--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,38 @@
+2003-11-16  Paul Eggert  <eggert@twinsun.com>
+            Bruno Haible  <bruno@clisp.org>
+
+	Protect against address arithmetic overflow.
+	* printf-args.h: Include stddef.h.
+	(arguments): Change type of field 'count' to size_t.
+	* printf-args.c (printf_fetchargs): Use size_t instead of
+	'unsigned int' where appropriate.
+	* printf-parse.h: Include sys/types.h.
+	(char_directive): Change type of *arg_index fields to ssize_t.
+	(char_directives): Change type of fields 'count', max_*_length to
+	size_t.
+	* printf-parse.c: Include sys/types.h and xsize.h.
+	(SSIZE_MAX): Define fallback value.
+	(PRINTF_PARSE): Use size_t instead of 'unsigned int' and ssize_t
+	instead of 'int' where appropriate. Check a_allocated, d_allocated
+	against overflow. Reject %m$ argument numbers > SSIZE_MAX + 1.
+	* vasnprintf.c: Include xsize.h.
+	(VASNPRINTF): Use size_t instead of 'unsigned int' where appropriate.
+	Check alloca, malloc, realloc, ENSURE_ALLOCATION arguments against
+	overflow. Avoid wraparound when converting a width or precision from
+	decimal to binary.
+
+2003-11-16  Bruno Haible  <bruno@clisp.org>
+
+	Update from GNU gettext.
+	* printf-parse.c: Generalize to it can be compiled for wide strings.
+	(PRINTF_PARSE, CHAR_T, DIRECTIVE, DIRECTIVES): New macros.
+	* vasnprintf.c: Generalize to it can be compiled for wide strings.
+	(VASNPRINTF, CHAR_T, DIRECTIVE, DIRECTIVES, PRINTF_PARSE, USE_SNPRINTF,
+	SNPRINTF): New macros.
+	Don't include <alloca.h> if the file is used inside libintl.
+	(local_wcslen): New function, for Solaris 2.5.1.
+	(VASNPRINTF): Use it instead of wcslen.
+
 2003-11-16  Bruno Haible  <bruno@clisp.org>
 
 	* xsize.h (xmax): New function.