From 57853162fd13b3c68ef12a4153470bfb9846b14f Mon Sep 17 00:00:00 2001
From: Jan Kratochvil <jan.kratochvil@redhat.com>
Date: Thu, 5 Sep 2019 13:52:26 +0200
Subject: [PATCH] Fix stack corruption on a moved directory, reproducible on
 aarch64.   https://bugzilla.redhat.com/show_bug.cgi?id=1741472  
 0006-Fix-buffer-overrun-in-inotifytools.c.patch Fix buffer overrun on
 -c|--csv with '"', ',' or '\n' in directory name.  
 0005-Fix-segfault-with-csv-output-when-filename-contains-.patch Remove rpath
 to pass a rpmbuild check.

---
 ...h-csv-output-when-filename-contains-.patch | 24 ++++++++++++++
 ...Fix-buffer-overrun-in-inotifytools.c.patch | 33 +++++++++++++++++++
 inotify-tools.spec                            | 17 +++++++++-
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
 create mode 100644 0006-Fix-buffer-overrun-in-inotifytools.c.patch

diff --git a/0005-Fix-segfault-with-csv-output-when-filename-contains-.patch b/0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
new file mode 100644
index 0000000..94f3ee6
--- /dev/null
+++ b/0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
@@ -0,0 +1,24 @@
+From: Dmitry Bogatov <KAction@gnu.org>
+Date: Sat, 4 Mar 2017 21:13:38 +0300
+Subject: [PATCH] Fix segfault with csv output when filename contains comma
+
+Double `csv_escape()'ing filename is logic error, but root of the
+problem was that passing `csv' buffer back into `csv_escape()' caused
+endless loop over `static char csv[MAXLEN]', and buffer overflow.
+---
+ src/inotifywait.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/inotifywait.c b/src/inotifywait.c
+index 98aadd4..6e17007 100644
+--- a/src/inotifywait.c
++++ b/src/inotifywait.c
+@@ -119,7 +119,7 @@ void validate_format( char * fmt ) {
+ void output_event_csv( struct inotify_event * event ) {
+     char *filename = csv_escape(inotifytools_filename_from_wd(event->wd));
+     if (filename != NULL)
+-        printf("%s,", csv_escape(filename));
++        printf("%s,", filename);
+ 
+ 	printf("%s,", csv_escape( inotifytools_event_to_str( event->mask ) ) );
+ 	if ( event->len > 0 )
diff --git a/0006-Fix-buffer-overrun-in-inotifytools.c.patch b/0006-Fix-buffer-overrun-in-inotifytools.c.patch
new file mode 100644
index 0000000..a3d2a91
--- /dev/null
+++ b/0006-Fix-buffer-overrun-in-inotifytools.c.patch
@@ -0,0 +1,33 @@
+From: Dmitry Bogatov <KAction@debian.org>
+Date: Tue, 6 Aug 2019 16:36:24 +0000
+Subject: Fix buffer overrun in inotifytools.c
+
+The following code
+
+    char *names[2+sizeof(int)/sizeof(char*)];
+
+was supposed to allocate enough space on stack to fit two `char *' and one
+`int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on
+64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0,
+resulting in buffer overrun.
+
+Detected by GCC-9 new diagnostics.
+
+Closes: #925717
+---
+ libinotifytools/src/inotifytools.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c
+index b3feca3..ce4ccd5 100644
+--- a/libinotifytools/src/inotifytools.c
++++ b/libinotifytools/src/inotifytools.c
+@@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname,
+ void inotifytools_replace_filename( char const * oldname,
+                                     char const * newname ) {
+ 	if ( !oldname || !newname ) return;
+-	char *names[2+sizeof(int)/sizeof(char*)];
++	char *names[2+sizeof(int)/sizeof(char*) + 1];
+ 	names[0] = (char*)oldname;
+ 	names[1] = (char*)newname;
+ 	*((int*)&names[2]) = strlen(oldname);
diff --git a/inotify-tools.spec b/inotify-tools.spec
index 59c4c41..4650e62 100644
--- a/inotify-tools.spec
+++ b/inotify-tools.spec
@@ -1,11 +1,13 @@
 Name:           inotify-tools
 Version:        3.14
-Release:        17%{?dist}
+Release:        18%{?dist}
 Summary:        Command line utilities for inotify
 
 License:        GPLv2
 URL:		 http://inotify-tools.sourceforge.net/
 Source0:        http://download.sf.net/inotify-tools/inotify-tools-%{version}.tar.gz
+Patch1:         0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
+Patch2:         0006-Fix-buffer-overrun-in-inotifytools.c.patch
 
 BuildRequires:  gcc
 BuildRequires:  autoconf
@@ -26,6 +28,8 @@ that use the libinotifytools library.
 
 %prep
 %setup -q
+%patch1 -p1
+%patch2 -p1
 
 
 %build
@@ -33,6 +37,9 @@ that use the libinotifytools library.
         --disable-dependency-tracking \
         --disable-static \
         --enable-doxygen
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_removing_rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 make %{?_smp_mflags}
 
 
@@ -67,6 +74,14 @@ rm -rf %{buildroot}/%{_datadir}/doc/
 
 
 %changelog
+* Thu Sep 05 2019 Jan Kratochvil <jan.kratochvil@redhat.com> - 3.14-18
+- Fix stack corruption on a moved directory, reproducible on aarch64.
+  https://bugzilla.redhat.com/show_bug.cgi?id=1741472
+  0006-Fix-buffer-overrun-in-inotifytools.c.patch
+- Fix buffer overrun on -c|--csv with '"', ',' or '\n' in directory name.
+  0005-Fix-segfault-with-csv-output-when-filename-contains-.patch
+- Remove rpath to pass a rpmbuild check.
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.14-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild