Hello community,
here is the log from the commit of package mozilla-nspr for openSUSE:Factory
checked in at 2015-11-08 11:24:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mozilla-nspr (Old)
and /work/SRC/openSUSE:Factory/.mozilla-nspr.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nspr"
Changes:
--------
--- /work/SRC/openSUSE:Factory/mozilla-nspr/mozilla-nspr.changes
2015-10-22 12:56:35.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.mozilla-nspr.new/mozilla-nspr.changes
2015-11-08 11:24:58.000000000 +0100
@@ -1,0 +2,7 @@
+Sun Oct 25 14:42:59 UTC 2015 - w...@rosenauer.org
+
+- update to version 4.10.10 (bnc#952810)
+ * MFSA 2015-133/CVE-2015-7183 (bmo#1205157)
+ memory corruption issues
+
+-------------------------------------------------------------------
Old:
----
nspr-4.10.9.tar.gz
New:
----
nspr-4.10.10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mozilla-nspr.spec ++++++
--- /var/tmp/diff_new_pack.RZN9XH/_old 2015-11-08 11:25:00.000000000 +0100
+++ /var/tmp/diff_new_pack.RZN9XH/_new 2015-11-08 11:25:00.000000000 +0100
@@ -18,7 +18,7 @@
Name: mozilla-nspr
-Version: 4.10.9
+Version: 4.10.10
Release: 0
Summary: Netscape Portable Runtime
License: MPL-2.0
++++++ nspr-4.10.9.tar.gz -> nspr-4.10.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/.hg_archival.txt
new/nspr-4.10.10/nspr/.hg_archival.txt
--- old/nspr-4.10.9/nspr/.hg_archival.txt 2015-08-19 17:32:22.000000000
+0200
+++ new/nspr-4.10.10/nspr/.hg_archival.txt 2015-10-16 15:22:19.000000000
+0200
@@ -1,4 +1,4 @@
repo: a4b34919bf34db2ee22acbbc305693c8980b6dc6
-node: 2c9a94fefea664f8a84442fc959b37db119e2e25
+node: 21a7c4a68ca663ae2ba8ff05e12b9379f5108c5d
branch: default
-tag: NSPR_4_10_9_RTM
+tag: NSPR_4_10_10_RTM
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/configure
new/nspr-4.10.10/nspr/configure
--- old/nspr-4.10.9/nspr/configure 2015-08-19 17:32:22.000000000 +0200
+++ new/nspr-4.10.10/nspr/configure 2015-10-16 15:22:19.000000000 +0200
@@ -2489,7 +2489,7 @@
MOD_MAJOR_VERSION=4
MOD_MINOR_VERSION=10
-MOD_PATCH_VERSION=9
+MOD_PATCH_VERSION=10
NSPR_MODNAME=nspr20
_HAVE_PTHREADS=
USE_PTHREADS=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/configure.in
new/nspr-4.10.10/nspr/configure.in
--- old/nspr-4.10.9/nspr/configure.in 2015-08-19 17:32:22.000000000 +0200
+++ new/nspr-4.10.10/nspr/configure.in 2015-10-16 15:22:19.000000000 +0200
@@ -16,7 +16,7 @@
dnl ========================================================
MOD_MAJOR_VERSION=4
MOD_MINOR_VERSION=10
-MOD_PATCH_VERSION=9
+MOD_PATCH_VERSION=10
NSPR_MODNAME=nspr20
_HAVE_PTHREADS=
USE_PTHREADS=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/lib/ds/plarena.c
new/nspr-4.10.10/nspr/lib/ds/plarena.c
--- old/nspr-4.10.9/nspr/lib/ds/plarena.c 2015-08-19 17:32:22.000000000
+0200
+++ new/nspr-4.10.10/nspr/lib/ds/plarena.c 2015-10-16 15:22:19.000000000
+0200
@@ -93,6 +93,9 @@
pool->mask = PR_BITMASK(PR_CeilingLog2(align));
pool->first.next = NULL;
+ /* Set all three addresses in pool->first to the same dummy value.
+ * These addresses are only compared with each other, but never
+ * dereferenced. */
pool->first.base = pool->first.avail = pool->first.limit =
(PRUword)PL_ARENA_ALIGN(pool, &pool->first + 1);
pool->current = &pool->first;
@@ -144,10 +147,14 @@
{
PLArena *a;
char *rp; /* returned pointer */
+ PRUint32 nbOld;
PR_ASSERT((nb & pool->mask) == 0);
+ nbOld = nb;
nb = (PRUword)PL_ARENA_ALIGN(pool, nb); /* force alignment */
+ if (nb < nbOld)
+ return NULL;
/* attempt to allocate from arenas at pool->current */
{
@@ -208,6 +215,7 @@
PL_MAKE_MEM_NOACCESS((void*)a->avail, a->limit - a->avail);
rp = (char *)a->avail;
a->avail += nb;
+ PR_ASSERT(a->avail <= a->limit);
/* the newly allocated arena is linked after pool->current
* and becomes pool->current */
a->next = pool->current->next;
@@ -230,6 +238,8 @@
{
void *newp;
+ if (PR_UINT32_MAX - size < incr)
+ return NULL;
PL_ARENA_ALLOCATE(newp, pool, size + incr);
if (newp)
memcpy(newp, p, size);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/lib/ds/plarena.h
new/nspr-4.10.10/nspr/lib/ds/plarena.h
--- old/nspr-4.10.9/nspr/lib/ds/plarena.h 2015-08-19 17:32:22.000000000
+0200
+++ new/nspr-4.10.10/nspr/lib/ds/plarena.h 2015-10-16 15:22:19.000000000
+0200
@@ -137,34 +137,39 @@
#define PL_ARENA_ALLOCATE(p, pool, nb) \
PR_BEGIN_MACRO \
PLArena *_a = (pool)->current; \
- PRUint32 _nb = PL_ARENA_ALIGN(pool, nb); \
+ PRUint32 _nb = PL_ARENA_ALIGN(pool, (PRUint32)nb); \
PRUword _p = _a->avail; \
- PRUword _q = _p + _nb; \
- if (_q > _a->limit) { \
+ if (_nb < (PRUint32)nb) { \
+ _p = 0; \
+ } else if (_nb > (_a->limit - _a->avail)) { \
_p = (PRUword)PL_ArenaAllocate(pool, _nb); \
} else { \
- _a->avail = _q; \
+ _a->avail += _nb; \
} \
p = (void *)_p; \
- PL_MAKE_MEM_UNDEFINED(p, nb); \
- PL_ArenaCountAllocation(pool, nb); \
+ if (p) { \
+ PL_MAKE_MEM_UNDEFINED(p, (PRUint32)nb); \
+ PL_ArenaCountAllocation(pool, (PRUint32)nb); \
+ } \
PR_END_MACRO
#define PL_ARENA_GROW(p, pool, size, incr) \
PR_BEGIN_MACRO \
PLArena *_a = (pool)->current; \
- PRUint32 _incr = PL_ARENA_ALIGN(pool, incr); \
- PRUword _p = _a->avail; \
- PRUword _q = _p + _incr; \
- if (_p == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
- _q <= _a->limit) { \
- PL_MAKE_MEM_UNDEFINED((unsigned char *)(p) + size, incr); \
- _a->avail = _q; \
- PL_ArenaCountInplaceGrowth(pool, size, incr); \
+ PRUint32 _incr = PL_ARENA_ALIGN(pool, (PRUint32)incr); \
+ if (_incr < (PRUint32)incr) { \
+ p = NULL; \
+ } else if (_a->avail == (PRUword)(p) + PL_ARENA_ALIGN(pool, size) && \
+ _incr <= (_a->limit - _a->avail)) { \
+ PL_MAKE_MEM_UNDEFINED((unsigned char *)(p) + size,
(PRUint32)incr); \
+ _a->avail += _incr; \
+ PL_ArenaCountInplaceGrowth(pool, size, (PRUint32)incr); \
} else { \
- p = PL_ArenaGrow(pool, p, size, incr); \
+ p = PL_ArenaGrow(pool, p, size, (PRUint32)incr); \
+ } \
+ if (p) {\
+ PL_ArenaCountGrowth(pool, size, (PRUint32)incr); \
} \
- PL_ArenaCountGrowth(pool, size, incr); \
PR_END_MACRO
#define PL_ARENA_MARK(pool) ((void *) (pool)->current->avail)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/pr/include/md/_linux.cfg
new/nspr-4.10.10/nspr/pr/include/md/_linux.cfg
--- old/nspr-4.10.9/nspr/pr/include/md/_linux.cfg 2015-08-19
17:32:22.000000000 +0200
+++ new/nspr-4.10.10/nspr/pr/include/md/_linux.cfg 2015-10-16
15:22:19.000000000 +0200
@@ -508,7 +508,7 @@
#error "Unknown MIPS endianness."
#endif
-#ifdef _ABI64
+#if _MIPS_SIM == _ABI64
#define IS_64
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/pr/include/prinit.h
new/nspr-4.10.10/nspr/pr/include/prinit.h
--- old/nspr-4.10.9/nspr/pr/include/prinit.h 2015-08-19 17:32:22.000000000
+0200
+++ new/nspr-4.10.10/nspr/pr/include/prinit.h 2015-10-16 15:22:19.000000000
+0200
@@ -31,10 +31,10 @@
** The format of the version string is
** "<major version>.<minor version>[.<patch level>] [<Beta>]"
*/
-#define PR_VERSION "4.10.9"
+#define PR_VERSION "4.10.10"
#define PR_VMAJOR 4
#define PR_VMINOR 10
-#define PR_VPATCH 9
+#define PR_VPATCH 10
#define PR_BETA PR_FALSE
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nspr-4.10.9/nspr/pr/tests/vercheck.c
new/nspr-4.10.10/nspr/pr/tests/vercheck.c
--- old/nspr-4.10.9/nspr/pr/tests/vercheck.c 2015-08-19 17:32:22.000000000
+0200
+++ new/nspr-4.10.10/nspr/pr/tests/vercheck.c 2015-10-16 15:22:19.000000000
+0200
@@ -20,10 +20,10 @@
#include <stdlib.h>
/*
- * This release (4.10.7) is backward compatible with the
+ * This release (4.10.10) is backward compatible with the
* 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x,
* 4.8.x, 4.9.x, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4,
- * 4.10.5, 4.10.6, 4.10.7 and 4.10.8 releases.
+ * 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9 releases.
* It, of course, is compatible with itself.
*/
static char *compatible_version[] = {
@@ -39,7 +39,7 @@
"4.9", "4.9.1", "4.9.2", "4.9.3", "4.9.4", "4.9.5",
"4.9.6",
"4.10", "4.10.1", "4.10.2", "4.10.3", "4.10.4",
- "4.10.5", "4.10.6", "4.10.7", "4.10.8",
+ "4.10.5", "4.10.6", "4.10.7", "4.10.8", "4.10.9",
PR_VERSION
};
@@ -55,7 +55,7 @@
"3.0", "3.0.1",
"3.1", "3.1.1", "3.1.2", "3.1.3",
"3.5", "3.5.1",
- "4.10.10",
+ "4.10.11",
"4.11", "4.11.1",
"10.0", "11.1", "12.14.20"
};
