From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
From: Michal Domonkos <mdomonko@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/python3-rpm] epel10: Fix buffer overruns with long language strings
Date: Thu, 25 Jun 2026 07:43:29 GMT
Message-ID: <178237340925.1.4052032400783325822.rpms-python3-rpm-5edc9f46664b@fedoraproject.org>
List-ID: <git-commits.fedoraproject.org>
X-Git-Repo: rpms/python3-rpm
X-Git-Branch: epel10
X-Git-Rev: 5edc9f46664bdb523aa45e4c5c2ed45295ea31b5

ICAgICAgICAgICAgQSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KCiAgICAgICAgICAgIFJl
cG8gICA6IHJwbXMvcHl0aG9uMy1ycG0KICAgICAgICAgICAgQnJhbmNoIDogZXBlbDEwCiAgICAg
ICAgICAgIENvbW1pdCA6IDVlZGM5ZjQ2NjY0YmRiNTIzYWE0NWU0YzVjMmVkNDUyOTVlYTMxYjUK
ICAgICAgICAgICAgQXV0aG9yIDogTWljaGFsIERvbW9ua29zIDxtZG9tb25rb0ByZWRoYXQuY29t
PgogICAgICAgICAgICBEYXRlICAgOiAyMDI2LTA2LTE4VDEzOjMxOjIzKzAyOjAwCiAgICAgICAg
ICAgIFN0YXRzICA6ICs5OC8tMCBpbiAyIGZpbGUocykKICAgICAgICAgICAgVVJMICAgIDogaHR0
cHM6Ly9zcmMuZmVkb3JhcHJvamVjdC5vcmcvcnBtcy9weXRob24zLXJwbS9jLzVlZGM5ZjQ2NjY0
YmRiNTIzYWE0NWU0YzVjMmVkNDUyOTVlYTMxYjU/YnJhbmNoPWVwZWwxMAoKICAgICAgICAgICAg
TG9nOgogICAgICAgICAgICBGaXggYnVmZmVyIG92ZXJydW5zIHdpdGggbG9uZyBsYW5ndWFnZSBz
dHJpbmdzCgpSZXNvbHZlczogUkhFTC0xNjk3NTUKCi0tLQpkaWZmIC0tZ2l0IGEvMDAwMS1QcmV2
ZW50LWJ1ZmZlci1vdmVycnVucy1pbi1maW5kUHJlYW1ibGVUYWctZm9yLWxhbmd1LnBhdGNoIGIv
MDAwMS1QcmV2ZW50LWJ1ZmZlci1vdmVycnVucy1pbi1maW5kUHJlYW1ibGVUYWctZm9yLWxhbmd1
LnBhdGNoCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjAxODZmYTEKLS0tIC9k
ZXYvbnVsbAorKysgYi8wMDAxLVByZXZlbnQtYnVmZmVyLW92ZXJydW5zLWluLWZpbmRQcmVhbWJs
ZVRhZy1mb3ItbGFuZ3UucGF0Y2gKQEAgLTAsMCArMSw5NyBAQAorRnJvbSBjMGU0YzA4NTMzZTNl
ODk5ZDdlMWNjMGQ5ODg1ZTgzZWExZTFiZGZiIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQorRnJv
bTogRGF2ZSBDYW50cmVsbCA8ZGNhbnRyZWxsQHJlZGhhdC5jb20+CitEYXRlOiBNb24sIDIwIEFw
ciAyMDI2IDE1OjA1OjA0IC0wNDAwCitTdWJqZWN0OiBbUEFUQ0hdIFByZXZlbnQgYnVmZmVyIG92
ZXJydW5zIGluIGZpbmRQcmVhbWJsZVRhZygpIGZvciBsYW5ndWFnZQorIHN0cmluZworTUlNRS1W
ZXJzaW9uOiAxLjAKK0NvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VVEYtOAorQ29u
dGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdAorCitUaGlzIGlzIHRlY2huaWNhbGx5IHBvc3Np
YmxlIGFuZCB0aGVyZSBpcyBhIHJlcHJvZHVjZXIgZm9yIGl0LCBidXQgSQord291bGQgbm90IGNv
bnNpZGVyIHRoaXMgYSBjcml0aWNhbCBwcm9ibGVtLiAgSWYgeW91IGhhdmUgYSByZWFsbHkgbG9u
ZworbGFuZ3VhZ2UgaWRlbnRpZmllciBzdHJpbmcgaW4gYSBwcmVhbWJsZSB0YWcgYW5kIGl0J3Mg
bGFyZ2VyIHRoYW4KK0JVRlNJWiBvbiB0aGUgcGxhdGZvcm0sIHlvdSBnZXQgYSBTSUdTRUdWLiAg
Tm90IGEgc3VycHJpc2UuCisKK0luIHNwZWMgZmlsZXMgeW91IGNhbiBoYXZlIHN0dWZmIGxpa2Ug
dGhpcyBpbiB0aGUgcHJlYW1ibGU6CisKKyAgICBTdW1tYXJ5OiBIZXJlIGlzIGEgc2hvcnQgc3Vt
bWFyeQorICAgIFN1bW1hcnkoZGUpOiBIaWVyIGlzdCBlaW5lIGt1cnplIFp1c2FtbWVuZmFzc3Vu
ZworICAgIFN1bW1hcnkoZW8pOiBKZW4gbWFsbG9uZ2EgcmVzdW1vCisgICAgU3VtbWFyeShFbHZp
c2gpOiBTw60gbmEtIGEgZXN0ZW50IHN1bW1hcnVpCisgICAgU3VtbWFyeShnYV9pZSk6IElzIGNv
aW1yacO6IGdoZWFyciDDqSBzZW8KKyAgICBTdW1tYXJ5KEtsaW5nb24pOiBuYURldiAnb0ggbmdh
aiBzdW1tYXJ5CisKK0FuZCBmaW5kUHJlYW1ibGVUYWcoKSBpcyBldmVudHVhbGx5IGNhbGxlZCB0
byBwaWNrIHVwIHRob3NlIGxhbmd1YWdlCitpZGVudGlmaWVycyBpbiBwYXJlbnMuICBVc3VhbGx5
IHRoZSBpZGVudGlmaWVycyBhcmUgdHdvIGNoYXJhY3RlcnMsCitidXQgc29tZXRpbWVzIHRoZXkg
YXJlIHRocmVlIG9yIGZvdXIuICBUaGUgcGFyc2VyIGluIHRoZSBsaWJyYXJ5IHNjYW5zCithIGNo
YXJhY3RlciBhdCBhIHRpbWUgdW50aWwgaXQgaGl0cyB0aGUgY2xvc2luZyBwYXJlbiBhbmQganVz
dCBzdHVmZnMKK2l0IGFsbCBpbiB0aGUgJ2xhbmcnIGJ1ZmZlci4gIFRoZSBwcm9ibGVtIGlzIHRo
YXQgYnVmZmVyIGlzIEJVRlNJWiBhbmQKK3RoZXJlIGlzIG5vIGJvdW5kcyBjaGVja2luZyB0byBz
ZWUgaWYgdGhlIHN0cmluZyBpbiB0aGUgc3BlYyBmaWxlIGluCitwYXJlbnMgaXMgbGFyZ2VyIHRo
YW4gd2hhdCBCVUZTSVogY2FuIGhvbGQuICBTbyBpdCBpcyB0ZWNobmljYWxseQorcG9zc2libGUg
dG8gcHJvdmlkZSBhIHNwZWMgZmlsZSB3aXRoIGEgY29tcGxldGVseSB1c2VsZXNzIGh1Z2Ugc3Ry
aW5nCithcyBhIGxhbmd1YWdlIGlkZW50aWZpZXIgdGhhdCB0aGVuIGNyYXNoZXMgdGhlIHNwZWMg
ZmlsZSBwYXJzZXIuCisKK1RoaXMgcGF0Y2ggYWRkcyBzb21lIGJvdW5kcyBjaGVja2luZyB0byB0
aGF0IHJlYWRpbmcgbG9vcCB0byBwcmV2ZW50Cit0aGlzIGluY3JlZGlibHkgcmFyZSB5ZXQgdGVj
aG5pY2FsbHkgcG9zc2libGUgaXNzdWUuICBJIGRvbid0IGJvdGhlcgorZ3Jvd2luZyB0aGUgYnVm
ZmVyIGlmIHdlJ3JlIHN0aWxsIHJlYWRpbmcgY2hhcmFjdGVycyBiZWNhdXNlIGhvbmVzdGx5Citp
ZiB3ZSBoYXZlIG1vcmUgdGhhbiBCVUZTSVogaW4gcGFyZW5zLCB3ZSd2ZSBnb3QgYSBnYXJiYWdl
IHNwZWMgZmlsZS4KKworVGhlIHBhdGNoIGRvZXMgZW5zdXJlIHRoZSB1bnVzZWQgc3BhY2UgaW4g
QlVGU0laIGlzIE5VTEwgYW5kIHRoYXQgdGhlCitsYW5nIGJ1ZmZlciBpcyBOVUxMIHRlcm1pbmF0
ZWQgc28gaXQncyBtb2RlcmF0ZWx5IHVzZWZ1bCBpbiBsYXRlcgorcGFydHMgb2YgdGhlIGNvZGUu
CisKK1NpZ25lZC1vZmYtYnk6IERhdmUgQ2FudHJlbGwgPGRjYW50cmVsbEByZWRoYXQuY29tPgor
KGJhY2twb3J0ZWQgZnJvbSBjb21taXQgYjZmMmNjNTJmY2M3ZWVkZjAwOTVjMmJmMDQ5NWU0YjZh
YWZkODdjYikKKy0tLQorIGJ1aWxkL3BhcnNlUHJlYW1ibGUuYyB8IDEyICsrKysrKysrLS0tLQor
IDEgZmlsZSBjaGFuZ2VkLCA4IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCisKK2RpZmYg
LS1naXQgYS9idWlsZC9wYXJzZVByZWFtYmxlLmMgYi9idWlsZC9wYXJzZVByZWFtYmxlLmMKK2lu
ZGV4IDM2OTM3NDZmOC4uZTE0NjY0OTM5IDEwMDY0NAorLS0tIGEvYnVpbGQvcGFyc2VQcmVhbWJs
ZS5jCisrKysgYi9idWlsZC9wYXJzZVByZWFtYmxlLmMKK0BAIC0xMDY0LDEwICsxMDY0LDExIEBA
IHN0YXRpYyBzdHJ1Y3QgUHJlYW1ibGVSZWNfcyBjb25zdCBwcmVhbWJsZUxpc3RbXSA9IHsKKyAv
KioKKyAgKi8KKyBzdGF0aWMgaW50IGZpbmRQcmVhbWJsZVRhZyhycG1TcGVjIHNwZWMscnBtVGFn
VmFsICogdGFnLAorLQkJY29uc3QgY2hhciAqKiBtYWNybywgY2hhciAqIGxhbmcpCisrCQljb25z
dCBjaGFyICoqIG1hY3JvLCBjaGFyICogbGFuZywgc2l6ZV90IGxhbmdzaXplKQorIHsKKyAgICAg
UHJlYW1ibGVSZWMgcDsKKyAgICAgY2hhciAqczsKKysgICAgc2l6ZV90IGwgPSAwOworIAorICAg
ICBmb3IgKHAgPSBwcmVhbWJsZUxpc3Q7IHAtPnRva2VuICE9IE5VTEw7IHArKykgeworIAlpZiAo
IShwLT50b2tlbiAmJiAhcnN0cm5jYXNlY21wKHNwZWMtPmxpbmUsIHAtPnRva2VuLCBwLT5sZW4p
KSkKK0BAIC0xMDk3LDE0ICsxMDk4LDE3IEBAIHN0YXRpYyBpbnQgZmluZFByZWFtYmxlVGFnKHJw
bVNwZWMgc3BlYyxycG1UYWdWYWwgKiB0YWcsCisgICAgIGNhc2UgMjoKKyAJaWYgKCpzID09ICc6
JykgeworIAkgICAgLyogVHlwZSAxIGlzIG11bHRpbGFuZywgMiBpcyBxdWFsaWZpZXJzIHdpdGgg
bm8gZGVmYXVsdHMgKi8KKy0JICAgIHN0cmNweShsYW5nLCAocC0+dHlwZSA9PSAxKSA/IFJQTUJV
SUxEX0RFRkFVTFRfTEFORyA6ICIiKTsKKysJICAgIHJzdHJsY3B5KGxhbmcsIChwLT50eXBlID09
IDEpID8gUlBNQlVJTERfREVGQVVMVF9MQU5HIDogIiIsIGxhbmdzaXplKTsKKysJICAgIGwgPSBz
dHJsZW4obGFuZyk7CisgCSAgICBicmVhazsKKyAJfQorIAlpZiAoKnMgIT0gJygnKSByZXR1cm4g
MTsKKyAJcysrOworIAlTS0lQU1BBQ0Uocyk7CistCXdoaWxlICghcmlzc3BhY2UoKnMpICYmICpz
ICE9ICcpJykKKysJd2hpbGUgKCFyaXNzcGFjZSgqcykgJiYgKnMgIT0gJyknICYmIGwgPCAobGFu
Z3NpemUgLSAxKSkgeworIAkgICAgKmxhbmcrKyA9ICpzKys7CisrCSAgICBsKys7CisrCX0KKyAJ
KmxhbmcgPSAnXDAnOworIAlTS0lQU1BBQ0Uocyk7CisgCWlmICgqcyAhPSAnKScpIHJldHVybiAx
OworQEAgLTExNzMsNyArMTE3Nyw3IEBAIGludCBwYXJzZVByZWFtYmxlKHJwbVNwZWMgc3BlYywg
aW50IGluaXRpYWxQYWNrYWdlKQorIAkgICAgbGluZXAgPSBzcGVjLT5saW5lOworIAkgICAgU0tJ
UFNQQUNFKGxpbmVwKTsKKyAJICAgIGlmICgqbGluZXAgIT0gJ1wwJykgeworLQkJaWYgKGZpbmRQ
cmVhbWJsZVRhZyhzcGVjLCAmdGFnLCAmbWFjcm8sIGxhbmcpKSB7CisrCQlpZiAoZmluZFByZWFt
YmxlVGFnKHNwZWMsICZ0YWcsICZtYWNybywgbGFuZywgc2l6ZW9mKGxhbmcpKSkgeworIAkJICAg
IGlmIChzcGVjLT5saW5lTnVtID09IDEgJiYKKyAJCQkodW5zaWduZWQgY2hhcikoc3BlYy0+bGlu
ZVswXSkgPT0gMHhlZCAmJgorIAkJCSh1bnNpZ25lZCBjaGFyKShzcGVjLT5saW5lWzFdKSA9PSAw
eGFiICYmCistLSAKKzIuNTQuMAorCgpkaWZmIC0tZ2l0IGEvcnBtLnNwZWMgYi9ycG0uc3BlYwpp
bmRleCBkNTEyNzM3Li40YzRlOTAzIDEwMDY0NAotLS0gYS9ycG0uc3BlYworKysgYi9ycG0uc3Bl
YwpAQCAtNjczLDYgKzY3Myw3IEBAIGZpCiAtIEFkZCBzdXBwb3J0IGZvciAlJWF1dG9zZXR1cCAt
QyAoUkhFTC0xNDEyNjkpCiAtIEFkZCBzdXBwb3J0IGZvciBkYXRhYmFzZSBwYXJraW5nIChSSEVM
LTEyNjQwNSkKIC0gTWFrZSBzeXNsb2cgcGx1Z2luIGFjdHVhbGx5IHVzZWZ1bCBhbmQgYWxzbyBy
ZXF1aXJlZCAoUkhFTC0xNTUyNzIpCistIEZpeCBidWZmZXIgb3ZlcnJ1bnMgd2l0aCBsb25nIGxh
bmd1YWdlIHN0cmluZ3MgKFJIRUwtMTY5NzU1KQogCiAqIFRodSBGZWIgMDUgMjAyNiBNaWNoYWwg
RG9tb25rb3MgPG1kb21vbmtvQHJlZGhhdC5jb20+IC0gNC4xOS4xLjEtMjMKIC0gRml4IGtleSBp
bXBvcnQgQVBJIHRvIHJldHVybiBOT1RUUlVTVEVEIGZvciBkaXNhYmxlZCBhbGdvcml0aG1zIChS
SEVMLTExMjM5NCkK