Accepting request 1105231 from devel:tools

OBS-URL: https://build.opensuse.org/request/show/1105231 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/indent?expand=0&rev=24
2023-08-23 12:57:54 +00:00 · 2023-08-23 12:57:54 +00:00 · 35db7a1c8f
commit 35db7a1c8f
parent 005e1030b6 b6046b21bf
4 changed files with 8451 additions and 1 deletions
--- a/fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch
+++ b/fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch
--- a/fix-out-of-buffer-read-CVE-2023-40305.patch
+++ b/fix-out-of-buffer-read-CVE-2023-40305.patch
--- a/indent.changes
+++ b/indent.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug 21 15:53:01 UTC 2023 - Antonio Teixeira <antonio.teixeira@suse.com>
+
+- Fix memory safety issues, bsc#1214243, CVE-2023-40305:
+  * fix-out-of-buffer-read-CVE-2023-40305.patch
+  * fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch 
+
 -------------------------------------------------------------------
 Fri Mar 24 20:45:47 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/indent.spec
+++ b/indent.spec
@ -26,6 +26,9 @@ URL:            https://www.gnu.org/software/indent
 Source0:        ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
 Source1:        ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz.sig
 Source2:        https://savannah.gnu.org/people/viewgpg.php?user_id=94096#/%{name}.keyring
+# PATCH-FIX-SECURITY fix-out-of-buffer-read-CVE-2023-40305.patch fix-heap-buffer-overwrite-search_brace-CVE-2023-40305 bsc#1214243 CVE-2023-40305 antonio.teixeira@suse.com -- indent: heap-based buffer overflow in search_brace() in indent.c via a crafted file
+Patch0:         fix-out-of-buffer-read-CVE-2023-40305.patch
+Patch1:         fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch
 BuildRequires:  makeinfo
 BuildRequires:  texi2html

@ -38,7 +41,7 @@ incomplete and malformed syntax.
 %lang_package

 %prep
-%autosetup
+%autosetup -p1

 %build
 %configure \