From unknown Thu Sep 11 09:18:05 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#40227] [PATCH] gnu: icu4c: Fix CVE-2020-10531. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 25 Mar 2020 18:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 40227 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 40227@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.158516139616101 (code B ref -1); Wed, 25 Mar 2020 18:37:01 +0000 Received: (at submit) by debbugs.gnu.org; 25 Mar 2020 18:36:36 +0000 Received: from localhost ([127.0.0.1]:57739 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHAtC-0004BV-5M for submit@debbugs.gnu.org; Wed, 25 Mar 2020 14:36:35 -0400 Received: from lists.gnu.org ([209.51.188.17]:52745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHAt8-0004BI-9N for submit@debbugs.gnu.org; Wed, 25 Mar 2020 14:36:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47129) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHAt5-0006xM-R1 for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHAt2-0007Hf-Es for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:23 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:40117) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jHAt1-0007Fd-E5 for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:20 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 330665C024A; Wed, 25 Mar 2020 14:36:17 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 25 Mar 2020 14:36:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=hMBD3dGPo+tD8IhlAZYc3VD d4gG5KtkrNZdNpjTI7Xo=; b=PPQxKlES7U7oRFgoGKCrd9rmKcyV375xsr91qx8 64PvoHwubfYT1lmFebZRyaNHsbEqdFuM13NbSCmcbiI0FHv1O7duB/TAThDPgkJK 4AVmilbD0RzJmIFynXdlQVzh8vXRqmLPGlf9cd402p53iqsPrfE7UQRtxmOtmxWy 6N7U= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=hMBD3dGPo+tD8IhlA ZYc3VDd4gG5KtkrNZdNpjTI7Xo=; b=nZsMuE36oWxV46CQB/LiPPZcLKlN3UHK0 gjBBdHjiCTvD6HYRHZGcc/t/rnaGDKugB7dpKUJigxvHRSx5uSRnSgl/LoWwMcxp dKRZ2GUXA9HJO5WPCYHnHNiuVxHuYzKC3kKj3hbHaO16KzHaRrzC7kCheTdU09Ah 3LSkx0ZPFFSACneEiNcgpQsfXfSm7MImGnKXjhFF9fiDkeD0XMtQPScFPzsraxBG 1SZxsptmPLQlNW/Z15K5xnnd5PCDhfy0oPw37zQPS5hDbZxUd7JVcoUnAx+4G2An 4L/jaE47EI83j42glLpf/mG6FL2q3vN7W+rruYv0lhMljr1VX6DXA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehgedgkeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuffhomhgrihhnpehitghuqdhprhhojhgvtghtrdhorhhgpdhmihhtrh gvrdhorhhgpdhgihhthhhusgdrtghomhenucfkphepjeeirdduvdegrddufeekrdeifeen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose hfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: from jasmine.lan (c-76-124-138-63.hsd1.pa.comcast.net [76.124.138.63]) by mail.messagingengine.com (Postfix) with ESMTPA id 11107328005D for ; Wed, 25 Mar 2020 14:36:15 -0400 (EDT) From: Leo Famulari Date: Wed, 25 Mar 2020 14:36:03 -0400 Message-Id: X-Mailer: git-send-email 2.26.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.111.4.25 X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) * gnu/packages/patches/icu4c-CVE-2020-10531.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. (icu4c/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/icu4c.scm | 11 ++ .../patches/icu4c-CVE-2020-10531.patch | 126 ++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 gnu/packages/patches/icu4c-CVE-2020-10531.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7cce60b7c0..c905bd3b37 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1033,6 +1033,7 @@ dist_patch_DATA = \ %D%/packages/patches/icecat-use-system-media-libs.patch \ %D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch \ %D%/packages/patches/icedtea-7-hotspot-gcc-segfault-workaround.patch \ + %D%/packages/patches/icu4c-CVE-2020-10531.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 922dfbd348..bc74da5942 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -56,6 +56,7 @@ (define-public icu4c (package (name "icu4c") + (replacement icu4c/fixed) (version "64.2") (source (origin (method url-fetch) @@ -105,6 +106,16 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) +(define icu4c/fixed + (package + (inherit icu4c) + (source (origin + (inherit (package-source icu4c)) + (patches (append + (origin-patches (package-source icu4c)) + (search-patches + "icu4c-CVE-2020-10531.patch"))))))) + (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/patches/icu4c-CVE-2020-10531.patch b/gnu/packages/patches/icu4c-CVE-2020-10531.patch new file mode 100644 index 0000000000..e996783e75 --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2020-10531.patch @@ -0,0 +1,126 @@ +Fix CVE-2020-10531: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 + +Patch copied from upstream source repository: + +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca + +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 +--- + icu4c/source/common/unistr.cpp | 6 ++- + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ + icu4c/source/test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp +index 901bb3358ba..077b4d6ef20 100644 +--- a/icu4c/source/common/unistr.cpp ++++ b/icu4c/source/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp +index b6515ea813c..ad38bdf53a3 100644 +--- a/icu4c/source/test/intltest/ustrtest.cpp ++++ b/icu4c/source/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h +index 218befdcc68..4a356a92c7a 100644 +--- a/icu4c/source/test/intltest/ustrtest.h ++++ b/icu4c/source/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest { + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif -- 2.26.0 From unknown Thu Sep 11 09:18:05 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#40227] [PATCH] gnu: icu4c: Fix CVE-2020-10531. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 25 Mar 2020 20:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40227 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari , 40227@debbugs.gnu.org Received: via spool by 40227-submit@debbugs.gnu.org id=B40227.158516783327438 (code B ref 40227); Wed, 25 Mar 2020 20:24:02 +0000 Received: (at 40227) by debbugs.gnu.org; 25 Mar 2020 20:23:53 +0000 Received: from localhost ([127.0.0.1]:57794 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHCZ2-00078N-0R for submit@debbugs.gnu.org; Wed, 25 Mar 2020 16:23:53 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:38401) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHCYw-000787-UW for 40227@debbugs.gnu.org; Wed, 25 Mar 2020 16:23:46 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A4BD35C02AF; Wed, 25 Mar 2020 16:23:37 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 25 Mar 2020 16:23:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=9cHpC3dgauDy95PLFiV0D9+ZUy g9OyVj8YRwO/hNW4o=; b=jV9PeycUTMr3xDBsXzxv3B9WllTOOF6bycug9XcTBU 9dsDY0XijppI2CW4XelusrfrP+WxSsxsn0wAmFXaSNKn00z8wPoa1pSM4A5tqkLX N/qmYHzMEVFsF6ryBFBM5saZ1vkWqFQe2F2DLpSEC+YU6bCjG9BamL7YgfcD21dD vkBvlh0srimWJmdhW7OEt3j2kfOMgBpq0L0lg6XX0yaVdGieUjJhdGWm5wsGO0Y3 vTDPDB8z4H85ccZtyBqoFXlnEcfeggVT2nBiuS9thTH/ek3J3hI2dsKescyOCxLR OIlJ0Wn0SgoebgcapTi4saUhMkxNpJgcgwBqePEsXFDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=9cHpC3 dgauDy95PLFiV0D9+ZUyg9OyVj8YRwO/hNW4o=; b=N4uU9sg+QDBnuQJzYJFpvR a3EK1keT+v9H2eidg2weE1Al8sn/yyfdbtPnJQtNGlJn6bCIsjE7liURAoLQW9v7 Uj46KFGS0wUDPTsQQV7YA5uY9ITpCvP0ugyxQcUmuCE8Ayf45gOH+95A6m+3QNcA FdfstvkS1Nhj5vepWb+TLB7phti2qrviuOmqSmHknRDxh7sEecJSjwANAtKaKxp/ gUlhQhyDH1vePYVAOuhRjF8DHH9JOY0GZD0D+cVKhGfL2zhwSgLbX5DHmwGt0LOy ExUKgzqa5/fP0Ce/HfdAO/fwT3NtzmQ+iqGIhab1YRn9eLn5bI/xnjvFBf5QRWsw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehgedgudduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhgffffkgggtsehgtd erredtredtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgr shhtmhgrihhlrdgtohhmqeenucffohhmrghinhepmhhithhrvgdrohhrghdpghhithhhuh gsrdgtohhmnecukfhppeekgedrvddtvddrieekrdejheenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrd gtohhm X-ME-Proxy: Received: from localhost (ti0006q161-2604.bb.online.no [84.202.68.75]) by mail.messagingengine.com (Postfix) with ESMTPA id DAB613066CCC; Wed, 25 Mar 2020 16:23:36 -0400 (EDT) From: Marius Bakke In-Reply-To: References: User-Agent: Notmuch/0.29.3 (https://notmuchmail.org) Emacs/26.3 (x86_64-pc-linux-gnu) Date: Wed, 25 Mar 2020 21:23:33 +0100 Message-ID: <87v9msyyii.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Leo Famulari writes: > * gnu/packages/patches/icu4c-CVE-2020-10531.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. > (icu4c/fixed): New variable. [...] > diff --git a/gnu/packages/patches/icu4c-CVE-2020-10531.patch b/gnu/packages/patches/icu4c-CVE-2020-10531.patch > new file mode 100644 > index 0000000000..e996783e75 > --- /dev/null > +++ b/gnu/packages/patches/icu4c-CVE-2020-10531.patch > @@ -0,0 +1,126 @@ > +Fix CVE-2020-10531: > + > +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 > + > +Patch copied from upstream source repository: > + > +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca > + > +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 > +From: Frank Tang > +Date: Sat, 1 Feb 2020 02:39:04 +0000 > +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append > + > +See #971 > +--- > + icu4c/source/common/unistr.cpp | 6 ++- > + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ > + icu4c/source/test/intltest/ustrtest.h | 1 + > + 3 files changed, 68 insertions(+), 1 deletion(-) I'm not sure if the new test case as well as this git commit header is necessary. IMO it mostly adds noise to the patch. I.e. the whole file could be shortened to 6 lines + your comments at the top. But no strong opinion, there is an argument to be made for preserving upstream commits in their entirety too (I think). So, LGTM either way. Thank you! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl57vcYACgkQoqBt8qM6 VPqWPAgAlRC4x83a1FfWz4ThARLooj9aJlSKbI78N4dLFU8dqf9+j1FJ+ylwGRgR GHRJjdcdSbly0CaeNcdHXHA4t93aDxAMrEWfRoKiv/d4AbAO/jNAjvyIq+erczcb +9zCoAQYj8T174ck2QEPlT+KL5pA6jctEX7Z2JaFqtJ5qaXta7uFqLssytrT1v6t LsWByTwIbI76FokXb2Ni/6lAqokrbfRQTDVXTwPWKO83iaNlTWaNoINRfCUy7Vgm WbSFJEcUhOhziWyLI62VMBVyffqfGMXhftN8RJq1+iEgBxSgtafD2gowsZP3Onu9 r0AuPRZdfRO8Ta+wYZc3HNezQwwSTA== =FWl5 -----END PGP SIGNATURE----- --=-=-=-- From unknown Thu Sep 11 09:18:05 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Leo Famulari Subject: bug#40227: closed (Re: [bug#40227] [PATCH] gnu: icu4c: Fix CVE-2020-10531.) Message-ID: References: <20200325215427.GA29579@jasmine.lan> X-Gnu-PR-Message: they-closed 40227 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 40227@debbugs.gnu.org Date: Wed, 25 Mar 2020 21:55:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1585173302-4948-1" This is a multi-part message in MIME format... ------------=_1585173302-4948-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #40227: [PATCH] gnu: icu4c: Fix CVE-2020-10531. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 40227@debbugs.gnu.org. --=20 40227: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D40227 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1585173302-4948-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 40227-done) by debbugs.gnu.org; 25 Mar 2020 21:54:36 +0000 Received: from localhost ([127.0.0.1]:57918 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHDyt-0001Gr-Qg for submit@debbugs.gnu.org; Wed, 25 Mar 2020 17:54:35 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:37809) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHDys-0001Ga-LT for 40227-done@debbugs.gnu.org; Wed, 25 Mar 2020 17:54:35 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 3C1605C0156; Wed, 25 Mar 2020 17:54:29 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 25 Mar 2020 17:54:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=1n81DfIhCud61kqHhdSeaMhT 4GdhtrM8rPNy0Cf+beM=; b=sZKxHHiK82NPoytH59ZvZU7lvIlptMqQJfa+2ODu pFRTYgrj7fLp3VND5yn2MPpebbGr7eS+elWvPoLgZCEr41Wt47dpVSsWr6RsYBZU Vi2u2hS7OHa0bYrMeWzV0avLKZImWN7ohXnGvxW5A2wDOTOZanRTrKIZHfgJeCsp MIs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=1n81Df IhCud61kqHhdSeaMhT4GdhtrM8rPNy0Cf+beM=; b=iGten/ehWLNHUjrSfi6e6I bmKb50xS9D4xOiRuBoNhi0EeNMXMY4h5pUbR+PorrIYOqeOmDPuePAq+ev8nMx2i moZ/VYuKW9Fwju80POD2okMl8TQj4jzv0PonQxvcT9MCSmOhPzdI19Fr2i7+DhoU Njjla9W8PJRxCW5qs+iE7q49YwiszMmyauA8AE5ka9LyzWaMi2gFSItZ7m7wRprh 0Bm1NzQNrBPY4TcOR69XFkuHcTFSnut5MUa7bymhPZ2Rml8+EkxkSbQH9j6DriZn gJ71ztvX1UM8yuI9khIHW2frRwNKZztNplwS8WCGsYQZ+pgPNqIHU4hOhPP8j+zA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehgedguddvlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecukfhppeejie druddvgedrudefkedrieefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehm rghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-76-124-138-63.hsd1.pa.comcast.net [76.124.138.63]) by mail.messagingengine.com (Postfix) with ESMTPA id ED3BA3067191; Wed, 25 Mar 2020 17:54:28 -0400 (EDT) Date: Wed, 25 Mar 2020 17:54:27 -0400 From: Leo Famulari To: Marius Bakke Subject: Re: [bug#40227] [PATCH] gnu: icu4c: Fix CVE-2020-10531. Message-ID: <20200325215427.GA29579@jasmine.lan> References: <87v9msyyii.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: <87v9msyyii.fsf@devup.no> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 40227-done Cc: 40227-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 25, 2020 at 09:23:33PM +0100, Marius Bakke wrote: > I'm not sure if the new test case as well as this git commit header is > necessary. IMO it mostly adds noise to the patch. I.e. the whole file > could be shortened to 6 lines + your comments at the top. >=20 > But no strong opinion, there is an argument to be made for preserving > upstream commits in their entirety too (I think). >=20 > So, LGTM either way. Thank you! I commented out the changes to the test suite and pushed as 7d57a190f6896c04b5dad66bf4360bc48a4052ff. Thanks for the review! --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl570xMACgkQJkb6MLrK fwjB7RAAgIPq4a6n6FB4Gu76PpFDAOvGoCsQlLviPSVeP43OkkgvpR/g2GjlLLSt HZDKLYeec1uOAZj9fuGz+aJzRIclrLTdWls8THXXXF/L5FXUhoBWQubSvj54/yiu o5R9K1/w5pvnHE1gSwGZJGRB8aFH+hcZxMqtnpk7J+XkbQik12PxlNjAh7iubbp5 d/9IDNxdnjoDCH94w3VbSEPTSY+iKSCLLh1bsD8jVL4F2/u3ocO051x+D2NGexMT 0ftnLIU5HQ/PFpWS1hcHXW0MXWn1/hU1yBvjDKksYfwVfV8fM/7a2LeB3qeva63/ K/e17QLnCv5ridxNnO9ndUzSfuHMzaIx3y9en4JrmHQVcPw56flnrbn2BPtmBZN9 AKwWJ//kkYsjcmHjyHOmnbG/LiDCVkfQGc8jt33DLvwFmQuTCiIgvKXJE3UDyyYc PQe0lmhz2/GjkC/fEdwyXSeA10RU8povQCBqeYemzTug1zi0ncveAIziYaTeBLut MMJwehgIvdQdul2ALSRUiLTin+p0bfZhqnHDMVEgyUCZzzx256cecSbzsol3NgE4 nl5dZFxrncZ4RIBOpqdoXF0fM5m+In4YVYlUHNq0D+Z1pogAGlovt2/7pxUYjh4w FvJQEVBnVEVRsobJrfilTBWQnCYHN0d8OciW1Yq2IaIZlgfJCCk= =ab6S -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- ------------=_1585173302-4948-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 25 Mar 2020 18:36:36 +0000 Received: from localhost ([127.0.0.1]:57739 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHAtC-0004BV-5M for submit@debbugs.gnu.org; Wed, 25 Mar 2020 14:36:35 -0400 Received: from lists.gnu.org ([209.51.188.17]:52745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHAt8-0004BI-9N for submit@debbugs.gnu.org; Wed, 25 Mar 2020 14:36:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47129) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHAt5-0006xM-R1 for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHAt2-0007Hf-Es for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:23 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:40117) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jHAt1-0007Fd-E5 for guix-patches@gnu.org; Wed, 25 Mar 2020 14:36:20 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 330665C024A; Wed, 25 Mar 2020 14:36:17 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 25 Mar 2020 14:36:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=hMBD3dGPo+tD8IhlAZYc3VD d4gG5KtkrNZdNpjTI7Xo=; b=PPQxKlES7U7oRFgoGKCrd9rmKcyV375xsr91qx8 64PvoHwubfYT1lmFebZRyaNHsbEqdFuM13NbSCmcbiI0FHv1O7duB/TAThDPgkJK 4AVmilbD0RzJmIFynXdlQVzh8vXRqmLPGlf9cd402p53iqsPrfE7UQRtxmOtmxWy 6N7U= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=hMBD3dGPo+tD8IhlA ZYc3VDd4gG5KtkrNZdNpjTI7Xo=; b=nZsMuE36oWxV46CQB/LiPPZcLKlN3UHK0 gjBBdHjiCTvD6HYRHZGcc/t/rnaGDKugB7dpKUJigxvHRSx5uSRnSgl/LoWwMcxp dKRZ2GUXA9HJO5WPCYHnHNiuVxHuYzKC3kKj3hbHaO16KzHaRrzC7kCheTdU09Ah 3LSkx0ZPFFSACneEiNcgpQsfXfSm7MImGnKXjhFF9fiDkeD0XMtQPScFPzsraxBG 1SZxsptmPLQlNW/Z15K5xnnd5PCDhfy0oPw37zQPS5hDbZxUd7JVcoUnAx+4G2An 4L/jaE47EI83j42glLpf/mG6FL2q3vN7W+rruYv0lhMljr1VX6DXA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehgedgkeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgggfestdekredtre dttdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuffhomhgrihhnpehitghuqdhprhhojhgvtghtrdhorhhgpdhmihhtrh gvrdhorhhgpdhgihhthhhusgdrtghomhenucfkphepjeeirdduvdegrddufeekrdeifeen ucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghose hfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: from jasmine.lan (c-76-124-138-63.hsd1.pa.comcast.net [76.124.138.63]) by mail.messagingengine.com (Postfix) with ESMTPA id 11107328005D for ; Wed, 25 Mar 2020 14:36:15 -0400 (EDT) From: Leo Famulari To: guix-patches@gnu.org Subject: [PATCH] gnu: icu4c: Fix CVE-2020-10531. Date: Wed, 25 Mar 2020 14:36:03 -0400 Message-Id: X-Mailer: git-send-email 2.26.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.111.4.25 X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) * gnu/packages/patches/icu4c-CVE-2020-10531.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. (icu4c/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/icu4c.scm | 11 ++ .../patches/icu4c-CVE-2020-10531.patch | 126 ++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 gnu/packages/patches/icu4c-CVE-2020-10531.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7cce60b7c0..c905bd3b37 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1033,6 +1033,7 @@ dist_patch_DATA = \ %D%/packages/patches/icecat-use-system-media-libs.patch \ %D%/packages/patches/icedtea-6-hotspot-gcc-segfault-workaround.patch \ %D%/packages/patches/icedtea-7-hotspot-gcc-segfault-workaround.patch \ + %D%/packages/patches/icu4c-CVE-2020-10531.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 922dfbd348..bc74da5942 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -56,6 +56,7 @@ (define-public icu4c (package (name "icu4c") + (replacement icu4c/fixed) (version "64.2") (source (origin (method url-fetch) @@ -105,6 +106,16 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) +(define icu4c/fixed + (package + (inherit icu4c) + (source (origin + (inherit (package-source icu4c)) + (patches (append + (origin-patches (package-source icu4c)) + (search-patches + "icu4c-CVE-2020-10531.patch"))))))) + (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/patches/icu4c-CVE-2020-10531.patch b/gnu/packages/patches/icu4c-CVE-2020-10531.patch new file mode 100644 index 0000000000..e996783e75 --- /dev/null +++ b/gnu/packages/patches/icu4c-CVE-2020-10531.patch @@ -0,0 +1,126 @@ +Fix CVE-2020-10531: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 + +Patch copied from upstream source repository: + +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca + +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 +--- + icu4c/source/common/unistr.cpp | 6 ++- + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ + icu4c/source/test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/icu4c/source/common/unistr.cpp b/icu4c/source/common/unistr.cpp +index 901bb3358ba..077b4d6ef20 100644 +--- a/icu4c/source/common/unistr.cpp ++++ b/icu4c/source/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/icu4c/source/test/intltest/ustrtest.cpp b/icu4c/source/test/intltest/ustrtest.cpp +index b6515ea813c..ad38bdf53a3 100644 +--- a/icu4c/source/test/intltest/ustrtest.cpp ++++ b/icu4c/source/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/icu4c/source/test/intltest/ustrtest.h b/icu4c/source/test/intltest/ustrtest.h +index 218befdcc68..4a356a92c7a 100644 +--- a/icu4c/source/test/intltest/ustrtest.h ++++ b/icu4c/source/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ class UnicodeStringTest: public IntlTest { + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif -- 2.26.0 ------------=_1585173302-4948-1-- From unknown Thu Sep 11 09:18:05 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#40227] [PATCH] gnu: icu4c: Fix CVE-2020-10531. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 25 Mar 2020 22:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 40227 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Famulari Cc: 40227-done@debbugs.gnu.org Received: via spool by 40227-done@debbugs.gnu.org id=D40227.15851760769982 (code D ref 40227); Wed, 25 Mar 2020 22:42:01 +0000 Received: (at 40227-done) by debbugs.gnu.org; 25 Mar 2020 22:41:16 +0000 Received: from localhost ([127.0.0.1]:57970 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHEi3-0002aw-Ia for submit@debbugs.gnu.org; Wed, 25 Mar 2020 18:41:15 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:40925) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHEi1-0002ag-3z for 40227-done@debbugs.gnu.org; Wed, 25 Mar 2020 18:41:14 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id CE5825C0190; Wed, 25 Mar 2020 18:41:07 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 25 Mar 2020 18:41:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=JtnC3Bhpn8yGKroABHlpOvevrR SYg4lCHtxGnBYlSP0=; b=vWim/vIhuQtxF6bT8F/55G8ya3hD2qfRwb9qpzqyk8 gcbUoPNKxEIta+bMEuSCAcvE2U+7IVyrOLjEJT2TjGWiclNHUcPjBCoHFGO7HXQN mllS/zgru7mcwHez1Es3MtV3vFLNhRhHA/xi8SjANJ/IVX/VeHdwIRyAa32T+AMw vCnGya8PJMzRapfdeTm2Wm4Q7L6TrGpobP0M59G3wuy7kmxAvnxzTJPzv7fJIu0O jcYBegCaES1Z6/g7JvoS18XMHYs8baEtsG9/Odm8amDrr1UXYw+lPk40+nnMOi8g t/NnCkwTsP+oEUlhjMieUuq1XJwpj80bFm/LxD6ZuaGA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=JtnC3B hpn8yGKroABHlpOvevrRSYg4lCHtxGnBYlSP0=; b=fm/VfH9ko+ZrRLM2Bxv5OE oBpkFPsZi1Fds0MJYVp8WBrHofckKw9+QSPT8LUTQYYh1v10w/piqYI7Z7QMWc6k pma5mWo3wty+JsWgCM2vph9FyDjbbMJNMxOtWVMOCO0MEdhH11zu8KmXv++FoYFz J0ujIXDQqTBSO2cqB9TDiemSwfZwiUlhvqRe0DuYvn19vPgKlA5ffgm2u8Tcl6lO HFHQnhKWhBE5O4gDgK+QuhiRSRX/Q5Eup383Ukr0iC5OfuLF6ClcwUTDPlWQam4O FRNPdP02roo/lyEElobVPdzixM+ILHYdFbiqxYHaliagoXFa3jPJMHdJSJb7pYMA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehgedgudeflecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhgffffkgggtsehgtd erredtredtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgr shhtmhgrihhlrdgtohhmqeenucfkphepkeegrddvtddvrdeikedrjeehnecuvehluhhsth gvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghs thhmrghilhdrtghomh X-ME-Proxy: Received: from localhost (ti0006q161-2604.bb.online.no [84.202.68.75]) by mail.messagingengine.com (Postfix) with ESMTPA id 2E0A730673EB; Wed, 25 Mar 2020 18:41:07 -0400 (EDT) From: Marius Bakke In-Reply-To: <20200325215427.GA29579@jasmine.lan> References: <87v9msyyii.fsf@devup.no> <20200325215427.GA29579@jasmine.lan> User-Agent: Notmuch/0.29.3 (https://notmuchmail.org) Emacs/26.3 (x86_64-pc-linux-gnu) Date: Wed, 25 Mar 2020 23:41:05 +0100 Message-ID: <87sghwys5a.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Wed, Mar 25, 2020 at 09:23:33PM +0100, Marius Bakke wrote: >> I'm not sure if the new test case as well as this git commit header is >> necessary. IMO it mostly adds noise to the patch. I.e. the whole file >> could be shortened to 6 lines + your comments at the top. >>=20 >> But no strong opinion, there is an argument to be made for preserving >> upstream commits in their entirety too (I think). >>=20 >> So, LGTM either way. Thank you! > > I commented out the changes to the test suite and pushed as > 7d57a190f6896c04b5dad66bf4360bc48a4052ff. What I meant was that they could be omitted entirely to shorten the patch (less lines to comb through for reviewers), but no worries! The important thing is that we get the security fix, thanks for watching out for those as always. :-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl573gEACgkQoqBt8qM6 VPpXOwgAj2bxdvLOQx97jTNhT6yxPORYcpCHGX6XOW3FRuYWiCT2cCgMJ76IGTjI JsbhdkHD04WAVKoUYcUOXVIS3q3xP+OdfOqrm/NNlyKVI7CoW2/+QMPfITecOt7w VeQjd98Z5d+6Q7a3Z0veY4KFGx+KCEcGEAvrQSzOC3d0ex7lyKllU1hrZN5Row4z PNJ8WwqpbCEF+zUddxTvQa63wYMR70aTpvV6+CbEW9WZuuxNmwLHNEgyf5exZgxa r0JQ3eQ+aWYHq7tRtJY18CI3eTYmzBG7sAGi9HaM4z459FJaefcXXSGvDJQ8vpdf 6mLnLBfTZlqcHXel1Oz/5IoEr8JbTQ== =aRlZ -----END PGP SIGNATURE----- --=-=-=--