From cdcc4919f3eaee24169c86138d578eb4902be172 Mon Sep 17 00:00:00 2001 From: zou_lin77 <422351577@qq.com> Date: Mon, 4 Jan 2021 17:16:23 +0800 Subject: [PATCH] Fix CVE-2019-14274 --- ...port-CVE-2019-14274-05-gniibe-fix-13.patch | 52 +++++++++++++++++++ patch.mcpp.2.7.2 => backport-mcpp.2.7.2.patch | 0 mcpp.spec | 11 +++- 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2019-14274-05-gniibe-fix-13.patch rename patch.mcpp.2.7.2 => backport-mcpp.2.7.2.patch (100%) diff --git a/backport-CVE-2019-14274-05-gniibe-fix-13.patch b/backport-CVE-2019-14274-05-gniibe-fix-13.patch new file mode 100644 index 0000000..717b16f --- /dev/null +++ b/backport-CVE-2019-14274-05-gniibe-fix-13.patch @@ -0,0 +1,52 @@ +Description: Fix for a bug reported to sourceforge.net #13 + by fixing error messages. + Also, fix erroneous messages. +Author: NIIBE Yutaka + +Index: mcpp/src/support.c +=================================================================== +--- mcpp.orig/src/support.c ++++ mcpp/src/support.c +@@ -822,7 +822,7 @@ escape: + if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0) + && (warn_level & 1)) + cwarn( +- "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */ ++ "Illegal control character %.0s0x%02x in quotation" /* _W1_ */ + , NULL, (long) c, NULL); + *out_p++ = c; + chk_limit: +@@ -861,10 +861,10 @@ chk_limit: + if (mcpp_mode != POST_STD && option_flags.lang_asm) { + /* STD, KR */ + if (warn_level & 1) +- cwarn( unterm_char, out, 0L, NULL); /* _W1_ */ ++ cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */ + goto done; + } else { +- cerror( unterm_char, out, 0L, skip); /* _E_ */ ++ cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */ + } + } else { + cerror( "Unterminated header name %s%.0ld%s" /* _E_ */ +@@ -875,9 +875,9 @@ chk_limit: + if (mcpp_mode != POST_STD && option_flags.lang_asm) { + /* STD, KR */ + if (warn_level & 1) +- cwarn( empty_const, out, 0L, skip); /* _W1_ */ ++ cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */ + } else { +- cerror( empty_const, out, 0L, skip); /* _E_ */ ++ cerror( empty_const, NULL, (long)delim, skip); /* _E_ */ + out_p = NULL; + goto done; + } +@@ -1774,7 +1774,7 @@ not_comment: + default: + if (iscntrl( c)) { + cerror( /* Skip the control character */ +- "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */ ++ "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */ + , NULL, (long) c, NULL); + } else { /* Any valid character */ + *tp++ = c; diff --git a/patch.mcpp.2.7.2 b/backport-mcpp.2.7.2.patch similarity index 100% rename from patch.mcpp.2.7.2 rename to backport-mcpp.2.7.2.patch diff --git a/mcpp.spec b/mcpp.spec index 353edcb..5506fbd 100644 --- a/mcpp.spec +++ b/mcpp.spec @@ -1,11 +1,12 @@ Name: mcpp Version: 2.7.2 -Release: 25 +Release: 26 Summary: A portable C preprocessor License: BSD URL: http://mcpp.sourceforge.net/ Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Patch0: patch.mcpp.2.7.2 +Patch0: backport-mcpp.2.7.2.patch +Patch1: backport-CVE-2019-14274-05-gniibe-fix-13.patch BuildRequires: gcc gdb @@ -76,6 +77,12 @@ make check %{_mandir}/man1/%{name}.1.gz %changelog +* Mon Jan 4 2021 zoulin - 2.7.2-26 +- Type:CVE +- ID:NA +- SUG:NA +- DESC:fix CVE-2019-14274 + * Wed Mar 18 2020 openEuler Buildteam - 2.7.2-25 - Type:bugfix - ID:NA -- Gitee