jmlich pushed to less (master). "out of bounds read access in is_utf8_well_formed() (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Jun 1 06:08:52 UTC 2015
From a879a7d3f47557d4fc446d2aff6cb5b1ef07bb4d Mon Sep 17 00:00:00 2001
From: Jozef Mlich <jmlich at redhat.com>
Date: Mon, 1 Jun 2015 08:08:35 +0200
Subject: out of bounds read access in is_utf8_well_formed() Resolves: #1201310
CVE-2014-9488
diff --git a/less-471-out_of_bounds_read.patch b/less-471-out_of_bounds_read.patch
new file mode 100644
index 0000000..baaca73
--- /dev/null
+++ b/less-471-out_of_bounds_read.patch
@@ -0,0 +1,11 @@
+--- less-474/line.c 2015-01-31 00:20:29.000000000 +0100
++++ less-475/line.c 2015-03-05 20:07:08.000000000 +0100
+@@ -807,7 +807,7 @@
+ mbc_buf[mbc_buf_index++] = c;
+ if (mbc_buf_index < mbc_buf_len)
+ return (0);
+- if (is_utf8_well_formed(mbc_buf))
++ if (is_utf8_well_formed(mbc_buf, mbc_buf_index))
+ r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos);
+ else
+ /* Complete, but not shortest form, sequence. */
diff --git a/less.spec b/less.spec
index 6470dee..412908a 100644
--- a/less.spec
+++ b/less.spec
@@ -1,7 +1,7 @@
Summary: A text file browser similar to more, but better
Name: less
Version: 471
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv3+
Group: Applications/Text
Source: http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz
@@ -18,6 +18,7 @@ Patch8: less-458-lessecho-usage.patch
Patch9: less-458-less-filters-man.patch
Patch10: less-458-lesskey-usage.patch
Patch11: less-458-old-bot-in-help.patch
+Patch12: less-471-out_of_bounds_read.patch
URL: http://www.greenwoodsoftware.com/less/
Requires: groff-base
BuildRequires: ncurses-devel
@@ -45,6 +46,7 @@ files, and you'll use it frequently.
%patch9 -p1 -b .less-filters-man
%patch10 -p1 -b .lesskey-usage
%patch11 -p1 -b .old-bot
+%patch12 -p1 -b .out_of_bounds_read.patch
autoreconf
chmod -R a+w *
@@ -75,6 +77,11 @@ ls -la $RPM_BUILD_ROOT/etc/profile.d
rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Jun 01 2015 Jozef Mlich <jmlich at redhat.com> - 471-3
+- out of bounds read access in is_utf8_well_formed()
+ Resolves: #1201310
+ CVE-2014-9488
+
* Sat Feb 21 2015 Till Maas <opensource at till.name> - 471-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/less.git/commit/?h=master&id=a879a7d3f47557d4fc446d2aff6cb5b1ef07bb4d
More information about the scm-commits
mailing list