From 680190f9493d5feea7dcd083cfaf85e2c8696f64 Mon Sep 17 00:00:00 2001 From: Ondřej Lysoněk Date: Nov 27 2017 14:30:41 +0000 Subject: New version Dropped i2c-tools-devel, introduced libi2c, libi2c-devel --- diff --git a/0001-i2c-tools-i2cbusses-Avoid-buffer-overflows-in-sysfs-.patch b/0001-i2c-tools-i2cbusses-Avoid-buffer-overflows-in-sysfs-.patch new file mode 100644 index 0000000..043177e --- /dev/null +++ b/0001-i2c-tools-i2cbusses-Avoid-buffer-overflows-in-sysfs-.patch @@ -0,0 +1,66 @@ +From def2845efacab3a3973fb0218ac5077a162f8f1e Mon Sep 17 00:00:00 2001 +From: Jean Delvare +Date: Thu, 2 Nov 2017 16:17:50 +0100 +Subject: [PATCH 1/3] i2c-tools: i2cbusses: Avoid buffer overflows in sysfs + paths + +sprintf isn't safe, use snprintf instead. +--- + CHANGES | 3 +++ + tools/i2cbusses.c | 10 +++++----- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 15ff761..539adb0 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1,6 +1,9 @@ + i2c-tools CHANGES + ----------------- + ++master ++ tools: Fix potential buffer overflows in i2cbusses ++ + 4.0 (2017-10-30) + tools: Fix build with recent compilers (gcc 4.6+) + Add examples to the manual pages +diff --git a/tools/i2cbusses.c b/tools/i2cbusses.c +index dad22ea..cb78cc7 100644 +--- a/tools/i2cbusses.c ++++ b/tools/i2cbusses.c +@@ -220,18 +220,18 @@ struct i2c_adap *gather_i2c_busses(void) + + /* this should work for kernels 2.6.5 or higher and */ + /* is preferred because is unambiguous */ +- sprintf(n, "%s/%s/name", sysfs, de->d_name); ++ snprintf(n, NAME_MAX, "%s/%s/name", sysfs, de->d_name); + f = fopen(n, "r"); + /* this seems to work for ISA */ + if(f == NULL) { +- sprintf(n, "%s/%s/device/name", sysfs, de->d_name); ++ snprintf(n, NAME_MAX, "%s/%s/device/name", sysfs, de->d_name); + f = fopen(n, "r"); + } + /* non-ISA is much harder */ + /* and this won't find the correct bus name if a driver + has more than one bus */ + if(f == NULL) { +- sprintf(n, "%s/%s/device", sysfs, de->d_name); ++ snprintf(n, NAME_MAX, "%s/%s/device", sysfs, de->d_name); + if(!(ddir = opendir(n))) + continue; + while ((dde = readdir(ddir)) != NULL) { +@@ -240,8 +240,8 @@ struct i2c_adap *gather_i2c_busses(void) + if (!strcmp(dde->d_name, "..")) + continue; + if ((!strncmp(dde->d_name, "i2c-", 4))) { +- sprintf(n, "%s/%s/device/%s/name", +- sysfs, de->d_name, dde->d_name); ++ snprintf(n, NAME_MAX, "%s/%s/device/%s/name", ++ sysfs, de->d_name, dde->d_name); + if((f = fopen(n, "r"))) + goto found; + } +-- +2.14.3 + diff --git a/0002-tools-i2cbusses-Check-the-return-value-of-snprintf.patch b/0002-tools-i2cbusses-Check-the-return-value-of-snprintf.patch new file mode 100644 index 0000000..b0c88de --- /dev/null +++ b/0002-tools-i2cbusses-Check-the-return-value-of-snprintf.patch @@ -0,0 +1,87 @@ +From d062793e7aebde3ffee796dfd4180716632ae444 Mon Sep 17 00:00:00 2001 +From: Jean Delvare +Date: Wed, 8 Nov 2017 22:17:43 +0100 +Subject: [PATCH 2/3] tools: i2cbusses: Check the return value of snprintf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It's very unlikely that these paths will ever be truncated, but +better safe than sorry. + +Suggested by Uwe Kleine-König. +--- + tools/i2cbusses.c | 34 ++++++++++++++++++++++++++++------ + 1 file changed, 28 insertions(+), 6 deletions(-) + +diff --git a/tools/i2cbusses.c b/tools/i2cbusses.c +index cb78cc7..41f5b6b 100644 +--- a/tools/i2cbusses.c ++++ b/tools/i2cbusses.c +@@ -137,7 +137,7 @@ struct i2c_adap *gather_i2c_busses(void) + FILE *f; + char fstype[NAME_MAX], sysfs[NAME_MAX], n[NAME_MAX]; + int foundsysfs = 0; +- int count=0; ++ int len, count = 0; + struct i2c_adap *adapters; + + adapters = calloc(BUNCH, sizeof(struct i2c_adap)); +@@ -220,18 +220,32 @@ struct i2c_adap *gather_i2c_busses(void) + + /* this should work for kernels 2.6.5 or higher and */ + /* is preferred because is unambiguous */ +- snprintf(n, NAME_MAX, "%s/%s/name", sysfs, de->d_name); ++ len = snprintf(n, NAME_MAX, "%s/%s/name", sysfs, de->d_name); ++ if (len >= NAME_MAX) { ++ fprintf(stderr, "%s: path truncated\n", n); ++ continue; ++ } + f = fopen(n, "r"); + /* this seems to work for ISA */ + if(f == NULL) { +- snprintf(n, NAME_MAX, "%s/%s/device/name", sysfs, de->d_name); ++ len = snprintf(n, NAME_MAX, "%s/%s/device/name", sysfs, ++ de->d_name); ++ if (len >= NAME_MAX) { ++ fprintf(stderr, "%s: path truncated\n", n); ++ continue; ++ } + f = fopen(n, "r"); + } + /* non-ISA is much harder */ + /* and this won't find the correct bus name if a driver + has more than one bus */ + if(f == NULL) { +- snprintf(n, NAME_MAX, "%s/%s/device", sysfs, de->d_name); ++ len = snprintf(n, NAME_MAX, "%s/%s/device", sysfs, ++ de->d_name); ++ if (len >= NAME_MAX) { ++ fprintf(stderr, "%s: path truncated\n", n); ++ continue; ++ } + if(!(ddir = opendir(n))) + continue; + while ((dde = readdir(ddir)) != NULL) { +@@ -240,8 +254,16 @@ struct i2c_adap *gather_i2c_busses(void) + if (!strcmp(dde->d_name, "..")) + continue; + if ((!strncmp(dde->d_name, "i2c-", 4))) { +- snprintf(n, NAME_MAX, "%s/%s/device/%s/name", +- sysfs, de->d_name, dde->d_name); ++ len = snprintf(n, NAME_MAX, ++ "%s/%s/device/%s/name", ++ sysfs, de->d_name, ++ dde->d_name); ++ if (len >= NAME_MAX) { ++ fprintf(stderr, ++ "%s: path truncated\n", ++ n); ++ continue; ++ } + if((f = fopen(n, "r"))) + goto found; + } +-- +2.14.3 + diff --git a/0003-py-smbus-Fix-FSF-address-in-smbusmodule.c.patch b/0003-py-smbus-Fix-FSF-address-in-smbusmodule.c.patch new file mode 100644 index 0000000..0dabed3 --- /dev/null +++ b/0003-py-smbus-Fix-FSF-address-in-smbusmodule.c.patch @@ -0,0 +1,34 @@ +From 066cc543547c7675a67f24b1281954619d300652 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Lyson=C4=9Bk?= +Date: Fri, 24 Nov 2017 10:40:01 +0100 +Subject: [PATCH 3/3] py-smbus: Fix FSF address in smbusmodule.c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The Free Software Foundation address was outdated. Discovered by +Fedora's rpmlint. The current address can be found at: +https://www.gnu.org/licenses/old-licenses/gpl-2.0.html#SEC4 + +Signed-off-by: Ondřej Lysoněk +--- + py-smbus/smbusmodule.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/py-smbus/smbusmodule.c b/py-smbus/smbusmodule.c +index 48a408b..b189106 100644 +--- a/py-smbus/smbusmodule.c ++++ b/py-smbus/smbusmodule.c +@@ -13,7 +13,8 @@ + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software +- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, ++ * MA 02110-1301, USA. + */ + + #include +-- +2.14.3 + diff --git a/i2c-tools.spec b/i2c-tools.spec index a2c4f41..eb02f6d 100644 --- a/i2c-tools.spec +++ b/i2c-tools.spec @@ -5,12 +5,18 @@ # package are under the same license as the package itself. Name: i2c-tools -Version: 3.1.2 -Release: 7%{?dist} +Version: 4.0 +Release: 1%{?dist} Summary: A heterogeneous set of I2C tools for Linux License: GPLv2+ URL: https://i2c.wiki.kernel.org/index.php/I2C_Tools Source0: https://www.kernel.org/pub/software/utils/i2c-tools/%{name}-%{version}.tar.xz +# Upstream patch +Patch0: 0001-i2c-tools-i2cbusses-Avoid-buffer-overflows-in-sysfs-.patch +# Upstream patch +Patch1: 0002-tools-i2cbusses-Check-the-return-value-of-snprintf.patch +# Upstream patch +Patch2: 0003-py-smbus-Fix-FSF-address-in-smbusmodule.c.patch # for /etc/udev/makedev.d resp /etc/modprobe.d ownership Requires: udev module-init-tools @@ -59,17 +65,32 @@ Summary: i2c tools written in Perl %description perl A collection of tools written in perl for use with i2c devices. -%package devel -Summary: Header files for i2c-tools +%package -n libi2c +Summary: I2C/SMBus bus access library +License: LGPLv2+ -%description devel +%description -n libi2c +libi2c offers a way for applications to interact with the devices +connected to the I2C or SMBus buses of the system. + +%package -n libi2c-devel +Summary: Development files for the I2C library +License: LGPLv2+ +Requires: libi2c%{?_isa} = %{version}-%{release} +# Remove in F30 +Obsoletes: i2c-tools-devel < 4.0-1 + +%description -n libi2c-devel %{summary}. %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build -make CFLAGS="$RPM_OPT_FLAGS" +make CFLAGS="$RPM_OPT_FLAGS" BUILD_STATIC_LIB=0 EXTRA=eeprog pushd eepromer make CFLAGS="$RPM_OPT_FLAGS -I../include" popd @@ -80,10 +101,11 @@ popd %install -make install DESTDIR=$RPM_BUILD_ROOT prefix=%{_prefix} -install -m 755 eepromer/{eepromer,eeprom,eeprog} \ +make install DESTDIR=$RPM_BUILD_ROOT prefix=%{_prefix} BUILD_STATIC_LIB=0 \ + EXTRA=eeprog libdir=%{_libdir} +install -m 755 eepromer/{eepromer,eeprom} \ $RPM_BUILD_ROOT%{_sbindir} -install -m 644 eepromer/{eepromer,eeprom,eeprog}.8 \ +install -m 644 eepromer/{eepromer,eeprom}.8 \ $RPM_BUILD_ROOT%{_mandir}/man8 pushd py-smbus %{__python2} setup.py build -b build-py2 install --skip-build --root=$RPM_BUILD_ROOT @@ -91,8 +113,6 @@ pushd py-smbus popd # cleanup rm -f $RPM_BUILD_ROOT%{_bindir}/decode-edid.pl -# Move userland kernel headers to i2c-tools' own directory -mv $RPM_BUILD_ROOT%{_includedir}/linux $RPM_BUILD_ROOT%{_includedir}/i2c-tools # Remove unpleasant DDC tools. KMS already exposes the EDID block in sysfs, # and edid-decode is a more complete tool than decode-edid. rm -f $RPM_BUILD_ROOT%{_bindir}/{ddcmon,decode-edid} @@ -118,6 +138,9 @@ if [ "$1" = 1 ] ; then fi exit 0 +%post -n libi2c -p /sbin/ldconfig +%postun -n libi2c -p /sbin/ldconfig + %files %doc CHANGES COPYING README @@ -133,6 +156,7 @@ exit 0 %files eepromer %doc eepromer/README* +%doc eeprog/README.eeprog %{_sbindir}/eepro* %{_mandir}/man8/eepro*.8.gz @@ -145,16 +169,27 @@ exit 0 %{python3_sitearch}/* %files perl +%doc eeprom/README %{_bindir}/decode-* %{_sbindir}/i2c-stub* %{_mandir}/man1/decode-*.1.gz %{_mandir}/man8/i2c-stub-from-dump.8.gz -%files devel -%{_includedir}/i2c-tools +%files -n libi2c +%doc COPYING.LGPL +%{_libdir}/libi2c.so.* + +%files -n libi2c-devel +%dir %{_includedir}/i2c +%{_includedir}/i2c/smbus.h +%{_libdir}/libi2c.so %changelog +* Tue Nov 21 2017 Ondřej Lysoněk - 4.0-1 +- New version +- Dropped i2c-tools-devel, introduced libi2c, libi2c-devel + * Sat Oct 7 2017 Troy Curtis, Jr - 3.1.2-7 - Add Python3 subpackage.