Add patches for CVE-2018-20539, CVE-2018-20537, CVE-2018-20536, CVE-2018-20540

2020-04-14 20:14:25 +02:00 · 2020-04-14 20:14:25 +02:00 · 61288b97fe
parent d580e8a548
commit 61288b97fe
6 changed files with 97 additions and 4 deletions
--- a/liblas.spec
+++ b/liblas.spec
@ -3,7 +3,7 @@

 Name:           liblas
 Version:        1.8.1
-Release:        5%{?shortcommit:.git%shortcommit}%{?dist}
+Release:        6%{?shortcommit:.git%shortcommit}%{?dist}
 Summary:        Library for reading and writing the very common LAS LiDAR format

 License:        BSD and Boost
@ -20,6 +20,22 @@ Source0:        https://download.osgeo.org/%{name}/libLAS-%{version}.tar.bz2
 #  removal of OSRFixup() and OSRFixupOrdering(): no longer needed since objects constructed are always valid
 Patch1:         liblas_gdal3.patch

+# https://bugzilla.redhat.com/show_bug.cgi?id=1652609
+# https://github.com/libLAS/libLAS/issues/159
+Patch2:         liblas_CVE-2018-20539.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1652611
+# https://github.com/libLAS/libLAS/issues/160
+Patch3:         liblas_CVE-2018-20537.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1652610
+# https://github.com/libLAS/libLAS/issues/161
+Patch4:         liblas_CVE-2018-20536.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1652612
+# https://github.com/libLAS/libLAS/issues/181
+Patch5:         liblas_CVE-2018-20540.patch
+
 BuildRequires:  gcc-c++
 BuildRequires:  boost-devel >= 1.53
 BuildRequires:  cmake
@ -99,6 +115,9 @@ libLAS utility applications.


 %changelog
+* Tue Apr 14 2020 Sandro Mani <manisandro@gmail.com> - 1.8.1-6.gitd76a061
+- Add patches for CVE-2018-20539, CVE-2018-20537, CVE-2018-20536, CVE-2018-20540
+
 * Tue Apr 14 2020 Sandro Mani <manisandro@gmail.com> - 1.8.1-5.gitd76a061
 - Update to latest git

--- a/liblas_CVE-2018-20536.patch
+++ b/liblas_CVE-2018-20536.patch
@ -0,0 +1,15 @@
+diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp
+--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp	2020-04-14 20:10:51.253663569 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp	2020-04-14 20:10:51.255663566 +0200
+@@ -516,8 +516,9 @@ const GTIF* SpatialReference::GetGTIF()
+                 // The '+ 1' accounts for the header itself.
+                 int count = (header->numKeys + 1) * 4;
+                 short *data_s = reinterpret_cast<short *>( &(data[0]));
+-
+-                ST_SetKey(m_tiff, record.GetRecordId(), count, STT_SHORT, data_s);
+                if(std::size_t(count) <= data.size() / sizeof(short)) {
+                    ST_SetKey(m_tiff, record.GetRecordId(), count, STT_SHORT, data_s);
+                }
+             }
+         }
+
--- a/liblas_CVE-2018-20537.patch
+++ b/liblas_CVE-2018-20537.patch
@ -0,0 +1,20 @@
+diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp
+--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp	2020-04-14 20:10:51.220663610 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp	2020-04-14 20:10:51.222663607 +0200
+@@ -522,14 +522,14 @@ const GTIF* SpatialReference::GetGTIF()
+         }
+
+         if (uid == record.GetUserId(true).c_str() &&
+-            34736 == record.GetRecordId())
+            34736 == record.GetRecordId() && !data.empty())
+         {
+             int count = data.size() / sizeof(double);
+             ST_SetKey(m_tiff, record.GetRecordId(), count, STT_DOUBLE, &(data[0]));
+         }
+
+         if (uid == record.GetUserId(true).c_str() &&
+-            34737 == record.GetRecordId())
+            34737 == record.GetRecordId() && !data.empty())
+         {
+             int count = data.size()/sizeof(uint8_t);
+             ST_SetKey(m_tiff, record.GetRecordId(), count, STT_ASCII, &(data[0]));
--- a/liblas_CVE-2018-20539.patch
+++ b/liblas_CVE-2018-20539.patch
@ -0,0 +1,24 @@
+diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp
+--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/spatialreference.cpp	2020-04-05 18:40:29.000000000 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/spatialreference.cpp	2020-04-14 20:10:51.189663648 +0200
+@@ -510,12 +510,15 @@ const GTIF* SpatialReference::GetGTIF()
+ #pragma pack(pop)
+
+             ShortKeyHeader *header = (ShortKeyHeader *)data.data();
+-            // Calculate the number of shorts in the VLR data.
+-            // The '+ 1' accounts for the header itself.
+-            int count = (header->numKeys + 1) * 4;
+-            short *data_s = reinterpret_cast<short *>( &(data[0]));
+            if (header)
+            {
+                // Calculate the number of shorts in the VLR data.
+                // The '+ 1' accounts for the header itself.
+                int count = (header->numKeys + 1) * 4;
+                short *data_s = reinterpret_cast<short *>( &(data[0]));
+
+-            ST_SetKey(m_tiff, record.GetRecordId(), count, STT_SHORT, data_s);
+                ST_SetKey(m_tiff, record.GetRecordId(), count, STT_SHORT, data_s);
+            }
+         }
+
+         if (uid == record.GetUserId(true).c_str() &&
--- a/liblas_CVE-2018-20540.patch
+++ b/liblas_CVE-2018-20540.patch
@ -0,0 +1,15 @@
+diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/include/liblas/liblas.hpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/include/liblas/liblas.hpp
+--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/include/liblas/liblas.hpp	2020-04-05 18:40:29.000000000 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/include/liblas/liblas.hpp	2020-04-14 20:10:51.287663527 +0200
+@@ -137,7 +137,10 @@ inline std::istream* Open(std::string co
+     {
+         ifs = new std::ifstream();
+         ifs->open(filename.c_str(), mode);
+-        if (ifs->is_open() == false) return NULL;
+        if (ifs->is_open() == false) {
+            delete ifs;
+            return NULL;
+        }
+         return ifs;
+     }
+     catch (...)
--- a/liblas_gdal3.patch
+++ b/liblas_gdal3.patch
@ -1,6 +1,6 @@
-diff -rupN libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/gt_wkt_srs.cpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/gt_wkt_srs.cpp
--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/gt_wkt_srs.cpp	2020-04-14 14:31:15.016526319 +0200
-+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/gt_wkt_srs.cpp	2020-04-14 14:31:28.741504852 +0200
+diff -rupN --no-dereference libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/gt_wkt_srs.cpp libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/gt_wkt_srs.cpp
+--- libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8/src/gt_wkt_srs.cpp	2020-04-05 18:40:29.000000000 +0200
+++ libLAS-d76a061f33a69a36ab116cd939c5d444b301efd8-new/src/gt_wkt_srs.cpp	2020-04-14 20:10:51.154663692 +0200
@@ -299,7 +299,6 @@ char *GTIFGetOGISDefn( GTIF *hGTIF, GTIF
                 oSRS.SetFromUserInput(pszWKT);
                 oSRS.SetExtension( "PROJCS", "PROJ4",