpt = NULL;
+ 	if(!*owner_ptr) {
+ 		/* compress first time dname */
+-		if((p = compress_tree_lookup(tree, key->rk.dname, 
++		if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
++			(p = compress_tree_lookup(tree, key->rk.dname,
+ 			owner_labs, &insertpt))) {
+ 			if(p->labs == owner_labs) 
+ 				/* avoid ptr chains, since some software is
+@@ -301,6 +307,7 @@ compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 			if(!write_compressed_dname(pkt, key->rk.dname, 
+ 				owner_labs, p))
+ 				return RETVAL_TRUNC;
++			(*compress_count)++;
+ 			/* check if typeclass+4 ttl + rdatalen is available */
+ 			if(sldns_buffer_remaining(pkt) < 4+4+2)
+ 				return RETVAL_TRUNC;
+@@ -313,7 +320,8 @@ compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 			if(owner_pos <= PTR_MAX_OFFSET)
+ 				*owner_ptr = htons(PTR_CREATE(owner_pos));
+ 		}
+-		if(!compress_tree_store(key->rk.dname, owner_labs, 
++		if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
++			!compress_tree_store(key->rk.dname, owner_labs,
+ 			owner_pos, region, p, insertpt))
+ 			return RETVAL_OUTMEM;
+ 	} else {
+@@ -333,20 +341,24 @@ compress_owner(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 
+ /** compress any domain name to the packet, return RETVAL_* */
+ static int
+-compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs, 
+-	struct regional* region, struct compress_tree_node** tree)
++compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
++	struct regional* region, struct compress_tree_node** tree,
++	size_t* compress_count)
+ {
+ 	struct compress_tree_node* p;
+ 	struct compress_tree_node** insertpt = NULL;
+ 	size_t pos = sldns_buffer_position(pkt);
+-	if((p = compress_tree_lookup(tree, dname, labs, &insertpt))) {
++	if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
++		(p = compress_tree_lookup(tree, dname, labs, &insertpt))) {
+ 		if(!write_compressed_dname(pkt, dname, labs, p))
+ 			return RETVAL_TRUNC;
++		(*compress_count)++;
+ 	} else {
+ 		if(!dname_buffer_write(pkt, dname))
+ 			return RETVAL_TRUNC;
+ 	}
+-	if(!compress_tree_store(dname, labs, pos, region, p, insertpt))
++	if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
++		!compress_tree_store(dname, labs, pos, region, p, insertpt))
+ 		return RETVAL_OUTMEM;
+ 	return RETVAL_OK;
+ }
+@@ -364,9 +376,9 @@ type_rdata_compressable(struct ub_packed_rrset_key* key)
+ 
+ /** compress domain names in rdata, return RETVAL_* */
+ static int
+-compress_rdata(sldns_buffer* pkt, uint8_t* rdata, size_t todolen, 
+-	struct regional* region, struct compress_tree_node** tree, 
+-	const sldns_rr_descriptor* desc)
++compress_rdata(sldns_buffer* pkt, uint8_t* rdata, size_t todolen,
++	struct regional* region, struct compress_tree_node** tree,
++	const sldns_rr_descriptor* desc, size_t* compress_count)
+ {
+ 	int labs, r, rdf = 0;
+ 	size_t dname_len, len, pos = sldns_buffer_position(pkt);
+@@ -380,8 +392,8 @@ compress_rdata(sldns_buffer* pkt, uint8_t* rdata, size_t todolen,
+ 		switch(desc->_wireformatrdf) {
+ 		case LDNS_RDF_TYPE_DNAME:
+ 			labs = dname_count_size_labels(rdata, &dname_len);
+-			if((r=compress_any_dname(rdata, pkt, labs, region, 
+-				tree)) != RETVAL_OK)
++			if((r=compress_any_dname(rdata, pkt, labs, region,
++				tree, compress_count)) != RETVAL_OK)
+ 				return r;
+ 			rdata += dname_len;
+ 			todolen -= dname_len;
+@@ -449,7 +461,8 @@ static int
+ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, 
+ 	uint16_t* num_rrs, time_t timenow, struct regional* region,
+ 	int do_data, int do_sig, struct compress_tree_node** tree,
+-	sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset)
++	sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset,
++	size_t* compress_count)
+ {
+ 	size_t i, j, owner_pos;
+ 	int r, owner_labs;
+@@ -477,9 +490,9 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 		for(i=0; i<data->count; i++) {
+ 			/* rrset roundrobin */
+ 			j = (i + rr_offset) % data->count;
+-			if((r=compress_owner(key, pkt, region, tree, 
+-				owner_pos, &owner_ptr, owner_labs))
+-				!= RETVAL_OK)
++			if((r=compress_owner(key, pkt, region, tree,
++				owner_pos, &owner_ptr, owner_labs,
++				compress_count)) != RETVAL_OK)
+ 				return r;
+ 			sldns_buffer_write(pkt, &key->rk.type, 2);
+ 			sldns_buffer_write(pkt, &key->rk.rrset_class, 2);
+@@ -489,8 +502,8 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 			else	sldns_buffer_write_u32(pkt, data->rr_ttlj-adjust);
+ 			if(c) {
+ 				if((r=compress_rdata(pkt, data->rr_dataj,
+-					data->rr_lenj, region, tree, c))
+-					!= RETVAL_OK)
++					data->rr_lenj, region, tree, c,
++					compress_count)) != RETVAL_OK)
+ 					return r;
+ 			} else {
+ 				if(sldns_buffer_remaining(pkt) < data->rr_lenj)
+@@ -510,9 +523,9 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt,
+ 					return RETVAL_TRUNC;
+ 				sldns_buffer_write(pkt, &owner_ptr, 2);
+ 			} else {
+-				if((r=compress_any_dname(key->rk.dname, 
+-					pkt, owner_labs, region, tree))
+-					!= RETVAL_OK)
++				if((r=compress_any_dname(key->rk.dname,
++					pkt, owner_labs, region, tree,
++					compress_count)) != RETVAL_OK)
+ 					return r;
+ 				if(sldns_buffer_remaining(pkt) < 
+ 					4+4+data->rr_leni)
+@@ -544,7 +557,8 @@ static int
+ insert_section(struct reply_info* rep, size_t num_rrsets, uint16_t* num_rrs,
+ 	sldns_buffer* pkt, size_t rrsets_before, time_t timenow, 
+ 	struct regional* region, struct compress_tree_node** tree,
+-	sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset)
++	sldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset,
++	size_t* compress_count)
+ {
+ 	int r;

_service Changed