backport-0001-CVE-2024-40897.patch

@@ -1,91 +0,0 @@
-From fb7db9ae3e8ac271651d1884a3611d30bac04a98 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Tue, 9 Jul 2024 12:11:37 +0300
-Subject: [PATCH 1/2] Use vasprintf() if available for error messages and
- otherwise vsnprintf()
-
-vasprintf() is a GNU/BSD extension and would allocate as much memory as required
-on the heap, similar to g_strdup_printf(). It's ridiculous that such a function
-is still not provided as part of standard C.
-
-If it's not available, use vsnprintf() to at least avoid stack/heap buffer
-overflows, which can lead to arbitrary code execution.
-
-Thanks to Noriko Totsuka for reporting.
-
-Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897
-Fixes #69
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
----
- meson.build       |  1 +
- orc/orccompiler.c |  7 +++++--
- orc/orcparse.c    | 14 ++++++++++----
- 3 files changed, 16 insertions(+), 6 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index d83441c..4b6c225 100644
---- a/meson.build
-+++ b/meson.build
-@@ -128,6 +128,7 @@ int main() {
- '''
- cdata.set('HAVE_MONOTONIC_CLOCK', cc.compiles(monotonic_test))
- cdata.set('HAVE_GETTIMEOFDAY', cc.has_function('gettimeofday'))
-+cdata.set('HAVE_VASPRINTF', cc.has_function('vasprintf'))
- cdata.set('HAVE_POSIX_MEMALIGN', cc.has_function('posix_memalign', prefix : '#include <stdlib.h>'))
- cdata.set('HAVE_MMAP', cc.has_function('mmap'))
- cdata.set('HAVE_SYS_TIME_H', cc.has_header('sys/time.h'))
-diff --git a/orc/orccompiler.c b/orc/orccompiler.c
-index 94d06d3..b3152e7 100644
---- a/orc/orccompiler.c
-+++ b/orc/orccompiler.c
-@@ -1331,9 +1331,12 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
-   char *s;
- 
-   if (compiler->error_msg) return;
--
-+#ifdef HAVE_VASPRINTF
-+  vasprintf (&s, fmt, args);
-+#else
-   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
--  vsprintf (s, fmt, args);
-+  vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
-+#endif
-   compiler->error_msg = s;
-   compiler->error = TRUE;
-   compiler->result = ORC_COMPILE_RESULT_UNKNOWN_COMPILE;
-diff --git a/orc/orcparse.c b/orc/orcparse.c
-index b0d6709..8888de4 100644
---- a/orc/orcparse.c
-+++ b/orc/orcparse.c
-@@ -424,17 +424,23 @@ orc_parse_get_error_where (OrcParser *parser)
- static void
- orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
- {
--  char text[ORC_ERROR_LENGTH] = { '\0' };
--
-   if (parser->error_program != parser->program) {
-     parser->error_program = parser->program;
-   }
--
--  vsprintf (text, format, args);
-+#ifdef HAVE_VASPRINTF
-+  char *text;
-+  vasprintf (&text, format, args);
-+#else
-+  char text[ORC_ERROR_LENGTH] = { '\0' };
-+  vsnprintf (text, sizeof (text), format, args);
-+#endif
- 
-   orc_vector_append (&parser->errors,
-                      orc_parse_error_new (orc_parse_get_error_where (parser),
-                                           parser->line_number, -1, text));
-+#ifdef HAVE_VASPRINTF
-+  free (text);
-+#endif  
- }
- 
- static void
--- 
-2.27.0
-

backport-0002-CVE-2024-40897.patch

@@ -1,54 +0,0 @@
-From abd75edff9de9a06d0531b9db50963a0da42145c Mon Sep 17 00:00:00 2001
-From: "L. E. Segovia" <amy@centricular.com>
-Date: Tue, 9 Jul 2024 12:03:53 -0300
-Subject: [PATCH 2/2] orccompiler, orcparse: Use secure UCRT printing functions
- on Windows
-
-See #69
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
----
- orc/orccompiler.c | 5 ++++-
- orc/orcparse.c    | 5 ++++-
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/orc/orccompiler.c b/orc/orccompiler.c
-index b3152e7..f3bb7c0 100644
---- a/orc/orccompiler.c
-+++ b/orc/orccompiler.c
-@@ -1328,11 +1328,14 @@ static void
- orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
-     va_list args)
- {
--  char *s;
-+  char *s = NULL;
- 
-   if (compiler->error_msg) return;
- #ifdef HAVE_VASPRINTF
-   vasprintf (&s, fmt, args);
-+#elif defined(_UCRT)
-+  s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
-+  vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args);  
- #else
-   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
-   vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
-diff --git a/orc/orcparse.c b/orc/orcparse.c
-index 8888de4..3bebd1a 100644
---- a/orc/orcparse.c
-+++ b/orc/orcparse.c
-@@ -428,8 +428,11 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
-     parser->error_program = parser->program;
-   }
- #ifdef HAVE_VASPRINTF
--  char *text;
-+  char *text = NULL;
-   vasprintf (&text, format, args);
-+#elif defined(_UCRT)
-+  char text[ORC_ERROR_LENGTH] = { '\0' };
-+  vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args);  
- #else
-   char text[ORC_ERROR_LENGTH] = { '\0' };
-   vsnprintf (text, sizeof (text), format, args);
--- 
-2.27.0
-

backport-Fix-binutils-warning-when-comparing-with-sized-immediate-operand.patch

@@ -1,31 +0,0 @@
-From 469d72a5f965d28b86e806951932f8cca37e33f3 Mon Sep 17 00:00:00 2001
-From: "L. E. Segovia" <amy@centricular.com>
-Date: Fri, 3 Nov 2023 17:33:34 -0300
-Subject: [PATCH] x86insn: Fix binutils warning when comparing with sized
- immediate operand
-
-<source>:359: Warning: no instruction mnemonic suffix given and no register operands; using default for `cmp'
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/126>
----
- orc/orcx86insn.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/orc/orcx86insn.c b/orc/orcx86insn.c
-index 8df7630c..f6f3a42a 100644
---- a/orc/orcx86insn.c
-+++ b/orc/orcx86insn.c
-@@ -200,8 +200,8 @@ static const OrcSysOpcode orc_x86_opcodes[] = {
-   { "xor", ORC_X86_INSN_TYPE_IMM32_REGM, 0, 0x00, 0x81, 6 },
-   { "xor", ORC_X86_INSN_TYPE_REGM_REG, 0, 0x00, 0x33 },
-   { "xor", ORC_X86_INSN_TYPE_REG_REGM, 0, 0x00, 0x31 },
--  { "cmp", ORC_X86_INSN_TYPE_IMM8_REGM, 0, 0x00, 0x83, 7 },
--  { "cmp", ORC_X86_INSN_TYPE_IMM32_REGM, 0, 0x00, 0x81, 7 },
-+  { "cmpb", ORC_X86_INSN_TYPE_IMM8_REGM, 0, 0x00, 0x83, 7 },
-+  { "cmpd", ORC_X86_INSN_TYPE_IMM32_REGM, 0, 0x00, 0x81, 7 },
-   { "cmp", ORC_X86_INSN_TYPE_REGM_REG, 0, 0x00, 0x3b },
-   { "cmp", ORC_X86_INSN_TYPE_REG_REGM, 0, 0x00, 0x39 },
-   { "jo", ORC_X86_INSN_TYPE_BRANCH, 0, 0x00, 0x70 },
--- 
-GitLab
-

backport-Fix-default-target-selection-not-applying-when-retrieving-it-by-name.patch

@@ -1,27 +0,0 @@
-From c8bdf23ec956e6ed3f3b7ca2aeae6df7e8ef0b0f Mon Sep 17 00:00:00 2001
-From: "L. E. Segovia" <amy@centricular.com>
-Date: Sat, 27 Jan 2024 13:43:00 -0300
-Subject: [PATCH] orctarget: Fix default target selection not applying when
- retrieving it by name
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/157>
----
- orc/orcopcodes.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/orc/orcopcodes.c b/orc/orcopcodes.c
-index 3491461d..1d7f0515 100644
---- a/orc/orcopcodes.c
-+++ b/orc/orcopcodes.c
-@@ -62,7 +62,7 @@ orc_target_get_by_name (const char *name)
- {
-   int i;
- 
--  if (name == NULL) return default_target;
-+  if (name == NULL) return orc_target_get_default();
- 
-   for(i=0;i<n_targets;i++){
-     if (strcmp (name, targets[i]->name) == 0) {
--- 
-GitLab
-

backport-Fix-warning-because-of-a-mismatched-OrcExecutor-function-signature.patch

@@ -1,109 +0,0 @@
-From d34eb15b61079415dbac7fdb74fcb08949a8acae Mon Sep 17 00:00:00 2001
-From: "L. E. Segovia" <amy@centricular.com>
-Date: Fri, 3 Nov 2023 17:46:16 -0300
-Subject: [PATCH] orc: Fix warning because of a mismatched OrcExecutor function
- signature
-
-Fixes warning C4113 in MSVC:
-
-> testsuite/orcc/testorc.c(27292): warning C4113: 'void (__cdecl *)(OrcExecutor *restrict )' differs in parameter lists from 'OrcExecutorFunc'
-
-The ORC_RESTRICT definition was extracted from orcprogram-c.c.
-
-Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/118>
----
- orc/orcexecutor.c        |  4 ++--
- orc/orcexecutor.h        |  3 ++-
- orc/orcutils.h           | 12 ++++++++++++
- testsuite/memcpy_speed.c |  2 +-
- tools/orcc.c             |  2 +-
- 5 files changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/orc/orcexecutor.c b/orc/orcexecutor.c
-index 116220c0..9035f4e9 100644
---- a/orc/orcexecutor.c
-+++ b/orc/orcexecutor.c
-@@ -38,7 +38,7 @@ orc_executor_free (OrcExecutor *ex)
- void
- orc_executor_run (OrcExecutor *ex)
- {
--  void (*func) (OrcExecutor *);
-+  OrcExecutorFunc func = NULL;
- 
-   if (ex->program) {
-     func = ex->program->code_exec;
-@@ -57,7 +57,7 @@ orc_executor_run (OrcExecutor *ex)
- void
- orc_executor_run_backup (OrcExecutor *ex)
- {
--  void (*func) (OrcExecutor *);
-+  OrcExecutorFunc func = NULL;
- 
-   if (ex->program) {
-     func = ex->program->backup_func;
-diff --git a/orc/orcexecutor.h b/orc/orcexecutor.h
-index 5de559b4..eeb55448 100644
---- a/orc/orcexecutor.h
-+++ b/orc/orcexecutor.h
-@@ -16,7 +16,8 @@ typedef struct _OrcExecutorAlt OrcExecutorAlt;
- typedef void (*OrcOpcodeEmulateFunc)(OrcOpcodeExecutor *ex, void *user);
- typedef void (*OrcOpcodeEmulateNFunc)(OrcOpcodeExecutor *ex, int index, int n);
- typedef void (*OrcOpcodeEmulate16Func)(OrcOpcodeExecutor *ex);
--typedef void (*OrcExecutorFunc)(OrcExecutor *ex);
-+
-+typedef void (*OrcExecutorFunc)(OrcExecutor * ORC_RESTRICT ex);
- 
- /**
-  * OrcOpcodeExecutor:
-diff --git a/orc/orcutils.h b/orc/orcutils.h
-index f0475748..5df79dea 100644
---- a/orc/orcutils.h
-+++ b/orc/orcutils.h
-@@ -227,6 +227,18 @@ typedef unsigned int orc_bool;
- #define ORC_API ORC_API_IMPORT
- #endif
- 
-+#ifndef ORC_RESTRICT
-+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
-+#define ORC_RESTRICT restrict
-+#elif defined(__GNUC__) && __GNUC__ >= 4
-+#define ORC_RESTRICT __restrict__
-+#elif defined(_MSC_VER)
-+#define ORC_RESTRICT __restrict
-+#else
-+#define ORC_RESTRICT
-+#endif
-+#endif
-+
- ORC_BEGIN_DECLS
- 
- #ifdef ORC_ENABLE_UNSTABLE_API
-diff --git a/testsuite/memcpy_speed.c b/testsuite/memcpy_speed.c
-index a3089dae..e5ff2c3f 100644
---- a/testsuite/memcpy_speed.c
-+++ b/testsuite/memcpy_speed.c
-@@ -127,7 +127,7 @@ main(int argc, char *argv[])
-     orc_profile_init (&prof);
-     for(j=0;j<10;j++){
-       OrcExecutor _ex, *ex = &_ex;
--      void (*func) (OrcExecutor *);
-+      OrcExecutorFunc func = NULL;
- 
-       orc_profile_start(&prof);
-       /* orc_memcpy (dest, src, size); */
-diff --git a/tools/orcc.c b/tools/orcc.c
-index 95b8c54e..33db66f4 100644
---- a/tools/orcc.c
-+++ b/tools/orcc.c
-@@ -891,7 +891,7 @@ output_code_execute (OrcProgram *p, FILE *output, int is_inline)
-       fprintf(output, "  OrcProgram *p;\n");
-     }
-   }
--  fprintf(output, "  void (*func) (OrcExecutor *);\n");
-+  fprintf(output, "  OrcExecutorFunc func = NULL;\n");
-   fprintf(output, "\n");
-   if (use_lazy_init) {
-     if (use_code) {
--- 
-GitLab
-

orc.spec

@@ -1,17 +1,11 @@
 Name:    orc
-Version: 0.4.34
+Version: 0.4.32
-Release: 4
+Release: 2
 Summary: The Oil Run-time Compiler
 License: BSD
 URL:     http://cgit.freedesktop.org/gstreamer/orc/
 Source0: http://gstreamer.freedesktop.org/src/orc/%{name}-%{version}.tar.xz
 
-Patch6000: backport-0001-CVE-2024-40897.patch
-Patch6001: backport-0002-CVE-2024-40897.patch
-Patch6002: backport-Fix-warning-because-of-a-mismatched-OrcExecutor-function-signature.patch
-Patch6003: backport-Fix-binutils-warning-when-comparing-with-sized-immediate-operand.patch
-Patch6004: backport-Fix-default-target-selection-not-applying-when-retrieving-it-by-name.patch
-
 BuildRequires: gtk-doc libtool
 BuildRequires: meson >= 0.47.0
 
@@ -25,7 +19,6 @@ subtraction, and many arithmetic operations.
 
 %package help
 Summary: Help documentation for Orc
-Buildarch: noarch
 Requires: %{name} = %{version}-%{release}
 
 %description help
@@ -87,21 +80,6 @@ The Orc compiler.
 %doc %{_datadir}/gtk-doc/html/orc/
 
 %changelog
-* Mon Aug 26 2024 wangjiang <wangjiang37@h-partners.com> - 0.4.34-4
-- add some upstream patchs
-
-* Wed Aug 21 2024 Huanyu Li <lihuanyu@cqsoftware.com.cn> - 0.4.34-3
-- Add 'Buildarch: noarch' to the help subpackage
-
-* Mon Jul 29  2024 baiguo <baiguo@kylinos.cn> - 0.4.34-2
-- Use vasprintf() if available for error messages and otherwise vsnprintf();orccompiler, orcparse: Use secure UCRT printing functions on Windows
-
-* Wed Jul 12 2023 dillon chen <dillon.chen@gmail.com> - 0.4.34-1
-- update to 0.4.34
-
-* Fri Nov 18 2022 dillon chen <dillon.chen@gmail.com> - 0.4.33-1
-- update to 0.4.33
-
 * Tue Oct 25 2022 wangjiang <wangjiang37@h-partners.com> 0.4.32-2
 - Rebuild for next release