Hello community,
here is the log from the commit of package seamonkey for openSUSE:Factory
checked in at 2016-08-09 22:15:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/seamonkey (Old)
and /work/SRC/openSUSE:Factory/.seamonkey.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "seamonkey"
Changes:
--------
--- /work/SRC/openSUSE:Factory/seamonkey/seamonkey.changes 2016-08-03
11:43:46.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.seamonkey.new/seamonkey.changes 2016-08-09
22:15:39.000000000 +0200
@@ -1,0 +2,14 @@
+Mon Aug 8 09:19:46 UTC 2016 - w...@rosenauer.org
+
+- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
+ as long as underlying issues have been addressed upstream
+ (boo#991027)
+
+-------------------------------------------------------------------
+Fri Aug 5 13:47:12 UTC 2016 - pce...@suse.com
+
+- Fix for possible buffer overrun (bsc#990856)
+ CVE-2016-6354 (bmo#1292534)
+ [mozilla-flex_buffer_overrun.patch]
+
+-------------------------------------------------------------------
New:
----
mozilla-flex_buffer_overrun.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ seamonkey.spec ++++++
--- /var/tmp/diff_new_pack.bEE405/_old 2016-08-09 22:15:45.000000000 +0200
+++ /var/tmp/diff_new_pack.bEE405/_new 2016-08-09 22:15:45.000000000 +0200
@@ -91,6 +91,8 @@
Patch9: mozilla-reduce-files-per-UnifiedBindings.patch
Patch10: mozilla-gcc6.patch
Patch100: seamonkey-ua-locale.patch
+# hotfix
+Patch150: mozilla-flex_buffer_overrun.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /bin/sh coreutils
Provides: seamonkey-mail = %{version}
@@ -198,6 +200,7 @@
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch150 -p1
popd
# comm patches
%patch100 -p1
@@ -216,6 +219,9 @@
export MOZILLA_OFFICIAL=1
export BUILD_OFFICIAL=1
export CFLAGS="%{optflags} -fno-strict-aliasing"
+%if 0%{?suse_version} > 1320
+export CFLAGS="$CFLAGS -fno-delete-null-pointer-checks"
+%endif
%ifarch %arm
export CFLAGS="${CFLAGS/-g / }"
%endif
++++++ mozilla-flex_buffer_overrun.patch ++++++
# HG changeset patch
# Parent c8e8364b303892fdb5a574b96411d2d8f699a15e
Patch lexical parser files generated by flex which may be potentially
exploitable in a buffer overrun. These seem to come from an upstream projects
(CMU Sphinx and ANGLE) so it should be fixed there in the first place.
CVE-2016-6354
https://bugzilla.suse.com/show_bug.cgi?id=990856
diff --git a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
--- a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
+++ b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
@@ -1375,17 +1375,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status ==
YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move
- 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
diff --git a/gfx/angle/src/compiler/translator/glslang_lex.cpp
b/gfx/angle/src/compiler/translator/glslang_lex.cpp
--- a/gfx/angle/src/compiler/translator/glslang_lex.cpp
+++ b/gfx/angle/src/compiler/translator/glslang_lex.cpp
@@ -2269,17 +2269,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status ==
YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move
- 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
diff --git a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
--- a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
+++ b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
@@ -1242,17 +1242,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status ==
YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move
- 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
