Accepting request 290382 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/290382
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gettext-runtime?expand=0&rev=60

gettext-check-allocated-size-for-static-segment.patch

@@ -0,0 +1,74 @@
+From 5d3eeaa0d3b7f4f6932bd29d859925a940b69459 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Wed, 11 Mar 2015 16:18:26 +0900
+Subject: [PATCH] msgunfmt: Check allocated size for static segment
+
+Reported by Max Lin in:
+http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
+* read-mo.c (get_sysdep_string): Check if the embedded segment
+size is valid, before adding it to the string length.
+---
+ gettext-tools/src/ChangeLog |  8 ++++++++
+ gettext-tools/src/read-mo.c | 11 +++++++----
+ 2 files changed, 15 insertions(+), 4 deletions(-)
+
+--- a/gettext-tools/src/read-mo.c
++++ b/gettext-tools/src/read-mo.c
+@@ -149,6 +149,7 @@ get_sysdep_string (const struct binary_m
+   nls_uint32 s_offset;
+ 
+   /* Compute the length.  */
++  s_offset = get_uint32 (bfp, offset);
+   length = 0;
+   for (i = 4; ; i += 8)
+     {
+@@ -158,9 +159,14 @@ get_sysdep_string (const struct binary_m
+       nls_uint32 ss_length;
+       nls_uint32 ss_offset;
+       size_t ss_end;
++      size_t s_end;
+       size_t n;
+ 
++      s_end = xsum (s_offset, segsize);
++      if (size_overflow_p (s_end) || s_end > bfp->size)
++        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+       length += segsize;
++      s_offset += segsize;
+ 
+       if (sysdepref == SEGMENTS_END)
+         break;
+@@ -175,7 +181,7 @@ get_sysdep_string (const struct binary_m
+       ss_end = xsum (ss_offset, ss_length);
+       if (size_overflow_p (ss_end) || ss_end > bfp->size)
+         error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+-      if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0'))
++      if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0'))
+         {
+           char location[30];
+           sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref);
+@@ -198,11 +204,8 @@ get_sysdep_string (const struct binary_m
+       nls_uint32 sysdep_segment_offset;
+       nls_uint32 ss_length;
+       nls_uint32 ss_offset;
+-      size_t s_end = xsum (s_offset, segsize);
+       size_t n;
+ 
+-      if (size_overflow_p (s_end) || s_end > bfp->size)
+-        error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+       memcpy (p, bfp->data + s_offset, segsize);
+       p += segsize;
+       s_offset += segsize;
+--- a/gettext-tools/src/ChangeLog
++++ b/gettext-tools/src/ChangeLog
+@@ -1,3 +1,11 @@
++2015-03-11  Daiki Ueno  <ueno@gnu.org>
++
++    msgunfmt: Check allocated size for static segment
++    Reported by Max Lin in:
++    http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
++    * read-mo.c (get_sysdep_string): Check if the embedded segment
++    size is valid, before adding it to the string length.
++
+ 2014-12-24  Daiki Ueno  <ueno@gnu.org>
+ 
+ 	* gettext 0.19.4 released.

gettext-csharp.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar 10 07:11:29 UTC 2015 - mlin@suse.com
+
+- Add gettext-check-allocated-size-for-static-segment.patch from upstream
+  * Check if the embedded segment size is valid, before adding it to
+    the string length. Please see
+    http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html 
+
 -------------------------------------------------------------------
 Tue Jan 27 20:24:49 UTC 2015 - andreas.stieger@gmx.de
 

gettext-csharp.spec

@@ -47,6 +47,8 @@ Patch2:         gettext-0.12.1-gettextize.patch
 Patch4:         gettext-po-mode.diff
 Patch5:         gettext-initialize_vars.patch
 Patch9:         gettext-needlessly_init_vars.patch
+# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- mlin@suse.com
+Patch10:        gettext-check-allocated-size-for-static-segment.patch
 
 %description
 Mono with its 'resgen' program uses a design that Microsoft created and
@@ -77,6 +79,7 @@ reliably than 'resgen'.
 %patch4
 %patch5
 %patch9
+%patch10 -p1
 
 %build
 export CFLAGS="%{optflags} -pipe -W -Wall -Dgcc_is_lint"

gettext-java.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar 10 07:10:56 UTC 2015 - mlin@suse.com
+
+- Add gettext-check-allocated-size-for-static-segment.patch from upstream
+  * Check if the embedded segment size is valid, before adding it to
+    the string length. Please see
+    http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html 
+
 -------------------------------------------------------------------
 Tue Jan 27 20:24:49 UTC 2015 - andreas.stieger@gmx.de
 

gettext-java.spec

@@ -46,6 +46,8 @@ Patch2:         gettext-0.12.1-gettextize.patch
 Patch4:         gettext-po-mode.diff
 Patch5:         gettext-initialize_vars.patch
 Patch9:         gettext-needlessly_init_vars.patch
+# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- mlin@suse.com
+Patch10:        gettext-check-allocated-size-for-static-segment.patch
 
 %description
 This package includes the tools needed to support message catalogs in
@@ -59,6 +61,7 @@ java+swing.
 %patch4
 %patch5
 %patch9
+%patch10 -p1
 
 %build
 # expect a couple "You should update your `aclocal.m4' by running aclocal."

gettext-runtime-mini.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar 10 07:10:28 UTC 2015 - mlin@suse.com
+
+- Add gettext-check-allocated-size-for-static-segment.patch from upstream
+  * Check if the embedded segment size is valid, before adding it to
+    the string length. Please see
+    http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html 
+
 -------------------------------------------------------------------
 Tue Jan 27 20:24:49 UTC 2015 - andreas.stieger@gmx.de
 

gettext-runtime-mini.spec

@@ -68,6 +68,8 @@ Patch5:         gettext-initialize_vars.patch
 # PATCH-FIX-OPENSUSE gettext-dont-test-gnulib.patch -- coolo@suse.de 
 Patch6:         gettext-dont-test-gnulib.patch
 Patch9:         gettext-needlessly_init_vars.patch
+# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- mlin@suse.com
+Patch10:        gettext-check-allocated-size-for-static-segment.patch
 
 %description
 This package contains the intl library as well as tools that ease the
@@ -125,6 +127,7 @@ as well as project examples.
 %patch5
 %patch6 -p1
 %patch9
+%patch10 -p1
 
 %build
 # expect a couple "You should update your `aclocal.m4' by running aclocal."

gettext-runtime.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Mar 10 07:06:26 UTC 2015 - mlin@suse.com
+
+- Add gettext-check-allocated-size-for-static-segment.patch from upstream
+  * Check if the embedded segment size is valid, before adding it to
+    the string length. Please see
+    http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
+
 -------------------------------------------------------------------
 Tue Jan 27 20:24:49 UTC 2015 - andreas.stieger@gmx.de
 

gettext-runtime.spec

@@ -68,6 +68,8 @@ Patch5:         gettext-initialize_vars.patch
 # PATCH-FIX-OPENSUSE gettext-dont-test-gnulib.patch -- coolo@suse.de 
 Patch6:         gettext-dont-test-gnulib.patch
 Patch9:         gettext-needlessly_init_vars.patch
+# PATCH-FIX-UPSTREAM gettext-check-allocated-size-for-static-segment.patch -- mlin@suse.com
+Patch10:        gettext-check-allocated-size-for-static-segment.patch
 
 %description
 This package contains the intl library as well as tools that ease the
@@ -125,6 +127,7 @@ as well as project examples.
 %patch5
 %patch6 -p1
 %patch9
+%patch10 -p1
 
 %build
 # expect a couple "You should update your `aclocal.m4' by running aclocal."