Accepting request 417133 from home:pcerny:mozilla:Factory
flex hotfix OBS-URL: https://build.opensuse.org/request/show/417133 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=333
This commit is contained in:
parent
0e16848923
commit
d81c4a7fc9
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
|
||||
|
||||
- Fix for possible buffer overrun (bsc#990856)
|
||||
CVE-2016-6354 (bmo#1292534)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 21 11:50:27 UTC 2016 - mailaender@opensuse.org
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package MozillaThunderbird
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# 2006-2016 Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@ -108,6 +108,8 @@ Patch8: mozilla-aarch64-48bit-va.patch
|
||||
Patch9: mozilla-binutils-visibility.patch
|
||||
# Thunderbird/mail
|
||||
Patch20: tb-ssldap.patch
|
||||
# hotfix
|
||||
Patch150: mozilla-flex_buffer_overrun.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: coreutils fileutils textutils /bin/sh
|
||||
Recommends: libcanberra0
|
||||
@ -204,6 +206,7 @@ pushd mozilla
|
||||
%patch6 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch150 -p1
|
||||
popd
|
||||
# comm-central patches
|
||||
%patch20 -p1
|
||||
|
76
mozilla-flex_buffer_overrun.patch
Normal file
76
mozilla-flex_buffer_overrun.patch
Normal file
@ -0,0 +1,76 @@
|
||||
# HG changeset patch
|
||||
# Parent c8e8364b303892fdb5a574b96411d2d8f699a15e
|
||||
Patch lexical parser files generated by flex which may be potentially
|
||||
exploitable in a buffer overrun. These seem to come from an upstream projects
|
||||
(CMU Sphinx and ANGLE) so it should be fixed there in the first place.
|
||||
|
||||
CVE-2016-6354
|
||||
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=990856
|
||||
|
||||
diff --git a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
|
||||
--- a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
|
||||
+++ b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
|
||||
@@ -1375,17 +1375,17 @@ static int yy_get_next_buffer (yyscan_t
|
||||
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
|
||||
/* don't do the read, it's not guaranteed to return an EOF,
|
||||
* just force an EOF
|
||||
*/
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
|
||||
|
||||
else
|
||||
{
|
||||
- yy_size_t num_to_read =
|
||||
+ int num_to_read =
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
|
||||
|
||||
while ( num_to_read <= 0 )
|
||||
{ /* Not enough room in the buffer - grow it. */
|
||||
|
||||
/* just a shorter name for the current buffer */
|
||||
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
|
||||
|
||||
diff --git a/gfx/angle/src/compiler/translator/glslang_lex.cpp b/gfx/angle/src/compiler/translator/glslang_lex.cpp
|
||||
--- a/gfx/angle/src/compiler/translator/glslang_lex.cpp
|
||||
+++ b/gfx/angle/src/compiler/translator/glslang_lex.cpp
|
||||
@@ -2269,17 +2269,17 @@ static int yy_get_next_buffer (yyscan_t
|
||||
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
|
||||
/* don't do the read, it's not guaranteed to return an EOF,
|
||||
* just force an EOF
|
||||
*/
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
|
||||
|
||||
else
|
||||
{
|
||||
- yy_size_t num_to_read =
|
||||
+ int num_to_read =
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
|
||||
|
||||
while ( num_to_read <= 0 )
|
||||
{ /* Not enough room in the buffer - grow it. */
|
||||
|
||||
/* just a shorter name for the current buffer */
|
||||
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
|
||||
|
||||
diff --git a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
|
||||
--- a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
|
||||
+++ b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
|
||||
@@ -1242,17 +1242,17 @@ static int yy_get_next_buffer (yyscan_t
|
||||
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
|
||||
/* don't do the read, it's not guaranteed to return an EOF,
|
||||
* just force an EOF
|
||||
*/
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
|
||||
|
||||
else
|
||||
{
|
||||
- yy_size_t num_to_read =
|
||||
+ int num_to_read =
|
||||
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
|
||||
|
||||
while ( num_to_read <= 0 )
|
||||
{ /* Not enough room in the buffer - grow it. */
|
||||
|
||||
/* just a shorter name for the current buffer */
|
||||
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
|
||||
|
Loading…
Reference in New Issue
Block a user