Hello community, here is the log from the commit of package perl-Convert-UUlib for openSUSE:Factory checked in at Mon May 30 16:14:15 CEST 2011.
-------- --- perl-Convert-UUlib/perl-Convert-UUlib.changes 2010-12-16 13:49:50.000000000 +0100 +++ /mounts/work_src_done/STABLE/perl-Convert-UUlib/perl-Convert-UUlib.changes 2011-05-30 10:04:44.000000000 +0200 @@ -1,0 +2,10 @@ +Mon May 30 07:43:35 UTC 2011 - [email protected] + +- update to 1.4 + - avoid a classical buffer overflow in case a progress + message is too long. + - this release adds depdencies for snprintf/vsnprintf. + - some uuencode encoders do not generate a final "space" line + before the "end" marker, so do not rely on the line to be there. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- Convert-UUlib-1.34.tar.bz2 New: ---- Convert-UUlib-1.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Convert-UUlib.spec ++++++ --- /var/tmp/diff_new_pack.C3iVRv/_old 2011-05-30 16:13:46.000000000 +0200 +++ /var/tmp/diff_new_pack.C3iVRv/_new 2011-05-30 16:13:46.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package perl-Convert-UUlib (Version 1.34) +# spec file for package perl-Convert-UUlib # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,14 +19,15 @@ Name: perl-Convert-UUlib -License: Artistic ; GPLv2+ +License: GPL+ or Artistic Group: Development/Libraries/Perl Provides: p_conulb Obsoletes: p_conulb AutoReqProv: on Summary: Perl interface to the uulib library -Version: 1.34 +Version: 1.4 Release: 1 +Url: http://search.cpan.org/~mlehmann/Convert-UUlib-1.4/UUlib.pm Source: Convert-UUlib-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build %{perl_requires} @@ -34,7 +35,7 @@ BuildRequires: perl-macros %description -Perl interface to the uulib library +A Perl interface to the uulib library %prep %setup -n Convert-UUlib-%{version} -q ++++++ Convert-UUlib-1.34.tar.bz2 -> Convert-UUlib-1.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/Changes new/Convert-UUlib-1.4/Changes --- old/Convert-UUlib-1.34/Changes 2010-12-14 22:20:03.000000000 +0100 +++ new/Convert-UUlib-1.4/Changes 2011-05-29 17:17:25.000000000 +0200 @@ -1,5 +1,12 @@ Revision history for Perl extension Convert::UUlib. +1.4 Sun May 29 17:17:01 CEST 2011 + - avoid a classical buffer overflow in case a progress + message is too long. + - this release adds depdencies for snprintf/vsnprintf. + - some uuencode encoders do not generate a final "space" line + before the "end" marker, so do not rely on the line to be there. + 1.34 Tue Dec 14 22:20:00 CET 2010 - fix a one-byte-past-end-write buffer overflow in UURepairData (reported, analysed and testcase provided by Marco Walther). @@ -41,7 +48,7 @@ - use the yencode filesize as additional matching criterium to avoid false matches. - made the example decoder more verbose w.r.t. error handling. - - removed potentially confusing decide_temp calls from + - removed potentially confusing decode_temp calls from example decoder. 1.11 Fri Jun 13 15:32:30 CEST 2008 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/MANIFEST new/Convert-UUlib-1.4/MANIFEST --- old/Convert-UUlib-1.34/MANIFEST 2010-12-14 22:21:22.000000000 +0100 +++ new/Convert-UUlib-1.4/MANIFEST 2011-05-29 17:22:57.000000000 +0200 @@ -34,4 +34,4 @@ uulib/uustring.h uulib/uuutil.c -META.yml Module meta-data (added by MakeMaker) +META.json Module meta-data (added by MakeMaker) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/META.json new/Convert-UUlib-1.4/META.json --- old/Convert-UUlib-1.34/META.json 1970-01-01 01:00:00.000000000 +0100 +++ new/Convert-UUlib-1.4/META.json 2011-05-29 17:22:57.000000000 +0200 @@ -0,0 +1,26 @@ +{ + "no_index" : { + "directory" : [ + "t", + "inc" + ] + }, + "meta-spec" : { + "version" : 1.4, + "url" : "http://module-build.sourceforge.net/META-spec-v1.4.html"; + }, + "generated_by" : "ExtUtils::MakeMaker::JSONMETA version 7.000", + "distribution_type" : "module", + "version" : "1.4", + "name" : "Convert-UUlib", + "author" : [], + "license" : "unknown", + "build_requires" : { + "ExtUtils::MakeMaker" : 0 + }, + "requires" : {}, + "abstract" : null, + "configure_requires" : { + "ExtUtils::MakeMaker" : 0 + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/META.yml new/Convert-UUlib-1.4/META.yml --- old/Convert-UUlib-1.34/META.yml 2010-12-14 22:21:22.000000000 +0100 +++ new/Convert-UUlib-1.4/META.yml 1970-01-01 01:00:00.000000000 +0100 @@ -1,20 +0,0 @@ ---- #YAML:1.0 -name: Convert-UUlib -version: 1.34 -abstract: ~ -author: [] -license: unknown -distribution_type: module -configure_requires: - ExtUtils::MakeMaker: 0 -build_requires: - ExtUtils::MakeMaker: 0 -requires: {} -no_index: - directory: - - t - - inc -generated_by: ExtUtils::MakeMaker version 6.56 -meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.4.html - version: 1.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/UUlib.pm new/Convert-UUlib-1.4/UUlib.pm --- old/Convert-UUlib-1.34/UUlib.pm 2010-12-14 22:20:28.000000000 +0100 +++ new/Convert-UUlib-1.4/UUlib.pm 2011-05-29 17:19:08.000000000 +0200 @@ -8,7 +8,7 @@ require Exporter; require DynaLoader; -our $VERSION = '1.34'; +our $VERSION = '1.4'; our @ISA = qw(Exporter DynaLoader); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/uulib/uucheck.c new/Convert-UUlib-1.4/uulib/uucheck.c --- old/Convert-UUlib-1.34/uulib/uucheck.c 2009-10-13 21:29:06.000000000 +0200 +++ new/Convert-UUlib-1.4/uulib/uucheck.c 2011-05-27 15:26:22.000000000 +0200 @@ -1446,9 +1446,9 @@ * Finalize checking */ - if ((flag & 4) == 0) liter->state |= UUFILE_NODATA; if ((flag & 1) == 0) liter->state |= UUFILE_NOBEGIN; if ((flag & 2) == 0) liter->state |= UUFILE_NOEND; + if ((flag & 4) == 0) liter->state |= UUFILE_NODATA; if ((flag & 7) == 7 && miscount==0) { liter->state = UUFILE_OK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/uulib/uulib.c new/Convert-UUlib-1.4/uulib/uulib.c --- old/Convert-UUlib-1.34/uulib/uulib.c 2010-12-14 22:13:40.000000000 +0100 +++ new/Convert-UUlib-1.4/uulib/uulib.c 2011-05-29 17:14:37.000000000 +0200 @@ -275,7 +275,7 @@ va_dcl #endif { - char *msgptr; + int msgofs; #if defined(STDC_HEADERS) || defined(HAVE_STDARG_H) va_list ap; @@ -293,16 +293,16 @@ #endif if (uu_debug) { - sprintf (uulib_msgstring, "%s(%d): %s", file, line, msgnames[level]); - msgptr = uulib_msgstring + strlen (uulib_msgstring); + snprintf (uulib_msgstring, 1024, "%s(%d): %s", file, line, msgnames[level]); + msgofs = strlen (uulib_msgstring); } else { - sprintf (uulib_msgstring, "%s", msgnames[level]); - msgptr = uulib_msgstring + strlen (uulib_msgstring); + snprintf (uulib_msgstring, 1024, "%s", msgnames[level]); + msgofs = strlen (uulib_msgstring); } if (uu_MsgCallback && (level>UUMSG_NOTE || uu_verbose)) { - vsprintf (msgptr, format, ap); + vsnprintf (uulib_msgstring + msgofs, 1024 - msgofs, format, ap); (*uu_MsgCallback) (uu_MsgCBArg, uulib_msgstring, level); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Convert-UUlib-1.34/uulib/uunconc.c new/Convert-UUlib-1.4/uulib/uunconc.c --- old/Convert-UUlib-1.34/uulib/uunconc.c 2010-12-14 22:08:06.000000000 +0100 +++ new/Convert-UUlib-1.4/uulib/uunconc.c 2011-05-27 15:48:25.000000000 +0200 @@ -1135,7 +1135,7 @@ tc = tf = vlc = 0; lc[0] = lc[1] = 0; } - else if ((*state == END) && + else if ((*state == END || *state == DATA) && (method == UU_ENCODED || method == XX_ENCODED)) { if (strncmp (line, "end", 3) == 0) { *state = DONE; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
