Hello community,
here is the log from the commit of package tidy for openSUSE:Factory checked in at 2016-08-12 15:37:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tidy (Old)
and /work/SRC/openSUSE:Factory/.tidy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tidy"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tidy/tidy.changes 2016-06-09 15:54:28.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.tidy.new/tidy.changes 2016-08-12 15:37:15.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Aug 4 12:33:50 UTC 2016 - adam.majer@suse.de
+
+- add static_buffer_overflow.diff:
+ + fix overflow in a static buffer (CVE-2016-6583)
+- add Debian package files form fomer tidy-html5 packagee
+ these don't really work, but mostly as WIP
+
+-------------------------------------------------------------------
New:
----
debian.changelog
debian.compat
debian.control
debian.libtidy-dev.install
debian.libtidy5.install
debian.rules
debian.series
debian.tidy.install
static_buffer_overflow.diff
tidy_5.2.0-1.dsc
tidy_5.2.0.orig.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tidy.spec ++++++
--- /var/tmp/diff_new_pack.xH5O9Z/_old 2016-08-12 15:37:16.000000000 +0200
+++ /var/tmp/diff_new_pack.xH5O9Z/_new 2016-08-12 15:37:16.000000000 +0200
@@ -38,6 +38,7 @@
Patch1: test_fixes.diff
Patch2: fix_doxygen_paths.diff
Patch3: compat_headers.diff
+Patch4: static_buffer_overflow.diff
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: gcc-c++
@@ -102,6 +103,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4
%build
%cmake \
++++++ debian.changelog ++++++
tidy (5.2.0-1) unstable; urgency=low
* Debian build files 'borrowed' from tidy-html5 package by
Jan Engelhardt
* Rename packages to main tidy package
* Updated debhelper compat to 9
* Updated Standards to 3.9.8
-- Adam Majer Fri, 17 Jun 2016 12:11:49 +0200
tidy-html5 (5.0.0) stable; urgency=low
* Update to official release 5.0.0
tidy-html5 (4.9.28) unstable; urgency=low
* Whatever
-- Zarafa Development Tue, 20 Jan 2015 10:25:03 +0100
++++++ debian.compat ++++++
9
++++++ debian.control ++++++
Source: tidy
Section: web
Priority: optional
Maintainer: ZD
Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc
Standards-Version: 3.9.4
Homepage: http://html-tidy.org/
Package: tidy
Section: web
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: HTML syntax checker and reformatter
Corrects markup in a way compliant with the latest standards, and
optimal for the popular browsers. It has a comprehensive knowledge
of the attributes defined in the HTML 4.0 recommendation from W3C,
and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
family of 7-bit encodings. In the output:
.
* HTML entity names for characters are used when appropriate.
* Missing attribute quotes are added, and mismatched quotes found.
* Tags lacking a terminating '>' are spotted.
* Proprietary elements are recognized and reported as such.
* The page is reformatted, from a choice of indentation styles.
Package: libtidy5
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Description: HTML syntax checker and reformatter - library
Corrects markup in a way compliant with the latest standards, and
optimal for the popular browsers. It has a comprehensive knowledge
of the attributes defined in the HTML 4.0 recommendation from W3C,
and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
family of 7-bit encodings. In the output:
.
* HTML entity names for characters are used when appropriate.
* Missing attribute quotes are added, and mismatched quotes found.
* Tags lacking a terminating '>' are spotted.
* Proprietary elements are recognized and reported as such.
* The page is reformatted, from a choice of indentation styles.
Package: libtidy-dev
Section: libdevel
Architecture: any
Depends: libtidy5 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}
Conflicts: libtidy-dev
Description: HTML syntax checker and reformatter - development
Corrects markup in a way compliant with the latest standards, and
optimal for the popular browsers. It has a comprehensive knowledge
of the attributes defined in the HTML 4.0 recommendation from W3C,
and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022
family of 7-bit encodings. In the output:
.
* HTML entity names for characters are used when appropriate.
* Missing attribute quotes are added, and mismatched quotes found.
* Tags lacking a terminating '>' are spotted.
* Proprietary elements are recognized and reported as such.
* The page is reformatted, from a choice of indentation styles.
++++++ debian.libtidy-dev.install ++++++
usr/include/tidy*.h
usr/lib/libtidy.so
++++++ debian.libtidy5.install ++++++
usr/lib/libtidy.so.5*
++++++ debian.rules ++++++
#!/usr/bin/make -f
%:
dh $@ --parallel --builddirectory=builddir
override_dh_auto_configure:
mkdir -p builddir
cd builddir; \
cmake .. -DCMAKE_SKIP_RPATH:BOOL=OFF \
-DINCLUDE_INSTALL_DIR:PATH=include/tidy \
PREFIX=/usr
++++++ debian.series ++++++
dynamic_library_build.diff
test_fixes.diff
fix_doxygen_paths.diff
compat_headers.diff
++++++ debian.tidy.install ++++++
usr/bin/tidy
usr/share/man/man1/tidy.1
++++++ static_buffer_overflow.diff ++++++
Index: src/language.c
===================================================================
--- src/language.c.orig
+++ src/language.c
@@ -601,7 +601,6 @@ tmbstr tidyNormalizedLocaleName( ctmbstr
uint i;
uint len;
static char result[6] = "xx_yy";
- char character[1];
tmbstr search = strdup(locale);
search = TY_(tmbstrtolower)(search);
@@ -622,27 +621,28 @@ tmbstr tidyNormalizedLocaleName( ctmbstr
junk language that doesn't exist and won't be set. */
len = strlen( search );
- len = len <= 5 ? len : 5;
+ len = ( len <= 5 ? len : 5 );
- for ( i = 0; i <= len; i++ )
+ for ( i = 0; i < len; i++ )
{
if ( i == 2 )
{
/* Either terminate the string or ensure there's an underscore */
- if (strlen( search) >= 5)
- character[0] = '_';
- else
- character[0] = '\0';
- strncpy( result + i, character, 1 );
+ if (len == 5) {
+ result[i] = '_';
+ }
+ else {
+ result[i] = '\0';
+ break; /* no need to copy after null */
+ }
}
else
{
- strncpy( result + i, search + i, 1);
- result[i] = tolower( result[i] );
+ result[i] = tolower( search[i] );
}
}
- if ( search ) free( search );
+ free( search );
return result;
}
++++++ tidy_5.2.0-1.dsc ++++++
Format: 1.0
Source: tidy
Binary: tidy, libtidy5, libtidy-dev
Architecture: any
Version: 5.2.0-1
Maintainer: ZD
Homepage: http://html-tidy.org/
Standards-Version: 3.9.4
Build-Depends: debhelper, fakeroot, cmake, g++, xsltproc
DEBTRANSFORM-TAR: tidy_5.2.0.orig.tar.xz
Package-List:
libtidy-dev deb libdevel optional
libtidy5 deb libs optional
tidy deb web optional
Files:
d57283ebb8157ae919762c58419353c8 133282 tidy_5.2.0.orig.tar.xz