开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 5

_service:tar_scm:snappy-java.spec Changed

@@ -1,7 +1,7 @@
 %global debug_package %nil
 Name:                snappy-java
 Version:             1.1.2.4
-Release:             1
+Release:             2
 Summary:             Fast compressor/decompresser
 License:             ASL 2.0
 URL:                 http://xerial.org/snappy-java/
@@ -9,6 +9,8 @@
 Source1:             https://repo1.maven.org/maven2/org/xerial/snappy/%{name}/%{version}/%{name}-%{version}.pom
 Patch0:              snappy-java-1.1.2-build.patch
 Patch1:              snappy-java-1.1.2.4-lsnappy.patch
+Patch2:              CVE-2023-34455.patch
+Patch3:              CVE-2023-34454.patch
 
 BuildRequires:       make gcc-c++ libstdc++-static snappy-devel
 BuildRequires:       maven-local mvn(com.sun:tools) mvn(org.apache.felix:maven-bundle-plugin)
@@ -38,6 +40,8 @@
 find -name "*.h" -print -delete
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 cp %{SOURCE1} pom.xml
 %pom_change_dep org.osgi: org.apache.felix::1.4.0
 %pom_xpath_remove "pom:dependencypom:scope = 'test'"
@@ -119,5 +123,8 @@
 %license LICENSE NOTICE
 
 %changelog
+* Mon Jul 03 2023 wangkai <13474090681@163.com> - 1.1.2.4-2
+- Fix CVE-2023-34455 and CVE-2023-34454
+
 * Tue Jul 28 2020 leiju <leiju4@huawei.com> - 1.1.2.4-1
 - Package init

_service:tar_scm:CVE-2023-34454.patch Added

@@ -0,0 +1,205 @@
+From d0042551e4a3509a725038eb9b2ad1f683674d94 Mon Sep 17 00:00:00 2001
+From: aidanchiu1112 <108113174+aidanchiu1112@users.noreply.github.com>
+Date: Wed, 14 Jun 2023 11:06:30 -0700
+Subject: PATCH Merge pull request from GHSA-fjpj-2g6w-x25r
+
+* Fixed integer overflow by checking if bytesize is bigger than input length, then throwing exception
+
+* Fixed integer overflow by checking if bytesize is bigger than input length, then throwing exception
+
+* Fixed integer overflow by checking if bytesize is bigger than input length, then throwing exception
+
+* improved error messages by adding new error enum INPUT_TOO_LARGE in SnappyErrorCode.java, and added happy and sad cases in SnappyTest.java
+
+* fixed mispelling: validArrayInputLength --> isInvalidArrayInputLength
+
+* switched SnappyError into ILLEGAL_ARGUMENT in SnappyErrorCode.java and Snappy.java and fixed a typo in error comment
+
+* Fix buffer size boundary tests
+
+* Remove negative array size tests
+
+* updated comments for unit test
+
+Origin: https://github.com/xerial/snappy-java/commit/d0042551e4a3509a725038eb9b2ad1f683674d94
+
+---
+ src/main/java/org/xerial/snappy/Snappy.java   | 36 ++++++++--
+ .../org/xerial/snappy/SnappyErrorCode.java    |  4 +-
+ .../java/org/xerial/snappy/SnappyTest.java    | 65 +++++++++++++++++++
+ 3 files changed, 98 insertions(+), 7 deletions(-)
+
+diff --git a/src/main/java/org/xerial/snappy/Snappy.java b/src/main/java/org/xerial/snappy/Snappy.java
+index dc81f7c..762be59 100755
+--- a/src/main/java/org/xerial/snappy/Snappy.java
++++ b/src/main/java/org/xerial/snappy/Snappy.java
+@@ -163,7 +163,11 @@ public class Snappy
+     public static byte compress(char input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 2); // char uses 2 bytes
++        int byteSize = input.length * 2;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // char uses 2 bytes
+     }
+ 
+     /**
+@@ -175,7 +179,11 @@ public class Snappy
+     public static byte compress(double input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 8); // double uses 8 bytes
++        int byteSize = input.length * 8;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // double uses 8 bytes
+     }
+ 
+     /**
+@@ -187,7 +195,11 @@ public class Snappy
+     public static byte compress(float input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 4); // float uses 4 bytes
++        int byteSize = input.length * 4;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // float uses 4 bytes
+     }
+ 
+     /**
+@@ -199,7 +211,11 @@ public class Snappy
+     public static byte compress(int input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 4); // int uses 4 bytes
++        int byteSize = input.length * 4;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // int uses 4 bytes
+     }
+ 
+     /**
+@@ -211,7 +227,11 @@ public class Snappy
+     public static byte compress(long input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 8); // long uses 8 bytes
++        int byteSize = input.length * 8;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // long uses 8 bytes
+     }
+ 
+     /**
+@@ -223,7 +243,11 @@ public class Snappy
+     public static byte compress(short input)
+             throws IOException
+     {
+-        return rawCompress(input, input.length * 2); // short uses 2 bytes
++        int byteSize = input.length * 2;
++        if (byteSize < input.length) {
++            throw new SnappyError(SnappyErrorCode.TOO_LARGE_INPUT, "input array size is too large: " + input.length);
++        }
++        return rawCompress(input, byteSize); // short uses 2 bytes
+     }
+ 
+     /**
+diff --git a/src/main/java/org/xerial/snappy/SnappyErrorCode.java b/src/main/java/org/xerial/snappy/SnappyErrorCode.java
+index 4325b02..661ffd8 100755
+--- a/src/main/java/org/xerial/snappy/SnappyErrorCode.java
++++ b/src/main/java/org/xerial/snappy/SnappyErrorCode.java
+@@ -41,7 +41,9 @@ public enum SnappyErrorCode
+     FAILED_TO_UNCOMPRESS(5),
+     EMPTY_INPUT(6),
+     INCOMPATIBLE_VERSION(7),
+-    INVALID_CHUNK_SIZE(8);
++    INVALID_CHUNK_SIZE(8),
++    UNSUPPORTED_PLATFORM(9),
++    TOO_LARGE_INPUT(10);
+ 
+     public final int id;
+ 
+diff --git a/src/test/java/org/xerial/snappy/SnappyTest.java b/src/test/java/org/xerial/snappy/SnappyTest.java
+index 730dae9..4a863e0 100755
+--- a/src/test/java/org/xerial/snappy/SnappyTest.java
++++ b/src/test/java/org/xerial/snappy/SnappyTest.java
+@@ -376,4 +376,69 @@ public class SnappyTest
+             // But OutOfMemoryError will not be caught, and will still be thrown
+         }
+     }
++
++    /*
++    Tests happy cases for BitShuffle.shuffle method
++    - double: 0, 10
++    - float: 0, 10
++    - int: 0, 10
++    - long: 0, 10
++    - short: 0, 10
++     */
++    @Test
++    public void isValidArrayInputLength()
++            throws Exception {
++        byte a = Snappy.compress(new char0);
++        byte b = Snappy.compress(new double0);
++        byte c = Snappy.compress(new float0);
++        byte d = Snappy.compress(new int0);
++        byte e = Snappy.compress(new long0);
++        byte f = Snappy.compress(new short0);
++        byte g = Snappy.compress(new char10);
++        byte h = Snappy.compress(new double10);
++        byte i = Snappy.compress(new float10);
++        byte j = Snappy.compress(new int10);
++        byte k = Snappy.compress(new long10);
++        byte l = Snappy.compress(new short10);
++    }
++
++    /*
++    Tests sad cases for Snappy.compress
++    - Allocate a buffer whose byte size will be a bit larger than Integer.MAX_VALUE
++    - char
++    - double
++    - float
++    - int
++    - long
++    - short
++     */
++    @Test(expected = SnappyError.class)
++    public void isTooLargeDoubleArrayInputLength() throws Exception {
++        Snappy.compress(new doubleInteger.MAX_VALUE / 8 + 1);
++    }
++
++    @Test(expected = SnappyError.class)
++    public void isTooLargeCharArrayInputLength() throws Exception {
++        Snappy.compress(new charInteger.MAX_VALUE / 2 + 1);
++    }
++
++    @Test(expected = SnappyError.class)
++    public void isTooLargeFloatArrayInputLength() throws Exception {
++        Snappy.compress(new floatInteger.MAX_VALUE / 4 + 1);
++    }
++
++    @Test(expected = SnappyError.class)
++    public void isTooLargeIntArrayInputLength() throws Exception {
++        Snappy.compress(new intInteger.MAX_VALUE / 4 + 1);
++    }
++
++    @Test(expected = SnappyError.class)
++    public void isTooLargeLongArrayInputLength() throws Exception {
++        Snappy.compress(new longInteger.MAX_VALUE / 8 + 1);
++    }
++
++    @Test(expected = SnappyError.class)
++    public void isTooLargeShortArrayInputLength() throws Exception {

_service:tar_scm:CVE-2023-34455.patch Added

@@ -0,0 +1,122 @@
+From 3bf67857fcf70d9eea56eed4af7c925671e8eaea Mon Sep 17 00:00:00 2001
+From: aidanchiu1112 <108113174+aidanchiu1112@users.noreply.github.com>
+Date: Wed, 14 Jun 2023 10:49:52 -0700
+Subject: PATCH Merge pull request from GHSA-qcwq-55hx-v3vh
+
+* asserted chunksize should be in the bounds of 0-java.outofmmeoryexception
+
+* asserted chunksize should be in the bounds of 0-java.outofmmeoryexception
+
+* https://github.com/xerial/snappy-java-ghsa-qcwq-55hx-v3vh/pull/2
+
+* advisory-fix-3
+
+* added and changed method name for happy and sad cases in SnappyTest.java
+
+* removed expected error for happy case in unit testing
+
+* added another unit test case in SnappyTest.java and fixed comments in SnappyInputStream.java
+
+* switched SnappyError to INVALID_CHUNK_SIZE
+
+* Updated unit tests
+
+Origin: https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea
+
+---
+ .../org/xerial/snappy/SnappyInputStream.java  | 13 ++++-
+ .../java/org/xerial/snappy/SnappyTest.java    | 47 +++++++++++++++++++
+ 2 files changed, 59 insertions(+), 1 deletion(-)
+
+diff --git a/src/main/java/org/xerial/snappy/SnappyInputStream.java b/src/main/java/org/xerial/snappy/SnappyInputStream.java
+index 19a68c6..f499c66 100755
+--- a/src/main/java/org/xerial/snappy/SnappyInputStream.java
++++ b/src/main/java/org/xerial/snappy/SnappyInputStream.java
+@@ -417,9 +417,20 @@ public class SnappyInputStream
+             }
+         }
+ 
++        // chunkSize is negative
++        if (chunkSize < 0) {
++            throw new SnappyError(SnappyErrorCode.INVALID_CHUNK_SIZE, "chunkSize is too big or negative : " + chunkSize);
++        }
++
+         // extend the compressed data buffer size
+         if (compressed == null || chunkSize > compressed.length) {
+-            compressed = new bytechunkSize;
++            // chunkSize exceeds limit
++            try {
++                compressed = new bytechunkSize;
++            }
++            catch (java.lang.OutOfMemoryError e) {
++                throw new SnappyError(SnappyErrorCode.INVALID_CHUNK_SIZE, e.getMessage());
++            }
+         }
+         readBytes = 0;
+         while (readBytes < chunkSize) {
+diff --git a/src/test/java/org/xerial/snappy/SnappyTest.java b/src/test/java/org/xerial/snappy/SnappyTest.java
+index 18b39e9..730dae9 100755
+--- a/src/test/java/org/xerial/snappy/SnappyTest.java
++++ b/src/test/java/org/xerial/snappy/SnappyTest.java
+@@ -26,6 +26,7 @@ package org.xerial.snappy;
+ 
+ import static org.junit.Assert.*;
+ 
++import java.io.ByteArrayInputStream;
+ import java.io.IOException;
+ import java.nio.ByteBuffer;
+ 
+@@ -329,4 +330,50 @@ public class SnappyTest
+             _logger.debug(e);
+         }
+     }
++
++    /*
++    Tests happy cases for SnappyInputStream.read method
++    - {0}
++     */
++    @Test
++    public void isValidChunkLengthForSnappyInputStreamIn()
++            throws Exception {
++        byte data = {0};
++        SnappyInputStream in = new SnappyInputStream(new ByteArrayInputStream(data));
++        byte out = new byte50;
++        in.read(out);
++    }
++
++    /*
++    Tests sad cases for SnappyInputStream.read method
++    - Expects a java.lang.NegativeArraySizeException catched into a SnappyError
++    - {-126, 'S', 'N', 'A', 'P', 'P', 'Y', 0, 0, 0, 0, 0, 0, 0, 0, 0,(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff}
++     */
++    @Test(expected = SnappyError.class)
++    public void isInvalidChunkLengthForSnappyInputStreamInNegative()
++            throws Exception {
++        byte data = {-126, 'S', 'N', 'A', 'P', 'P', 'Y', 0, 0, 0, 0, 0, 0, 0, 0, 0,(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff};
++        SnappyInputStream in = new SnappyInputStream(new ByteArrayInputStream(data));
++        byte out = new byte50;
++        in.read(out);
++    }
++
++    /*
++    Tests sad cases for SnappyInputStream.read method
++    - Expects a java.lang.OutOfMemoryError
++    - {-126, 'S', 'N', 'A', 'P', 'P', 'Y', 0, 0, 0, 0, 0, 0, 0, 0, 0,(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff}
++     */
++    @Test(expected = SnappyError.class)
++    public void isInvalidChunkLengthForSnappyInputStreamOutOfMemory()
++            throws Exception {
++        byte data = {-126, 'S', 'N', 'A', 'P', 'P', 'Y', 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff};
++        SnappyInputStream in = new SnappyInputStream(new ByteArrayInputStream(data));
++        byte out = new byte50;
++        try {
++            in.read(out);
++        } catch (Exception ignored) {
++            // Exception here will be catched
++            // But OutOfMemoryError will not be caught, and will still be thrown
++        }
++    }
+ }
+-- 
+2.33.0
+