commit patch for openSUSE:Factory

Source-Sync Fri, 02 Aug 2024 08:25:47 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package patch for openSUSE:Factory checked 
in at 2024-08-02 17:25:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/patch (Old)
 and      /work/SRC/openSUSE:Factory/.patch.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "patch"

Fri Aug  2 17:25:27 2024 rev:48 rq:1190852 version:2.7.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/patch/patch.changes      2024-03-06 
23:04:24.933060606 +0100
+++ /work/SRC/openSUSE:Factory/.patch.new.7232/patch.changes    2024-08-02 
17:25:27.740665309 +0200
@@ -1,0 +2,5 @@
+Tue Jul 30 12:19:54 UTC 2024 - Wolfgang Frisch <wolfgang.fri...@suse.com>
+
+- CVE-2019-20633.patch: Fix double-free/OOB read in pch.c (bsc#1167721)
+
+-------------------------------------------------------------------

New:
----
  CVE-2019-20633.patch

BETA DEBUG BEGIN:
  New:
- CVE-2019-20633.patch: Fix double-free/OOB read in pch.c (bsc#1167721)
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ patch.spec ++++++
--- /var/tmp/diff_new_pack.0QlQCE/_old  2024-08-02 17:25:28.544698479 +0200
+++ /var/tmp/diff_new_pack.0QlQCE/_new  2024-08-02 17:25:28.548698644 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package patch
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -40,6 +40,7 @@
 Patch11:        abort-when-cleaning-up-fails.patch
 Patch12:        dont-follow-symlinks-unless-asked.patch
 Patch13:        pass-the-correct-stat-to-backup-files.patch
+Patch14:        CVE-2019-20633.patch
 # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was
 # invoking patch, so interdiff had to be fixed too.
 Conflicts:      patchutils < 0.3.2

++++++ CVE-2019-20633.patch ++++++
commit a09d9519a57e84d8e2ad592fbba09e8a9faf55f8
Author: Wolfgang Frisch <wolfgang.fri...@suse.com>
Date:   Tue Jul 30 14:17:32 2024 +0200

    Fix double-free/OOB read in pch.c (CVE-2019-20633)
    
    see also: https://savannah.gnu.org/bugs/index.php?56683#comment1

diff --git a/src/pch.c b/src/pch.c
index fd9c480..57c76de 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1183,8 +1183,11 @@ another_hunk (enum diff difftype, bool rev)
     while (p_end >= 0) {
        if (p_end == p_efake)
            p_end = p_bfake;            /* don't free twice */
-       else
+       else {
            free(p_line[p_end]);
+           p_line[p_end] = NULL;
+           p_len[p_end] = 0;
+       }
        p_end--;
     }
     assert(p_end == -1);

commit patch for openSUSE:Factory

Reply via email to