Hello community, here is the log from the commit of package ucl for openSUSE:Factory checked in at 2020-01-25 13:24:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ucl (Old) and /work/SRC/openSUSE:Factory/.ucl.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ucl" Sat Jan 25 13:24:03 2020 rev:4 rq:766780 version:1.03 Changes: -------- --- /work/SRC/openSUSE:Factory/ucl/ucl.changes 2020-01-10 17:51:10.542117530 +0100 +++ /work/SRC/openSUSE:Factory/.ucl.new.26092/ucl.changes 2020-01-25 13:24:18.160040304 +0100 @@ -1,0 +2,6 @@ +Thu Jan 23 23:35:45 UTC 2020 - Jan Engelhardt <[email protected]> + +- Add upx-207.patch + [CVE-2018-11243 partially - ticket 207 ONLY, boo#1094138] + +------------------------------------------------------------------- New: ---- upx-207.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ucl.spec ++++++ --- /var/tmp/diff_new_pack.T0Havu/_old 2020-01-25 13:24:19.988041105 +0100 +++ /var/tmp/diff_new_pack.T0Havu/_new 2020-01-25 13:24:19.992041106 +0100 @@ -26,6 +26,7 @@ Group: Development/Libraries/C and C++ URL: https://www.oberhumer.com/opensource/ucl/ Source0: http://www.oberhumer.com/opensource/ucl/download/ucl-%{version}.tar.gz +Patch1: upx-207.patch BuildRequires: gcc-c++ %description @@ -53,7 +54,7 @@ Headers and other development files for UCL library. %prep -%autosetup +%autosetup -p1 %build export CFLAGS="%{optflags} -std=c90" ++++++ upx-207.patch ++++++ From: jreiser Date: 2018-08-25 19:53+0200 References: https://github.com/upx/upx/issues/207#issuecomment-415986002 --- src/n2b_d.c | 2 +- src/n2e_d.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: ucl-1.03/src/n2b_d.c =================================================================== --- ucl-1.03.orig/src/n2b_d.c +++ ucl-1.03/src/n2b_d.c @@ -101,7 +101,7 @@ m_len += 2; } m_len += (m_off > 0xd00); - fail(olen + m_len > oend, UCL_E_OUTPUT_OVERRUN); + fail(olen + m_len + 1 > oend, UCL_E_OUTPUT_OVERRUN); fail(m_off > olen, UCL_E_LOOKBEHIND_OVERRUN); #ifdef TEST_OVERLAP olen += m_len + 1; Index: ucl-1.03/src/n2e_d.c =================================================================== --- ucl-1.03.orig/src/n2e_d.c +++ ucl-1.03/src/n2e_d.c @@ -109,7 +109,7 @@ m_len += 3; } m_len += (m_off > 0x500); - fail(olen + m_len > oend, UCL_E_OUTPUT_OVERRUN); + fail(olen + m_len + 1 > oend, UCL_E_OUTPUT_OVERRUN); fail(m_off > olen, UCL_E_LOOKBEHIND_OVERRUN); #ifdef TEST_OVERLAP olen += m_len + 1;
