And right after it was committed, someone found a bug in split https://marc.info/?l=oss-security&m=170556990821840&w=2
Index: Makefile =================================================================== RCS file: /cvs/ports/sysutils/coreutils/Makefile,v diff -u -p -r1.29 Makefile --- Makefile 16 Jan 2024 22:12:45 -0000 1.29 +++ Makefile 18 Jan 2024 09:55:17 -0000 @@ -2,6 +2,7 @@ COMMENT = file, shell and text manipula DISTNAME = coreutils-9.4 CATEGORIES = sysutils +REVISION = 0 MAINTAINER = Brian Callahan <bcal...@openbsd.org> Index: patches/patch-src_split_c =================================================================== RCS file: patches/patch-src_split_c diff -N patches/patch-src_split_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_split_c 18 Jan 2024 09:50:12 -0000 @@ -0,0 +1,19 @@ +Fix heap buffer overflow + +https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 +https://marc.info/?l=oss-security&m=170556990821840&w=2 + +Index: src/split.c +--- src/split.c.orig ++++ src/split.c +@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t b + { + cwrite (n_out == 0, hold, n_hold); + n_out += n_hold; +- if (n_hold > bufsize) +- hold = xirealloc (hold, bufsize); + n_hold = 0; +- hold_size = bufsize; + } + + /* Output to eol if present. */
