Hello community, here is the log from the commit of package gettext-runtime for openSUSE:Factory checked in at 2015-03-16 06:52:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gettext-runtime (Old) and /work/SRC/openSUSE:Factory/.gettext-runtime.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gettext-runtime" Changes: -------- --- /work/SRC/openSUSE:Factory/gettext-runtime/gettext-csharp.changes 2015-02-06 10:47:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gettext-runtime.new/gettext-csharp.changes 2015-03-16 06:52:21.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 10 07:11:29 UTC 2015 - [email protected] + +- Add gettext-check-allocated-size-for-static-segment.patch from upstream + * Check if the embedded segment size is valid, before adding it to + the string length. Please see + http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/gettext-runtime/gettext-java.changes 2015-02-06 10:47:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gettext-runtime.new/gettext-java.changes 2015-03-16 06:52:21.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 10 07:10:56 UTC 2015 - [email protected] + +- Add gettext-check-allocated-size-for-static-segment.patch from upstream + * Check if the embedded segment size is valid, before adding it to + the string length. Please see + http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/gettext-runtime/gettext-runtime-mini.changes 2015-02-06 10:47:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gettext-runtime.new/gettext-runtime-mini.changes 2015-03-16 06:52:21.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 10 07:10:28 UTC 2015 - [email protected] + +- Add gettext-check-allocated-size-for-static-segment.patch from upstream + * Check if the embedded segment size is valid, before adding it to + the string length. Please see + http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/gettext-runtime/gettext-runtime.changes 2015-02-06 10:47:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gettext-runtime.new/gettext-runtime.changes 2015-03-16 06:52:21.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Mar 10 07:06:26 UTC 2015 - [email protected] + +- Add gettext-check-allocated-size-for-static-segment.patch from upstream + * Check if the embedded segment size is valid, before adding it to + the string length. Please see + http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html + +------------------------------------------------------------------- New: ---- gettext-check-allocated-size-for-static-segment.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gettext-csharp.spec ++++++ --- /var/tmp/diff_new_pack.MKjFKq/_old 2015-03-16 06:52:23.000000000 +0100 +++ /var/tmp/diff_new_pack.MKjFKq/_new 2015-03-16 06:52:23.000000000 +0100 @@ -47,6 +47,8 @@ Patch4: gettext-po-mode.diff Patch5: gettext-initialize_vars.patch Patch9: gettext-needlessly_init_vars.patch +# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- [email protected] +Patch10: gettext-check-allocated-size-for-static-segment.patch %description Mono with its 'resgen' program uses a design that Microsoft created and @@ -77,6 +79,7 @@ %patch4 %patch5 %patch9 +%patch10 -p1 %build export CFLAGS="%{optflags} -pipe -W -Wall -Dgcc_is_lint" ++++++ gettext-java.spec ++++++ --- /var/tmp/diff_new_pack.MKjFKq/_old 2015-03-16 06:52:23.000000000 +0100 +++ /var/tmp/diff_new_pack.MKjFKq/_new 2015-03-16 06:52:23.000000000 +0100 @@ -46,6 +46,8 @@ Patch4: gettext-po-mode.diff Patch5: gettext-initialize_vars.patch Patch9: gettext-needlessly_init_vars.patch +# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- [email protected] +Patch10: gettext-check-allocated-size-for-static-segment.patch %description This package includes the tools needed to support message catalogs in @@ -59,6 +61,7 @@ %patch4 %patch5 %patch9 +%patch10 -p1 %build # expect a couple "You should update your `aclocal.m4' by running aclocal." ++++++ gettext-runtime-mini.spec ++++++ --- /var/tmp/diff_new_pack.MKjFKq/_old 2015-03-16 06:52:23.000000000 +0100 +++ /var/tmp/diff_new_pack.MKjFKq/_new 2015-03-16 06:52:23.000000000 +0100 @@ -68,6 +68,8 @@ # PATCH-FIX-OPENSUSE gettext-dont-test-gnulib.patch -- [email protected] Patch6: gettext-dont-test-gnulib.patch Patch9: gettext-needlessly_init_vars.patch +# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- [email protected] +Patch10: gettext-check-allocated-size-for-static-segment.patch %description This package contains the intl library as well as tools that ease the @@ -125,6 +127,7 @@ %patch5 %patch6 -p1 %patch9 +%patch10 -p1 %build # expect a couple "You should update your `aclocal.m4' by running aclocal." gettext-runtime.spec: same change ++++++ gettext-check-allocated-size-for-static-segment.patch ++++++ >From 5d3eeaa0d3b7f4f6932bd29d859925a940b69459 Mon Sep 17 00:00:00 2001 From: Daiki Ueno <[email protected]> Date: Wed, 11 Mar 2015 16:18:26 +0900 Subject: [PATCH] msgunfmt: Check allocated size for static segment Reported by Max Lin in: http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html * read-mo.c (get_sysdep_string): Check if the embedded segment size is valid, before adding it to the string length. --- gettext-tools/src/ChangeLog | 8 ++++++++ gettext-tools/src/read-mo.c | 11 +++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) --- a/gettext-tools/src/read-mo.c +++ b/gettext-tools/src/read-mo.c @@ -149,6 +149,7 @@ get_sysdep_string (const struct binary_m nls_uint32 s_offset; /* Compute the length. */ + s_offset = get_uint32 (bfp, offset); length = 0; for (i = 4; ; i += 8) { @@ -158,9 +159,14 @@ get_sysdep_string (const struct binary_m nls_uint32 ss_length; nls_uint32 ss_offset; size_t ss_end; + size_t s_end; size_t n; + s_end = xsum (s_offset, segsize); + if (size_overflow_p (s_end) || s_end > bfp->size) + error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); length += segsize; + s_offset += segsize; if (sysdepref == SEGMENTS_END) break; @@ -175,7 +181,7 @@ get_sysdep_string (const struct binary_m ss_end = xsum (ss_offset, ss_length); if (size_overflow_p (ss_end) || ss_end > bfp->size) error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); - if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0')) + if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0')) { char location[30]; sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref); @@ -198,11 +204,8 @@ get_sysdep_string (const struct binary_m nls_uint32 sysdep_segment_offset; nls_uint32 ss_length; nls_uint32 ss_offset; - size_t s_end = xsum (s_offset, segsize); size_t n; - if (size_overflow_p (s_end) || s_end > bfp->size) - error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); memcpy (p, bfp->data + s_offset, segsize); p += segsize; s_offset += segsize; --- a/gettext-tools/src/ChangeLog +++ b/gettext-tools/src/ChangeLog @@ -1,3 +1,11 @@ +2015-03-11 Daiki Ueno <[email protected]> + + msgunfmt: Check allocated size for static segment + Reported by Max Lin in: + http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html + * read-mo.c (get_sysdep_string): Check if the embedded segment + size is valid, before adding it to the string length. + 2014-12-24 Daiki Ueno <[email protected]> * gettext 0.19.4 released. -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
