From 796ceb48ae011fe04cd255dc77ba6c2aa76d8bc5 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 25 Jan 2024 23:43:46 +0100 Subject: [PATCH] main/coreutils: patch CVE-2024-0684 --- main/coreutils/APKBUILD | 12 +++++++---- main/coreutils/CVE-2024-0684.patch | 34 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 main/coreutils/CVE-2024-0684.patch diff --git a/main/coreutils/APKBUILD b/main/coreutils/APKBUILD index 26c6e4bb3cf..73b865e6bd9 100644 --- a/main/coreutils/APKBUILD +++ b/main/coreutils/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa pkgname=coreutils pkgver=9.4 -pkgrel=1 +pkgrel=2 pkgdesc="The basic file, shell and text manipulation utilities" url="https://www.gnu.org/software/coreutils/" arch="all" @@ -11,10 +11,14 @@ license="GPL-3.0-or-later" makedepends="acl-dev attr-dev utmps-dev perl openssl-dev" subpackages="$pkgname-doc $pkgname-env $pkgname-fmt $pkgname-sha512sum:_sha512sum" install="$pkgname.post-deinstall" -source="https://ftp.gnu.org/gnu/coreutils/coreutils-$pkgver.tar.xz" -options="!check" +source="https://ftp.gnu.org/gnu/coreutils/coreutils-$pkgver.tar.xz + CVE-2024-0684.patch + " +options="!check" # FAIL: tests/cp/reflink-auto # secfixes: +# 9.4-r2: +# - CVE-2024-0684 # 8.30-r0: # - CVE-2017-18018 @@ -36,7 +40,6 @@ build() { make } -# XXX - some gnulib tests broken, find a way to patch out gnulib tests check() { make check } @@ -88,4 +91,5 @@ _sha512sum() { sha512sums=" 7c55ee23b685a0462bbbd118b04d25278c902604a0dcf3bf4f8bf81faa0500dee5a7813cba6f586d676c98e520cafd420f16479619305e94ea6798d8437561f5 coreutils-9.4.tar.xz +ce65374aae922452a2e4b90534aee8b81db6c9c1e16f403aa2dd3f1cc2329005b6e1b5f8eaf10731be315f4ff6408ea17b41be8a99e6be729cd102e92748e4be CVE-2024-0684.patch " diff --git a/main/coreutils/CVE-2024-0684.patch b/main/coreutils/CVE-2024-0684.patch new file mode 100644 index 00000000000..1a7d53a5fbf --- /dev/null +++ b/main/coreutils/CVE-2024-0684.patch @@ -0,0 +1,34 @@ +From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 16 Jan 2024 13:48:32 -0800 +Subject: [PATCH 1/1] split: do not shrink hold buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +* src/split.c (line_bytes_split): Do not shrink hold buffer. +If it’s large for this batch it’s likely to be large for the next +batch, and for ‘split’ it’s not worth the complexity/CPU hassle to +shrink it. Do not assume hold_size can be bufsize. +--- + src/split.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/split.c b/src/split.c +index 64020c859..037960a59 100644 +--- a/src/split.c ++++ b/src/split.c +@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize) + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xirealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */ +-- +2.17.1 +