Version in base suite: 2.2.12-4+deb12u1

Base version: indent_2.2.12-4+deb12u1
Target version: indent_2.2.12-4+deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/indent/indent_2.2.12-4+deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/i/indent/indent_2.2.12-4+deb12u2.dsc

 changelog                                    |   10 ++++++++++
 patches/03-fix-an-out-of-buffer-read.patch   |   17 +++++++++++++++++
 patches/04-fix-a-heap-buffer-overwrite.patch |   15 +++++++++++++++
 patches/series                               |    2 ++
 4 files changed, 44 insertions(+)

diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog	2023-07-14 11:40:00.000000000 +0000
+++ indent-2.2.12/debian/changelog	2023-08-28 10:55:00.000000000 +0000
@@ -1,3 +1,13 @@
+indent (2.2.12-4+deb12u2) bookworm; urgency=medium
+
+  * Apply two patches by Petr Písař <ppisar@redhat.com>.
+  - Fix an out-of-buffer read in search_brace()/lexi() on an condition
+    without parentheses followed with an overlong comment.
+  - Fix a heap buffer overwrite in search_brace(). Closes: #1049366.
+    This one is CVE-2023-40305.
+
+ -- Santiago Vila <sanvila@debian.org>  Mon, 28 Aug 2023 12:55:00 +0200
+
 indent (2.2.12-4+deb12u1) bookworm; urgency=medium
 
   * Restore the ROUND_UP macro and adjust the initial buffer size.
diff -Nru indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch
--- indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch	1970-01-01 00:00:00.000000000 +0000
+++ indent-2.2.12/debian/patches/03-fix-an-out-of-buffer-read.patch	2023-08-28 09:03:00.000000000 +0000
@@ -0,0 +1,17 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix an out-of-buffer read in search_brace()/lexi()
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -145,8 +145,8 @@
+     parser_state_tos->search_brace = false;
+     bp_save = buf_ptr;
+     be_save = buf_end;
+-    buf_ptr = save_com.ptr;
+     need_chars (&save_com, 1);
++    buf_ptr = save_com.ptr;
+     buf_end = save_com.end;
+     save_com.end = save_com.ptr;        /* make save_com empty */
+ }
diff -Nru indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch
--- indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch	1970-01-01 00:00:00.000000000 +0000
+++ indent-2.2.12/debian/patches/04-fix-a-heap-buffer-overwrite.patch	2023-08-28 09:04:00.000000000 +0000
@@ -0,0 +1,15 @@
+From: Petr Písař <ppisar@redhat.com>
+Subject: Fix a heap buffer overwrite in search_brace() (CVE-2023-40305)
+Bug-Debian: https://bugs.debian.org/1049366
+Forwarded: https://savannah.gnu.org/bugs/index.php?64503
+
+--- a/src/indent.c
++++ b/src/indent.c
+@@ -228,6 +228,7 @@
+                  * a `dump_line' call, thus ensuring that the brace
+                  * will go into the right column. */
+ 
++                need_chars (&save_com, 2);
+                 *save_com.end++ = EOL;
+                 *save_com.end++ = '{';
+                 save_com.len += 2;
diff -Nru indent-2.2.12/debian/patches/series indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series	2023-07-14 10:00:00.000000000 +0000
+++ indent-2.2.12/debian/patches/series	2023-08-28 09:00:00.000000000 +0000
@@ -1,2 +1,4 @@
 01-add-missing-shebang.patch
 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
+03-fix-an-out-of-buffer-read.patch
+04-fix-a-heap-buffer-overwrite.patch