Hello community, here is the log from the commit of package ucl for openSUSE:Leap:15.2 checked in at 2020-02-04 17:59:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/ucl (Old) and /work/SRC/openSUSE:Leap:15.2/.ucl.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ucl" Tue Feb 4 17:59:50 2020 rev:11 rq:769894 version:1.03 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/ucl/ucl.changes 2020-01-15 16:26:42.692695587 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.ucl.new.26092/ucl.changes 2020-02-04 17:59:59.720951253 +0100 @@ -1,0 +2,11 @@ +Thu Jan 23 23:35:45 UTC 2020 - Jan Engelhardt <[email protected]> + +- Add upx-207.patch + [CVE-2018-11243 partially - ticket 207 ONLY, boo#1094138] + +------------------------------------------------------------------- +Fri Jan 10 13:38:25 UTC 2020 - Martin Pluskal <[email protected]> + +- Modernise spec file + +------------------------------------------------------------------- New: ---- upx-207.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ucl.spec ++++++ --- /var/tmp/diff_new_pack.mrX5Xt/_old 2020-02-04 18:00:00.136951505 +0100 +++ /var/tmp/diff_new_pack.mrX5Xt/_new 2020-02-04 18:00:00.140951507 +0100 @@ -1,7 +1,7 @@ # # spec file for package ucl # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,11 +22,11 @@ Version: 1.03 Release: 0 Summary: The UCL Compression Library -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Development/Libraries/C and C++ -Url: http://www.oberhumer.com/opensource/ucl/ +URL: https://www.oberhumer.com/opensource/ucl/ Source0: http://www.oberhumer.com/opensource/ucl/download/ucl-%{version}.tar.gz -Source1: %{name}.changes +Patch1: upx-207.patch BuildRequires: gcc-c++ %description @@ -54,22 +54,15 @@ Headers and other development files for UCL library. %prep -%setup -q -# remove _DATE_ and _TIME_ macros -modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE1}")" -DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" -TIME="\"$(date -d "${modified}" "+%%R")\"" -find . -name '*.[ch]' |\ - xargs sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" +%autosetup -p1 %build export CFLAGS="%{optflags} -std=c90" export CXXFLAGS="%{optflags} -std=c90" -export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,-z,now" %configure \ --disable-static \ --enable-shared -make %{?_smp_mflags} +%make_build %install %make_install @@ -82,11 +75,11 @@ %postun -n %{libname} -p /sbin/ldconfig %files -n %{libname} -%doc COPYING NEWS README THANKS TODO +%license COPYING %{_libdir}/libucl.so.%{sover}* %files devel -%doc COPYING +%doc NEWS README THANKS TODO %{_includedir}/ucl %{_libdir}/libucl.so ++++++ upx-207.patch ++++++ From: jreiser Date: 2018-08-25 19:53+0200 References: https://github.com/upx/upx/issues/207#issuecomment-415986002 --- src/n2b_d.c | 2 +- src/n2e_d.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: ucl-1.03/src/n2b_d.c =================================================================== --- ucl-1.03.orig/src/n2b_d.c +++ ucl-1.03/src/n2b_d.c @@ -101,7 +101,7 @@ m_len += 2; } m_len += (m_off > 0xd00); - fail(olen + m_len > oend, UCL_E_OUTPUT_OVERRUN); + fail(olen + m_len + 1 > oend, UCL_E_OUTPUT_OVERRUN); fail(m_off > olen, UCL_E_LOOKBEHIND_OVERRUN); #ifdef TEST_OVERLAP olen += m_len + 1; Index: ucl-1.03/src/n2e_d.c =================================================================== --- ucl-1.03.orig/src/n2e_d.c +++ ucl-1.03/src/n2e_d.c @@ -109,7 +109,7 @@ m_len += 3; } m_len += (m_off > 0x500); - fail(olen + m_len > oend, UCL_E_OUTPUT_OVERRUN); + fail(olen + m_len + 1 > oend, UCL_E_OUTPUT_OVERRUN); fail(m_off > olen, UCL_E_LOOKBEHIND_OVERRUN); #ifdef TEST_OVERLAP olen += m_len + 1;
