Djam/coreutils
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/coreutils.git synced 2025-02-23 17:22:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Backport upstream patch to fix CVE-2018-17942

Browse source
This commit is contained in:
Andrey Bondrov 2019-08-28 21:01:13 +10:00
parent dfbbcb2622
commit 281461cf85
4 changed files with 18 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.abf.yml
View file

@ -1,5 +1,3 @@
removed_sources:
coreutils-8.19.tar.xz: b508dd4e21f5dccbdb846a27d9122598f1878a6a
sources:
coreutils-8.24.tar.xz: cf3d9983461c2b0c074a76804c18464e9a474883
coreutils-8.24.tar.xz.sig: 2620598f28cb68922946081da3b867b683c12548

17
coreutils-8.19.tar.xz.sig
View file

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJQMdyBAAoJEH/Z/MsAC+7uPSkQAIVt2Eow5UChyij0PL95zvG4
l72JuAHgHYzSv4qCQQ4OOYTWhIdjo8DAe6byyTfyjJx67Mypz4e1oIkal+9CoReT
UDLfjJo90n46kwYVdogBs5Zgs+/7R4eNKLlNtiJ3w52JxGlOjZTSexfe/Km4wqqQ
6vQRx3LyZva7a4w/BiLFlCi/BLrid3ZeDsGOgMZ/A8zf+YFPXTOPqcFMnxmxQXMb
jVGjSrjMIPjeozX4h11T4/mTN2qeUEG0RjN1DwjrcC+v24Jz97CsrvlQZtBrzmxr
vyAr+Nf2x1bwwRHJHrJ1HvNQV0SQGLjPIIfbfSULSau5bv/wFRxIDfak7Z0S9bbq
n9l6+qzSii40utIX9S+LwwbNNBe5ORktLy8TzfU1np7/998RqK7TlhiedXzZ1NLq
wV7sRr34h1qpr4JRM4ieJrwIKXQImlktbu/WRe4OCC560ON3XJppd1cAxFLzynhN
LgGlX1O6LjyiFpAJkx7oNkQ9QGIjghz4YD06TITkfrxD+zzdwt2WDSMr/1/6z2/y
4pmpZaW68tGCLLFaluhJ0Pr+3g/QdnqvY3Nod5VXjsT2TlDUnqK59pWsNMBxeeyk
G0OD4UvaZrkh8RJUbzCJtQsi5ZZTrzv0/3HjkTEshu8m5hdklEwOEQjtpsHfT/iv
aTUjgqN11Iw67QIvYKaB
=bzPS
-----END PGP SIGNATURE-----

14
coreutils-8.24-CVE-2018-17942.patch Normal file
View file

@ -0,0 +1,14 @@
diff -urN coreutils-8.24/lib/vasnprintf.c coreutils-8.24-patched/lib/vasnprintf.c
--- coreutils-8.24/lib/vasnprintf.c 2015-06-16 15:04:34.000000000 +1000
+++ coreutils-8.24-patched/lib/vasnprintf.c 2019-08-28 20:59:06.000772714 +1000
@@ -849,7 +849,9 @@
size_t a_len = a.nlimbs;
/* 0.03345 is slightly larger than log(2)/(9*log(10)). */
size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
+ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
+ digits of a, followed by 1 byte for the terminating NUL. */
+ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
if (c_ptr != NULL)
{
char *d_ptr = c_ptr;

5
coreutils.spec
View file

@ -3,12 +3,13 @@
Summary: The GNU core utilities: a set of tools commonly used in shell scripts
Name: coreutils
Version: 8.24
Release: 4
Release: 5
License: GPLv3+
Group: System/Base
Url: http://www.gnu.org/software/coreutils/
Source0: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
Source1: http://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz.sig
Patch0: coreutils-8.24-CVE-2018-17942.patch
# fileutils
Patch101: coreutils-8.2-spacedir.patch
@ -137,6 +138,8 @@ This package contains coreutils documentation in GNU info format.
%prep
%setup -q
%patch0 -p1
# fileutils
# (tpg) seems to be fixed
#%patch101 -p1 -b .space~