packages/coreutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

coreutils: fix CVE-2024-0684

Browse Source
This commit is contained in:
jcg 2024-01-24 16:48:07 +08:00
parent 3190f2e532
commit 406c7af111
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch Normal file
View File

@ -0,0 +1,38 @@
From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 16 Jan 2024 13:48:32 -0800
Subject: [PATCH] split: do not shrink hold buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/split.c (line_bytes_split): Do not shrink hold buffer.
If it's large for this batch it's likely to be large for the next
batch, and for 'split' it's not worth the complexity/CPU hassle to
shrink it. Do not assume hold_size can be bufsize.
Conflict: NA
Reference: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9
---
src/split.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/split.c b/src/split.c
index d872ec5..4337b2d 100644
--- a/src/split.c
+++ b/src/split.c
@@ -811,10 +811,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
{
cwrite (n_out == 0, hold, n_hold);
n_out += n_hold;
- if (n_hold > bufsize)
- hold = xirealloc (hold, bufsize);
n_hold = 0;
- hold_size = bufsize;
}
/* Output to eol if present. */
--
2.36.1

6
coreutils.spec
View File

@ -1,6 +1,6 @@
Name: coreutils Name: coreutils
Version: 9.3 Version: 9.3
Release: 2 Release: 3
License: GPLv3+ License: GPLv3+
Summary: A set of basic GNU tools commonly used in shell scripts Summary: A set of basic GNU tools commonly used in shell scripts
Url: https://www.gnu.org/software/coreutils/ Url: https://www.gnu.org/software/coreutils/
@ -21,6 +21,7 @@ Patch6: skip-the-tests-that-require-selinux-if-selinux-is-di.patch
Patch7: backport-config-color-alias-for-ls.patch Patch7: backport-config-color-alias-for-ls.patch
Patch8: backport-coreutils-i18n.patch Patch8: backport-coreutils-i18n.patch
Patch9: backport-pr-fix-infinite-loop-when-double-spacing.patch Patch9: backport-pr-fix-infinite-loop-when-double-spacing.patch
patch10: backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
Patch9000: openEuler-coreutils-df-direct.patch Patch9000: openEuler-coreutils-df-direct.patch
%ifarch sw_64 %ifarch sw_64
@ -154,6 +155,9 @@ fi
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Wed Jan 24 2024 Jiangchuangang <jiangchuangang@huawei.com> - 9.3-3
- fix CVE-2024-0684
* Tue Aug 8 2023 Funda Wang <fundawang@yeah.net> - 9.3-2 * Tue Aug 8 2023 Funda Wang <fundawang@yeah.net> - 9.3-2
- Add alias for sm3sum - Add alias for sm3sum