[AUTO-CHERRYPICK] Patch iniparser for CVE-2025-0633 [Medium] - branch 3.0-dev (#12616)

Co-authored-by: mayankfz <[email protected]>

Author: CBL-Mariner-Bot

SPECS/iniparser/CVE-2025-0633.patch

@@ -0,0 +1,25 @@
+From 6a15c7c2cd5638c9c359e308fc503860b0a3c857 Mon Sep 17 00:00:00 2001
+From: Mayank Singh <[email protected]>
+Date: Tue, 25 Feb 2025 03:12:13 +0000
+Subject: [PATCH] Address CVE-2025-0633
+Upstream Reference Link: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f
+
+---
+ src/iniparser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/iniparser.c b/src/iniparser.c
+index fffdf9f..62febeb 100644
+--- a/src/iniparser.c
++++ b/src/iniparser.c
+@@ -301,6 +301,7 @@ void iniparser_dumpsection_ini(const dictionary * d, const char * s, FILE * f)
+ 
+     if (d==NULL || f==NULL) return ;
+     if (! iniparser_find_entry(d, s)) return ;
++    if (strlen(s) > sizeof(keym)) return;
+ 
+     seclen  = (int)strlen(s);
+     fprintf(f, "\n[%s]\n", s);
+-- 
+2.45.3
+

SPECS/iniparser/iniparser.spec

@@ -5,12 +5,13 @@ Distribution:   Azure Linux
 
 Name:		iniparser
 Version:	4.1
-Release:	7%{?dist}
+Release:	8%{?dist}
 Summary:	C library for parsing "INI-style" files
 
 License:	MIT
 URL:		https://github.com/ndevilla/%{name}
 Source0:	https://github.com/ndevilla/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         CVE-2025-0633.patch
 
 BuildRequires:	gcc
 
@@ -28,7 +29,7 @@ documentation for %{name}. If you like to develop programs using %{name},
 you will need to install %{name}-devel.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 # remove library rpath from Makefile
@@ -71,6 +72,9 @@ make check
 %{_includedir}/*.h
 
 %changelog
+* Tue Feb 25 2025 Mayank Singh <[email protected]> - 4.1.8
+- Fix CVE-2025-0633 with an upstream patch
+
 * Mon Feb 5 2024 Saul Paredes <[email protected]> - 4.1-6
 - License verified.