commit 34b8139b13207ea71622c66c704f4cd2c559fad917d2aaf74f6f747261834e97 Author: Adrian Schröter Date: Fri May 3 13:43:22 2024 +0200 Sync from SUSE:SLFO:Main iniparser revision c65173697bfd1c3ad4e7e0a137986439 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/Fail-testrun-on-test-failure.patch b/Fail-testrun-on-test-failure.patch new file mode 100644 index 0000000..7ab1e0a --- /dev/null +++ b/Fail-testrun-on-test-failure.patch @@ -0,0 +1,51 @@ +From b7a2c2999aabf2a83ccc164b9729259ea400e747 Mon Sep 17 00:00:00 2001 +From: Dan Bungert +Date: Thu, 18 Feb 2021 17:35:58 -0700 +Subject: [PATCH] Fail testrun on test failure + +Test failures can go unnoticed, as currently the test runner +unconditionally returns exit code 0. Consult the number of test +failures and exit code 1 if there are any. +--- + test/make-tests.sh | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/test/make-tests.sh b/test/make-tests.sh +index f2a3f2a..78e6901 100755 +--- a/test/make-tests.sh ++++ b/test/make-tests.sh +@@ -26,10 +26,11 @@ cat $FILES | grep '^void Test' | + echo \ + ' + +-void RunAllTests(void) ++int RunAllTests(void) + { + CuString *output = CuStringNew(); + CuSuite* suite = CuSuiteNew(); ++ int ret = 0; + + ' + cat $FILES | grep '^void Test' | +@@ -42,15 +43,16 @@ echo \ + ' + CuSuiteRun(suite); + CuSuiteSummary(suite, output); ++ if (suite->failCount > 0) ret = 1; + CuSuiteDetails(suite, output); + printf("%s\n", output->buffer); + CuStringDelete(output); + CuSuiteDelete(suite); ++ return ret; + } + + int main(void) + { +- RunAllTests(); +- return 0; ++ return RunAllTests(); + } + ' +-- +2.37.1 + diff --git a/Fix-buffer-overflow-from-sprintf.patch b/Fix-buffer-overflow-from-sprintf.patch new file mode 100644 index 0000000..31c8b65 --- /dev/null +++ b/Fix-buffer-overflow-from-sprintf.patch @@ -0,0 +1,49 @@ +From 1bd7c8341fc076a4795638330bc6badb78745647 Mon Sep 17 00:00:00 2001 +From: James Larrowe +Date: Sun, 9 Jun 2019 12:45:28 -0400 +Subject: [PATCH] Fix buffer overflow from sprintf + +Extension of #104 that includes tests +--- + src/iniparser.c | 2 +- + test/test_iniparser.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index fffdf9f..f1d1658 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -718,7 +718,7 @@ dictionary * iniparser_load(const char * ininame) + char line [ASCIILINESZ+1] ; + char section [ASCIILINESZ+1] ; + char key [ASCIILINESZ+1] ; +- char tmp [(ASCIILINESZ * 2) + 1] ; ++ char tmp [(ASCIILINESZ * 2) + 2] ; + char val [ASCIILINESZ+1] ; + + int last=0 ; +diff --git a/test/test_iniparser.c b/test/test_iniparser.c +index c76529c..b7cd5fc 100644 +--- a/test/test_iniparser.c ++++ b/test/test_iniparser.c +@@ -96,7 +96,7 @@ void Test_iniparser_strstrip(CuTest *tc) + }; + const char *test_with_spaces = "I am a test with\tspaces."; + char stripped[ASCIILINESZ+1]; +- char error_msg[128]; ++ char error_msg[1060]; + unsigned i; + + /* NULL ptr as input */ +@@ -595,7 +595,7 @@ void Test_iniparser_load(CuTest *tc) + struct dirent *curr; + struct stat curr_stat; + dictionary *dic; +- char ini_path[256]; ++ char ini_path[276]; + + /* Dummy tests */ + dic = iniparser_load("/you/shall/not/path"); +-- +2.37.1 + diff --git a/Fix-tests-on-32bit.patch b/Fix-tests-on-32bit.patch new file mode 100644 index 0000000..a53b2b5 --- /dev/null +++ b/Fix-tests-on-32bit.patch @@ -0,0 +1,59 @@ +From 0f5a112836be0d9c7db59b8c9b832979298e14cc Mon Sep 17 00:00:00 2001 +From: Michal Suchanek +Date: Wed, 24 Aug 2022 20:49:08 +0200 +Subject: [PATCH] Fix tests on 32bit + +The long has different width on 32bit and 64bit. +Use predefined macro for the maximum value. + +Signed-off-by: Michal Suchanek +--- + test/test_iniparser.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/test/test_iniparser.c b/test/test_iniparser.c +index b7cd5fc..020e6ae 100644 +--- a/test/test_iniparser.c ++++ b/test/test_iniparser.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + #include "CuTest.h" + #include "dictionary.h" +@@ -15,6 +16,8 @@ + #define GOOD_INI_PATH "ressources/good_ini" + #define BAD_INI_PATH "ressources/bad_ini" + ++#define stringify_2(x...) #x ++#define stringify(x...) stringify_2(x) + + /* Tool function to create and populate a generic non-empty dictionary */ + static dictionary * generate_dictionary(unsigned sections, unsigned entries_per_section) +@@ -350,8 +353,8 @@ void Test_iniparser_getlongint(CuTest *tc) + { 1000, "1000" }, + { 077, "077" }, + { -01000, "-01000" }, +- { 0x7FFFFFFFFFFFFFFF, "0x7FFFFFFFFFFFFFFF" }, +- { -0x7FFFFFFFFFFFFFFF, "-0x7FFFFFFFFFFFFFFF" }, ++ { LONG_MAX, stringify(LONG_MAX) }, ++ { -LONG_MAX, stringify(-LONG_MAX) }, + { 0x4242, "0x4242" }, + { 0, NULL} /* must be last */ + }; +@@ -370,8 +373,8 @@ void Test_iniparser_getlongint(CuTest *tc) + /* Check the def return element */ + dic = dictionary_new(10); + CuAssertLongIntEquals(tc, 42, iniparser_getlongint(dic, "dummy", 42)); +- CuAssertLongIntEquals(tc, 0x7FFFFFFFFFFFFFFF, iniparser_getlongint(dic, NULL, 0x7FFFFFFFFFFFFFFF)); +- CuAssertLongIntEquals(tc, -0x7FFFFFFFFFFFFFFF, iniparser_getlongint(dic, "dummy", -0x7FFFFFFFFFFFFFFF)); ++ CuAssertLongIntEquals(tc, LONG_MAX, iniparser_getlongint(dic, NULL, LONG_MAX)); ++ CuAssertLongIntEquals(tc, -LONG_MAX, iniparser_getlongint(dic, "dummy", -LONG_MAX)); + dictionary_del(dic); + + /* Generic dictionary */ +-- +2.37.1 + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..c92869b --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libiniparser1 \ No newline at end of file diff --git a/handle-null-return-getstring.patch b/handle-null-return-getstring.patch new file mode 100644 index 0000000..6bc50ea --- /dev/null +++ b/handle-null-return-getstring.patch @@ -0,0 +1,43 @@ +From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 +From: Antonio +Date: Fri, 2 Jun 2023 15:03:10 -0300 +Subject: [PATCH] Handle null return from iniparser_getstring + +Fix handling of NULL returns from iniparser_getstring in +iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, +avoiding a crash. +--- + src/iniparser.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index f1d1658..dbceb20 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return strtol(str, NULL, 0); + } + +@@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return atof(str); + } + +@@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) + const char * c ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (c==INI_INVALID_KEY) return notfound ; ++ if (c==NULL || c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { diff --git a/iniparser-4.1.tar.gz b/iniparser-4.1.tar.gz new file mode 100644 index 0000000..ec78e1e --- /dev/null +++ b/iniparser-4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:960daa800dd31d70ba1bacf3ea2d22e8ddfc2906534bf328319495966443f3ae +size 44732 diff --git a/iniparser.changes b/iniparser.changes new file mode 100644 index 0000000..0d4d155 --- /dev/null +++ b/iniparser.changes @@ -0,0 +1,155 @@ +------------------------------------------------------------------- +Fri Jun 2 18:36:09 UTC 2023 - Antonio Teixeira + +- Add handle-null-return-getstring.patch (bsc#1211889) + CVE-2023-33461: NULL pointer dereference in iniparser_getboolean() + +------------------------------------------------------------------- +Wed Aug 24 18:26:33 UTC 2022 - Michal Suchanek + +- Add fixes since 4.1 + + Fail-testrun-on-test-failure.patch + + Fix-buffer-overflow-from-sprintf.patch +- Fix tests failing on 32bit architectures + + Fix-tests-on-32bit.patch + +------------------------------------------------------------------- +Sat Nov 11 05:21:56 UTC 2017 - aavindraa@gmail.com + +- Update to 4.1 (stable release) + + For full change set, see: + https://github.com/ndevilla/iniparser/compare/b1c4ac6f...v4.1 +- Cleanup with spec-cleaner +- Rebase iniparser_remove_rpath.patch +- so number bumped from 0 to 1 per upstream policy + +------------------------------------------------------------------- +Sat Jun 27 16:07:04 UTC 2015 - lmuelle@suse.com + +- Update to git snapshot 20150605 b1c4ac6f + + Use the same xstrdup implementation for both source file + + allocate memory for string termination + + Add travis.yml + + iniparser_getseckeys doesn't return a malloc ptr anymore + + One more static + whitespace cleanup + + Prevent negative array index access when a line solely consists of + newlines and spaces + + Made strstrip() static +- Remove libiniparser from baselibs.conf + +------------------------------------------------------------------- +Thu Jun 19 10:54:31 UTC 2014 - lmuelle@suse.com + +- Update to git snapshot 20140619 c5beb80a + + Fix coverity issues + + Fix resource leaks + + Modify to build unbounded keys & values from multi-line input + + Fix crash with crafted ini files + + Makefile fixes: Library build, targets + + Prevent compiler warning when compiling for 64 bit + + Build system improvements +- Update iniparser_remove_rpath.patch + +------------------------------------------------------------------- +Mon Mar 17 14:50:58 UTC 2014 - lmuelle@suse.com + +- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). + +------------------------------------------------------------------- +Fri Jun 7 12:47:33 UTC 2013 - lmuelle@suse.com + +- Include LICENSE file from the source tar ball. + +------------------------------------------------------------------- +Tue Jun 5 09:49:20 UTC 2012 - lmuelle@suse.com + +- Define library name and use it instead of libiniparser0. + +------------------------------------------------------------------- +Sun Jun 3 22:20:48 UTC 2012 - lmuelle@suse.com + +- Use the unversioned libiniparser name on pre-11.2 systems only. + +------------------------------------------------------------------- +Sun Jun 3 21:37:54 UTC 2012 - lmuelle@suse.com + +- Define library name and use it instead of libiniparser0. +- Remove unused debug_package_requires define. + +------------------------------------------------------------------- +Sat Apr 21 15:14:35 UTC 2012 - lars@samba.org + +- Update to version 3.1. + + Const'ified input string arguments +- Update to version 3.0. + + Single function to set values in a dict: iniparser_set() + + Bug corrected for lines containing only \n + + Enhanced documentation + + C++ nonsense removed + +------------------------------------------------------------------- +Thu Dec 17 22:36:01 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Wed Jan 7 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 14:14:48 CET 2008 - ro@suse.de + +- update baselibs.conf + +------------------------------------------------------------------- +Thu Aug 28 12:10:07 CEST 2008 - anschneider@suse.de + +- create packages following the shlib policy +- build only the shared library + +------------------------------------------------------------------- +Wed Aug 20 16:02:36 CEST 2008 - meissner@suse.de + +- use RPM_OPT_FLAGS, libiniparser.a can be 644 + +------------------------------------------------------------------- +Mon May 5 15:42:43 CEST 2008 - anschneider@suse.de + +- build without rpath + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Thu Dec 27 03:33:40 CET 2007 - crrodriguez@suse.de + +- fix library-without-ldconfig* errors + +------------------------------------------------------------------- +Sun May 27 13:58:43 CEST 2007 - lmuelle@suse.de + +- Update to version 2.17. + + Apply some const and fix c++ warnings. + + Merge revision 19928 from samba.org subversion. + + Applied patches to the Makefile to build a shared library. + +------------------------------------------------------------------- +Sun May 20 23:07:03 CEST 2007 - lmuelle@suse.de + +- Remove requires on release from devel packages. + +------------------------------------------------------------------- +Wed Sep 27 00:01:10 CEST 2006 - gd@suse.de + +- Update to version 2.15 + - documentation fixes + +------------------------------------------------------------------- +Tue Apr 11 16:28:45 CEST 2006 - lmuelle@suse.de + +- Inital SuSE RPM. diff --git a/iniparser.spec b/iniparser.spec new file mode 100644 index 0000000..62a9326 --- /dev/null +++ b/iniparser.spec @@ -0,0 +1,107 @@ +# +# spec file for package iniparser +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# if bumping this, also update baselibs.conf +%define sonum 1 +Name: iniparser +Version: 4.1 +Release: 0 +Summary: Library to parse ini files +License: MIT +Group: System/Libraries +URL: http://ndevilla.free.fr/iniparser/ +Source: https://github.com/ndevilla/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source2: baselibs.conf +Patch00: iniparser_remove_rpath.patch +Patch01: Fail-testrun-on-test-failure.patch +Patch02: Fix-buffer-overflow-from-sprintf.patch +Patch03: Fix-tests-on-32bit.patch +# PATCH-FIX-SUSE handle-null-return-getstring.patch bsc#1211889 -- CVE-2023-33461: NULL pointer dereference in iniparser_getboolean() +# https://github.com/ndevilla/iniparser/pull/146 +Patch04: handle-null-return-getstring.patch + +%description +Libiniparser offers parsing of ini files from the C level. + +%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1100 +%define libiniparser_name libiniparser%{sonum} +%else +%define libiniparser_name libiniparser +%endif + +%package -n %{libiniparser_name} +Summary: Library to parse ini files +Group: System/Libraries + +%description -n %{libiniparser_name} +Libiniparser offers parsing of ini files from the C level. + +This package includes the libiniparser%{sonum} library. + +%package -n libiniparser-devel +Summary: Libraries and Header Files to Develop Programs with libiniparser Support +Group: Development/Libraries/C and C++ +%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1100 +Requires: %{libiniparser_name} = %{version} +%else +Requires: libiniparser = %{version} +%endif + +%description -n libiniparser-devel +This package contains the static libraries and header files needed to +develop programs which make use of the libiniparser programming +interface. + +The libiniparser offers parsing of ini files from the C level. See a +complete documentation in HTML format, from the +%{_docdir}/libiniparser-devel directory open the file +html/index.html with any HTML-capable browser. + +Libraries and Header Files to Develop Programs with iniparser Support. + +%prep +%setup -q +%autopatch -p1 + +%build +make %{?_smp_mflags} CFLAGS="%{optflags} -fPIC" + +%install +install -d -m 0755 %{buildroot}%{_includedir} +install -d -m 0755 %{buildroot}%{_libdir} +install -m 0755 libiniparser.so.%{sonum} %{buildroot}%{_libdir} +install -m 0644 src/{dictionary,iniparser}.h %{buildroot}%{_includedir} +ln -s -f libiniparser.so.%{sonum} %{buildroot}%{_libdir}/libiniparser.so + +%check +ln -s libiniparser.so.%{sonum} libiniparser.so +make %{?_smp_mflags} check + +%post -n %{libiniparser_name} -p /sbin/ldconfig +%postun -n %{libiniparser_name} -p /sbin/ldconfig + +%files -n %{libiniparser_name} +%{_libdir}/libiniparser.so.* +%doc LICENSE + +%files -n libiniparser-devel +%{_includedir}/*.h +%{_libdir}/libiniparser.so +%doc html + +%changelog diff --git a/iniparser_remove_rpath.patch b/iniparser_remove_rpath.patch new file mode 100644 index 0000000..726e087 --- /dev/null +++ b/iniparser_remove_rpath.patch @@ -0,0 +1,13 @@ +Index: iniparser/Makefile +=================================================================== +--- a/Makefile ++++ b/Makefile +@@ -21,7 +21,7 @@ ARFLAGS = rcv + + SHLD = ${CC} ${CFLAGS} + LDSHFLAGS = -shared -Wl,-Bsymbolic +-LDFLAGS += -Wl,-rpath -Wl,/usr/lib -Wl,-rpath,/usr/lib ++LDFLAGS += + + # .so.0 is for version 3.x, .so.1 is 4.x + SO_TARGET ?= libiniparser.so.1