import UBI libeconf-0.4.1-3.el9_2

SOURCES/0001-getfilecontents-buffer-overflow.patch

@@ -0,0 +1,31 @@
+From 8d086dfc69d4299e55e4844e3573b3a4cf420f19 Mon Sep 17 00:00:00 2001
+From: Stefan Schubert <stefan@gefluegelhof-schubert.de>
+Date: Fri, 24 Mar 2023 15:14:07 +0100
+Subject: [PATCH] Aarch64 gcc13 (#183)
+
+* fixed buffer overflow
+---
+ lib/getfilecontents.c | 7 +++----
+ 4 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/getfilecontents.c b/lib/getfilecontents.c
+index 94e1db9..f9b1afc 100644
+--- a/lib/getfilecontents.c
++++ b/lib/getfilecontents.c
+@@ -265,11 +265,12 @@ read_file(econf_file *ef, const char *file,
+   }
+   ef->delimiter = *delim;
+ 
+-  while (fgets(buf, sizeof(buf), kf)) {
++  while (fgets(buf, BUFSIZ-1, kf)) {
+     char *p, *name, *data = NULL;
+     bool quote_seen = false, delim_seen = false;
+     char *org_buf __attribute__ ((__cleanup__(free_buffer))) = strdup(buf);
+ 
++    buf[BUFSIZ-1] = '\0';
+     line++;
+     last_scanned_line_nr = line;
+ 
+-- 
+2.40.1
+

SPECS/libeconf.spec

@@ -5,13 +5,17 @@
 
 Name:           libeconf
 Version:        0.4.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Enhanced config file parser library
 
 License:        MIT
 URL:            https://github.com/openSUSE/libeconf
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
 
+
+### Patches ###
+Patch0001: 0001-getfilecontents-buffer-overflow.patch
+
 BuildRequires:  cmake >= 3.12
 BuildRequires:  gcc
 BuildRequires:  make
@@ -76,6 +80,9 @@ configuration files from applications that use %{name}.
 
 
 %changelog
+* Wed Jun  7 2023 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-3
+- Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652)
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688