grep: add patch to fix CVE-2015-1345

Fixes CVE-2015-1345 - heap buffer overrun. See https://bugzilla.redhat.com/show_bug.cgi?id=1183651 Patch upstream. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
author: Gustavo Zacarias <gustavo@zacarias.com.ar> 2015-01-26 17:58:14 -0300
committer: Peter Korsgaard <peter@korsgaard.com> 2015-01-26 23:13:44 +0100
commit: 3ae2f86cf29c52ab086f4d380fdb41f9c1f599f6 (patch)
tree: 29427d787f905757fded49a79a798e924c61836a /package/grep
parent: ddfce0448d7e1bbce70d8b5b5924a0ac39df1e9e (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/package/grep/0001-fix-CVE-2015-1345.patch b/package/grep/0001-fix-CVE-2015-1345.patch
new file mode 100644
index 000000000..f7701aa01
--- /dev/null
+++ b/package/grep/0001-fix-CVE-2015-1345.patch
@@ -0,0 +1,20 @@
+Simplified patch from upstream to avoid autoreconf. Source:
+http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+---
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
++++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+                     if (! tp)
+                       return -1;
+                     tp++;
++                    if (ep <= tp)
++                      break;
+                   }
+               }
+           }
+--
+cgit v0.9.0.2
author	Gustavo Zacarias <gustavo@zacarias.com.ar>	2015-01-26 17:58:14 -0300
committer	Peter Korsgaard <peter@korsgaard.com>	2015-01-26 23:13:44 +0100
commit	3ae2f86cf29c52ab086f4d380fdb41f9c1f599f6 (patch)
tree	29427d787f905757fded49a79a798e924c61836a /package/grep
parent	ddfce0448d7e1bbce70d8b5b5924a0ac39df1e9e (diff)