!11 fix CVE-2021-3200

From: @eaglegai Reviewed-by: @orange-snn Signed-off-by: @orange-snn
2021-05-28 15:47:19 +08:00 · 2021-05-28 15:47:19 +08:00 · 0cb4440f5f
commit 0cb4440f5f
parent 3406b5f636 afca305181
2 changed files with 73 additions and 1 deletions
--- a/CVE-2021-3200.patch
+++ b/CVE-2021-3200.patch
@ -0,0 +1,63 @@
+From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Mon, 14 Dec 2020 11:12:00 +0100
+Subject: [PATCH] testcase_read: error out if repos are added or the system is
+ changed too late
+
+We must not add new solvables after the considered map was created, the solver
+was created, or jobs were added. We may not changed the system after jobs have
+been added.
+
+(Jobs may point inside the whatproviedes array, so we must not invalidate this
+area.)
+---
+ ext/testcase.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 0be7a213..8fb6d793 100644
+--- a/ext/testcase.c
+++ b/ext/testcase.c
+@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+   Id *genid = 0;
+   int ngenid = 0;
+   Queue autoinstq;
+  int oldjobsize = job ? job->count : 0;
+ 
+   if (resultp)
+     *resultp = 0;
+@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int prio, subprio;
+ 	  const char *rdata;
+ 
+	  if (pool->considered)
+	    {
+	      pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
+	      continue;
+	    }
+	  if (solv)
+	    {
+	      pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
+	      continue;
+	    }
+	  if (job && job->count != oldjobsize)
+	    {
+	      pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
+	      continue;
+	    }
+ 	  prepared = 0;
+           if (!poolflagsreset)
+ 	    {
+@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int i;
+ 
+ 	  /* must set the disttype before the arch */
+	  if (job && job->count != oldjobsize)
+	    {
+	      pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
+	      continue;
+	    }
+ 	  prepared = 0;
+ 	  if (strcmp(pieces[2], "*") != 0)
+ 	    {
+
--- a/libsolv.spec
+++ b/libsolv.spec
@ -15,11 +15,14 @@

 Name:                  libsolv
 Version:               0.7.14
-Release:               2
+Release:               3
 Summary:               Package dependency solver                    
 License:               BSD
 URL:                   https://github.com/openSUSE/libsolv
 Source:                https://github.com/openSUSE/libsolv/archive/%{version}/%{name}-%{version}.tar.gz
+
+Patch0:                CVE-2021-3200.patch
+
 BuildRequires:         cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel
 BuildRequires:         libxml2-devel xz-devel bzip2-devel libzstd-devel 
 Requires:              %{_bindir}/find %{_bindir}/curl %{_bindir}/gpg2 %{name}-help
@ -186,6 +189,12 @@ Python 3 version.
 %{_mandir}/man3/%{name}*.3*

 %changelog
+* Fri May 28 2021 gaihuiying <gaihuiying1@huawei.com> - 0.7.14-3
+- Type:cves
+- CVE:CVE-2021-3200
+- SUG:NA
+- DESC:fix CVE-2021-3200
+
 * Mon Nov 09 2020 xihaochen <xihaochen@huawei.com> - 0.7.14-2
 - Type:requirement
 - CVE:NA