Compare commits
10 Commits
724eb2501a
...
b946bf1d32
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
b946bf1d32 | ||
|
|
a0336c4092 | ||
|
|
b09de98719 | ||
|
|
3a16b1f222 | ||
|
|
a9eed2b39d | ||
|
|
009e9173f0 | ||
|
|
a8b843fd63 | ||
|
|
625e8502d3 | ||
|
|
9e3fb3fafb | ||
|
|
9f60868e49 |
25
0001-lib-node.c-Fix-minor-typo-in-error-message.patch
Normal file
25
0001-lib-node.c-Fix-minor-typo-in-error-message.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From bb92eed6b57ed29d8230ca688ff73771b8b7e845 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Fri, 16 Jul 2021 09:49:04 +0100
|
||||
Subject: [PATCH] lib/node.c: Fix minor typo in error message
|
||||
|
||||
---
|
||||
lib/node.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/node.c b/lib/node.c
|
||||
index 21cd127..7b002a4 100644
|
||||
--- a/lib/node.c
|
||||
+++ b/lib/node.c
|
||||
@@ -346,7 +346,7 @@ _hivex_get_children (hive_h *h, hive_node_h node,
|
||||
if (!h->unsafe) {
|
||||
SET_ERRNO (ENOTSUP,
|
||||
"nr_subkeys_in_nk = %zu "
|
||||
- "is not equal to number of childred read %zu",
|
||||
+ "is not equal to number of children read %zu",
|
||||
nr_subkeys_in_nk, nr_children);
|
||||
goto error;
|
||||
} else {
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,48 +0,0 @@
|
||||
From be51757920b56a77e2e63247f9a8409ce994d33c Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Mon, 26 Feb 2018 12:38:12 +0000
|
||||
Subject: [PATCH] ocaml: Link the C bindings with LDFLAGS (RHBZ#1548536).
|
||||
|
||||
Use the ocamlmklib -ldopt flag to pass the general $(LDFLAGS) when
|
||||
calling gcc to link dllmlhivex.so. We were already passing $(CFLAGS)
|
||||
when building the object file.
|
||||
|
||||
When building using Fedora's standard hardening flags this gives:
|
||||
|
||||
ocamlmklib -o mlhivex hivex_c.o hivex.cmo \
|
||||
-verbose -ldopt '-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' \
|
||||
-L../lib/.libs -lhivex
|
||||
+ gcc -shared -o ./dllmlhivex.so hivex_c.o -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L../lib/.libs -lhivex
|
||||
+ ar rc ./libmlhivex.a hivex_c.o; ranlib ./libmlhivex.a
|
||||
+ /usr/bin/ocamlc -a -o mlhivex.cma hivex.cmo -dllib -lmlhivex -cclib -lmlhivex -cclib -L../lib/.libs -cclib -lhivex
|
||||
|
||||
This also works if $(LDFLAGS) is empty, because ocamlmklib ignores
|
||||
-ldopt ''.
|
||||
---
|
||||
ocaml/Makefile.am | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ocaml/Makefile.am b/ocaml/Makefile.am
|
||||
index 61db095..85655b6 100644
|
||||
--- a/ocaml/Makefile.am
|
||||
+++ b/ocaml/Makefile.am
|
||||
@@ -41,10 +41,14 @@ OBJS = hivex_c.o hivex.cmo
|
||||
XOBJS = $(OBJS:.cmo=.cmx)
|
||||
|
||||
mlhivex.cma: $(OBJS)
|
||||
- $(OCAMLMKLIB) -o mlhivex $^ -L$(top_builddir)/lib/.libs -lhivex
|
||||
+ $(OCAMLMKLIB) -o mlhivex $^ \
|
||||
+ -ldopt '$(LDFLAGS)' \
|
||||
+ -L$(top_builddir)/lib/.libs -lhivex
|
||||
|
||||
mlhivex.cmxa: $(XOBJS)
|
||||
- $(OCAMLMKLIB) -o mlhivex $^ -L$(top_builddir)/lib/.libs -lhivex
|
||||
+ $(OCAMLMKLIB) -o mlhivex $^ \
|
||||
+ -ldopt '$(LDFLAGS)' \
|
||||
+ -L$(top_builddir)/lib/.libs -lhivex
|
||||
|
||||
hivex_c.o: hivex_c.c
|
||||
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -fPIC -Wall -c $<
|
||||
--
|
||||
2.13.2
|
||||
|
||||
72
CVE-2021-3504.patch
Normal file
72
CVE-2021-3504.patch
Normal file
@ -0,0 +1,72 @@
|
||||
From 8f1935733b10d974a1a4176d38dd151ed98cf381 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 15 Apr 2021 15:50:13 +0100
|
||||
Subject: [PATCH] lib/handle.c: Bounds check for block exceeding page length
|
||||
(CVE-2021-3504)
|
||||
|
||||
Hives are encoded as fixed-sized pages containing smaller variable-
|
||||
length blocks:
|
||||
|
||||
+-------------------+-------------------+-------------------+--
|
||||
| header |[ blk ][blk][ blk ]|[blk][blk][blk] |
|
||||
+-------------------+-------------------+-------------------+--
|
||||
|
||||
Blocks should not straddle a page boundary. However because blocks
|
||||
contain a 32 bit length field it is possible to construct an invalid
|
||||
hive where the last block in a page overlaps either the next page or
|
||||
the end of the file:
|
||||
|
||||
+-------------------+-------------------+
|
||||
| header |[ blk ][blk][ blk ..... ]
|
||||
+-------------------+-------------------+
|
||||
|
||||
Hivex lacked a bounds check and would process the registry. Because
|
||||
the rest of the code assumes this situation can never happen it was
|
||||
possible to have a block containing some field (eg. a registry key
|
||||
name) which would extend beyond the end of the file. Hivex mmaps or
|
||||
mallocs the file, causing hivex to read memory beyond the end of the
|
||||
mapped region, resulting in reading other memory structures or a
|
||||
crash. (Writing beyond the end of the mapped region seems to be
|
||||
impossible because we always allocate a new page before writing.)
|
||||
|
||||
This commit adds a check which rejects the malformed registry on
|
||||
hivex_open.
|
||||
|
||||
Credit: Jeremy Galindo, Sr Security Engineer, Datto.com
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Fixes: CVE-2021-3504
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1949687
|
||||
---
|
||||
lib/handle.c | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/handle.c b/lib/handle.c
|
||||
index 88b1563..2e4231a 100644
|
||||
--- a/lib/handle.c
|
||||
+++ b/lib/handle.c
|
||||
@@ -353,8 +353,8 @@ hivex_open (const char *filename, int flags)
|
||||
#pragma GCC diagnostic pop
|
||||
if (is_root || !h->unsafe) {
|
||||
SET_ERRNO (ENOTSUP,
|
||||
- "%s, the block at 0x%zx has invalid size %" PRIu32
|
||||
- ", bad registry",
|
||||
+ "%s, the block at 0x%zx size %" PRIu32
|
||||
+ " <= 4 or not a multiple of 4, bad registry",
|
||||
filename, blkoff, le32toh (block->seg_len));
|
||||
goto error;
|
||||
} else {
|
||||
@@ -365,6 +365,14 @@ hivex_open (const char *filename, int flags)
|
||||
}
|
||||
}
|
||||
|
||||
+ if (blkoff + seg_len > off + page_size) {
|
||||
+ SET_ERRNO (ENOTSUP,
|
||||
+ "%s, the block at 0x%zx size %" PRIu32
|
||||
+ " extends beyond the current page, bad registry",
|
||||
+ filename, blkoff, le32toh (block->seg_len));
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
if (h->msglvl >= 2) {
|
||||
unsigned char *id = (unsigned char *) block->id;
|
||||
int id0 = id[0], id1 = id[1];
|
||||
92
CVE-2021-3622.patch
Normal file
92
CVE-2021-3622.patch
Normal file
@ -0,0 +1,92 @@
|
||||
From 771728218dac2fbf6997a7e53225e75a4c6b7255 Mon Sep 17 00:00:00 2001
|
||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||
Date: Thu, 8 Jul 2021 19:00:45 +0100
|
||||
Subject: [PATCH] lib/node.c: Limit recursion in ri-records (CVE-2021-3622)
|
||||
|
||||
Windows Registry hive "ri"-records are arbitrarily nested B-tree-like
|
||||
structures:
|
||||
|
||||
+-------------+
|
||||
| ri |
|
||||
|-------------|
|
||||
| nr_offsets |
|
||||
| offset[0] ------> points to another lf/lh/li/ri block
|
||||
| offset[1] ------>
|
||||
| offset[2] ------>
|
||||
+-------------+
|
||||
|
||||
It is possible to construct a hive with a very deeply nested tree of
|
||||
ri-records, causing the internal _get_children function to recurse to
|
||||
any depth which can cause programs linked to hivex to crash with a
|
||||
stack overflow.
|
||||
|
||||
Since it is not thought that deeply nested ri-records occur in real
|
||||
hives, limit recursion depth. If you hit this limit you will see the
|
||||
following error and the operation will return an error instead of
|
||||
crashing:
|
||||
|
||||
\> ls
|
||||
hivex: _get_children: returning EINVAL because: ri-record nested to depth >= 32
|
||||
ls: Invalid argument
|
||||
|
||||
Thanks to Jeremy Galindo for finding and reporting this bug.
|
||||
|
||||
Reported-by: Jeremy Galindo, Sr Security Engineer, Datto.com
|
||||
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
||||
Fixes: CVE-2021-3622
|
||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1975489
|
||||
(cherry picked from commit 781a12c4a49dd81365c9c567c5aa5e19e894ba0e)
|
||||
---
|
||||
lib/node.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/node.c b/lib/node.c
|
||||
index 7b002a4..eb7fe93 100644
|
||||
--- a/lib/node.c
|
||||
+++ b/lib/node.c
|
||||
@@ -203,7 +203,7 @@ hivex_node_classname (hive_h *h, hive_node_h node)
|
||||
|
||||
static int _get_children (hive_h *h, hive_node_h blkoff,
|
||||
offset_list *children, offset_list *blocks,
|
||||
- int flags);
|
||||
+ int flags, unsigned depth);
|
||||
static int check_child_is_nk_block (hive_h *h, hive_node_h child, int flags);
|
||||
|
||||
/* Iterate over children (ie. subkeys of a node), returning child
|
||||
@@ -335,7 +335,7 @@ _hivex_get_children (hive_h *h, hive_node_h node,
|
||||
goto error;
|
||||
}
|
||||
|
||||
- if (_get_children (h, subkey_lf, &children, &blocks, flags) == -1)
|
||||
+ if (_get_children (h, subkey_lf, &children, &blocks, flags, 0) == -1)
|
||||
goto error;
|
||||
|
||||
/* Check the number of children we ended up reading matches
|
||||
@@ -383,7 +383,7 @@ _hivex_get_children (hive_h *h, hive_node_h node,
|
||||
static int
|
||||
_get_children (hive_h *h, hive_node_h blkoff,
|
||||
offset_list *children, offset_list *blocks,
|
||||
- int flags)
|
||||
+ int flags, unsigned depth)
|
||||
{
|
||||
/* Add this intermediate block. */
|
||||
if (_hivex_add_to_offset_list (blocks, blkoff) == -1)
|
||||
@@ -486,7 +486,17 @@ _get_children (hive_h *h, hive_node_h blkoff,
|
||||
}
|
||||
}
|
||||
|
||||
- if (_get_children (h, offset, children, blocks, flags) == -1)
|
||||
+ /* Although in theory hive ri records might be nested to any
|
||||
+ * depth, in practice this is unlikely. Recursing here caused
|
||||
+ * CVE-2021-3622. Thus limit the depth we will recurse to
|
||||
+ * something small.
|
||||
+ */
|
||||
+ if (depth >= 32) {
|
||||
+ SET_ERRNO (EINVAL, "ri-record nested to depth >= %u", depth);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (_get_children (h, offset, children, blocks, flags, depth+1) == -1)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
Binary file not shown.
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIcBAABAgAGBQJalDSOAAoJEJFzj3Pht2igdNYP/2R2+SkPNutZfQpUZfiKD/vQ
|
||||
RRAQjePYncUjNUc2WgX7LXmJN1z9WfKRzUGqQG7sD/B7BnecBtEOP4Dyw5PpjgBQ
|
||||
ae4ErdeU6uFv5xSiprnYErfGJrhYSBfDKilDjrdO7J4AlTlVVlgfeb7C5TopER81
|
||||
brVJ7iXuF6rbZmQP3c0D3GWdez3Nw719e6MmdM9FFGQQS8hg9vZlNYQPyiFEQx1U
|
||||
nNjSMaoft+OWYEQp56arjPOLj4JiIcIH9B/HLu8Tcl4FEogTCVyMsodyEFXzfBUm
|
||||
21UfIn/RNEXjI8DJ/k7kh35uWEwv8hb/0YszGAWNpSt+rrdx9+decjNdNI2DZs65
|
||||
XEcuboWN7UOZJf2p+8f78QVcbwNPRjpnfGZaVLYJYNON3y/lyvhrA8je5FOzsyVA
|
||||
4G6BwU3ythoS2NTK3Q76I7UdMDvz6vydgsLAruVVtMX5x1M7fXoplRxi1nkRjCvQ
|
||||
Qgmo0L/rwwDUitRmlRyyJqZK7j+lMlltuZAck9XCUtd72VRAUj4f56I8Xo2wwT0Y
|
||||
ioFer6o02K18pjhGLikV4ujUUKAkC1lAK1QhsEsp7y2isOe1mA3ptcGrz4rElcaH
|
||||
f78Yr7b28Gl9HSGg98uhYEwWVCl5fUwXhDUQVVNutDRPKI479O390uGG7ZNZTghS
|
||||
Lv/P/Uz1ijp+m8Hi5WsX
|
||||
=gmjv
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
hivex-1.3.17.tar.gz
Normal file
BIN
hivex-1.3.17.tar.gz
Normal file
Binary file not shown.
17
hivex-1.3.17.tar.gz.sig
Normal file
17
hivex-1.3.17.tar.gz.sig
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAlxHnNsRHHJpY2hAYW5u
|
||||
ZXhpYS5vcmcACgkQkXOPc+G3aKCbkxAAortQKeA7TDTeiTk3dwI/tQ+4VVqe90lt
|
||||
L/xWnDtR6ZH5DZ4FgcJbaKx9PCBtaQxyFBjA5qcrEClK8fTfm3NGNPQuSX4YDN83
|
||||
3jJx2uOtM7Io5hpFrXeWC22m77dqQKeU0r1oblJtf1kK1SEef6HL44flCtGr+HlM
|
||||
37nwm29ToSl5Ksp9XvBqT5smQVuUPjqwcm+4jYUR88SnFmkTpneZYYTstDbqzvUm
|
||||
RT089O/q+4JLh6egfyA66wXTfzhsqe3HRZtG7pPhe+j/HBIfYmAigEi4Cm/6pFrc
|
||||
vNJAZ9KJ50no69A2jZ86Dfy4/4nwjYc/aDZ0vIZ4Fairj+LzTxQwfQeYk1BCqb2z
|
||||
XNNRl3pUDkrk3jrAPnxqR2z/2qsEgoSrVDEQlhVUZ1n/WOTqxst1F0YHOeHHWun5
|
||||
O1d2nV8i1A8JAysHx77smKscpKtu4jcymr4SmqXYSG90BvuqxJgpPsX6rln38DKX
|
||||
qA3Zj7wKkqOTBbX+JInBwMcWOzzAO38hQkQjuOG71CQ6CKVGdnovp4OHDcwsmkp4
|
||||
KbCjnXgIl5DOxCrnVaWtPV5Zy6smst982fG0zPD/m42Dz7+Tb4O1np8zfLH9C4Dx
|
||||
CdD3otIo0XOJM50Bvu9Oqn/SP8j8nDqMZtiCg+gXBRyVdl37EGqtwd/2bt7TRWSV
|
||||
xmddKuLdf6Q=
|
||||
=+f/m
|
||||
-----END PGP SIGNATURE-----
|
||||
60
hivex.spec
60
hivex.spec
@ -5,8 +5,8 @@
|
||||
%endif
|
||||
|
||||
Name: hivex
|
||||
Version: 1.3.15
|
||||
Release: 12
|
||||
Version: 1.3.17
|
||||
Release: 5
|
||||
Summary: Windows Registry "hive" extraction library
|
||||
License: LGPLv2
|
||||
URL: http://libguestfs.org/
|
||||
@ -14,11 +14,11 @@ URL: http://libguestfs.org/
|
||||
Source0: http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz
|
||||
Source1: http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz.sig
|
||||
Source2: libguestfs.keyring
|
||||
Patch0: CVE-2021-3504.patch
|
||||
Patch1: CVE-2021-3622.patch
|
||||
Patch2: 0001-lib-node.c-Fix-minor-typo-in-error-message.patch
|
||||
|
||||
Patch1: 0001-ocaml-Link-the-C-bindings-with-LDFLAGS-RHBZ-1548536.patch
|
||||
|
||||
BuildRequires: autoconf, automake, libtool, gettext-devel, perl-interpreter, perl-devel, perl-generators, perl, perl-podlators
|
||||
BuildRequires: perl(bytes), perl(Carp), perl(Encode), perl(ExtUtils::MakeMaker), perl(Exporter), perl(IO::Scalar), perl(IO::Stringy), perl(strict), perl(Test::More), perl(utf8), perl(vars), perl(warnings), perl(XSLoader), perl(Test::Pod) >= 1.00, perl(Test::Pod::Coverage) >= 1.00
|
||||
BuildRequires: perl-interpreter, perl, perl-podlators, perl-devel, perl-generators, perl(bytes), perl(Carp), perl(Encode), perl(ExtUtils::MakeMaker), perl(Exporter), perl(IO::Scalar), perl(IO::Stringy), perl(strict), perl(Test::More), perl(utf8), perl(vars), perl(warnings), perl(XSLoader), perl(Test::Pod) >= 1.00, perl(Test::Pod::Coverage) >= 1.00
|
||||
|
||||
%if %{with ocaml}
|
||||
BuildRequires: ocaml
|
||||
@ -29,6 +29,7 @@ BuildRequires: python2-devel, python-unversioned-command, python3-devel, ruby-d
|
||||
|
||||
Provides: bundled(gnulib)
|
||||
|
||||
|
||||
%description
|
||||
Hivex is a library for extracting the contents of Windows Registry "hive" files. It is designed to be secure against buggy or
|
||||
malicious registry files.
|
||||
@ -44,14 +45,14 @@ If you just want to export or modify the Registry of a Windows virtual machine,
|
||||
|
||||
Hivex is also comes with language bindings for OCaml, Perl, Python and Ruby.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Development package for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
|
||||
Provides: %{name}-devel
|
||||
Obsoletes: %{name}-devel
|
||||
|
||||
Provides: %{name}-static = %{version}-%{release}
|
||||
Obsoletes: %{name}-static < %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
Development tools and libraries for %{name} are included in %{name}-devel.
|
||||
@ -65,12 +66,11 @@ Development tools and libraries for %{name} are included in %{name}-devel.
|
||||
Summary: Provide OCaml bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
|
||||
%description -n ocaml-%{name}
|
||||
OCaml bindings for %{name} are included in ocaml-%{name}.
|
||||
|
||||
This is for toplevel and scripting access only. To compile OCaml
|
||||
programs which use %{name} you will also need ocaml-%{name}-devel.
|
||||
Only for toplevel and scripting access. To compile OCaml
|
||||
programs which use %{name} you will also need ocaml-%{name}-devel package.
|
||||
|
||||
|
||||
%package -n ocaml-%{name}-devel
|
||||
@ -78,7 +78,6 @@ Summary: Development package for %{name} OCaml bindings
|
||||
Requires: ocaml-%{name} = %{version}-%{release}
|
||||
Requires: %{name}-devel = %{version}-%{release}
|
||||
|
||||
|
||||
%description -n ocaml-%{name}-devel
|
||||
Development libraries required to use the OCaml bindings for %{name} are in ocaml-%{name}-devel.
|
||||
%endif
|
||||
@ -89,7 +88,6 @@ Summary: Provide perl bindings for %{name}
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
|
||||
|
||||
%description -n perl-%{name}
|
||||
Perl bindings for %{name} are included in perl-%{name}.
|
||||
|
||||
@ -128,10 +126,9 @@ Ruby bindings for %{name} are included ruby-%{name}.
|
||||
tmphome="$(mktemp -d)" && gpgv2 --homedir "$tmphome" --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
%autosetup -p1 -n %{name}-%{version}
|
||||
|
||||
autoreconf -i -f
|
||||
|
||||
copy="$(mktemp -d)" && cp -a . "$copy" && mv "$copy" python3
|
||||
|
||||
|
||||
%build
|
||||
%configure \
|
||||
%if !%{with ocaml}
|
||||
@ -147,22 +144,12 @@ cd python3
|
||||
%make_build V=1 INSTALLDIRS=vendor
|
||||
cd ..
|
||||
|
||||
|
||||
%install
|
||||
cd python3
|
||||
%make_install DESTDIR=$RPM_BUILD_ROOT INSTALLDIRS=vendor
|
||||
%make_install INSTALLDIRS=vendor
|
||||
cd ..
|
||||
%make_install DESTDIR=$RPM_BUILD_ROOT INSTALLDIRS=vendor
|
||||
|
||||
#rm $RPM_BUILD_ROOT%{_libdir}/libhivex.la
|
||||
|
||||
# Remove unwanted Perl files:
|
||||
# find $RPM_BUILD_ROOT -name perllocal.pod -delete
|
||||
# find $RPM_BUILD_ROOT -name .packlist -delete
|
||||
# find $RPM_BUILD_ROOT -name '*.bs' -delete
|
||||
|
||||
# Remove unwanted Python files:
|
||||
# rm $RPM_BUILD_ROOT%{python2_sitearch}/libhivexmod.la
|
||||
# rm $RPM_BUILD_ROOT%{python3_sitearch}/libhivexmod.la
|
||||
%make_install INSTALLDIRS=vendor
|
||||
|
||||
%find_lang %{name}
|
||||
|
||||
@ -170,9 +157,7 @@ cd ..
|
||||
%check
|
||||
make check
|
||||
|
||||
cd python3
|
||||
make check
|
||||
cd ..
|
||||
cd python3 && make check && cd ..
|
||||
|
||||
|
||||
%files -f %{name}.lang
|
||||
@ -247,5 +232,14 @@ cd ..
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Nov 30 2019 jiaxiya <jiaxiyajiaxiya@163.com> - 1.3.15-12
|
||||
* Thu Dec 21 2023 liyuanyuan <liyuanyuan@xfusion.com> - 1.3.17-5
|
||||
- lib/node.c: Fix minor typo in error message
|
||||
|
||||
* Fri Sep 24 2021 yaoxin <yaoxin30@huawei.com> - 1.3.17-4
|
||||
- Fix CVE-2021-3622
|
||||
|
||||
* Tue May 25 2021 wangyue <wangyue92@huawei.com> - 1.3.17-3
|
||||
- Fix CVE-2021-3504
|
||||
|
||||
* Sat Nov 30 2019 jiaxiya <jiaxiyajiaxiya@163.com> - 1.3.17-2
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user