Hello community,
here is the log from the commit of package desktop-file-utils for
openSUSE:Factory checked in at 2016-05-20 11:55:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/desktop-file-utils (Old)
and /work/SRC/openSUSE:Factory/.desktop-file-utils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "desktop-file-utils"
Changes:
--------
--- /work/SRC/openSUSE:Factory/desktop-file-utils/desktop-file-utils.changes
2015-03-25 21:03:24.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.desktop-file-utils.new/desktop-file-utils.changes
2016-05-20 11:55:30.000000000 +0200
@@ -1,0 +2,6 @@
+Mon May 9 21:03:33 CEST 2016 - [email protected]
+
+- Add desktop-file-utils-fdo94303-fix-buffer-over-read.patch
+ (fdo#94303).
+
+-------------------------------------------------------------------
New:
----
desktop-file-utils-fdo94303-fix-buffer-over-read.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ desktop-file-utils.spec ++++++
--- /var/tmp/diff_new_pack.mxgRqr/_old 2016-05-20 11:55:31.000000000 +0200
+++ /var/tmp/diff_new_pack.mxgRqr/_new 2016-05-20 11:55:31.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package desktop-file-utils
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,6 +33,7 @@
# PATCH-UPSTREAM -- add Cinnamon and EDE desktop environments
Patch2: U_add-Cinnamon-desktop-environment_50271fe.patch
Patch3: U_add-EDE-desktop-environment_97d6ba3.patch
+Patch4: desktop-file-utils-fdo94303-fix-buffer-over-read.patch
BuildRequires: glib2-devel
BuildRequires: pkg-config
BuildRequires: xz
@@ -53,6 +54,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
%configure \
++++++ desktop-file-utils-fdo94303-fix-buffer-over-read.patch ++++++
>From cddcd6612b66cb3963920b5f2734850a217d7020 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <[email protected]>
Date: Mon, 29 Feb 2016 01:50:14 +0100
Subject: [PATCH] validate: Fix buffer over-read on incomplete escape sequence.
https://bugs.freedesktop.org/show_bug.cgi?id=94303
---
src/validate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/validate.c b/src/validate.c
index b4b752e..7403c18 100644
--- a/src/validate.c
+++ b/src/validate.c
@@ -1225,6 +1225,16 @@ handle_exec_key (kf_validator *kf,
break;
case '\\':
PRINT_INVALID_IF_FLAG;
+
+ /* Escape character immediately followed by \0? */
+ if (*(c + 1) == '\0') {
+ print_fatal (kf, "value \"%s\" for key \"%s\" in group \"%s\" "
+ "ends in an incomplete escape sequence\n",
+ value, locale_key, kf->current_group);
+ retval = FALSE;
+ break;
+ }
+
c++;
if (*c == '\\' && in_quote)
escaped = !escaped;
--
1.8.4.5