packages/gawk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!33 fix CVE-2023-4156

Browse Source 
From: @yangmingtaip 
Reviewed-by: @openeuler-basic 
Signed-off-by: @openeuler-basic
This commit is contained in:
openeuler-ci-bot 2023-08-29 01:34:49 +00:00 committed by Gitee
commit 8105a261e2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-CVE-2023-4156.patch Normal file
View File

@ -0,0 +1,30 @@
From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
From: "Arnold D. Robbins" <arnold@skeeve.com>
Date: Wed, 3 Aug 2022 13:00:54 +0300
Subject: [PATCH] Smal bug fix in builtin.c.
Reference:https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212
Conflict:delete changlog
---
builtin.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/builtin.c b/builtin.c
index d7ba82c..3eee9b9 100644
--- a/builtin.c
+++ b/builtin.c
@@ -963,7 +963,10 @@ check_pos:
s1++;
n0--;
}
- if (val >= num_args) {
+ // val could be less than zero if someone provides a field width
+ // so large that it causes integer overflow. Mainly fuzzers do this,
+ // but let's try to be good anyway.
+ if (val < 0 || val >= num_args) {
toofew = true;
break;
}
--
2.27.0

6
gawk.spec
View File

@ -4,7 +4,7 @@
egrep -i "gawk_api_minor.*[0-9]+" | egrep -o "[0-9]") egrep -i "gawk_api_minor.*[0-9]+" | egrep -o "[0-9]")
Name: gawk Name: gawk
Version: 5.1.1 Version: 5.1.1
Release: 4 Release: 5
License: GPLv3+ and GPLv2+ and LGPLv2+ and BSD License: GPLv3+ and GPLv2+ and LGPLv2+ and BSD
Summary: The GNU version of the AWK text processing utility Summary: The GNU version of the AWK text processing utility
URL: https://www.gnu.org/software/gawk/ URL: https://www.gnu.org/software/gawk/
@ -14,6 +14,7 @@ Patch1: Disable-racy-test-in-test-iolint.awk.patch
Patch2: Restore-removed-test-in-test-iolint.awk.patch Patch2: Restore-removed-test-in-test-iolint.awk.patch
Patch3: Reorder-statements-in-iolint-to-try-to-eliminate-a-r.patch Patch3: Reorder-statements-in-iolint-to-try-to-eliminate-a-r.patch
Patch4: gawk-5.1.1-sw.patch Patch4: gawk-5.1.1-sw.patch
Patch5: backport-CVE-2023-4156.patch
BuildRequires: git gcc automake grep BuildRequires: git gcc automake grep
BuildRequires: bison texinfo texinfo-tex ghostscript texlive-ec texlive-cm-super glibc-all-langpacks BuildRequires: bison texinfo texinfo-tex ghostscript texlive-ec texlive-cm-super glibc-all-langpacks
@ -115,6 +116,9 @@ install -m 0644 -p doc/gawkinet.{pdf,ps} ${RPM_BUILD_ROOT}%{_docdir}/%{name}
%{_datadir}/locale/* %{_datadir}/locale/*
%changelog %changelog
* Mon Aug 28 2023 yangmingtai <yangmingtai@huawei.com> - 5.1.1-5
- fix CVE-2023-4156
* Sun Apr 23 2023 guoqinglan <guoqinglan@kylinos.com.cn> - 5.1.1-4 * Sun Apr 23 2023 guoqinglan <guoqinglan@kylinos.com.cn> - 5.1.1-4
- fix sw_64 build - fix sw_64 build