[pyfribidi] - Update to 0.10.0 (rhbz#539493) - Fix CVE-2010-3444: buffer overflow when processing Arabic UTF-8
Hans de Goede
jwrdegoede at fedoraproject.org
Fri Dec 31 16:01:37 UTC 2010
commit 1a5c574ca64fd7d75d4ec594b3d92d5ae34f25d5
Author: Hans de Goede <hdegoede at redhat.com>
Date: Fri Dec 31 17:08:07 2010 +0100
- Update to 0.10.0 (rhbz#539493)
- Fix CVE-2010-3444: buffer overflow when processing Arabic UTF-8
strings (rhbz#565997, rhbz#565998)
- Run the included tests
.gitignore | 1 +
buffer_overflow.diff | 15 +++++++++++++++
pyfribidi.spec | 22 +++++++++++++++++++---
sources | 2 +-
testbigString.diff | 38 ++++++++++++++++++++++++++++++++++++++
5 files changed, 74 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ea39454..8a3de7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
pyfribidi-0.6.0.tar.gz
+/pyfribidi-0.10.0.tar.bz2
diff --git a/buffer_overflow.diff b/buffer_overflow.diff
new file mode 100644
index 0000000..5ea93df
--- /dev/null
+++ b/buffer_overflow.diff
@@ -0,0 +1,15 @@
+Descripton: Create an output buffer that assumes 4-byte sequences for all
+ Unicode characters
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570068
+Origin: http://sourceforge.net/tracker/?func=detail&aid=2676136&group_id=158366&atid=807545
+--- a/pyfribidi.c
++++ b/pyfribidi.c
+@@ -230,7 +230,7 @@
+
+ /* Allocate fribidi UTF-8 buffer */
+
+- visual_utf8 = PyMem_New(char, MAX_STR_LEN);
++ visual_utf8 = PyMem_New(char, (unicode_length * 4)+1);
+ if (visual_utf8 == NULL)
+ {
+ PyErr_SetString (PyExc_MemoryError,
diff --git a/pyfribidi.spec b/pyfribidi.spec
index e7fd033..3cac865 100644
--- a/pyfribidi.spec
+++ b/pyfribidi.spec
@@ -1,14 +1,17 @@
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Name: pyfribidi
-Version: 0.6.0
-Release: 9%{?dist}
+Version: 0.10.0
+Release: 1%{?dist}
Summary: A Python binding for GNU FriBidi
Group: Development/Languages
License: GPLv2+
URL: http://pyfribidi.sourceforge.net/
-Source0: http://dl.sourceforge.net/sourceforge/pyfribidi/pyfribidi-%{version}.tar.gz
+Source0: http://downloads.sourceforge.net/pyfribidi/pyfribidi-%{version}.tar.bz2
+# Patches courtsey of Debian
+Patch0: buffer_overflow.diff
+Patch1: testbigString.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-devel
@@ -22,6 +25,8 @@ implementation of The Unicode Bidirectional Algorithm in Python.
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
@@ -32,6 +37,11 @@ CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT
+
+%check
+ln -s build/lib.linux-*/pyfribidi.so .
+python test_pyfribidi.py
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -44,6 +54,12 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Dec 31 2010 Hans de Goede <hdegoede at redhat.com> - 0.10.0-1
+- Update to 0.10.0 (rhbz#539493)
+- Fix CVE-2010-3444: buffer overflow when processing Arabic UTF-8
+ strings (rhbz#565997, rhbz#565998)
+- Run the included tests
+
* Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com> - 0.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
diff --git a/sources b/sources
index 3335653..ffffc3a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-57766e3bd05a2044397e98b4f90125c2 pyfribidi-0.6.0.tar.gz
+787e6fe851e8be43fe97008beb150705 pyfribidi-0.10.0.tar.bz2
diff --git a/testbigString.diff b/testbigString.diff
new file mode 100644
index 0000000..2d883d4
--- /dev/null
+++ b/testbigString.diff
@@ -0,0 +1,38 @@
+Description: Resurrected bigString test that was removed in upstream release
+ 0.8
+--- a/test_pyfribidi.py
++++ b/test_pyfribidi.py
+@@ -48,6 +48,16 @@
+ """ unicode: empty string """
+ self.assertEqual(pyfribidi.log2vis(u''), u'')
+
++ def testBigString(self):
++ """ unicode: big string
++
++ It does not make sense to order such big strings, this just
++ checks that there are no size limits in pyfribidi.
++ """
++ # About 2MB string for default python build (ucs2)
++ big = (u'א' * 1024) * 1024
++ self.assertEqual(pyfribidi.log2vis(big), big)
++
+ def testDefaultDirection(self):
+ """ unicode: use RTL default """
+ self.assertEqual(pyfribidi.log2vis(u"hello - שלום"),
+@@ -81,6 +91,16 @@
+ """ utf8: empty string """
+ self.assertEqual(pyfribidi.log2vis(''), '')
+
++ def testBigString(self):
++ """ utf8: big string
++
++ It does not make sense to order such big strings, this just
++ checks that there are no size limits in pyfribidi.
++ """
++ # About 2MB string
++ big = ('א' * 1024) * 1024
++ self.assertEqual(pyfribidi.log2vis(big), big)
++
+ def testDefaultDirection(self):
+ """ utf8: use RTL default """
+ self.assertEqual(pyfribidi.log2vis("hello - שלום"),
More information about the scm-commits
mailing list