Hello community, here is the log from the commit of package tidy for openSUSE:Factory checked in at 2016-08-12 15:37:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tidy (Old) and /work/SRC/openSUSE:Factory/.tidy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tidy" Changes: -------- --- /work/SRC/openSUSE:Factory/tidy/tidy.changes 2016-06-09 15:54:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tidy.new/tidy.changes 2016-08-12 15:37:15.000000000 +0200 @@ -1,0 +2,8 @@ +Thu Aug 4 12:33:50 UTC 2016 - [email protected] + +- add static_buffer_overflow.diff: + + fix overflow in a static buffer (CVE-2016-6583) +- add Debian package files form fomer tidy-html5 packagee + these don't really work, but mostly as WIP + +------------------------------------------------------------------- New: ---- debian.changelog debian.compat debian.control debian.libtidy-dev.install debian.libtidy5.install debian.rules debian.series debian.tidy.install static_buffer_overflow.diff tidy_5.2.0-1.dsc tidy_5.2.0.orig.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tidy.spec ++++++ --- /var/tmp/diff_new_pack.xH5O9Z/_old 2016-08-12 15:37:16.000000000 +0200 +++ /var/tmp/diff_new_pack.xH5O9Z/_new 2016-08-12 15:37:16.000000000 +0200 @@ -38,6 +38,7 @@ Patch1: test_fixes.diff Patch2: fix_doxygen_paths.diff Patch3: compat_headers.diff +Patch4: static_buffer_overflow.diff BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -102,6 +103,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 %build %cmake \ ++++++ debian.changelog ++++++ tidy (5.2.0-1) unstable; urgency=low * Debian build files 'borrowed' from tidy-html5 package by Jan Engelhardt * Rename packages to main tidy package * Updated debhelper compat to 9 * Updated Standards to 3.9.8 -- Adam Majer <[email protected]> Fri, 17 Jun 2016 12:11:49 +0200 tidy-html5 (5.0.0) stable; urgency=low * Update to official release 5.0.0 tidy-html5 (4.9.28) unstable; urgency=low * Whatever -- Zarafa Development <[email protected]> Tue, 20 Jan 2015 10:25:03 +0100 ++++++ debian.compat ++++++ 9 ++++++ debian.control ++++++ Source: tidy Section: web Priority: optional Maintainer: ZD <[email protected]> Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc Standards-Version: 3.9.4 Homepage: http://html-tidy.org/ Package: tidy Section: web Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: HTML syntax checker and reformatter Corrects markup in a way compliant with the latest standards, and optimal for the popular browsers. It has a comprehensive knowledge of the attributes defined in the HTML 4.0 recommendation from W3C, and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 family of 7-bit encodings. In the output: . * HTML entity names for characters are used when appropriate. * Missing attribute quotes are added, and mismatched quotes found. * Tags lacking a terminating '>' are spotted. * Proprietary elements are recognized and reported as such. * The page is reformatted, from a choice of indentation styles. Package: libtidy5 Section: libs Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: HTML syntax checker and reformatter - library Corrects markup in a way compliant with the latest standards, and optimal for the popular browsers. It has a comprehensive knowledge of the attributes defined in the HTML 4.0 recommendation from W3C, and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 family of 7-bit encodings. In the output: . * HTML entity names for characters are used when appropriate. * Missing attribute quotes are added, and mismatched quotes found. * Tags lacking a terminating '>' are spotted. * Proprietary elements are recognized and reported as such. * The page is reformatted, from a choice of indentation styles. Package: libtidy-dev Section: libdevel Architecture: any Depends: libtidy5 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} Conflicts: libtidy-dev Description: HTML syntax checker and reformatter - development Corrects markup in a way compliant with the latest standards, and optimal for the popular browsers. It has a comprehensive knowledge of the attributes defined in the HTML 4.0 recommendation from W3C, and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 family of 7-bit encodings. In the output: . * HTML entity names for characters are used when appropriate. * Missing attribute quotes are added, and mismatched quotes found. * Tags lacking a terminating '>' are spotted. * Proprietary elements are recognized and reported as such. * The page is reformatted, from a choice of indentation styles. ++++++ debian.libtidy-dev.install ++++++ usr/include/tidy*.h usr/lib/libtidy.so ++++++ debian.libtidy5.install ++++++ usr/lib/libtidy.so.5* ++++++ debian.rules ++++++ #!/usr/bin/make -f %: dh $@ --parallel --builddirectory=builddir override_dh_auto_configure: mkdir -p builddir cd builddir; \ cmake .. -DCMAKE_SKIP_RPATH:BOOL=OFF \ -DINCLUDE_INSTALL_DIR:PATH=include/tidy \ PREFIX=/usr ++++++ debian.series ++++++ dynamic_library_build.diff test_fixes.diff fix_doxygen_paths.diff compat_headers.diff ++++++ debian.tidy.install ++++++ usr/bin/tidy usr/share/man/man1/tidy.1 ++++++ static_buffer_overflow.diff ++++++ Index: src/language.c =================================================================== --- src/language.c.orig +++ src/language.c @@ -601,7 +601,6 @@ tmbstr tidyNormalizedLocaleName( ctmbstr uint i; uint len; static char result[6] = "xx_yy"; - char character[1]; tmbstr search = strdup(locale); search = TY_(tmbstrtolower)(search); @@ -622,27 +621,28 @@ tmbstr tidyNormalizedLocaleName( ctmbstr junk language that doesn't exist and won't be set. */ len = strlen( search ); - len = len <= 5 ? len : 5; + len = ( len <= 5 ? len : 5 ); - for ( i = 0; i <= len; i++ ) + for ( i = 0; i < len; i++ ) { if ( i == 2 ) { /* Either terminate the string or ensure there's an underscore */ - if (strlen( search) >= 5) - character[0] = '_'; - else - character[0] = '\0'; - strncpy( result + i, character, 1 ); + if (len == 5) { + result[i] = '_'; + } + else { + result[i] = '\0'; + break; /* no need to copy after null */ + } } else { - strncpy( result + i, search + i, 1); - result[i] = tolower( result[i] ); + result[i] = tolower( search[i] ); } } - if ( search ) free( search ); + free( search ); return result; } ++++++ tidy_5.2.0-1.dsc ++++++ Format: 1.0 Source: tidy Binary: tidy, libtidy5, libtidy-dev Architecture: any Version: 5.2.0-1 Maintainer: ZD <[email protected]> Homepage: http://html-tidy.org/ Standards-Version: 3.9.4 Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc DEBTRANSFORM-TAR: tidy_5.2.0.orig.tar.xz Package-List: libtidy-dev deb libdevel optional libtidy5 deb libs optional tidy deb web optional Files: d57283ebb8157ae919762c58419353c8 133282 tidy_5.2.0.orig.tar.xz
