use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042

2015-07-16 10:35:36 +02:00 · 2015-07-16 10:35:36 +02:00 · 7b7a0554fb
commit 7b7a0554fb
parent 3775f446fe
2 changed files with 9 additions and 3 deletions
--- a/coreutils-i18n.patch
+++ b/coreutils-i18n.patch
@ -3131,7 +3131,7 @@ diff -urNp coreutils-8.24-orig/src/sort.c coreutils-8.24/src/sort.c
           else if (key->random)
             diff = compare_random (ta, tlena, tb, tlenb);
           else if (key->version)
-@@ -2694,6 +3134,209 @@ keycompare (struct line const *a, struct
+@@ -2694,6 +3134,211 @@ keycompare (struct line const *a, struct
   return key->reverse ? -diff : diff;
 }
 
@ -3244,7 +3244,9 @@ diff -urNp coreutils-8.24-orig/src/sort.c coreutils-8.24/src/sort.c
 +
 +      if (ignore || translate)
 +        {
-+          char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2);
+          if (SIZE_MAX - lenb - 2 < lena)
+            xalloc_die ();
+          char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX);
 +          char *copy_b = copy_a + lena * MB_CUR_MAX + 1;
 +          size_t new_len_a, new_len_b;
 +          size_t i, j;
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.24
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -373,6 +373,10 @@ fi
 %{_sbindir}/chroot

 %changelog
+* Thu Jul 16 2015 Ondrej Vasik <ovasik@redhat.com> 8.24-2
+- use newer version of sort/I18N fix for CVE-2015-4041
+  and CVE-2015-4042
+
 * Sun Jul 05 2015 Ondrej Vasik <ovasik@redhat.com> 8.24-1
 - new upstream release 8.24