packages/indent
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!7 Fix CVE-2023-40305

Browse Source 
From: @wk333 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2023-08-29 03:37:30 +00:00 committed by Gitee
commit 947f265a73
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fix-a-heap-buffer-overwrite-CVE-2023-40305.patch Normal file
View File

@ -0,0 +1,15 @@
From: Petr Písař <ppisar@redhat.com>
Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
Bug-Debian: https://bugs.debian.org/1049366
Forwarded: https://savannah.gnu.org/bugs/index.php?64503
--- a/src/indent.c
+++ b/src/indent.c
@@ -228,6 +228,7 @@
* a `dump_line' call, thus ensuring that the brace
* will go into the right column. */
+ need_chars (&save_com, 2);
*save_com.end++ = EOL;
*save_com.end++ = '{';
save_com.len += 2;

17
fix-an-out-of-buffer-read-CVE-2023-40305.patch Normal file
View File

@ -0,0 +1,17 @@
From: Petr Písař <ppisar@redhat.com>
Subject: Fix an out-of-buffer read in search_brace()/lexi()
Bug-Debian: https://bugs.debian.org/1049366
Forwarded: https://savannah.gnu.org/bugs/index.php?64503
--- a/src/indent.c
+++ b/src/indent.c
@@ -145,8 +145,8 @@
parser_state_tos->search_brace = false;
bp_save = buf_ptr;
be_save = buf_end;
- buf_ptr = save_com.ptr;
need_chars (&save_com, 1);
+ buf_ptr = save_com.ptr;
buf_end = save_com.end;
save_com.end = save_com.ptr; /* make save_com empty */
}

9
indent.spec
View File

@ -3,10 +3,12 @@
Name: indent Name: indent
Summary: A tool to make code easier to read Summary: A tool to make code easier to read
Version: 2.2.13 Version: 2.2.13
Release: 1 Release: 2
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/%{name}/ URL: http://www.gnu.org/software/%{name}/
Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.xz Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.xz
Patch0: fix-an-out-of-buffer-read-CVE-2023-40305.patch
Patch1: fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
BuildRequires: gettext-devel automake gcc autoconf BuildRequires: gettext-devel automake gcc autoconf
BuildRequires: make coreutils gperf texinfo texi2html BuildRequires: make coreutils gperf texinfo texi2html
@ -34,7 +36,7 @@ autoreconf -i -f
%find_lang %name %find_lang %name
%check %check
make -C regression make check %{?_smp_mflags}
%files -f %{name}.lang %files -f %{name}.lang
%license COPYING %license COPYING
@ -48,6 +50,9 @@ make -C regression
%exclude %{_infodir}/dir %exclude %{_infodir}/dir
%changelog %changelog
* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.13-2
- Fix CVE-2023-40305
* Mon Apr 24 2023 xu_ping <707078654@qq.com> - 2.2.13-1 * Mon Apr 24 2023 xu_ping <707078654@qq.com> - 2.2.13-1
- Upgrade package to 2.2.13 version - Upgrade package to 2.2.13 version