packages/indent
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-40305

Browse Source
This commit is contained in:
wk333 2023-08-29 09:53:21 +08:00
parent 6cdfadf98c
commit ecd70b66ba
3 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fix-a-heap-buffer-overwrite-CVE-2023-40305.patch Normal file
View File

@ -0,0 +1,15 @@
From: Petr Písař <ppisar@redhat.com>
Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
Bug-Debian: https://bugs.debian.org/1049366
Forwarded: https://savannah.gnu.org/bugs/index.php?64503
--- a/src/indent.c
+++ b/src/indent.c
@@ -228,6 +228,7 @@
* a `dump_line' call, thus ensuring that the brace
* will go into the right column. */
+ need_chars (&save_com, 2);
*save_com.end++ = EOL;
*save_com.end++ = '{';
save_com.len += 2;

17
fix-an-out-of-buffer-read-CVE-2023-40305.patch Normal file
View File

@ -0,0 +1,17 @@
From: Petr Písař <ppisar@redhat.com>
Subject: Fix an out-of-buffer read in search_brace()/lexi()
Bug-Debian: https://bugs.debian.org/1049366
Forwarded: https://savannah.gnu.org/bugs/index.php?64503
--- a/src/indent.c
+++ b/src/indent.c
@@ -145,8 +145,8 @@
parser_state_tos->search_brace = false;
bp_save = buf_ptr;
be_save = buf_end;
- buf_ptr = save_com.ptr;
need_chars (&save_com, 1);
+ buf_ptr = save_com.ptr;
buf_end = save_com.end;
save_com.end = save_com.ptr; /* make save_com empty */
}

7
indent.spec
View File

@ -2,7 +2,7 @@
Name: indent Name: indent
Summary: A tool to make code easier to read Summary: A tool to make code easier to read
Version: 2.2.11 Version: 2.2.11
Release: 28 Release: 29
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/%{name}/ URL: http://www.gnu.org/software/%{name}/
Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.gz Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.gz
@ -18,6 +18,8 @@ Patch13: indent-2.2.11-Support-hexadecimal-floats.patch
Patch14: indent-2.2.11-Modernize-texi2html-arguments.patch Patch14: indent-2.2.11-Modernize-texi2html-arguments.patch
Patch15: indent-2.2.11-doc-Correct-a-typo-about-enabling-control-comment.patch Patch15: indent-2.2.11-doc-Correct-a-typo-about-enabling-control-comment.patch
Patch16: indent-2.2.11-Fix-nbdfa-and-nbdfe-typo.patch Patch16: indent-2.2.11-Fix-nbdfa-and-nbdfe-typo.patch
Patch17: fix-an-out-of-buffer-read-CVE-2023-40305.patch
Patch18: fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
BuildRequires: gettext-devel automake gcc autoconf BuildRequires: gettext-devel automake gcc autoconf
BuildRequires: make coreutils gperf texinfo texi2html BuildRequires: make coreutils gperf texinfo texi2html
@ -61,6 +63,9 @@ make -C regression
%exclude %{_infodir}/dir %exclude %{_infodir}/dir
%changelog %changelog
* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.11-29
- Fix CVE-2023-40305
* Thu Sep 10 2020 baizhonggui<baizhonggui@huawei.com> - 2.2.11-28 * Thu Sep 10 2020 baizhonggui<baizhonggui@huawei.com> - 2.2.11-28
- fix source0 - fix source0