Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ip2unix for openSUSE:Factory checked in at 2024-04-15 20:17:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ip2unix (Old) and /work/SRC/openSUSE:Factory/.ip2unix.new.26366 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ip2unix" Mon Apr 15 20:17:39 2024 rev:6 rq:1167682 version:2.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ip2unix/ip2unix.changes 2023-08-28 17:15:55.774189912 +0200 +++ /work/SRC/openSUSE:Factory/.ip2unix.new.26366/ip2unix.changes 2024-04-15 20:23:57.652775843 +0200 @@ -1,0 +2,5 @@ +Sun Apr 14 20:37:31 UTC 2024 - Adam Mizerski <[email protected]> + +- added patch ip2unix-2.2.1-fix_out_of_range_string_view_access.patch + +------------------------------------------------------------------- New: ---- ip2unix-2.2.1-fix_out_of_range_string_view_access.patch BETA DEBUG BEGIN: New: - added patch ip2unix-2.2.1-fix_out_of_range_string_view_access.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ip2unix.spec ++++++ --- /var/tmp/diff_new_pack.pEvPOt/_old 2024-04-15 20:23:58.068791159 +0200 +++ /var/tmp/diff_new_pack.pEvPOt/_new 2024-04-15 20:23:58.072791307 +0200 @@ -1,7 +1,7 @@ # # spec file for package ip2unix # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,6 +23,7 @@ License: LGPL-3.0-only URL: https://github.com/nixcloud/ip2unix/ Source0: https://github.com/nixcloud/ip2unix/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: https://patch-diff.githubusercontent.com/raw/nixcloud/ip2unix/pull/35.patch#/ip2unix-2.2.1-fix_out_of_range_string_view_access.patch BuildRequires: asciidoc BuildRequires: gcc-c++ BuildRequires: meson >= 0.47.0 ++++++ ip2unix-2.2.1-fix_out_of_range_string_view_access.patch ++++++ >From 050ddf76b4b925f27e255fbb820b0700407ceb2b Mon Sep 17 00:00:00 2001 From: Adam Mizerski <[email protected]> Date: Sun, 14 Apr 2024 22:33:54 +0200 Subject: [PATCH] fix out of range string_view access --- src/globpath.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/globpath.cc b/src/globpath.cc index d842494..b52869e 100644 --- a/src/globpath.cc +++ b/src/globpath.cc @@ -81,7 +81,8 @@ MatchResult GlobPath::match_cclass(size_t *pattern_pos, const char &pathchar) } else if (this->pattern[nextpat] == pathchar) { found = true; } - nextpat++; + if (++nextpat >= this->patlen) + return MatchResult::Invalid; } while (this->pattern[nextpat] != ']'); // Range has ended preliminary (like eg. "[a-]") so we need to match the @@ -157,7 +158,7 @@ MatchResult GlobPath::match_norec(size_t *pattern_pos, size_t *path_pos) if (this->pattern[patpos] == '*') { size_t anum; // Eat up all consecutive "any string" wildcard characters. - for (anum = 0; this->pattern[patpos] == '*'; ++anum) { + for (anum = 0; patpos < this->patlen && this->pattern[patpos] == '*'; ++anum) { // If the wildcard is the last character in pattern, anything // from the rest of path will match. if (patpos >= this->patlen) { @@ -171,7 +172,7 @@ MatchResult GlobPath::match_norec(size_t *pattern_pos, size_t *path_pos) // If the number of asterisks is two followed by a slash, we need // to do recursive globbing, like eg. "a/**/b" or "**/foo". - bool is_slash = this->pattern[patpos] == '/'; + bool is_slash = patpos < this->patlen && this->pattern[patpos] == '/'; if (anum == 2 && last_slash + 2 == patpos && is_slash) { *pattern_pos = patpos + 1; *path_pos = pathpos; @@ -201,7 +202,7 @@ MatchResult GlobPath::match_norec(size_t *pattern_pos, size_t *path_pos) MatchResult result = this->match_fixed(&patpos, &pathpos); if (result == MatchResult::GotSlash) { - if (this->pattern[patpos++] == '/') { + if (patpos < this->patlen && this->pattern[patpos++] == '/') { last_slash = patpos; pathpos++; } else {
