From 21871611a62219638b014faf7feea5ed152dc5999c4ef5531d51b42932056067 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Wed, 18 Mar 2020 17:29:37 +0000
Subject: [PATCH] - add CVE-2019-14274.patch (bsc#1143032, CVE-2019-14274)

OBS-URL: https://build.opensuse.org/package/show/devel:tools/mcpp?expand=0&rev=7
---
 CVE-2019-14274.patch | 22 ++++++++++++++++++++++
 mcpp.changes         |  5 +++++
 mcpp.spec            |  8 +++++---
 3 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 CVE-2019-14274.patch

diff --git a/CVE-2019-14274.patch b/CVE-2019-14274.patch
new file mode 100644
index 0000000..c522811
--- /dev/null
+++ b/CVE-2019-14274.patch
@@ -0,0 +1,22 @@
+Subject: [PATCH] Merge bug fixes from https://github.com/h8liu/mcpp.git
+
+--- a/src/support.c
++++ b/src/support.c
+@@ -188,7 +188,7 @@ static char *   append_to_buffer(
+     size_t      length
+ )
+ {
+-    if (mem_buf_p->bytes_avail < length) {  /* Need to allocate more memory */
++    if (mem_buf_p->bytes_avail < length + 1) {  /* Need to allocate more memory */
+         size_t size = MAX( BUF_INCR_SIZE, length);
+ 
+         if (mem_buf_p->buffer == NULL) {            /* 1st append   */
+@@ -1722,6 +1722,8 @@ static char *   parse_line( void)
+                     sp -= 2;
+                     while (*sp != '\n')     /* Until end of line    */
+                         mcpp_fputc( *sp++, OUT);
++                    mcpp_fputc('\n', OUT);
++                    wrong_line = TRUE;
+                 }
+                 goto  end_line;
+             default:                        /* Not a comment        */
diff --git a/mcpp.changes b/mcpp.changes
index fe1b43f..ebd1cde 100644
--- a/mcpp.changes
+++ b/mcpp.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Mar 18 17:29:06 UTC 2020 - Dirk Mueller <dmueller@suse.com>
+
+- add CVE-2019-14274.patch (bsc#1143032, CVE-2019-14274)
+
 -------------------------------------------------------------------
 Tue May  5 13:26:18 UTC 2015 - mpluskal@suse.com
 
diff --git a/mcpp.spec b/mcpp.spec
index ca49d29..840be5d 100644
--- a/mcpp.spec
+++ b/mcpp.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package mcpp
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -22,9 +22,10 @@ Release:        0
 Summary:        Matsui's C Preprocessor
 License:        BSD-3-Clause
 Group:          Development/Languages/C and C++
-Url:            http://mcpp.sourceforge.net/
+URL:            http://mcpp.sourceforge.net/
 Source0:        http://sourceforge.net/projects/mcpp/files/mcpp/V.%{version}/%{name}-%{version}.tar.gz
 Patch0:         %{name}-%{version}.diff
+Patch1:         CVE-2019-14274.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -58,6 +59,7 @@ This package holds the development files for libev.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 %build
 export CFLAGS="%{optflags} -D_BSD_SOURCE"