1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
new file mode 100644
index 0000000000..c6cba058a7
--- /dev/null
+++ b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
@@ -0,0 +1,28 @@
+From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
+From: "Arnold D. Robbins" <arnold@skeeve.com>
+Date: Wed, 3 Aug 2022 13:00:54 +0300
+Subject: [PATCH] Smal bug fix in builtin.c.
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/focal-security
+Upstream commit https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
+CVE: CVE-2023-4156
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ChangeLog | 6 ++++++
+ builtin.c | 5 ++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+--- gawk-5.1.0.orig/builtin.c
+++ gawk-5.1.0/builtin.c
+@@ -957,7 +957,10 @@ check_pos:
+                                        s1++;
+                                        n0--;
+                                }
+-                               if (val >= num_args) {
+                               // val could be less than zero if someone provides a field width
+                               // so large that it causes integer overflow. Mainly fuzzers do this,
+                               // but let's try to be good anyway.
+                               if (val < 0 || val >= num_args) {
+                                        toofew = true;
+                                        break;
+                                }

diff --git a/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch new file mode 100644 index 0000000000..c6cba058a7 --- /dev/null +++ b/meta/recipes-extended/gawk/gawk/CVE-2023-4156.patch
@@ -0,0 +1,28 @@
	1	From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
	2	From: "Arnold D. Robbins" <arnold@skeeve.com>
	3	Date: Wed, 3 Aug 2022 13:00:54 +0300
	4	Subject: [PATCH] Smal bug fix in builtin.c.
	5
	6	Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/focal-security
	7	Upstream commit https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
	8	CVE: CVE-2023-4156
	9	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	10	---
	11	ChangeLog \| 6 ++++++
	12	builtin.c \| 5 ++++-
	13	2 files changed, 10 insertions(+), 1 deletion(-)
	14
	15	--- gawk-5.1.0.orig/builtin.c
	16	+++ gawk-5.1.0/builtin.c
	17	@@ -957,7 +957,10 @@ check_pos:
	18	s1++;
	19	n0--;
	20	}
	21	- if (val >= num_args) {
	22	+ // val could be less than zero if someone provides a field width
	23	+ // so large that it causes integer overflow. Mainly fuzzers do this,
	24	+ // but let's try to be good anyway.
	25	+ if (val < 0 \|\| val >= num_args) {
	26	toofew = true;
	27	break;
	28	}