--- Begin Message ---
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal
I'd like to ask the unblocking of gettext 0.19.3-2.
This release fixes three memory related bugs, in every case the fix
comes directly from upstream git.
debdiff follows.
Thanks.
diff -Nru gettext-0.19.3/debian/changelog gettext-0.19.3/debian/changelog
--- gettext-0.19.3/debian/changelog 2014-10-23 15:35:20.000000000 +0200
+++ gettext-0.19.3/debian/changelog 2014-11-30 12:10:51.000000000 +0100
@@ -1,3 +1,16 @@
+gettext (0.19.3-2) unstable; urgency=low
+
+ * xgettext: Fix double-free in singular/plural argument extraction.
+ See http://lists.gnu.org/archive/html/bug-gettext/2014-10/msg00028.html
+ Patch extracted from upstream commits 8137d2b and 84044b5.
+ * msgunfmt: Fix segfault on certain (slightly corrupted) .mo files.
+ Patch extracted from upstream commit abf93d1. Closes: #769901.
+ * msgfilter: Fix read buffer allocation for empty input.
+ See http://lists.gnu.org/archive/html/bug-gettext/2014-11/msg00008.html
+ Patch extracted from upstream commit 06e206f.
+
+ -- Santiago Vila <sanvila@debian.org> Sun, 30 Nov 2014 12:10:20 +0100
+
gettext (0.19.3-1) unstable; urgency=low
* New upstream release.
diff -Nru gettext-0.19.3/debian/patches/04-xgettext-fix-double-free gettext-0.19.3/debian/patches/04-xgettext-fix-double-free
--- gettext-0.19.3/debian/patches/04-xgettext-fix-double-free 1970-01-01 01:00:00.000000000 +0100
+++ gettext-0.19.3/debian/patches/04-xgettext-fix-double-free 2014-11-30 12:04:00.000000000 +0100
@@ -0,0 +1,94 @@
+From: Daiki Ueno <ueno@gnu.org>
+Subject: Fix double-free in singular/plural argument extraction
+X-Debian-version: 0.19.3-2
+
+--- a/gettext-tools/src/xgettext.c
++++ b/gettext-tools/src/xgettext.c
+@@ -3099,9 +3099,9 @@
+ char *msgid = parser->parse (best_cp->msgid,
+ &best_cp->msgid_pos,
+ best_cp->msgid_escape);
+- free (best_cp->msgid);
+ if (best_cp->msgid_plural == best_cp->msgid)
+ best_cp->msgid_plural = msgid;
++ free (best_cp->msgid);
+ best_cp->msgid = msgid;
+ }
+ else
+@@ -3110,26 +3110,7 @@
+ CONVERT_STRING (best_cp->msgid, lc_string);
+ }
+
+- if (best_cp->msgid_comment != NULL)
+- {
+- refcounted_string_list_ty *msgid_comment =
+- savable_comment_convert_encoding (best_cp->msgid_comment,
+- &best_cp->msgid_pos);
+- drop_reference (best_cp->msgid_comment);
+- best_cp->msgid_comment = msgid_comment;
+- }
+-
+- /* best_cp->msgctxt and best_cp->msgid are already in
+- UTF-8. Prevent further conversion in remember_a_message. */
+- encoding = xgettext_current_source_encoding;
+- xgettext_current_source_encoding = po_charset_utf8;
+- mp = remember_a_message (ap->mlp, best_cp->msgctxt, best_cp->msgid,
+- msgid_context,
+- &best_cp->msgid_pos,
+- NULL, best_cp->msgid_comment);
+- xgettext_current_source_encoding = encoding;
+-
+- if (mp != NULL && best_cp->msgid_plural != NULL)
++ if (best_cp->msgid_plural)
+ {
+ /* best_cp->msgid_plural may point to best_cp->msgid.
+ In that case, it is already interpreted and converted. */
+@@ -3152,14 +3133,41 @@
+ }
+ }
+
+- encoding = xgettext_current_source_encoding;
+- xgettext_current_source_encoding = po_charset_utf8;
+- remember_a_message_plural (mp, best_cp->msgid_plural,
+- msgid_plural_context,
+- &best_cp->msgid_plural_pos,
+- NULL);
+- xgettext_current_source_encoding = encoding;
++ /* If best_cp->msgid_plural equals to best_cp->msgid,
++ the ownership will be transferred to
++ remember_a_message before it is passed to
++ remember_a_message_plural.
++
++ Make a copy of the string in that case. */
++ if (best_cp->msgid_plural == best_cp->msgid)
++ best_cp->msgid_plural = xstrdup (best_cp->msgid);
++ }
++
++ if (best_cp->msgid_comment != NULL)
++ {
++ refcounted_string_list_ty *msgid_comment =
++ savable_comment_convert_encoding (best_cp->msgid_comment,
++ &best_cp->msgid_pos);
++ drop_reference (best_cp->msgid_comment);
++ best_cp->msgid_comment = msgid_comment;
+ }
++
++ /* best_cp->msgctxt, best_cp->msgid, and best_cp->msgid_plural
++ are already in UTF-8. Prevent further conversion in
++ remember_a_message. */
++ encoding = xgettext_current_source_encoding;
++ xgettext_current_source_encoding = po_charset_utf8;
++ mp = remember_a_message (ap->mlp, best_cp->msgctxt, best_cp->msgid,
++ msgid_context,
++ &best_cp->msgid_pos,
++ NULL, best_cp->msgid_comment);
++ if (mp != NULL && best_cp->msgid_plural != NULL)
++ remember_a_message_plural (mp,
++ best_cp->msgid_plural,
++ msgid_plural_context,
++ &best_cp->msgid_plural_pos,
++ NULL);
++ xgettext_current_source_encoding = encoding;
+ }
+
+ if (best_cp->xcomments.nitems > 0)
diff -Nru gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault
--- gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault 1970-01-01 01:00:00.000000000 +0100
+++ gettext-0.19.3/debian/patches/05-msgunfmt-fix-segfault 2014-11-30 12:05:00.000000000 +0100
@@ -0,0 +1,26 @@
+From: Daiki Ueno <ueno@gnu.org>
+Subject: Fix segfault on certain (slightly corrupted) .mo files
+Bug-Debian: http://bugs.debian.org/769901
+X-Debian-version: 0.19.3-2
+
+--- a/gettext-tools/src/read-mo.c
++++ b/gettext-tools/src/read-mo.c
+@@ -38,6 +38,7 @@
+ #include "message.h"
+ #include "format.h"
+ #include "gettext.h"
++#include "xsize.h"
+
+ #define _(str) gettext (str)
+
+@@ -121,8 +122,9 @@
+ /* See 'struct string_desc'. */
+ nls_uint32 s_length = get_uint32 (bfp, offset);
+ nls_uint32 s_offset = get_uint32 (bfp, offset + 4);
++ size_t s_end = xsum3 (s_offset, s_length, 1);
+
+- if (s_offset + s_length + 1 > bfp->size)
++ if (size_overflow_p (s_end) || s_end > bfp->size)
+ error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
+ if (bfp->data[s_offset + s_length] != '\0')
+ error (EXIT_FAILURE, 0,
diff -Nru gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation
--- gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation 1970-01-01 01:00:00.000000000 +0100
+++ gettext-0.19.3/debian/patches/06-msgfilter-fix-read-buffer-allocation 2014-11-30 12:06:00.000000000 +0100
@@ -0,0 +1,15 @@
+From: Daiki Ueno <ueno@gnu.org>
+Subject: Fix read buffer allocation for empty input
+X-Debian-version: 0.19.3-2
+
+--- a/gettext-tools/src/msgfilter.c
++++ b/gettext-tools/src/msgfilter.c
+@@ -554,7 +554,7 @@
+
+ if (l->length == l->allocated)
+ {
+- l->allocated = l->allocated + (l->allocated >> 1);
++ l->allocated = l->allocated + (l->allocated >> 1) + 1;
+ l->result = (char *) xrealloc (l->result, l->allocated);
+ }
+ *num_bytes_p = l->allocated - l->length;
diff -Nru gettext-0.19.3/debian/patches/series gettext-0.19.3/debian/patches/series
--- gettext-0.19.3/debian/patches/series 2014-10-16 21:18:57.000000000 +0200
+++ gettext-0.19.3/debian/patches/series 2014-11-30 12:10:00.000000000 +0100
@@ -1,4 +1,7 @@
01-do-not-use-java-in-urlget
02-msgfmt-default-little-endian
03-libtool-powerpc-le
+04-xgettext-fix-double-free
+05-msgunfmt-fix-segfault
+06-msgfilter-fix-read-buffer-allocation
99-config-guess-config-sub
--- End Message ---