From c6a895775c0b83dcc89b7772c74edc142dfc2ddf060eab0ff63be112d4daf7e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 3 May 2024 14:44:33 +0200
Subject: [PATCH] Sync from SUSE:SLFO:Main libconfuse revision
 ea41c07357ecc4e17d344d60685cd6c0

---
 .gitattributes                                |  23 ++++
 confuse-3.3.tar.xz                            |   3 +
 ...77c2c3566fb2647727bb56d9a2295b81669b.patch |  38 ++++++
 libconfuse.changes                            |  61 ++++++++++
 libconfuse.spec                               | 108 ++++++++++++++++++
 5 files changed, 233 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 confuse-3.3.tar.xz
 create mode 100644 libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
 create mode 100644 libconfuse.changes
 create mode 100644 libconfuse.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/confuse-3.3.tar.xz b/confuse-3.3.tar.xz
new file mode 100644
index 0000000..7b67baf
--- /dev/null
+++ b/confuse-3.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1dd50a0320e135a55025b23fcdbb3f0a81913b6d0b0a9df8cc2fdf3b3dc67010
+size 485140
diff --git a/libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch b/libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
new file mode 100644
index 0000000..28f7afc
--- /dev/null
+++ b/libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
@@ -0,0 +1,38 @@
+commit d73777c2c3566fb2647727bb56d9a2295b81669b
+Author: Joachim Wiberg <troglobit@gmail.com>
+Date:   Fri Sep 2 16:12:46 2022 +0200
+
+    Fix #163: unterminated username used with getpwnam()
+    
+    Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
+
+diff --git a/src/confuse.c b/src/confuse.c
+index 6d1fdbd..05566b5 100644
+--- a/src/confuse.c
++++ b/src/confuse.c
+@@ -1894,18 +1894,20 @@ DLLIMPORT char *cfg_tilde_expand(const char *filename)
+ 			passwd = getpwuid(geteuid());
+ 			file = filename + 1;
+ 		} else {
+-			/* ~user or ~user/path */
+-			char *user;
++			char *user; /* ~user or ~user/path */
++			size_t len;
+ 
+ 			file = strchr(filename, '/');
+-			if (file == 0)
++			if (file == NULL)
+ 				file = filename + strlen(filename);
+ 
+-			user = malloc(file - filename);
++			len = file - filename - 1;
++			user = malloc(len + 1);
+ 			if (!user)
+ 				return NULL;
+ 
+-			strncpy(user, filename + 1, file - filename - 1);
++			strncpy(user, &filename[1], len);
++			user[len] = 0;
+ 			passwd = getpwnam(user);
+ 			free(user);
+ 		}
diff --git a/libconfuse.changes b/libconfuse.changes
new file mode 100644
index 0000000..e9c1d77
--- /dev/null
+++ b/libconfuse.changes
@@ -0,0 +1,61 @@
+-------------------------------------------------------------------
+Mon Sep 12 11:02:59 CEST 2022 - ro@suse.de
+
+- add fix from upstream git
+  libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
+  cfg_tilde_expand in confuse.c has a heap-based buffer over-read
+  (CVE-2022-40320 boo#1203326) 
+
+-------------------------------------------------------------------
+Thu Jun 25 07:08:53 UTC 2020 - Michael Vetter <mvetter@suse.com>
+
+- Update to 3.3:
+  Changes:
+  * Support building static library on Windows
+  * Support for fmemopen() in Windows UWP applications
+  * Support for cfg_getopt(cfg, "sub=name|option"), i.e., get an
+    option from a sub-section, by Peter Rosin
+  * Support for CFGF_MODIFIED flag, to detect changes to settings
+    in memory after parsing, by Peter Rosin
+  * Support for filtering out settings when printing, by Peter Rosin
+  * Support for dynamic key=value sections with no pre-runtime
+    knowledge of setting names, useful for environment variables
+    and similar
+  * Updated German translation, by Chris Leick
+  Fixes:
+  * Fix loop-forever bug found by Christian Reitter; a .conf file
+    containing only "=", will cause even the simplest parser to loop
+    forever in internal function cfg_getopt_secidx()
+  * Issue #113: Fail to build strdup() replacement
+  * Issue #118: Fix build on Windows, missing fmemopen() replacement
+  * Issue #120: Handle shell and C++ comments with no space separator
+  * Issue #125: Drop developer debug msg QSTR: ...
+  * Issue #131: Fix CFG_PTR_CB() regression, segfaults when, e.g.,
+    cfg_free() is called. Found and fixed by Peter Rosin
+  * Issue #135: Revert CFGF_RESET flag if cfg_setmulti() family fail
+  * Issue #137: Memory leak in cfg_setopt() for PTR options
+
+-------------------------------------------------------------------
+Fri Oct 12 14:40:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Use new %lang_package -r semantics.
+
+-------------------------------------------------------------------
+Tue Aug 21 07:14:58 UTC 2018 - kbabioch@suse.com
+
+- Update to 3.2.2:
+  - Security release for CVE-2018-14447: Out-of-bounds reads in trim_whitespace
+    in lexer.l
+- Removed xz as build requirement
+- Removed -lang recommendation from main package
+
+-------------------------------------------------------------------
+Mon Aug  6 16:29:11 UTC 2018 - jengelh@inai.de
+
+- Ensure neutrality of description. Trim redundancies and
+  future goals from description.
+
+-------------------------------------------------------------------
+Thu Aug  2 09:36:08 UTC 2018 - kbabioch@suse.com
+
+- Initial packaging of version 3.2.1:
diff --git a/libconfuse.spec b/libconfuse.spec
new file mode 100644
index 0000000..54ca0bc
--- /dev/null
+++ b/libconfuse.spec
@@ -0,0 +1,108 @@
+#
+# spec file for package libconfuse
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define library_name libconfuse2
+Name:           libconfuse
+Version:        3.3
+Release:        0
+Summary:        A configuration file parser library
+License:        LGPL-2.1-or-later
+Group:          Development/Libraries/C and C++
+URL:            http://www.nongnu.org/confuse/
+Source:         https://github.com/martinh/libconfuse/releases/download/v%{version}/confuse-%{version}.tar.xz
+# PATCH-FIX_UPSTREAM
+Patch0:         libconfuse-d73777c2c3566fb2647727bb56d9a2295b81669b.patch
+BuildRequires:  check-devel
+BuildRequires:  gcc-c++
+BuildRequires:  gettext-devel
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  rpm-config-SUSE >= 0.g8
+
+%description
+libConfuse is a configuration file parser library. It supports
+sections and (lists of) values (strings, integers, floats, booleans
+or other sections), as well as single/double-quoted strings,
+environment variable expansion, functions and nested include
+statements.
+
+%package -n %{library_name}
+Summary:        A configuration file parser library
+Group:          System/Libraries
+
+%description -n %{library_name}
+libConfuse is a configuration file parser library. It supports
+sections and (lists of) values (strings, integers, floats, booleans
+or other sections), as well as single/double-quoted strings,
+environment variable expansion, functions and nested include
+statements.
+
+%package devel
+Summary:        The development files for libconfuse
+Group:          Development/Libraries/C and C++
+Requires:       %{library_name} = %{version}
+
+%description devel
+libConfuse is a configuration file parser library. It supports
+sections and (lists of) values (strings, integers, floats, booleans
+or other sections), as well as single/double-quoted strings,
+environment variable expansion, functions and nested include
+statements.
+
+This package holds the development files for libconfuse.
+
+%lang_package -r %{library_name}
+
+%prep
+%autosetup -n confuse-%{version} -p1
+
+%build
+%configure --enable-shared --disable-static
+make %{?_smp_mflags}
+
+%install
+%make_install
+rm -rf %{buildroot}%{_datadir}/doc
+
+%find_lang confuse
+install -Dd %{buildroot}%{_mandir}
+cp -Rv doc/man/man3/ %{buildroot}%{_mandir}
+
+# clean up unneeded files
+make -C examples clean
+rm -rf examples/.deps/ examples/Makefile*
+rm %{buildroot}%{_libdir}/libconfuse.la
+
+%post -n %{library_name} -p /sbin/ldconfig
+%postun -n %{library_name} -p /sbin/ldconfig
+
+%files -n %{library_name}
+%license LICENSE
+%doc README.md AUTHORS ChangeLog.md
+%{_libdir}/libconfuse.so.*
+
+%files devel
+%doc doc/html/ doc/tutorial-html/ examples/
+%{_libdir}/libconfuse.so
+%{_libdir}/pkgconfig/libconfuse.pc
+%{_includedir}/confuse.h
+%{_mandir}/man3/*.3%{?ext_man}
+
+%files -n %{name}-lang -f confuse.lang
+
+%changelog