Hello community, here is the log from the commit of package geary for openSUSE:Factory checked in at 2015-02-03 11:40:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/geary (Old) and /work/SRC/openSUSE:Factory/.geary.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "geary" Changes: -------- --- /work/SRC/openSUSE:Factory/geary/geary.changes 2014-12-23 11:49:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.geary.new/geary.changes 2015-02-03 11:40:13.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Jan 2 14:50:56 UTC 2015 - zai...@opensuse.org + +- Add geary-Off-by-one-heap-buffer-overflow.patch: Heap access + violation in random_string(). Needed to allocate space for + terminating NUL (bgo#741842). + +------------------------------------------------------------------- New: ---- geary-Off-by-one-heap-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ geary.spec ++++++ --- /var/tmp/diff_new_pack.ClRRRH/_old 2015-02-03 11:40:15.000000000 +0100 +++ /var/tmp/diff_new_pack.ClRRRH/_new 2015-02-03 11:40:15.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package geary # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,8 @@ Group: Productivity/Networking/Email/Clients Url: http://yorba.org/geary Source: http://download.gnome.org/sources/geary/0.8/%{name}-%{version}.tar.xz +# PATCH-FIX-UPSTREAM geary-Off-by-one-heap-buffer-overflow.patch bgo#741842 zai...@opensuse.org -- Heap access violation in random_string() +Patch0: geary-Off-by-one-heap-buffer-overflow.patch BuildRequires: cmake BuildRequires: fdupes BuildRequires: intltool @@ -57,6 +59,7 @@ %lang_package %prep %setup -q +%patch0 -p1 %build %cmake -DVALA_EXECUTABLE:FILEPATH=%{_bindir}/valac%{?vala_version_suffix} \ ++++++ geary-Off-by-one-heap-buffer-overflow.patch ++++++ >From c2380abff29a7c5209c57d18bc90a960d79366ab Mon Sep 17 00:00:00 2001 From: Sergey Shnatsel Davidoff <ser...@elementaryos.org> Date: Mon, 22 Dec 2014 12:28:13 -0800 Subject: Heap access violation in random_string(): Bug #741842 Needed to allocate space for terminating NUL. diff --git a/src/client/util/util-random.vala b/src/client/util/util-random.vala index e8939f4..2310185 100644 --- a/src/client/util/util-random.vala +++ b/src/client/util/util-random.vala @@ -7,9 +7,10 @@ private string random_string(int length) { // No upper case letters, since request gets lower-cased. string chars = "abcdefghijklmnopqrstuvwxyz"; - char[] random = new char[length]; + char[] random = new char[length+1]; //leave room for terminating null for (int i = 0; i < length; i++) random[i] = chars[Random.int_range(0, chars.length)]; + random[length] = '\0'; //make sure the string is null-terminated return (string) random; } -- cgit v0.10.1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
