!13 [sync] PR-9: Fix CVE-2023-40305

From: @openeuler-sync-bot Reviewed-by: @caodongxia Signed-off-by: @caodongxia
2023-08-29 06:19:46 +00:00 · 2023-08-29 06:19:46 +00:00 · f38b83a0aa
commit f38b83a0aa
parent 7148ca10d2 caa88727b4
3 changed files with 42 additions and 3 deletions
--- a/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
+++ b/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
@ -0,0 +1,15 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
+++ b/src/indent.c
+@@ -228,6 +228,7 @@
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+ 
+                need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
--- a/fix-an-out-of-buffer-read-CVE-2023-40305.patch
+++ b/fix-an-out-of-buffer-read-CVE-2023-40305.patch
@ -0,0 +1,17 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
+++ b/src/indent.c
+@@ -145,8 +145,8 @@
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
+    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
--- a/indent.spec
+++ b/indent.spec
@ -2,11 +2,10 @@
 Name: indent
 Summary: A tool to make code easier to read
 Version: 2.2.11
-Release: 27
+Release: 29
 License: GPLv3+
 URL: http://www.gnu.org/software/%{name}/
-
-Source: http://indent.isidore-it.eu/%{name}-%{version}.tar.gz
+Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.gz

 Patch5: indent-2.2.9-lcall.patch
 Patch7: indent-2.2.9-man.patch
@ -19,6 +18,8 @@ Patch13: indent-2.2.11-Support-hexadecimal-floats.patch
 Patch14: indent-2.2.11-Modernize-texi2html-arguments.patch
 Patch15: indent-2.2.11-doc-Correct-a-typo-about-enabling-control-comment.patch
 Patch16: indent-2.2.11-Fix-nbdfa-and-nbdfe-typo.patch
+Patch17: fix-an-out-of-buffer-read-CVE-2023-40305.patch
+Patch18: fix-a-heap-buffer-overwrite-CVE-2023-40305.patch

 BuildRequires:  gettext-devel automake gcc autoconf
 BuildRequires:  make coreutils gperf texinfo texi2html
@ -62,5 +63,11 @@ make -C regression
 %exclude %{_infodir}/dir

 %changelog
+* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.11-29
+- Fix CVE-2023-40305
+
+* Thu Sep 10 2020 baizhonggui<baizhonggui@huawei.com> - 2.2.11-28
+- fix source0
+
 * Tue Dec 3 2019 caomeng<caomeng5@huawei.com> - 2.2.11-27
 - Package init