Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package coreutils for openSUSE:Factory
checked in at 2025-07-09 17:26:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/coreutils (Old)
and /work/SRC/openSUSE:Factory/.coreutils.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coreutils"
Wed Jul 9 17:26:34 2025 rev:164 rq:1291196 version:9.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/coreutils/coreutils.changes 2025-04-26
22:25:13.254029622 +0200
+++ /work/SRC/openSUSE:Factory/.coreutils.new.7373/coreutils.changes
2025-07-09 17:27:03.480176540 +0200
@@ -1,0 +2,8 @@
+Mon Jun 2 09:30:09 UTC 2025 - r...@suse.com
+
+- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
+ sort with key character offsets of SIZE_MAX, could induce
+ a read of 1 byte before an allocated heap buffer.
+ (CVE-2025-5278, bsc#1243767)
+
+-------------------------------------------------------------------
New:
----
coreutils-9.7-sort-CVE-2025-5278.patch
----------(New B)----------
New:
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ coreutils.spec ++++++
--- /var/tmp/diff_new_pack.H6bZTc/_old 2025-07-09 17:27:06.124286561 +0200
+++ /var/tmp/diff_new_pack.H6bZTc/_new 2025-07-09 17:27:06.128286727 +0200
@@ -44,6 +44,7 @@
Patch3: coreutils-remove_kill_documentation.patch
Patch4: coreutils-i18n.patch
Patch8: coreutils-sysinfo.patch
+Patch10: coreutils-9.7-sort-CVE-2025-5278.patch
# OBS / RPMLINT require /usr/bin/timeout to be built with the -fpie option.
Patch100: coreutils-build-timeout-as-pie.patch
# There is no network in the build root so make the test succeed
@@ -64,6 +65,7 @@
# tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS.
Patch810: coreutils-skip-tests-rm-ext3-perf.patch
Patch900: coreutils-tests-workaround-make-fdleak.patch
+
BuildRequires: automake
BuildRequires: gmp-devel
BuildRequires: hostname
@@ -145,6 +147,7 @@
%patch -P 1
%patch -P 3
%patch -P 8
+%patch -P 10 -p1
#
%if 0%{?suse_version} <= 1320
%patch -P 100
++++++ coreutils-9.7-sort-CVE-2025-5278.patch ++++++
# based on commit 8c9602e3a145e9596dc1a63c6ed67865814b6633
# removed offsets and fuzziness
Author: Pádraig Brady <p...@draigbrady.com>
Date: Tue May 20 16:03:44 2025 +0100
sort: fix buffer under-read (CWE-127)
* src/sort.c (begfield): Check pointer adjustment
to avoid Out-of-range pointer offset (CWE-823).
(limfield): Likewise.
* tests/sort/sort-field-limit.sh: Add a new test,
which triggers with ASAN or Valgrind.
* tests/local.mk: Reference the new test.
* NEWS: Mention bug fix introduced in v7.2 (2009).
Fixes https://bugs.gnu.org/78507
---
NEWS | 10 ++++++++++
src/sort.c | 12 ++++++++++--
tests/local.mk | 1 +
tests/sort/sort-field-limit.sh | 35 +++++++++++++++++++++++++++++++++++
4 files changed, 56 insertions(+), 2 deletions(-)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,15 @@
GNU coreutils NEWS -*- outline -*-
+* Noteworthy changes in release ?.? (????-??-??) [?]
+
+** Bug fixes
+
+ sort with key character offsets of SIZE_MAX, could induce
+ a read of 1 byte before an allocated heap buffer. For example:
+ 'sort +0.18446744073709551615R input' on 64 bit systems.
+ [bug introduced in coreutils-7.2]
+
+
* Noteworthy changes in release 9.7 (2025-04-09) [stable]
** Bug fixes
--- a/src/sort.c
+++ b/src/sort.c
@@ -1793,7 +1793,11 @@ begfield_uni (const struct line *line, c
++ptr;
/* Advance PTR by SCHAR (if possible), but no further than LIM. */
- ptr = MIN (lim, ptr + schar);
+ size_t remaining_bytes = lim - ptr;
+ if (schar < remaining_bytes)
+ ptr += schar;
+ else
+ ptr = lim;
return ptr;
}
@@ -1954,7 +1958,11 @@ limfield_uni (struct line const *line, s
++ptr;
/* Advance PTR by ECHAR (if possible), but no further than LIM. */
- ptr = MIN (lim, ptr + echar);
+ size_t remaining_bytes = lim - ptr;
+ if (echar < remaining_bytes)
+ ptr += echar;
+ else
+ ptr = lim;
}
return ptr;
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -388,6 +388,7 @@ all_tests = \
tests/sort/sort-debug-keys.sh \
tests/sort/sort-debug-warn.sh \
tests/sort/sort-discrim.sh \
+ tests/sort/sort-field-limit.sh \
tests/sort/sort-files0-from.pl \
tests/sort/sort-float.sh \
tests/misc/sort-mb-tests.sh \
--- /dev/null
+++ b/tests/sort/sort-field-limit.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+# From 7.2-9.7, this would trigger an out of bounds mem read
+
+# Copyright (C) 2025 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ sort
+getlimits_
+
+# This issue triggers with valgrind or ASAN
+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
+ VALGRIND='valgrind --error-exitcode=1'
+
+{ printf '%s\n' aa bb; } > in || framework_failure_
+
+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
+compare in out || fail=1
+
+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
+compare in out || fail=1
+
+Exit $fail
