Accepting request 1147061 from home:pgajdos

- security update - added patches fix CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in set_buf_break() + indent-CVE-2024-0911.patch OBS-URL: https://build.opensuse.org/request/show/1147061 OBS-URL: https://build.opensuse.org/package/show/devel:tools/indent?expand=0&rev=22
2024-02-19 09:08:44 +00:00 · 2024-02-19 09:08:44 +00:00 · da3535092f
commit da3535092f
parent b6046b21bf
3 changed files with 27 additions and 1 deletions
--- a/indent-CVE-2024-0911.patch
+++ b/indent-CVE-2024-0911.patch
@ -0,0 +1,16 @@
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
+++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+     /* Did we just parse a bracket that will be put on the next line
+      * by this line break? */
+ 
+-    if ((*token == '(') || (*token == '['))
+    if (level > 0 && ((*token == '(') || (*token == '[')))
+     {
+         --level;                        /* then don't take it into account */
+     }
+-- 
+2.43.0
+
--- a/indent.changes
+++ b/indent.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Feb 16 09:57:02 UTC 2024 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in set_buf_break()
+  + indent-CVE-2024-0911.patch
+
 -------------------------------------------------------------------
 Mon Aug 21 15:53:01 UTC 2023 - Antonio Teixeira <antonio.teixeira@suse.com>

--- a/indent.spec
+++ b/indent.spec
@ -1,7 +1,7 @@
 #
 # spec file for package indent
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -29,6 +29,8 @@ Source2:        https://savannah.gnu.org/people/viewgpg.php?user_id=94096#/%{nam
 # PATCH-FIX-SECURITY fix-out-of-buffer-read-CVE-2023-40305.patch fix-heap-buffer-overwrite-search_brace-CVE-2023-40305 bsc#1214243 CVE-2023-40305 antonio.teixeira@suse.com -- indent: heap-based buffer overflow in search_brace() in indent.c via a crafted file
 Patch0:         fix-out-of-buffer-read-CVE-2023-40305.patch
 Patch1:         fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch
+# CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in set_buf_break()
+Patch2:         indent-CVE-2024-0911.patch
 BuildRequires:  makeinfo
 BuildRequires:  texi2html