pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/sysutils/coreutils

Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed May 28 09:21:25 UTC 2025

Modified Files:
        pkgsrc/sysutils/coreutils: Makefile distinfo
Added Files:
        pkgsrc/sysutils/coreutils/patches: patch-src_sort.c

Log Message:
coreutils: fix buffer overflow in sort

Using upstream patch.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 pkgsrc/sysutils/coreutils/Makefile
cvs rdiff -u -r1.47 -r1.48 pkgsrc/sysutils/coreutils/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/coreutils/patches/patch-src_sort.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/sysutils/coreutils/Makefile
diff -u pkgsrc/sysutils/coreutils/Makefile:1.86 pkgsrc/sysutils/coreutils/Makefile:1.87
--- pkgsrc/sysutils/coreutils/Makefile:1.86     Mon Apr 21 21:23:07 2025
+++ pkgsrc/sysutils/coreutils/Makefile  Wed May 28 09:21:25 2025
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.86 2025/04/21 21:23:07 wiz Exp $
+# $NetBSD: Makefile,v 1.87 2025/05/28 09:21:25 wiz Exp $
 
+PKGREVISION=   1
 .include "../../sysutils/coreutils/Makefile.common"
 
 CONFLICTS=     fileutils-[0-9]* gnuls-[0-9]* linuxls-[0-9]* sh-utils-[0-9]* textutils-[0-9]*

Index: pkgsrc/sysutils/coreutils/distinfo
diff -u pkgsrc/sysutils/coreutils/distinfo:1.47 pkgsrc/sysutils/coreutils/distinfo:1.48
--- pkgsrc/sysutils/coreutils/distinfo:1.47     Wed Feb 19 14:03:44 2025
+++ pkgsrc/sysutils/coreutils/distinfo  Wed May 28 09:21:25 2025
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.47 2025/02/19 14:03:44 wiz Exp $
+$NetBSD: distinfo,v 1.48 2025/05/28 09:21:25 wiz Exp $
 
 BLAKE2s (coreutils-9.6.tar.xz) = a697bc74399921a0ecd94f2a771be9ee95a91f1660db00630910131f4670f03a
 SHA512 (coreutils-9.6.tar.xz) = 398391d7f9d77e6117b750abb8711eebdd9cd2549e7846cab26884fb2dd522b6bcfb8bf7fef35a12683e213ada7f89b817bf615628628d42aee3fa3102647b28
 Size (coreutils-9.6.tar.xz) = 6134764 bytes
 SHA1 (patch-Makefile.in) = ce71728a5e5438fe2e6e4006ba0be5e6294587d5
+SHA1 (patch-src_sort.c) = 6f0fd49e1415b12bb64054b0265b4bc8252db80f

Added files:

Index: pkgsrc/sysutils/coreutils/patches/patch-src_sort.c
diff -u /dev/null pkgsrc/sysutils/coreutils/patches/patch-src_sort.c:1.1
--- /dev/null   Wed May 28 09:21:25 2025
+++ pkgsrc/sysutils/coreutils/patches/patch-src_sort.c  Wed May 28 09:21:25 2025
@@ -0,0 +1,38 @@
+$NetBSD: patch-src_sort.c,v 1.1 2025/05/28 09:21:25 wiz Exp $
+
+sort: fix buffer under-read (CWE-127)
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+Fixes https://bugs.gnu.org/78507
+
+https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
+
+--- src/sort.c.orig    2025-01-16 17:30:02.000000000 +0000
++++ src/sort.c
+@@ -1645,7 +1645,11 @@ begfield (struct line const *line, struc
+       ++ptr;
+ 
+   /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
+-  ptr = MIN (lim, ptr + schar);
++  size_t remaining_bytes = lim - ptr;
++  if (schar < remaining_bytes)
++    ptr += schar;
++  else
++    ptr = lim;
+ 
+   return ptr;
+ }
+@@ -1747,7 +1751,11 @@ limfield (struct line const *line, struc
+           ++ptr;
+ 
+       /* Advance PTR by ECHAR (if possible), but no further than LIM.  */
+-      ptr = MIN (lim, ptr + echar);
++      size_t remaining_bytes = lim - ptr;
++      if (echar < remaining_bytes)
++        ptr += echar;
++      else
++        ptr = lim;
+     }
+ 
+   return ptr;
Home | Main Index | Thread Index | Old Index