Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package capnproto for openSUSE:Factory
checked in at 2022-12-01 16:58:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/capnproto (Old)
and /work/SRC/openSUSE:Factory/.capnproto.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "capnproto"
Thu Dec 1 16:58:42 2022 rev:9 rq:1039181 version:0.10.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/capnproto/capnproto.changes 2022-06-30
13:18:48.957553791 +0200
+++ /work/SRC/openSUSE:Factory/.capnproto.new.1835/capnproto.changes
2022-12-01 16:59:02.595100893 +0100
@@ -1,0 +2,7 @@
+Wed Nov 30 16:54:01 UTC 2022 - Luigi Baldoni <aloi...@gmx.com>
+
+- Update to version 0.10.3
+ * Fix CVE-2022-46149: Possible out-of-bounds read related to
+ list-of-pointers
+
+-------------------------------------------------------------------
Old:
----
capnproto-c++-0.10.2.tar.gz
New:
----
capnproto-c++-0.10.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ capnproto.spec ++++++
--- /var/tmp/diff_new_pack.orTSPa/_old 2022-12-01 16:59:03.183104121 +0100
+++ /var/tmp/diff_new_pack.orTSPa/_new 2022-12-01 16:59:03.191104165 +0100
@@ -16,9 +16,9 @@
#
-%define _libver 0_10_2
+%define _libver 0_10_3
Name: capnproto
-Version: 0.10.2
+Version: 0.10.3
Release: 0
Summary: A Data Serialization Format
License: MIT
++++++ capnproto-c++-0.10.2.tar.gz -> capnproto-c++-0.10.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/CMakeLists.txt
new/capnproto-c++-0.10.3/CMakeLists.txt
--- old/capnproto-c++-0.10.2/CMakeLists.txt 2022-06-30 00:42:46.000000000
+0200
+++ new/capnproto-c++-0.10.3/CMakeLists.txt 2022-11-29 17:24:17.000000000
+0100
@@ -1,6 +1,6 @@
cmake_minimum_required(VERSION 3.6)
project("Cap'n Proto" CXX)
-set(VERSION 0.10.2)
+set(VERSION 0.10.3)
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/configure
new/capnproto-c++-0.10.3/configure
--- old/capnproto-c++-0.10.2/configure 2022-06-30 00:42:51.000000000 +0200
+++ new/capnproto-c++-0.10.3/configure 2022-11-29 17:24:22.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Capn Proto 0.10.2.
+# Generated by GNU Autoconf 2.69 for Capn Proto 0.10.3.
#
# Report bugs to <capnpr...@googlegroups.com>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='Capn Proto'
PACKAGE_TARNAME='capnproto-c++'
-PACKAGE_VERSION='0.10.2'
-PACKAGE_STRING='Capn Proto 0.10.2'
+PACKAGE_VERSION='0.10.3'
+PACKAGE_STRING='Capn Proto 0.10.3'
PACKAGE_BUGREPORT='capnpr...@googlegroups.com'
PACKAGE_URL=''
@@ -1367,7 +1367,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Capn Proto 0.10.2 to adapt to many kinds of systems.
+\`configure' configures Capn Proto 0.10.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1438,7 +1438,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Capn Proto 0.10.2:";;
+ short | recursive ) echo "Configuration of Capn Proto 0.10.3:";;
esac
cat <<\_ACEOF
@@ -1569,7 +1569,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Capn Proto configure 0.10.2
+Capn Proto configure 0.10.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2284,7 +2284,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Capn Proto $as_me 0.10.2, which was
+It was created by Capn Proto $as_me 0.10.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3157,7 +3157,7 @@
# Define the identity of the package.
PACKAGE='capnproto-c++'
- VERSION='0.10.2'
+ VERSION='0.10.3'
cat >>confdefs.h <<_ACEOF
@@ -18386,7 +18386,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Capn Proto $as_me 0.10.2, which was
+This file was extended by Capn Proto $as_me 0.10.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18452,7 +18452,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Capn Proto config.status 0.10.2
+Capn Proto config.status 0.10.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/configure.ac
new/capnproto-c++-0.10.3/configure.ac
--- old/capnproto-c++-0.10.2/configure.ac 2022-06-30 00:42:46.000000000
+0200
+++ new/capnproto-c++-0.10.3/configure.ac 2022-11-29 17:24:17.000000000
+0100
@@ -1,6 +1,6 @@
## Process this file with autoconf to produce configure.
-AC_INIT([Capn Proto],[0.10.2],[capnpr...@googlegroups.com],[capnproto-c++])
+AC_INIT([Capn Proto],[0.10.3],[capnpr...@googlegroups.com],[capnproto-c++])
AC_CONFIG_SRCDIR([src/capnp/layout.c++])
AC_CONFIG_AUX_DIR([build-aux])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/c++.capnp.h
new/capnproto-c++-0.10.3/src/capnp/c++.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/c++.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/c++.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/common.h
new/capnproto-c++-0.10.3/src/capnp/common.h
--- old/capnproto-c++-0.10.2/src/capnp/common.h 2022-06-30 00:42:46.000000000
+0200
+++ new/capnproto-c++-0.10.3/src/capnp/common.h 2022-11-29 17:24:17.000000000
+0100
@@ -48,7 +48,7 @@
#define CAPNP_VERSION_MAJOR 0
#define CAPNP_VERSION_MINOR 10
-#define CAPNP_VERSION_MICRO 2
+#define CAPNP_VERSION_MICRO 3
#define CAPNP_VERSION \
(CAPNP_VERSION_MAJOR * 1000000 + CAPNP_VERSION_MINOR * 1000 +
CAPNP_VERSION_MICRO)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/compat/json.capnp.h
new/capnproto-c++-0.10.3/src/capnp/compat/json.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/compat/json.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/compat/json.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -9,7 +9,7 @@
#include <capnp/capability.h>
#endif // !CAPNP_LITE
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/capnproto-c++-0.10.2/src/capnp/compiler/grammar.capnp.h
new/capnproto-c++-0.10.3/src/capnp/compiler/grammar.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/compiler/grammar.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/compiler/grammar.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/capnproto-c++-0.10.2/src/capnp/compiler/lexer.capnp.h
new/capnproto-c++-0.10.3/src/capnp/compiler/lexer.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/compiler/lexer.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/compiler/lexer.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/layout.c++
new/capnproto-c++-0.10.3/src/capnp/layout.c++
--- old/capnproto-c++-0.10.2/src/capnp/layout.c++ 2021-08-08
19:08:05.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/layout.c++ 2022-11-29
17:19:10.000000000 +0100
@@ -2333,10 +2333,6 @@
break;
case ElementSize::POINTER:
- // We expected a list of pointers but got a list of structs.
Assuming the first field
- // in the struct is the pointer we were looking for, we want to
munge the pointer to
- // point at the first element's pointer section.
- ptr += tag->structRef.dataSize.get();
KJ_REQUIRE(tag->structRef.ptrCount.get() > ZERO * POINTERS,
"Expected a pointer list, but got a list of data-only
structs.") {
goto useDefault;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/layout.h
new/capnproto-c++-0.10.3/src/capnp/layout.h
--- old/capnproto-c++-0.10.2/src/capnp/layout.h 2020-04-22 19:50:38.000000000
+0200
+++ new/capnproto-c++-0.10.3/src/capnp/layout.h 2022-11-29 17:19:10.000000000
+0100
@@ -1227,8 +1227,12 @@
}
inline PointerReader ListReader::getPointerElement(ElementCount index) const {
+ // If the list elements have data sections we need to skip those. Note that
for pointers to be
+ // present at all (which already must be true if we get here), then
`structDataSize` must be a
+ // whole number of words, so we don't have to worry about unaligned reads
here.
+ auto offset = structDataSize / BITS_PER_BYTE;
return PointerReader(segment, capTable, reinterpret_cast<const WirePointer*>(
- ptr + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE),
nestingLimit);
+ ptr + offset + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE),
nestingLimit);
}
// -------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/persistent.capnp.h
new/capnproto-c++-0.10.3/src/capnp/persistent.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/persistent.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/persistent.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -9,7 +9,7 @@
#include <capnp/capability.h>
#endif // !CAPNP_LITE
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/rpc-twoparty.capnp.h
new/capnproto-c++-0.10.3/src/capnp/rpc-twoparty.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/rpc-twoparty.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/rpc-twoparty.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/rpc.capnp.h
new/capnproto-c++-0.10.3/src/capnp/rpc.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/rpc.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/rpc.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/schema.capnp.h
new/capnproto-c++-0.10.3/src/capnp/schema.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/schema.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/schema.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/capnproto-c++-0.10.2/src/capnp/stream.capnp.h
new/capnproto-c++-0.10.3/src/capnp/stream.capnp.h
--- old/capnproto-c++-0.10.2/src/capnp/stream.capnp.h 2022-06-30
00:42:46.000000000 +0200
+++ new/capnproto-c++-0.10.3/src/capnp/stream.capnp.h 2022-11-29
17:24:17.000000000 +0100
@@ -6,7 +6,7 @@
#include <capnp/generated-header-support.h>
#include <kj/windows-sanity.h>
-#if CAPNP_VERSION != 10002
+#if CAPNP_VERSION != 10003
#error "Version mismatch between generated code and library headers. You must
use the same version of the Cap'n Proto compiler and library."
#endif
