Hello community, here is the log from the commit of package mcpp for openSUSE:Factory checked in at 2020-03-19 19:50:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mcpp (Old) and /work/SRC/openSUSE:Factory/.mcpp.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mcpp" Thu Mar 19 19:50:19 2020 rev:17 rq:786229 version:2.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/mcpp/mcpp.changes 2015-05-06 11:19:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mcpp.new.3160/mcpp.changes 2020-03-19 19:54:00.552277066 +0100 @@ -1,0 +2,5 @@ +Wed Mar 18 17:29:06 UTC 2020 - Dirk Mueller <dmuel...@suse.com> + +- add CVE-2019-14274.patch (bsc#1143032, CVE-2019-14274) + +------------------------------------------------------------------- New: ---- CVE-2019-14274.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mcpp.spec ++++++ --- /var/tmp/diff_new_pack.zY6xE4/_old 2020-03-19 19:54:01.048277084 +0100 +++ /var/tmp/diff_new_pack.zY6xE4/_new 2020-03-19 19:54:01.048277084 +0100 @@ -1,7 +1,7 @@ # # spec file for package mcpp # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,9 +22,10 @@ Summary: Matsui's C Preprocessor License: BSD-3-Clause Group: Development/Languages/C and C++ -Url: http://mcpp.sourceforge.net/ +URL: http://mcpp.sourceforge.net/ Source0: http://sourceforge.net/projects/mcpp/files/mcpp/V.%{version}/%{name}-%{version}.tar.gz Patch0: %{name}-%{version}.diff +Patch1: CVE-2019-14274.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -58,6 +59,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build export CFLAGS="%{optflags} -D_BSD_SOURCE" ++++++ CVE-2019-14274.patch ++++++ Subject: [PATCH] Merge bug fixes from https://github.com/h8liu/mcpp.git --- a/src/support.c +++ b/src/support.c @@ -188,7 +188,7 @@ static char * append_to_buffer( size_t length ) { - if (mem_buf_p->bytes_avail < length) { /* Need to allocate more memory */ + if (mem_buf_p->bytes_avail < length + 1) { /* Need to allocate more memory */ size_t size = MAX( BUF_INCR_SIZE, length); if (mem_buf_p->buffer == NULL) { /* 1st append */ @@ -1722,6 +1722,8 @@ static char * parse_line( void) sp -= 2; while (*sp != '\n') /* Until end of line */ mcpp_fputc( *sp++, OUT); + mcpp_fputc('\n', OUT); + wrong_line = TRUE; } goto end_line; default: /* Not a comment */
