[Python-modules-commits] [python-udatetime] 02/03: merge patched into master

Ilias Tsitsimpis iliastsi-guest at moszumanska.debian.org
Sun Aug 6 08:53:09 UTC 2017 

This is an automated email from the git hooks/post-receive script.

iliastsi-guest pushed a commit to branch master
in repository python-udatetime.

commit 7b640daa85b75a4eec0d882a0d46322c209c9fc9
Merge: 8f9341e a054d1b
Author: Ilias Tsitsimpis <iliastsi at debian.org>
Date:   Sun Aug 6 11:34:11 2017 +0300

    merge patched into master

 debian/.git-dpm                                  |  4 ++--
 debian/patches/0002-Fix-out-of-bounds-read.patch | 28 ++++++++++++++++++++++++
 debian/patches/series                            |  1 +
 src/rfc3339.c                                    |  2 +-
 4 files changed, 32 insertions(+), 3 deletions(-)

diff --cc debian/.git-dpm
index 00920cd,0000000..fef47f4
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,11 -1,0 +1,11 @@@
 +# see git-dpm(1) from git-dpm package
- 5a73920f21b04d1a6f17d739bb2e252cc767bb8c
- 5a73920f21b04d1a6f17d739bb2e252cc767bb8c
++a054d1bc0b7df936f11ef7c6cbcbb8a516efe4f9
++a054d1bc0b7df936f11ef7c6cbcbb8a516efe4f9
 +3c87a48a34973547fff234b76daa1091c32df144
 +3c87a48a34973547fff234b76daa1091c32df144
 +python-udatetime_0.0.12.orig.tar.gz
 +eeb31acb493ddc240fc2950b26ab7b8cf7e020e4
 +13621
 +debianTag="debian/%e%v"
 +patchedTag="patched/%e%v"
 +upstreamTag="upstream/%e%u"
diff --cc debian/patches/0002-Fix-out-of-bounds-read.patch
index 0000000,0000000..904fb36
new file mode 100644
--- /dev/null
+++ b/debian/patches/0002-Fix-out-of-bounds-read.patch
@@@ -1,0 -1,0 +1,28 @@@
++From a054d1bc0b7df936f11ef7c6cbcbb8a516efe4f9 Mon Sep 17 00:00:00 2001
++From: Ilias Tsitsimpis <iliastsi at debian.org>
++Date: Sun, 6 Aug 2017 11:11:30 +0300
++Subject: Fix out-of-bounds read
++
++Increase the size of the fractions buffer to 7, to include the
++terminating null byte ('\0'). Otherwise sscanf() will read past the
++buffer area with unpredictable results.
++
++Forwarded: https://github.com/freach/udatetime/pull/20
++Bug-Debian: https://bugs.debian.org/870887
++---
++ src/rfc3339.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/src/rfc3339.c b/src/rfc3339.c
++index 16b80ed..1ca8717 100644
++--- a/src/rfc3339.c
+++++ b/src/rfc3339.c
++@@ -256,7 +256,7 @@ static void _parse_time(char *time_string, time_struct *t) {
++     // check for fractions
++     if (*tokens == '.') {
++         tokens++;
++-        char fractions[6] = {0};
+++        char fractions[7] = {0};
++ 
++         // Substring fractions, max 6 digits for usec
++         for (unsigned int i = 0; i < 6; i++) {
diff --cc debian/patches/series
index 5332971,0000000..24ba091
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,1 -1,0 +1,2 @@@
 +0001-Move-rfc3339-module-under-udatetime.patch
++0002-Fix-out-of-bounds-read.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-udatetime.git

More information about the Python-modules-commits mailing list