Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package radare2 for openSUSE:Factory checked in at 2025-02-20 16:41:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/radare2 (Old) and /work/SRC/openSUSE:Factory/.radare2.new.1873 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "radare2" Thu Feb 20 16:41:43 2025 rev:10 rq:1247343 version:5.9.8 Changes: -------- --- /work/SRC/openSUSE:Factory/radare2/radare2.changes 2024-12-11 21:09:56.110988838 +0100 +++ /work/SRC/openSUSE:Factory/.radare2.new.1873/radare2.changes 2025-02-20 16:43:07.488929868 +0100 @@ -1,0 +2,5 @@ +Mon Feb 17 16:04:54 UTC 2025 - Dirk Müller <dmuel...@suse.com> + +- add CVE-2025-1378.patch (bsc#1237250, CVE-2025-1378) + +------------------------------------------------------------------- New: ---- CVE-2025-1378.patch BETA DEBUG BEGIN: New: - add CVE-2025-1378.patch (bsc#1237250, CVE-2025-1378) BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ radare2.spec ++++++ --- /var/tmp/diff_new_pack.81Gwse/_old 2025-02-20 16:43:08.700980592 +0100 +++ /var/tmp/diff_new_pack.81Gwse/_new 2025-02-20 16:43:08.708980927 +0100 @@ -1,7 +1,7 @@ # # spec file for package radare2 # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,7 @@ Group: Development/Tools/Debuggers URL: https://www.radare.org Source: https://github.com/radareorg/radare2/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch1: https://github.com/radareorg/radare2/commit/c6c772d2eab692ce7ada5a4227afd50c355ad545.patch#/CVE-2025-1378.patch BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: file-devel ++++++ CVE-2025-1378.patch ++++++ >From c6c772d2eab692ce7ada5a4227afd50c355ad545 Mon Sep 17 00:00:00 2001 From: pancake <panc...@nopcode.org> Date: Tue, 11 Feb 2025 15:11:40 +0100 Subject: [PATCH] Fix #23953 - segfault when using `rasm2 -i 6 -E` ##crash * The behaviour is not the expected * Requires a refactoring to address it * At least its not segfaulting now --- libr/main/rasm2.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/libr/main/rasm2.c b/libr/main/rasm2.c index 5abb489c7c6c3..f4fd98b461e98 100644 --- a/libr/main/rasm2.c +++ b/libr/main/rasm2.c @@ -414,6 +414,10 @@ static ut64 pcpos(const char* buf) { } static int rasm_disasm(RAsmState *as, ut64 addr, const char *buf, int len, int bits, int bin, int hex) { + if (len < 1) { + R_LOG_ERROR ("Invalid length"); + return 0; + } ut8 *data = NULL; int ret = 0; st64 clen = 0; @@ -481,7 +485,7 @@ static int rasm_disasm(RAsmState *as, ut64 addr, const char *buf, int len, int b len = clen; } - if (hex == 2) { + if (hex == 2 && len > 0) { RAnalOp aop = {0}; while (ret < len) { if (ret == pcaddr) { @@ -573,10 +577,12 @@ static bool print_label(void *user, const void *k, const void *v) { } static bool rasm_asm(RAsmState *as, const char *buf, ut64 offset, ut64 len, int bits, int bin, bool use_spp, bool hexwords) { - RAsmCode *acode; int i, j, ret = 0; + r_asm_set_pc (as->a, offset); - if (!(acode = r_asm_rasm_assemble (as->a, buf, use_spp))) { + + RAsmCode *acode = r_asm_rasm_assemble (as->a, buf, use_spp); + if (!acode) { return false; } if (acode->len) { @@ -1055,14 +1061,21 @@ R_API int r_main_rasm2(int argc, const char *argv[]) { ret = idx; goto beach; } - if (dis) { + if (dis == 1 || dis == 2) { char *usrstr = strdup (opt.argv[opt.ind]); len = strlen (usrstr); - if (skip && len > skip) { + if (skip > 0 && len > skip) { skip *= 2; - memmove (usrstr, usrstr + skip, len - skip); - len -= skip; - usrstr[len] = 0; + if (skip < len) { + memmove (usrstr, usrstr + skip, len - skip); + len -= skip; + usrstr[len] = 0; + } else { + R_LOG_ERROR ("Invalid skip value"); + free (usrstr); + len = 0; + goto beach; + } } if (r_str_startswith (usrstr, "0x")) { memmove (usrstr, usrstr + 2, strlen (usrstr + 2) + 1);
