add patch

CVE-2025-8746
2025-08-25 15:05:36 +02:00 · 2025-08-25 15:00:31 +02:00
3 changed files with 24 additions and 0 deletions
--- a/autogen-CVE-2025-8746.patch
+++ b/autogen-CVE-2025-8746.patch
@@ -0,0 +1,14 @@
+Index: autogen-5.18.16/autoopts/save.c
+===================================================================
+--- autogen-5.18.16.orig/autoopts/save.c
+++ autogen-5.18.16/autoopts/save.c
+@@ -494,6 +494,9 @@ remove_settings(tOptions * opts, char co
+     char *       text = text_mmap(fname, PROT_READ|PROT_WRITE, MAP_PRIVATE, &map_info);
+     char *       scan = text;
+ 
+    if (TEXT_MMAP_FAILED_ADDR(text))
+      goto leave;
+
+     for (;;) {
+         char * next = scan = strstr(scan, zCfgProg);
+         if (scan == NULL)
--- a/autogen.changes
+++ b/autogen.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Aug 25 12:23:33 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2025-8746 [bsc#1247921], improper input validation and memory bounds checking when processing certain malformed configuration files
+  + autogen-CVE-2025-8746.patch
+
 -------------------------------------------------------------------
 Tue Apr 19 19:22:33 UTC 2022 - Martin Liška <mliska@suse.cz>

--- a/autogen.spec
+++ b/autogen.spec
@@ -37,6 +37,8 @@ Patch5:         gcc9-fix-wrestrict.patch
 # PATCH-FIX-UPSTREAM Allow building with guile 3.0
 Patch6:         guile-version.patch
 Patch7:         autogen-avoid-GCC-code-analysis-bug.patch
+# CVE-2025-8746 [bsc#1247921], improper input validation and memory bounds checking when processing certain malformed configuration files
+Patch8:         autogen-CVE-2025-8746.patch
 BuildRequires:  fdupes
 BuildRequires:  guile-devel
 BuildRequires:  makeinfo
Author	SHA256	Message	Date
Petr Gajdos	3dbc94abdd	add patch	2025-08-25 15:05:36 +02:00
Petr Gajdos	78867f35ee	CVE-2025-8746	2025-08-25 15:00:31 +02:00