| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 1001_fix_manpages.patch | Fix errors in manpage generation document Man page generating document was using unescaped hyphen which was fixed by this patch. There was also a spelling mistake which is fixed by this patch. |
Vasudev Kamath <kamathvasudev@gmail.com> | no | 2016-03-25 | ||
| 1002_reproducible_builds.patch | Disable timestamp generation in doxygen If Doxyfile contains HTML_TIMESTAMP = YES, Doxygen will add a timestamp to its generated documentation. To allow reproducible builds this should be disabled. |
Vasudev Kamath <kamathvasudev@gmail.com> | no | 2016-03-25 | ||
| 2001_fix_static_libname.patch | Use the same name for static and shared library Upstream uses libeditorconfig_static.a for static library but d-shlibmove expects both library to have same name. This patch fixes it. |
Vasudev Kamath <kamathvasudev@gmail.com> | not-needed | 2016-03-25 | ||
| 2002_fix_docs_directory.patch | Fix the directory name where docs are installed Upstream installs docs to usr/share/doc/editorconfig but in Debian we ship these docs as part of editorconfig-doc package. This patch changes the directory name from editorconfig to editorconfig-doc. |
Vasudev Kamath <kamathvasudev@gmail.com> | not-needed | 2016-03-25 | ||
| CVE-2023-0341.patch | commit 41281ea82fbf24b060a9f69b9c5369350fb0529e Fix potential buffer overflow in ec_glob (#87) CVE-2023-0341 Co-authored-by: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> =================================================================== |
Hong Xu <hong@topbug.net> | no | 2023-01-19 | ||
| CVE-2024-53849-1.patch | commit 4d5518a0a4e4910c37281ab13a048d0d86999782 Fix pointer overflow in STRING_CAT The end pointer is positioned one past the end of the destination, and it is undefined behavior to compute an address beyond the end pointer, including for comparisons, even temporarily. The UB occurs exactly when buffer overflow would have occurred, so the buffer overflow check could be optimized away by compilers. Even if this wasn't the case, the check could produce a false negative if the computed address overflowed the address space, which is, after all, why the C standard doesn't define behavior in the first place. The fix is simple: Check using sizes, not addresses. The explicit cast suppresses warnings about signed-unsigned comparisons, and the assertion checks the cast. =================================================================== |
Christopher Wellons <wellons@nullprogram.com> | no | 2024-02-17 | ||
| CVE-2024-53849-2.patch | commit fca7cf19e0fb800c2d38f173c1f69ad40bf2a2f5 Fix a few more stack buffer overflows Several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. Therefore all these concatenations must also be checked. The ADD_CHAR was missed in 41281ea (#87). The switch can exit exactly at capacity, leaving no room for the finishing '$', causing an overflow. These overflows were discovered through fuzz testing with afl. =================================================================== |
Christopher Wellons <wellons@nullprogram.com> | no | 2024-02-17 |