[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: coreutils: i18n for v8.24
From: |
Pádraig Brady |
Subject: |
Re: coreutils: i18n for v8.24 |
Date: |
Thu, 16 Jul 2015 02:59:01 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 16/07/15 02:25, Bernhard Voelker wrote:
> On 07/14/2015 05:58 PM, Pádraig Brady wrote:
>>> would you mind merging v8.24 to your semi-official "i18n" branch
>>> on github [0]?
>>
>> Done
>
> Thanks!
> Hmm, it seems you didn't merge but you rebased the I18N patch,
> i.e. the version of the patch needed for v8.23 is not visible
> anymore, is it?
Right. I suppose we could branch each previous release before rebasing.
>> There are only a couple of divergences and on very quick scan,
>> the Fedora/github one seems to be the latest. I'll verify that later
>> and ensure github/Fedora has the latest revision.
>
> For openSUSE's version of the patch, I've found the missing pieces
> (not yet pushed to OBS):
> * the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1148347
> had been in a separate patch file; now squashed.
> * the cut performance improvement for cut(1) in field-mode and UTF8
> was missing
>
> Regarding Fedora: the only difference I can see now is that Fedora's
> version of the patch seems to use an older version of your recent
> sort/I18N fix for CVE-2015-4041 and CVE-2015-4042 [0]:
>
> diff -u src/sort.c ~/coreutils/src/sort.c
> --- src/sort.c 2015-07-15 23:52:42.664935007 +0200
> +++ /home/berny/coreutils/src/sort.c 2015-07-15 23:43:46.725105768 +0200
> @@ -3243,7 +3243,9 @@
>
> if (ignore || translate)
> {
> - char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2);
> + if (SIZE_MAX - lenb - 2 < lena)
> + xalloc_die ();
> + char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX);
> char *copy_b = copy_a + lena * MB_CUR_MAX + 1;
> size_t new_len_a, new_len_b;
> size_t i, j;
>
> (Left side is Fedora, right side is your pixelb/i18n branch.)
>
> [0] https://github.com/pixelb/coreutils/commit/bea5e36cc876
Thanks for confirming that.
So the github patch is the most up to date.
thanks,
Pádraig.