Fix CVE-2023-40305

fix-a-heap-buffer-overwrite-CVE-2023-40305.patch

@@ -0,0 +1,15 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+ 
++                need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;

fix-an-out-of-buffer-read-CVE-2023-40305.patch

@@ -0,0 +1,17 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
++    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }

indent.spec

@@ -3,10 +3,12 @@
 Name: indent
 Summary: A tool to make code easier to read
 Version: 2.2.13
-Release: 1
+Release: 2
 License: GPLv3+
 URL: http://www.gnu.org/software/%{name}/
 Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.xz
+Patch0:  fix-an-out-of-buffer-read-CVE-2023-40305.patch
+Patch1:  fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
 
 BuildRequires:  gettext-devel automake gcc autoconf
 BuildRequires:  make coreutils gperf texinfo texi2html
@@ -34,7 +36,7 @@ autoreconf -i -f
 %find_lang %name
 
 %check
-make -C regression
+make check %{?_smp_mflags}
 
 %files -f %{name}.lang
 %license COPYING
@@ -48,6 +50,9 @@ make -C regression
 %exclude %{_infodir}/dir
 
 %changelog
+* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.13-2
+- Fix CVE-2023-40305
+
 * Mon Apr 24 2023 xu_ping <707078654@qq.com> - 2.2.13-1
 - Upgrade package to 2.2.13 version