From patchwork Sat Oct 26 22:42:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 69507 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 194F827BBEA; Sat, 26 Oct 2024 23:45:02 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8521027BBE2 for ; Sat, 26 Oct 2024 23:45:01 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4pWJ-0000xQ-JU; Sat, 26 Oct 2024 18:44:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4pWI-0000wK-6D for guix-patches@gnu.org; Sat, 26 Oct 2024 18:44:30 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t4pWH-0007Rd-TT for guix-patches@gnu.org; Sat, 26 Oct 2024 18:44:29 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=4F7VKYOXo9/NfQLJ39ger4rUzPryYgXbRA9pHDF0I7A=; b=NM27uqg6kVB2OTqbwfwJtkMkCB6vTy84Ru8BpC5AJG3ormLiHfufZnUxIIJugvw4xYXe2qlBXkmOtIU1cZbnOogY6rC6PhGnbLrAN5fUN5rin90h970oJQPPHs3oBI8MWyaGAO2Igviu5EN+zHIr/biQtial4Jf8iSMTtm2PsoT6xDef1mW8vDK40vvL6o+z1cx6IvmdQHzabOwAZxyK5eTwX3h/Yji4IHSftknCt4GsLZ5dDSP2eNz71y1G4IRuvVWkzpDFcrz51bUjm7yMDEdj8F3JEe/2UBKT8tFzKszvAes6DBoGdXA7my0a3VLICfRmtBZQ+ko3gl7MPcwOvA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t4pWp-0006qT-Op for guix-patches@gnu.org; Sat, 26 Oct 2024 18:45:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#74035] [PATCH 12/24] gnu: indent: Add patch for CVE-2024-0911. [security fixes] Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 26 Oct 2024 22:45:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74035 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74035@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 74035-submit@debbugs.gnu.org id=B74035.172998265726073 (code B ref 74035); Sat, 26 Oct 2024 22:45:03 +0000 Received: (at 74035) by debbugs.gnu.org; 26 Oct 2024 22:44:17 +0000 Received: from localhost ([127.0.0.1]:43047 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pW4-0006mL-M2 for submit@debbugs.gnu.org; Sat, 26 Oct 2024 18:44:17 -0400 Received: from 2.mo576.mail-out.ovh.net ([178.33.251.80]:54765) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t4pVw-0006l6-0j for 74035@debbugs.gnu.org; Sat, 26 Oct 2024 18:44:09 -0400 Received: from director9.ghost.mail-out.ovh.net (unknown [10.108.25.2]) by mo576.mail-out.ovh.net (Postfix) with ESMTP id 4XbZSN6qyHz1spm for <74035@debbugs.gnu.org>; Sat, 26 Oct 2024 22:43:32 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-j8lkq (unknown [10.111.182.110]) by director9.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 8B54D1FD1C; Sat, 26 Oct 2024 22:43:32 +0000 (UTC) Received: from ngraves.fr ([37.59.142.110]) by ghost-submission-5b5ff79f4f-j8lkq with ESMTPSA id HXycDJRwHWe/GR4ABgfSDw (envelope-from ); Sat, 26 Oct 2024 22:43:32 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-110S004dc3aa72b-f40b-4b68-858c-3b48e568f878, E6BF9B87AE7FBE7894246B3B643E76DCC103CD4C) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 86.246.19.221 Date: Sun, 27 Oct 2024 00:42:33 +0200 Message-ID: <20241026224300.30694-12-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241026224300.30694-1-ngraves@ngraves.fr> References: <20241026224300.30694-1-ngraves@ngraves.fr> MIME-Version: 1.0 X-Ovh-Tracer-Id: 8112108830875443938 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdejhedgudefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffojghfgggtgfesthekredtredtjeenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpedugeelfeekhedugedvieffleekgeffiefhkeejudelveeuuefhheevtefghedtheenucffohhmrghinhepghhnuhdrohhrghenucfkphepuddvjedrtddrtddruddpkeeirddvgeeirdduledrvddvuddpfeejrdehledrudegvddruddutdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjeegtdefheesuggvsggsuhhgshdrghhnuhdrohhrghdpoffvtefjohhsthepmhhoheejiedpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=4F7VKYOXo9/NfQLJ39ger4rUzPryYgXbRA9pHDF0I7A=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1729982613; v=1; b=Da0j9oYzNPzgGJL7/4GMcq5bdOo2H9AZowTwzyfzpWxEOSIMeDDaw8dGu8UPllrymqmOAQ2J KlC25xzttnoAEBIErFtOZcMEG1vtcYSJgOaQG/dtHlbelIZt6JeuQpCpy/NoM2pekNKAbWBeL6O 4EQAHjhkalOSTbrTk/hAm70xb/mZ9PqTlfCgv7QE80ms8j+Dw5o70ajGOGLQUaems+kUfJ1QDbn TqOHj5nUw8SBXj0sOvFj5KoT1lybqLbBotY/OEf8oeiWANYdMKcVoBnJ2rfVHvRMYZ8GDm2+/f/ TTUbCWOMoatTVyaON9e0Wl+a3cm8Q/kiUsPkZicNgWBVg== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here... * gnu/local.mk: ...here... * gnu/packages/code.scm (indent)[source]: ...and here. --- gnu/local.mk | 1 + gnu/packages/code.scm | 4 +- .../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch diff --git a/gnu/local.mk b/gnu/local.mk index d253b424bb..1a69a22aba 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1559,6 +1559,7 @@ dist_patch_DATA = \ %D%/packages/patches/idris-test-ffi008.patch \ %D%/packages/patches/igraph-fix-varargs-integer-size.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/indent-CVE-2024-0911.patch \ %D%/packages/patches/instead-use-games-path.patch \ %D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/irrlicht-use-system-libs.patch \ diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm index 094dd32982..dda37528b8 100644 --- a/gnu/packages/code.scm +++ b/gnu/packages/code.scm @@ -879,7 +879,9 @@ (define-public indent (uri (string-append "mirror://gnu/indent/indent-" version ".tar.gz")) (sha256 - (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y")))) + (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y")) + ;; Remove patch when updating. + (patches (search-patches "indent-CVE-2024-0911.patch")))) (build-system gnu-build-system) (native-inputs (list texinfo)) diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch new file mode 100644 index 0000000000..4687d3f59a --- /dev/null +++ b/gnu/packages/patches/indent-CVE-2024-0911.patch @@ -0,0 +1,61 @@ +Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html +Signed-off-by: Petr Písař +--- + regression/TEST | 2 +- + regression/input/comment-parent-heap-underread.c | 3 +++ + regression/standard/comment-parent-heap-underread.c | 5 +++++ + src/output.c | 2 +- + 4 files changed, 10 insertions(+), 2 deletions(-) + create mode 100644 regression/input/comment-parent-heap-underread.c + create mode 100644 regression/standard/comment-parent-heap-underread.c + +diff --git a/regression/TEST b/regression/TEST +index 7c07c2e..951b1a2 100755 +--- a/regression/TEST ++++ b/regression/TEST +@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \ + macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \ + bug-gnu-33364.c float-constant-suffix.c block-comments.c \ +- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c" ++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \ ++ comment-parent-heap-underread.c" + + INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \ + indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \ +diff --git a/regression/input/comment-parent-heap-underread.c +b/regression/input/comment-parent-heap-underread.c +new file mode 100644 +index 0000000..68e13cf +--- /dev/null ++++ b/regression/input/comment-parent-heap-underread.c +@@ -0,0 +1,3 @@ ++void foo(void) { ++/*a*/(1); ++} +diff --git a/regression/standard/comment-parent-heap-underread.c +b/regression/standard/comment-parent-heap-underread.c +new file mode 100644 +index 0000000..9a1c6e3 +--- /dev/null ++++ b/regression/standard/comment-parent-heap-underread.c +@@ -0,0 +1,5 @@ ++void ++foo (void) ++{ ++/*a*/ (1); ++} +diff --git a/src/output.c b/src/output.c +index ee01bcc..17eee6e 100644 +--- a/src/output.c ++++ b/src/output.c +@@ -290,7 +290,7 @@ void set_buf_break ( + /* Did we just parse a bracket that will be put on the next line + * by this line break? */ + +- if ((*token == '(') || (*token == '[')) ++ if (level > 0 && ((*token == '(') || (*token == '['))) + { + --level; /* then don't take it into account */ + } +-- +2.43.0