Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package autogen for openSUSE:Factory checked in at 2025-09-17 17:44:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/autogen (Old) and /work/SRC/openSUSE:Factory/.autogen.new.27445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "autogen" Wed Sep 17 17:44:29 2025 rev:54 rq:1304826 version:5.18.16 Changes: -------- --- /work/SRC/openSUSE:Factory/autogen/autogen.changes 2022-05-06 18:59:11.197346588 +0200 +++ /work/SRC/openSUSE:Factory/.autogen.new.27445/autogen.changes 2025-09-17 17:44:37.759438069 +0200 @@ -1,0 +2,6 @@ +Mon Sep 15 12:49:28 UTC 2025 - Andreas Schwab <[email protected]> + +- text-mmap-check-failed-addr.patch: Fix missing error check from mmap + (CVE-2025-8746, bsc#1247921) + +------------------------------------------------------------------- New: ---- text-mmap-check-failed-addr.patch ----------(New B)---------- New: - text-mmap-check-failed-addr.patch: Fix missing error check from mmap (CVE-2025-8746, bsc#1247921) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ autogen.spec ++++++ --- /var/tmp/diff_new_pack.hAZcBJ/_old 2025-09-17 17:44:39.063492880 +0200 +++ /var/tmp/diff_new_pack.hAZcBJ/_new 2025-09-17 17:44:39.063492880 +0200 @@ -1,7 +1,7 @@ # # spec file for package autogen # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,13 +37,14 @@ # PATCH-FIX-UPSTREAM Allow building with guile 3.0 Patch6: guile-version.patch Patch7: autogen-avoid-GCC-code-analysis-bug.patch +Patch8: text-mmap-check-failed-addr.patch BuildRequires: fdupes BuildRequires: guile-devel BuildRequires: makeinfo BuildRequires: pkgconfig >= 0.9.0 BuildRequires: pkgconfig(libxml-2.0) Requires(post): %{install_info_prereq} -Requires(preun):%{install_info_prereq} +Requires(preun): %{install_info_prereq} %description AutoGen is a tool designed for generating program files that contain ++++++ text-mmap-check-failed-addr.patch ++++++ Index: autogen-5.18.16/autoopts/save.c =================================================================== --- autogen-5.18.16.orig/autoopts/save.c +++ autogen-5.18.16/autoopts/save.c @@ -494,6 +494,9 @@ remove_settings(tOptions * opts, char co char * text = text_mmap(fname, PROT_READ|PROT_WRITE, MAP_PRIVATE, &map_info); char * scan = text; + if (TEXT_MMAP_FAILED_ADDR(text)) + return; + for (;;) { char * next = scan = strstr(scan, zCfgProg); if (scan == NULL)
