From 0844e88ac44981e2b9745b31bef78e9ac5add63e Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Tue, 29 Aug 2023 09:56:50 +0800
Subject: [PATCH] Fix CVE-2023-40305

---
 ...a-heap-buffer-overwrite-CVE-2023-40305.patch | 15 +++++++++++++++
 fix-an-out-of-buffer-read-CVE-2023-40305.patch  | 17 +++++++++++++++++
 indent.spec                                     |  9 +++++++--
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
 create mode 100644 fix-an-out-of-buffer-read-CVE-2023-40305.patch

diff --git a/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch b/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
new file mode 100644
index 0000000..1349237
--- /dev/null
+++ b/fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
@@ -0,0 +1,15 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+ 
++                need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
diff --git a/fix-an-out-of-buffer-read-CVE-2023-40305.patch b/fix-an-out-of-buffer-read-CVE-2023-40305.patch
new file mode 100644
index 0000000..404e40f
--- /dev/null
+++ b/fix-an-out-of-buffer-read-CVE-2023-40305.patch
@@ -0,0 +1,17 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
++    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
diff --git a/indent.spec b/indent.spec
index 72c4f14..5f1c53c 100644
--- a/indent.spec
+++ b/indent.spec
@@ -3,10 +3,12 @@
 Name: indent
 Summary: A tool to make code easier to read
 Version: 2.2.13
-Release: 1
+Release: 2
 License: GPLv3+
 URL: http://www.gnu.org/software/%{name}/
 Source: http://ftp.gnu.org/gnu/indent/%{name}-%{version}.tar.xz
+Patch0:  fix-an-out-of-buffer-read-CVE-2023-40305.patch
+Patch1:  fix-a-heap-buffer-overwrite-CVE-2023-40305.patch
 
 BuildRequires:  gettext-devel automake gcc autoconf
 BuildRequires:  make coreutils gperf texinfo texi2html
@@ -34,7 +36,7 @@ autoreconf -i -f
 %find_lang %name
 
 %check
-make -C regression
+make check %{?_smp_mflags}
 
 %files -f %{name}.lang
 %license COPYING
@@ -48,6 +50,9 @@ make -C regression
 %exclude %{_infodir}/dir
 
 %changelog
+* Tue Aug 29 2023 wangkai <13474090681@163.com> - 2.2.13-2
+- Fix CVE-2023-40305
+
 * Mon Apr 24 2023 xu_ping <707078654@qq.com> - 2.2.13-1
 - Upgrade package to 2.2.13 version