Hello community,

here is the log from the commit of package mcpp for openSUSE:Leap:15.2 checked 
in at 2020-03-26 05:41:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/mcpp (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.mcpp.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mcpp"

Thu Mar 26 05:41:31 2020 rev:11 rq:788105 version:2.7.2

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/mcpp/mcpp.changes      2020-01-15 
15:28:43.822687496 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.mcpp.new.3160/mcpp.changes    2020-03-26 
05:41:37.483286430 +0100
@@ -1,0 +2,5 @@
+Wed Mar 18 17:29:06 UTC 2020 - Dirk Mueller <dmuel...@suse.com>
+
+- add CVE-2019-14274.patch (bsc#1143032, CVE-2019-14274)
+
+-------------------------------------------------------------------

New:
----
  CVE-2019-14274.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mcpp.spec ++++++
--- /var/tmp/diff_new_pack.oA7qlI/_old  2020-03-26 05:41:38.163286783 +0100
+++ /var/tmp/diff_new_pack.oA7qlI/_new  2020-03-26 05:41:38.167286785 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package mcpp
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -22,9 +22,10 @@
 Summary:        Matsui's C Preprocessor
 License:        BSD-3-Clause
 Group:          Development/Languages/C and C++
-Url:            http://mcpp.sourceforge.net/
+URL:            http://mcpp.sourceforge.net/
 Source0:        
http://sourceforge.net/projects/mcpp/files/mcpp/V.%{version}/%{name}-%{version}.tar.gz
 Patch0:         %{name}-%{version}.diff
+Patch1:         CVE-2019-14274.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -58,6 +59,7 @@
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 export CFLAGS="%{optflags} -D_BSD_SOURCE"

++++++ CVE-2019-14274.patch ++++++
Subject: [PATCH] Merge bug fixes from https://github.com/h8liu/mcpp.git

--- a/src/support.c
+++ b/src/support.c
@@ -188,7 +188,7 @@ static char *   append_to_buffer(
     size_t      length
 )
 {
-    if (mem_buf_p->bytes_avail < length) {  /* Need to allocate more memory */
+    if (mem_buf_p->bytes_avail < length + 1) {  /* Need to allocate more 
memory */
         size_t size = MAX( BUF_INCR_SIZE, length);
 
         if (mem_buf_p->buffer == NULL) {            /* 1st append   */
@@ -1722,6 +1722,8 @@ static char *   parse_line( void)
                     sp -= 2;
                     while (*sp != '\n')     /* Until end of line    */
                         mcpp_fputc( *sp++, OUT);
+                    mcpp_fputc('\n', OUT);
+                    wrong_line = TRUE;
                 }
                 goto  end_line;
             default:                        /* Not a comment        */

Reply via email to