Hello community, here is the log from the commit of package pspp for openSUSE:Factory checked in at 2019-03-01 16:48:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pspp (Old) and /work/SRC/openSUSE:Factory/.pspp.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pspp" Fri Mar 1 16:48:35 2019 rev:11 rq:680148 version:1.2.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pspp/pspp.changes 2019-02-08 12:11:14.173518003 +0100 +++ /work/SRC/openSUSE:Factory/.pspp.new.28833/pspp.changes 2019-03-01 16:48:38.381771553 +0100 @@ -1,0 +2,6 @@ +Thu Feb 28 14:35:20 UTC 2019 - [email protected] + +- Add upstream patch CVE-2019-9211.patch to fix CVE-2019-9211 + (boo#1127343). + +------------------------------------------------------------------- New: ---- CVE-2019-9211.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pspp.spec ++++++ --- /var/tmp/diff_new_pack.o9ccbs/_old 2019-03-01 16:48:39.005771318 +0100 +++ /var/tmp/diff_new_pack.o9ccbs/_new 2019-03-01 16:48:39.009771317 +0100 @@ -36,8 +36,10 @@ Source2: https://savannah.gnu.org/people/viewgpg.php?user_id=245#/%{name}.keyring # PATCH-FIX-UPSTREAM CVE-2018-20230.patch bnc#1120061 CVE-2018-20230 Patch0: CVE-2018-20230.patch +# PATCH-FIX-UPSTREAM CVE-2019-9211.patch boo#1127343 CVE-2019-9211 +Patch1: CVE-2019-9211.patch # Fix build with Texinfo 4.13 for openSUSE Leap 42.* -Patch1: avoid_old_Texinfo_4.13.patch +Patch2: avoid_old_Texinfo_4.13.patch BuildRoot: %{_tmppath}/pspp-root %if 0%{?centos_version} @@ -133,8 +135,9 @@ %endif %patch0 -p1 -%if 0%{?suse_version} <= 1320 %patch1 -p1 +%if 0%{?suse_version} <= 1320 +%patch2 -p1 %endif %build ++++++ CVE-2019-9211.patch ++++++ author Ben Pfaff <[email protected]> Thu, 28 Feb 2019 06:11:06 +0200 (20:11 -0800) These assertions can fail if the underlying file is not a regular file, e.g. if it is a device such as /dev/null. --- a/src/data/sys-file-writer.c +++ b/src/data/sys-file-writer.c @@ -953,7 +953,6 @@ write_long_string_value_labels (struct sfm_writer *w, const char *encoding = dict_get_encoding (dict); size_t n_vars = dict_get_var_cnt (dict); size_t size, i; - off_t start UNUSED; /* Figure out the size in advance. */ size = 0; @@ -985,7 +984,6 @@ write_long_string_value_labels (struct sfm_writer *w, write_int (w, 1); /* Data item (byte) size. */ write_int (w, size); /* Number of data items. */ - start = ftello (w->file); for (i = 0; i < n_vars; i++) { struct variable *var = dict_get_var (dict, i); @@ -1022,7 +1020,6 @@ write_long_string_value_labels (struct sfm_writer *w, free (label); } } - assert (ftello (w->file) == start + size); } static void @@ -1032,7 +1029,6 @@ write_long_string_missing_values (struct sfm_writer *w, const char *encoding = dict_get_encoding (dict); size_t n_vars = dict_get_var_cnt (dict); size_t size, i; - off_t start UNUSED; /* Figure out the size in advance. */ size = 0; @@ -1058,7 +1054,6 @@ write_long_string_missing_values (struct sfm_writer *w, write_int (w, 1); /* Data item (byte) size. */ write_int (w, size); /* Number of data items. */ - start = ftello (w->file); for (i = 0; i < n_vars; i++) { struct variable *var = dict_get_var (dict, i); @@ -1087,7 +1082,6 @@ write_long_string_missing_values (struct sfm_writer *w, write_bytes (w, value_str (value, width), 8); } } - assert (ftello (w->file) == start + size); } static void
