packages/gawk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!32 [sync] PR-30: fix CVE-2023-4156

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @openeuler-basic 
Signed-off-by: @openeuler-basic
This commit is contained in:
openeuler-ci-bot 2023-08-29 01:35:03 +00:00 committed by Gitee
commit 78486464ae
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-CVE-2023-4156.patch Normal file
View File

@ -0,0 +1,30 @@
From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
From: "Arnold D. Robbins" <arnold@skeeve.com>
Date: Wed, 3 Aug 2022 13:00:54 +0300
Subject: [PATCH] Smal bug fix in builtin.c.
Reference:https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212
Conflict:delete changlog
---
builtin.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/builtin.c b/builtin.c
index d7ba82c..3eee9b9 100644
--- a/builtin.c
+++ b/builtin.c
@@ -963,7 +963,10 @@ check_pos:
s1++;
n0--;
}
- if (val >= num_args) {
+ // val could be less than zero if someone provides a field width
+ // so large that it causes integer overflow. Mainly fuzzers do this,
+ // but let's try to be good anyway.
+ if (val < 0 || val >= num_args) {
toofew = true;
break;
}
--
2.27.0

6
gawk.spec
View File

@ -4,7 +4,7 @@
egrep -i "gawk_api_minor.*[0-9]+" | egrep -o "[0-9]") egrep -i "gawk_api_minor.*[0-9]+" | egrep -o "[0-9]")
Name: gawk Name: gawk
Version: 5.0.1 Version: 5.0.1
Release: 4 Release: 5
License: GPLv3+ and GPLv2+ and LGPLv2+ and BSD License: GPLv3+ and GPLv2+ and LGPLv2+ and BSD
Summary: The GNU version of the AWK text processing utility Summary: The GNU version of the AWK text processing utility
URL: https://www.gnu.org/software/gawk/ URL: https://www.gnu.org/software/gawk/
@ -13,6 +13,7 @@ Source0: https://ftp.gnu.org/gnu/gawk/gawk-%{version}.tar.xz
Patch0: gawk-inplace-namespace-part1.patch Patch0: gawk-inplace-namespace-part1.patch
Patch1: gawk-inplace-namespace-part2.patch Patch1: gawk-inplace-namespace-part2.patch
Patch2: gawk-inplace-namespace-part3.patch Patch2: gawk-inplace-namespace-part3.patch
Patch3: backport-CVE-2023-4156.patch
BuildRequires: git gcc automake grep BuildRequires: git gcc automake grep
BuildRequires: bison texinfo texinfo-tex ghostscript texlive-ec texlive-cm-super glibc-all-langpacks BuildRequires: bison texinfo texinfo-tex ghostscript texlive-ec texlive-cm-super glibc-all-langpacks
@ -107,6 +108,9 @@ install -m 0644 -p doc/gawkinet.{pdf,ps} ${RPM_BUILD_ROOT}%{_docdir}/%{name}
%{_datadir}/locale/* %{_datadir}/locale/*
%changelog %changelog
* Mon Aug 28 2023 yangmingtai <yangmingtai@huawei.com> - 5.0.1-5
- fix CVE-2023-4156
* Fri Sep 2 2022 zoulin <zoulin13@h-partners.com> - 5.0.1-4 * Fri Sep 2 2022 zoulin <zoulin13@h-partners.com> - 5.0.1-4
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA