Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal
I'd like to ask the unblocking of gettext 0.19.3-2. This release fixes three memory related bugs, in every case the fix comes directly from upstream git. debdiff follows. Thanks. diff -Nru gettext-0.19.3/debian/changelog gettext-0.19.3/debian/changelog --- gettext-0.19.3/debian/changelog 2014-10-23 15:35:20.000000000 +0200 +++ gettext-0.19.3/debian/changelog 2014-11-30 12:10:51.000000000 +0100 @@ -1,3 +1,16 @@ +gettext (0.19.3-2) unstable; urgency=low + + * xgettext: Fix double-free in singular/plural argument extraction. + See http://lists.gnu.org/archive/html/bug-gettext/2014-10/msg00028.html + Patch extracted from upstream commits 8137d2b and 84044b5. + * msgunfmt: Fix segfault on certain (slightly corrupted) .mo files. + Patch extracted from upstream commit abf93d1. Closes: #769901. + * msgfilter: Fix read buffer allocation for empty input. + See http://lists.gnu.org/archive/html/bug-gettext/2014-11/msg00008.html + Patch extracted from upstream commit 06e206f. + + -- Santiago Vila <sanv...@debian.org> Sun, 30 Nov 2014 12:10:20 +0100 + gettext (0.19.3-1) unstable; urgency=low * New upstream release. diff -Nru gettext-0.19.3/debian/patches/04-xgettext-fix-double-free gettext-0.19.3/debian/patches/04-xgettext-fix-double-free --- gettext-0.19.3/debian/patches/04-xgettext-fix-double-free 1970-01-01 01:00:00.000000000 +0100 +++ gettext-0.19.3/debian/patches/04-xgettext-fix-double-free 2014-11-30 12:04:00.000000000 +0100 @@ -0,0 +1,94 @@ +From: Daiki Ueno <u...@gnu.org> +Subject: Fix double-free in singular/plural argument extraction +X-Debian-version: 0.19.3-2 + +--- a/gettext-tools/src/xgettext.c ++++ b/gettext-tools/src/xgettext.c +@@ -3099,9 +3099,9 @@ + char *msgid = parser->parse (best_cp->msgid, + &best_cp->msgid_pos, + best_cp->msgid_escape); +- free (best_cp->msgid); + if (best_cp->msgid_plural == best_cp->msgid) + best_cp->msgid_plural = msgid; ++ free (best_cp->msgid); + best_cp->msgid = msgid; + } + else +@@ -3110,26 +3110,7 @@ + CONVERT_STRING (best_cp->msgid, lc_string); + } + +- if (best_cp->msgid_comment != NULL) +- { +- refcounted_string_list_ty *msgid_comment = +- savable_comment_convert_encoding (best_cp->msgid_comment, +- &best_cp->msgid_pos); +- drop_reference (best_cp->msgid_comment); +- best_cp->msgid_comment = msgid_comment; +- } +- +- /* best_cp->msgctxt and best_cp->msgid are already in +- UTF-8. Prevent further conversion in remember_a_message. */ +- encoding = xgettext_current_source_encoding; +- xgettext_current_source_encoding = po_charset_utf8; +- mp = remember_a_message (ap->mlp, best_cp->msgctxt, best_cp->msgid, +- msgid_context, +- &best_cp->msgid_pos, +- NULL, best_cp->msgid_comment); +- xgettext_current_source_encoding = encoding; +- +- if (mp != NULL && best_cp->msgid_plural != NULL) ++ if (best_cp->msgid_plural) + { + /* best_cp->msgid_plural may point to best_cp->msgid. + In that case, it is already interpreted and converted. */ +@@ -3152,14 +3133,41 @@ + } + } + +- encoding = xgettext_current_source_encoding; +- xgettext_current_source_encoding = po_charset_utf8; +- remember_a_message_plural (mp, best_cp->msgid_plural, +- msgid_plural_context, +- &best_cp->msgid_plural_pos, +- NULL); +- xgettext_current_source_encoding = encoding; ++ /* If best_cp->msgid_plural equals to best_cp->msgid, ++ the ownership will be transferred to ++ remember_a_message before it is passed to ++ remember_a_message_plural. ++ ++ Make a copy of the string in that case. */ ++ if (best_cp->msgid_plural == best_cp->msgid) ++ best_cp->msgid_plural = xstrdup (best_cp->msgid); ++ } ++ ++ if (best_cp->msgid_comment != NULL) ++ { ++ refcounted_string_list_ty *msgid_comment = ++ savable_comment_convert_encoding (best_cp->msgid_comment, ++ &best_cp->msgid_pos); ++ drop_reference (best_cp->msgid_comment); ++ best_cp->msgid_comment = msgid_comment; + } ++ ++ /* best_cp->msgctxt, best_cp->msgid, and best_cp->msgid_plural ++ are already in UTF-8. Prevent further conversion in ++ remember_a_message. */ ++ encoding = xgettext_current_source_encoding; ++ xgettext_current_source_encoding = po_charset_utf8; ++ mp = remember_a_message (ap->mlp, best_cp->msgctxt, best_cp->msgid, ++ msgid_context, ++ &best_cp->msgid_pos, ++ NULL, best_cp->msgid_comment); ++ if (mp != NULL && best_cp->msgid_plural != NULL) ++ remember_a_message_plural (mp, ++ best_cp->msgid_plural, ++ msgid_plural_context, ++ &best_cp->msgid_plural_pos, ++ NULL); ++ xgettext_current_source_encoding = encoding; + } + + if (best_cp->xcomments.nitems > 0) diff -Nru gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault --- gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault 1970-01-01 01:00:00.000000000 +0100 +++ gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault 2014-11-30 12:05:00.000000000 +0100 @@ -0,0 +1,26 @@ +From: Daiki Ueno <u...@gnu.org> +Subject: Fix segfault on certain (slightly corrupted) .mo files +Bug-Debian: http://bugs.debian.org/769901 +X-Debian-version: 0.19.3-2 + +--- a/gettext-tools/src/read-mo.c ++++ b/gettext-tools/src/read-mo.c +@@ -38,6 +38,7 @@ + #include "message.h" + #include "format.h" + #include "gettext.h" ++#include "xsize.h" + + #define _(str) gettext (str) + +@@ -121,8 +122,9 @@ + /* See 'struct string_desc'. */ + nls_uint32 s_length = get_uint32 (bfp, offset); + nls_uint32 s_offset = get_uint32 (bfp, offset + 4); ++ size_t s_end = xsum3 (s_offset, s_length, 1); + +- if (s_offset + s_length + 1 > bfp->size) ++ if (size_overflow_p (s_end) || s_end > bfp->size) + error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename); + if (bfp->data[s_offset + s_length] != '\0') + error (EXIT_FAILURE, 0, diff -Nru gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation --- gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation 1970-01-01 01:00:00.000000000 +0100 +++ gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation 2014-11-30 12:06:00.000000000 +0100 @@ -0,0 +1,15 @@ +From: Daiki Ueno <u...@gnu.org> +Subject: Fix read buffer allocation for empty input +X-Debian-version: 0.19.3-2 + +--- a/gettext-tools/src/msgfilter.c ++++ b/gettext-tools/src/msgfilter.c +@@ -554,7 +554,7 @@ + + if (l->length == l->allocated) + { +- l->allocated = l->allocated + (l->allocated >> 1); ++ l->allocated = l->allocated + (l->allocated >> 1) + 1; + l->result = (char *) xrealloc (l->result, l->allocated); + } + *num_bytes_p = l->allocated - l->length; diff -Nru gettext-0.19.3/debian/patches/series gettext-0.19.3/debian/patches/series --- gettext-0.19.3/debian/patches/series 2014-10-16 21:18:57.000000000 +0200 +++ gettext-0.19.3/debian/patches/series 2014-11-30 12:10:00.000000000 +0100 @@ -1,4 +1,7 @@ 01-do-not-use-java-in-urlget 02-msgfmt-default-little-endian 03-libtool-powerpc-le +04-xgettext-fix-double-free +05-msgunfmt-fix-segfault +06-msgfilter-fix-read-buffer-allocation 99-config-guess-config-sub -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.11.1412030942180.16...@cantor.unex.es
