Hello community, here is the log from the commit of package less for openSUSE:Factory checked in at 2015-03-23 12:14:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/less (Old) and /work/SRC/openSUSE:Factory/.less.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "less" Changes: -------- --- /work/SRC/openSUSE:Factory/less/less.changes 2014-12-21 12:01:18.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.less.new/less.changes 2015-03-23 12:14:04.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Mar 13 16:10:30 UTC 2015 - [email protected] + +- add less-458-out_of_bounds_read.patch to fix an "out of bounds + read access in the UTF-8" vulnerability (bnc#921719), + (CVE-2014-9488) + +------------------------------------------------------------------- New: ---- less-458-out_of_bounds_read.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ less.spec ++++++ --- /var/tmp/diff_new_pack.WEmoMD/_old 2015-03-23 12:14:05.000000000 +0100 +++ /var/tmp/diff_new_pack.WEmoMD/_new 2015-03-23 12:14:05.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package less # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,6 +34,8 @@ Patch26: %{name}-429-shell.patch Patch27: %{name}-429-save_line_position.patch Patch28: %{name}-429-more.patch +# PATCH-FIX-UPSTREAM bnc#921719 [email protected] -- security fix of an out of bound read access in the UTF-8 +Patch29: less-458-out_of_bounds_read.patch BuildRequires: automake BuildRequires: ncurses-devel Requires: file @@ -53,6 +55,7 @@ %patch26 %patch27 %patch28 +%patch29 -p1 # # the ./configure script is not writable for the normal user # rather fix permissions for all files ++++++ less-458-out_of_bounds_read.patch ++++++ Index: less-458/line.c =================================================================== --- less-458.orig/line.c +++ less-458/line.c @@ -828,7 +828,7 @@ pappend(c, pos) mbc_buf[mbc_buf_index++] = c; if (mbc_buf_index < mbc_buf_len) return (0); - if (is_utf8_well_formed(mbc_buf)) + if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); else /* Complete, but not shortest form, sequence. */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
