indent: fix CVE-2023-40305

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. Reference: https://savannah.gnu.org/bugs/index.php?64503 (cherry picked from commit 7da6cb848bc42b3e6bd5d2b37b52ba75510a6ca0) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-04-02 02:49:12 +00:00 · 2025-09-27 12:27:17 +02:00 · 2025-09-27 12:27:17 +02:00 · 91ac7b0212
commit 91ac7b0212
parent 721d4f901d
3 changed files with 8452 additions and 0 deletions
--- a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch
--- a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
+++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch
--- a/meta-oe/recipes-extended/indent/indent_2.2.12.bb
+++ b/meta-oe/recipes-extended/indent/indent_2.2.12.bb
@ -17,6 +17,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
           file://0001-Makefile.am-remove-regression-dir.patch \
           file://0001-Fix-builds-with-recent-gettext.patch \
           file://0001-Remove-dead-paren_level-code.patch \
+           file://CVE-2023-40305_0001.patch \
+           file://CVE-2023-40305_0002.patch \
           "
 SRC_URI[sha256sum] = "e77d68c0211515459b8812118d606812e300097cfac0b4e9fb3472664263bb8b"