On 16/07/15 02:25, Bernhard Voelker wrote: > On 07/14/2015 05:58 PM, Pádraig Brady wrote: >>> would you mind merging v8.24 to your semi-official "i18n" branch >>> on github [0]? >> >> Done > > Thanks! > Hmm, it seems you didn't merge but you rebased the I18N patch, > i.e. the version of the patch needed for v8.23 is not visible > anymore, is it?
Right. I suppose we could branch each previous release before rebasing. >> There are only a couple of divergences and on very quick scan, >> the Fedora/github one seems to be the latest. I'll verify that later >> and ensure github/Fedora has the latest revision. > > For openSUSE's version of the patch, I've found the missing pieces > (not yet pushed to OBS): > * the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1148347 > had been in a separate patch file; now squashed. > * the cut performance improvement for cut(1) in field-mode and UTF8 > was missing > > Regarding Fedora: the only difference I can see now is that Fedora's > version of the patch seems to use an older version of your recent > sort/I18N fix for CVE-2015-4041 and CVE-2015-4042 [0]: > > diff -u src/sort.c ~/coreutils/src/sort.c > --- src/sort.c 2015-07-15 23:52:42.664935007 +0200 > +++ /home/berny/coreutils/src/sort.c 2015-07-15 23:43:46.725105768 +0200 > @@ -3243,7 +3243,9 @@ > > if (ignore || translate) > { > - char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2); > + if (SIZE_MAX - lenb - 2 < lena) > + xalloc_die (); > + char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX); > char *copy_b = copy_a + lena * MB_CUR_MAX + 1; > size_t new_len_a, new_len_b; > size_t i, j; > > (Left side is Fedora, right side is your pixelb/i18n branch.) > > [0] https://github.com/pixelb/coreutils/commit/bea5e36cc876 Thanks for confirming that. So the github patch is the most up to date. thanks, Pádraig.
