diff --git a/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch b/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch new file mode 100644 index 0000000000000000000000000000000000000000..a220660246555ae14d726da0fd02ef2d2ec46b78 --- /dev/null +++ b/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch @@ -0,0 +1,28 @@ +From 5d5e76d369a412bfb3d2cebb5fc0a7509cef878d Mon Sep 17 00:00:00 2001 +From: Rod Smith +Date: Fri, 15 Apr 2022 18:10:14 -0400 +Subject: [PATCH] Fix failure & crash of sgdisk when compiled with latest popt + (commit 740; presumably eventually release 1.19) + +Conflict:no +Reference:https://sourceforge.net/p/gptfdisk/code/ci/5d5e76d369a412bfb3d2cebb5fc0a7509cef878d +--- + gptcl.cc | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/gptcl.cc b/gptcl.cc +index 34c9421..0d578eb 100644 +--- a/gptcl.cc ++++ b/gptcl.cc +@@ -155,7 +155,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + } // while + + // Assume first non-option argument is the device filename.... +- device = (char*) poptGetArg(poptCon); ++ device = strdup((char*) poptGetArg(poptCon)); + poptResetContext(poptCon); + + if (device != NULL) { +-- +2.33.0 + diff --git a/0002-Fix-NULL-dereference-when-duplicating-string-argumen.patch b/0002-Fix-NULL-dereference-when-duplicating-string-argumen.patch new file mode 100644 index 0000000000000000000000000000000000000000..f852fc871ae5dbccf136f822f524a43f76a85354 --- /dev/null +++ b/0002-Fix-NULL-dereference-when-duplicating-string-argumen.patch @@ -0,0 +1,43 @@ +From f5de3401b974ce103ffd93af8f9d43505a04aaf9 Mon Sep 17 00:00:00 2001 +From: Damian Kurek +Date: Thu, 7 Jul 2022 03:39:16 +0000 +Subject: [PATCH] Fix NULL dereference when duplicating string argument + +poptGetArg can return NULL if there are no additional arguments, which +makes strdup dereference NULL on strlen + +Conflict:no +Reference:https://sourceforge.net/p/gptfdisk/code/ci/f5de3401b974ce103ffd93af8f9d43505a04aaf9 +--- + gptcl.cc | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/gptcl.cc b/gptcl.cc +index 0d578eb..ab95239 100644 +--- a/gptcl.cc ++++ b/gptcl.cc +@@ -155,10 +155,11 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + } // while + + // Assume first non-option argument is the device filename.... +- device = strdup((char*) poptGetArg(poptCon)); +- poptResetContext(poptCon); ++ device = (char*) poptGetArg(poptCon); + + if (device != NULL) { ++ device = strdup(device); ++ poptResetContext(poptCon); + JustLooking(); // reset as necessary + BeQuiet(); // Tell called functions to be less verbose & interactive + if (LoadPartitions((string) device)) { +@@ -498,6 +499,7 @@ int GPTDataCL::DoOptions(int argc, char* argv[]) { + cerr << "Error encountered; not saving changes.\n"; + retval = 4; + } // if ++ free(device); + } // if (device != NULL) + poptFreeContext(poptCon); + return retval; +-- +2.33.0 + diff --git a/gdisk.spec b/gdisk.spec index 5d821a322362108a6a8e4e9bf997812fc8ece690..6cb6c3a7b0953afe8876834d0f7bc328ab708a58 100644 --- a/gdisk.spec +++ b/gdisk.spec @@ -1,6 +1,6 @@ Name: gdisk Version: 1.0.8 -Release: 3 +Release: 4 Summary: GPT fdisk(consisting of the gdisk,sgdisk,cgdisk) is a set of text-mode partitioning tools License: GPLv2 URL: http://www.rodsbooks.com/gdisk @@ -10,6 +10,8 @@ BuildRequires:ncurses-devel util-linux-devel gcc-c++ popt-devel Patch9000: 0001-fix-Werror-format-security-error.patch Patch9001: 0001-Remove-stray-debugging-code.patch +Patch9002: 0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch +Patch9003: 0002-Fix-NULL-dereference-when-duplicating-string-argumen.patch %description GPT fdisk(consisting of the gdisk,sgdisk,cgdisk) is a set of text-mode partitioning tools. @@ -51,6 +53,12 @@ install -Dp -m 0644 fixparts.8 %{buildroot}%{_mandir}/man8/fixparts.8 %{_mandir}/man8/* %changelog +* Tue Sep 24 2024 lvyy - 1.0.8-4 +- Type:bugfix +- CVE: +- SUG:restart +- DESC: fix problem that caused sgdisk to crash when using the latest popt + * Sat Oct 29 2022 wangzhiqiang - 1.0.8-3 - remove stray debugging code