commit libcroco for openSUSE:Factory

root Thu, 09 May 2019 01:03:01 -0700

Hello community,

here is the log from the commit of package libcroco for openSUSE:Factory 
checked in at 2019-05-09 10:02:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcroco (Old)
 and      /work/SRC/openSUSE:Factory/.libcroco.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libcroco"

Thu May  9 10:02:39 2019 rev:38 rq:700495 version:0.6.13

Changes:
--------
--- /work/SRC/openSUSE:Factory/libcroco/libcroco.changes        2019-04-17 
10:05:54.682609844 +0200
+++ /work/SRC/openSUSE:Factory/.libcroco.new.5148/libcroco.changes      
2019-05-09 10:02:42.347876300 +0200
@@ -1,0 +2,7 @@
+Thu May  2 17:45:07 UTC 2019 - [email protected]
+
+- Add libcroco-CVE-2017-8834.patch: fix infinite loop on invalid
+  UTF-8 (boo#1043898 boo#1043899 bgo#782647 CVE-2017-8834
+  CVE-2017-8871).
+
+-------------------------------------------------------------------
@@ -4 +11 @@
-- Update to version
+- Update to version 0.6.13:

New:
----
  libcroco-CVE-2017-8834.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcroco.spec ++++++
--- /var/tmp/diff_new_pack.gklqXh/_old  2019-05-09 10:02:43.199878739 +0200
+++ /var/tmp/diff_new_pack.gklqXh/_new  2019-05-09 10:02:43.199878739 +0200
@@ -26,6 +26,8 @@
 Source:         
https://download.gnome.org/sources/libcroco/0.6/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
 
+# PATCH-FIX-UPSTREAM libcroco-CVE-2017-8834.patch boo#1043898 boo#1043899 
[email protected] -- fix infinite loop on invalid UTF-8.
+Patch0:         libcroco-CVE-2017-8834.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(glib-2.0) >= 2.0
 BuildRequires:  pkgconfig(libxml-2.0) >= 2.4.23

++++++ libcroco-CVE-2017-8834.patch ++++++
>From deda38539f5b25616aa294d8b19d33ebf8e175ff Mon Sep 17 00:00:00 2001
From: Mike Gorse <[email protected]>
Date: Thu, 2 May 2019 10:54:43 -0500
Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8

Otherwise, the offending character is never consumed, possibly leading
to an infinite loop.

https://bugzilla.gnome.org/show_bug.cgi?id=782647
---
 src/cr-utils.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cr-utils.c b/src/cr-utils.c
index 2420cec..6cf4849 100644
--- a/src/cr-utils.c
+++ b/src/cr-utils.c
@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in,
 
         } else {
                 /*BAD ENCODING */
+                nb_bytes_2_decode = 1;
                 goto end;
         }
 
-- 
2.20.1

commit libcroco for openSUSE:Factory

Reply via email to