1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
From: Michael Schroeder <mls@suse.de>
Date: Mon, 14 Dec 2020 11:12:00 +0100
Subject: [PATCH] testcase_read: error out if repos are added or the system is
changed too late
We must not add new solvables after the considered map was created, the solver
was created, or jobs were added. We may not changed the system after jobs have
been added.
(Jobs may point inside the whatproviedes array, so we must not invalidate this
area.)
Upstream-Status: Backport [https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec]
CVE: CVE-2021-3200
CVE: CVE-2021-33928
CVE: CVE-2021-33929
CVE: CVE-2021-33930
CVE: CVE-2021-33938
CVE: CVE-2021-44568
CVE: CVE-2021-44569
CVE: CVE-2021-44570
CVE: CVE-2021-44571
CVE: CVE-2021-44573
CVE: CVE-2021-44574
CVE: CVE-2021-44575
CVE: CVE-2021-44576
CVE: CVE-2021-44577
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
ext/testcase.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/ext/testcase.c b/ext/testcase.c
index 0be7a213..8fb6d793 100644
--- a/ext/testcase.c
+++ b/ext/testcase.c
@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
Id *genid = 0;
int ngenid = 0;
Queue autoinstq;
+ int oldjobsize = job ? job->count : 0;
if (resultp)
*resultp = 0;
@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
int prio, subprio;
const char *rdata;
+ if (pool->considered)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
+ continue;
+ }
+ if (solv)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
+ continue;
+ }
+ if (job && job->count != oldjobsize)
+ {
+ pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
+ continue;
+ }
prepared = 0;
if (!poolflagsreset)
{
@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
int i;
/* must set the disttype before the arch */
+ if (job && job->count != oldjobsize)
+ {
+ pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
+ continue;
+ }
prepared = 0;
if (strcmp(pieces[2], "*") != 0)
{
|
