1
0

Accepting request 417132 from home:pcerny:mozilla:Factory

flex hotfix

OBS-URL: https://build.opensuse.org/request/show/417132
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=539
This commit is contained in:
Wolfgang Rosenauer 2016-08-05 19:11:43 +00:00 committed by Git OBS Bridge
parent 1728408aaa
commit b20061a222
3 changed files with 87 additions and 1 deletions

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
- Fix for possible buffer overrun (bsc#990856)
CVE-2016-6354 (bmo#1292534)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package MozillaFirefox # spec file for package MozillaFirefox
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
# 2006-2016 Wolfgang Rosenauer # 2006-2016 Wolfgang Rosenauer
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
@ -153,6 +153,9 @@ Patch17: mozilla-binutils-visibility.patch
Patch101: firefox-kde.patch Patch101: firefox-kde.patch
Patch102: firefox-no-default-ualocale.patch Patch102: firefox-no-default-ualocale.patch
Patch103: firefox-branded-icons.patch Patch103: firefox-branded-icons.patch
# hotfix
Patch150: mozilla-flex_buffer_overrun.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires(post): coreutils shared-mime-info desktop-file-utils Requires(post): coreutils shared-mime-info desktop-file-utils
Requires(postun): shared-mime-info desktop-file-utils Requires(postun): shared-mime-info desktop-file-utils
@ -268,6 +271,7 @@ cd $RPM_BUILD_DIR/mozilla
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
%patch103 -p1 %patch103 -p1
%patch150 -p1
%build %build
# no need to add build time to binaries # no need to add build time to binaries

View File

@ -0,0 +1,76 @@
# HG changeset patch
# Parent c8e8364b303892fdb5a574b96411d2d8f699a15e
Patch lexical parser files generated by flex which may be potentially
exploitable in a buffer overrun. These seem to come from an upstream projects
(CMU Sphinx and ANGLE) so it should be fixed there in the first place.
CVE-2016-6354
https://bugzilla.suse.com/show_bug.cgi?id=990856
diff --git a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
--- a/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
+++ b/gfx/angle/src/compiler/preprocessor/Tokenizer.cpp
@@ -1375,17 +1375,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
diff --git a/gfx/angle/src/compiler/translator/glslang_lex.cpp b/gfx/angle/src/compiler/translator/glslang_lex.cpp
--- a/gfx/angle/src/compiler/translator/glslang_lex.cpp
+++ b/gfx/angle/src/compiler/translator/glslang_lex.cpp
@@ -2269,17 +2269,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
diff --git a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
--- a/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
+++ b/media/sphinxbase/src/libsphinxbase/lm/jsgf_scanner.c
@@ -1242,17 +1242,17 @@ static int yy_get_next_buffer (yyscan_t
if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
/* don't do the read, it's not guaranteed to return an EOF,
* just force an EOF
*/
YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars = 0;
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
{ /* Not enough room in the buffer - grow it. */
/* just a shorter name for the current buffer */
YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;