From b851cbdafc20d965779fab53972fd92679f0bbe4 Mon Sep 17 00:00:00 2001
From: Lukáš Zaoral <lzaoral@redhat.com>
Date: Jan 18 2024 14:34:40 +0000
Subject: fix buffer overflow in split


Resolves: CVE-2024-0684

---

diff --git a/coreutils-9.4-CVE-2024-0684.patch b/coreutils-9.4-CVE-2024-0684.patch
new file mode 100644
index 0000000..64583af
--- /dev/null
+++ b/coreutils-9.4-CVE-2024-0684.patch
@@ -0,0 +1,31 @@
+From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 13:48:32 -0800
+Subject: [PATCH] split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it’s large for this batch it’s likely to be large for the next
+batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
+shrink it.  Do not assume hold_size can be bufsize.
+---
+ src/split.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/split.c b/src/split.c
+index 64020c859..037960a59 100644
+--- a/src/split.c
++++ b/src/split.c
+@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xirealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
diff --git a/coreutils.spec b/coreutils.spec
index 9c250d0..3925ef0 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 9.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 # some used parts of gnulib are under various variants of LGPL
 License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
 Url:     https://www.gnu.org/software/coreutils/
@@ -32,6 +32,9 @@ Patch104: coreutils-df-direct.patch
 # fix crash with --enable-systemd
 Patch105: coreutils-9.4-systemd-coredump.patch
 
+# fix buffer overflow in split (CVE-2024-0684)
+Patch106: coreutils-9.4-CVE-2024-0684.patch
+
 # (sb) lin18nux/lsb compliance - multibyte functionality patch
 Patch800: coreutils-i18n.patch
 
@@ -256,6 +259,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %license COPYING
 
 %changelog
+* Thu Jan 18 2024 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-2
+- fix buffer overflow in split (CVE-2024-0684)
+
 * Fri Sep 15 2023 Lukáš Zaoral <lzaoral@redhat.com> - 9.4-1
 - new upstream release 9.4 (#2235759)
 - enable integration with systemd