coreutils: fix CVE-2024-0684

2024-01-24 16:48:07 +08:00 · 2024-01-24 16:48:07 +08:00 · 406c7af111
commit 406c7af111
parent 3190f2e532
2 changed files with 43 additions and 1 deletions
--- a/backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
+++ b/backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch
@ -0,0 +1,38 @@
+From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 13:48:32 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it's large for this batch it's likely to be large for the next
+batch, and for 'split' it's not worth the complexity/CPU hassle to
+shrink it. Do not assume hold_size can be bufsize.
+
+Conflict: NA
+Reference: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9
+
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/split.c b/src/split.c
+index d872ec5..4337b2d 100644
+--- a/src/split.c
+++ b/src/split.c
+@@ -811,10 +811,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xirealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
+-- 
+2.36.1
+
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,6 +1,6 @@
 Name:       coreutils
 Version:    9.3
-Release:    2
+Release:    3
 License:    GPLv3+
 Summary:    A set of basic GNU tools commonly used in shell scripts
 Url:        https://www.gnu.org/software/coreutils/
@ -21,6 +21,7 @@ Patch6:    skip-the-tests-that-require-selinux-if-selinux-is-di.patch
 Patch7:    backport-config-color-alias-for-ls.patch
 Patch8:    backport-coreutils-i18n.patch
 Patch9:    backport-pr-fix-infinite-loop-when-double-spacing.patch
+patch10:   backport-CVE-2024-0684-split-do-not-shrink-hold-buffer.patch

 Patch9000:   openEuler-coreutils-df-direct.patch
 %ifarch sw_64
@ -154,6 +155,9 @@ fi
 %{_mandir}/man*/*

 %changelog
+* Wed Jan 24 2024 Jiangchuangang <jiangchuangang@huawei.com> - 9.3-3
+- fix CVE-2024-0684
+
 * Tue Aug 8 2023 Funda Wang <fundawang@yeah.net> - 9.3-2
 - Add alias for sm3sum