commit tidy for openSUSE:Factory

12 Aug 2016

Hello community,

here is the log from the commit of package tidy for openSUSE:Factory checked in at 2016-08-12 15:37:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tidy (Old)
 and      /work/SRC/openSUSE:Factory/.tidy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tidy"

Changes:
--------

--- /work/SRC/openSUSE:Factory/tidy/tidy.changes	2016-06-09 15:54:28.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tidy.new/tidy.changes	2016-08-12 15:37:15.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Aug  4 12:33:50 UTC 2016 - adam.majer@suse.de
+
+- add static_buffer_overflow.diff:
+  + fix overflow in a static buffer (CVE-2016-6583)
+- add Debian package files form fomer tidy-html5 packagee
+  these don't really work, but mostly as WIP
+
+-------------------------------------------------------------------

New:
----
  debian.changelog
  debian.compat
  debian.control
  debian.libtidy-dev.install
  debian.libtidy5.install
  debian.rules
  debian.series
  debian.tidy.install
  static_buffer_overflow.diff
  tidy_5.2.0-1.dsc
  tidy_5.2.0.orig.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tidy.spec ++++++
--- /var/tmp/diff_new_pack.xH5O9Z/_old	2016-08-12 15:37:16.000000000 +0200
+++ /var/tmp/diff_new_pack.xH5O9Z/_new	2016-08-12 15:37:16.000000000 +0200
@@ -38,6 +38,7 @@
 Patch1:         test_fixes.diff
 Patch2:         fix_doxygen_paths.diff
 Patch3:         compat_headers.diff
+Patch4:         static_buffer_overflow.diff
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  gcc-c++
@@ -102,6 +103,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4
 
 %build
 %cmake \

++++++ debian.changelog ++++++
tidy (5.2.0-1) unstable; urgency=low
  * Debian build files 'borrowed' from tidy-html5 package by
    Jan Engelhardt
  * Rename packages to main tidy package
  * Updated debhelper compat to 9
  * Updated Standards to 3.9.8
 -- Adam Majer   Fri, 17 Jun 2016 12:11:49 +0200

tidy-html5 (5.0.0) stable; urgency=low

  * Update to official release 5.0.0

tidy-html5 (4.9.28) unstable; urgency=low

  * Whatever

 -- Zarafa Development   Tue, 20 Jan 2015 10:25:03 +0100
++++++ debian.compat ++++++
9
++++++ debian.control ++++++
Source: tidy
Section: web
Priority: optional
Maintainer: ZD 
Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc
Standards-Version: 3.9.4
Homepage: http://html-tidy.org/

Package: tidy
Section: web
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: HTML syntax checker and reformatter
 Corrects markup in a way compliant with the latest standards, and
 optimal for the popular browsers.  It has a comprehensive knowledge
 of the attributes defined in the HTML 4.0 recommendation from W3C,
 and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
 family of 7-bit encodings.  In the output:
 .
  * HTML entity names for characters are used when appropriate.
  * Missing attribute quotes are added, and mismatched quotes found.
  * Tags lacking a terminating '>' are spotted.
  * Proprietary elements are recognized and reported as such.
  * The page is reformatted, from a choice of indentation styles.

Package: libtidy5
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: HTML syntax checker and reformatter - library
 Corrects markup in a way compliant with the latest standards, and
 optimal for the popular browsers.  It has a comprehensive knowledge
 of the attributes defined in the HTML 4.0 recommendation from W3C,
 and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
 family of 7-bit encodings.  In the output:
 .
  * HTML entity names for characters are used when appropriate.
  * Missing attribute quotes are added, and mismatched quotes found.
  * Tags lacking a terminating '>' are spotted.
  * Proprietary elements are recognized and reported as such.
  * The page is reformatted, from a choice of indentation styles.

Package: libtidy-dev
Section: libdevel
Architecture: any
Depends: libtidy5 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
Conflicts: libtidy-dev
Description: HTML syntax checker and reformatter - development
 Corrects markup in a way compliant with the latest standards, and
 optimal for the popular browsers.  It has a comprehensive knowledge
 of the attributes defined in the HTML 4.0 recommendation from W3C,
 and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
 family of 7-bit encodings.  In the output:
 .
  * HTML entity names for characters are used when appropriate.
  * Missing attribute quotes are added, and mismatched quotes found.
  * Tags lacking a terminating '>' are spotted.
  * Proprietary elements are recognized and reported as such.
  * The page is reformatted, from a choice of indentation styles.
++++++ debian.libtidy-dev.install ++++++
usr/include/tidy*.h
usr/lib/libtidy.so
++++++ debian.libtidy5.install ++++++
usr/lib/libtidy.so.5*
++++++ debian.rules ++++++
#!/usr/bin/make -f
%:
	dh $@ --parallel --builddirectory=builddir

override_dh_auto_configure:
	mkdir -p builddir
	cd builddir; \
	cmake .. -DCMAKE_SKIP_RPATH:BOOL=OFF \
		-DINCLUDE_INSTALL_DIR:PATH=include/tidy \
		PREFIX=/usr
++++++ debian.series ++++++
dynamic_library_build.diff
test_fixes.diff
fix_doxygen_paths.diff
compat_headers.diff

++++++ debian.tidy.install ++++++
usr/bin/tidy
usr/share/man/man1/tidy.1

++++++ static_buffer_overflow.diff ++++++
Index: src/language.c
===================================================================
--- src/language.c.orig
+++ src/language.c
@@ -601,7 +601,6 @@ tmbstr tidyNormalizedLocaleName( ctmbstr
     uint i;
     uint len;
     static char result[6] = "xx_yy";
-    char character[1];
     tmbstr search = strdup(locale);
     search = TY_(tmbstrtolower)(search);
     
@@ -622,27 +621,28 @@ tmbstr tidyNormalizedLocaleName( ctmbstr
      junk language that doesn't exist and won't be set. */
     
     len = strlen( search );
-    len = len <= 5 ? len : 5;
+    len = ( len <= 5 ? len : 5 );
     
-    for ( i = 0; i <= len; i++ )
+    for ( i = 0; i < len; i++ )
     {
         if ( i == 2 )
         {
             /* Either terminate the string or ensure there's an underscore */
-            if (strlen( search) >= 5)
-                character[0] = '_';
-            else
-                character[0] = '\0';
-            strncpy( result + i, character, 1 );
+            if (len == 5) {
+                result[i] = '_';
+            }
+            else {
+                result[i] = '\0';
+                break;      /* no need to copy after null */
+            }
         }
         else
         {
-            strncpy( result + i, search + i, 1);
-            result[i] = tolower( result[i] );
+            result[i] = tolower( search[i] );
         }
     }
     
-    if ( search ) free( search );
+    free( search );
     return result;
 }
 
++++++ tidy_5.2.0-1.dsc ++++++
Format: 1.0
Source: tidy
Binary: tidy, libtidy5, libtidy-dev
Architecture: any
Version: 5.2.0-1
Maintainer: ZD 
Homepage: http://html-tidy.org/
Standards-Version: 3.9.4
Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc
DEBTRANSFORM-TAR: tidy_5.2.0.orig.tar.xz
Package-List: 
 libtidy-dev deb libdevel optional
 libtidy5 deb libs optional
 tidy deb web optional
Files:
 d57283ebb8157ae919762c58419353c8 133282 tidy_5.2.0.orig.tar.xz

    

commit tidy for openSUSE:Factory

root＠hilbert.suse.de