SLFO-pool/pkgconf
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main pkgconf revision 321e4027ee2cea701ca84b496c9b6004

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 19:22:25 +02:00
commit 792a8ec827
6 changed files with 512 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
pkgconf-1.8.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

53
pkgconf-CVE-2023-24056.patch Normal file
View File

@ -0,0 +1,53 @@
diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c
--- pkgconf-1.8.0/libpkgconf/tuple.c 2021-03-18 20:15:16.000000000 +0800
+++ pkgconf-1.8.0_new/libpkgconf/tuple.c 2023-01-30 16:07:40.750297141 +0800
@@ -293,12 +293,23 @@
}
}
+ PKGCONF_TRACE(client, "lookup tuple %s", varname);
+
+ size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
ptr += (pptr - ptr);
kv = pkgconf_tuple_find_global(client, varname);
if (kv != NULL)
{
- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
- bptr += strlen(kv);
+ size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
+ if (nlen > remain)
+ {
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
+ break;
+ }
+
+ bptr += nlen;
}
else
{
@@ -306,12 +317,20 @@
if (kv != NULL)
{
+ size_t nlen;
+
parsekv = pkgconf_tuple_parse(client, vars, kv);
+ nlen = pkgconf_strlcpy(bptr, parsekv, remain);
+ free(parsekv);
- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
- bptr += strlen(parsekv);
+ if (nlen > remain)
+ {
+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
+ bptr = buf + (PKGCONF_BUFSIZE - 1);
+ break;
+ }
- free(parsekv);
+ bptr += nlen;
}
}
}

188
pkgconf.changes Normal file
View File

@ -0,0 +1,188 @@
-------------------------------------------------------------------
Sun Jan 29 09:26:47 UTC 2023 - Cliff Zhao <qzhao@suse.com>
- Add pkgconf-CVE-2023-24056.patch: Backport commit 628b2b2baf from
upstream, test for, and stop string processing, on truncation
(bsc#1207394 CVE-2023-24056).
-------------------------------------------------------------------
Mon Aug 23 09:18:29 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Update to version 1.8.0:
+ Fix a minor memory leak relating to cross-personalities
+ Fix some edge cases with --redefine-prefix
+ Do not prepend sysroot_dir if the .pc file does not exist
in the sysroot
+ Do not perform path filtering on default system include
and library path lists.
-------------------------------------------------------------------
Wed Jun 30 15:33:37 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Update to 1.7.4
+ Add PKG_CONFIG_DONT_DEFINE_PREFIX environment variable
+ Handle platforms where realpath(3) requires a pre-allocated
buffer
+ Fix null-dereference crash when pulling a malformed
'uninstalled' .pc file into a dependency tree.
-------------------------------------------------------------------
Wed Apr 7 16:19:46 UTC 2021 - Dirk Müller <dmueller@suse.com>
- do not own directories provided by filesystem
- small cleanups inspired by spec-cleaner
-------------------------------------------------------------------
Mon Aug 10 05:03:07 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
- Add /usr/local paths to pkg-config(1) search path for non RPM builds (boo#1175039)
-------------------------------------------------------------------
Mon Jun 15 08:30:00 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Update to 1.7.3
- Bug fixes:
+ Fix a possible out of boundary write when evaluating dependencies.
Patch by Tobias Stöckmann.
+ Fix escaping logic on Windows. Patch by Vincent Torri.
+ Fix out of boundary reads and writes with a malformed fragment.
Patches by Tobias Stöckmann.
+ Fix a possible out of boundary write when evaluating tuples.
Patch by Tobias Stöckmann.
+ Fix a windows-specific crash relating to path fixups.
+ Fix a possible out of boundary access in the parser for the
cross-compile database. Patch by Tobias Stöckmann.
+ Missing files for building with Meson are now included in the
tarball. Patch by Neal Gompa.
+ Fix calculation of package atoms on Windows with paths that
use both directory separator characters.
+ Fix a possible buffer overflow involving newline escaping.
Patch by Tobias Stöckmann.
+ Fix an out of boundary access in the parser.
Patch by Tobias Stöckmann.
+ Fix leakage of strcmp() result value in pkgconf_compare_version()
responses.
+ Return the default personality if loading a cross-compile
personality file failed.
+ Do not complain about newlines when validating package versions.
+ Properly detect strndup() on Windows when building with Meson.
- Enhancements:
+ A new --shared option and WantDefaultStatic cross-compile
configuration option have been added. This allows for toolchains
to specify that static linking should be used by default.
+ Support for the PKG_CONFIG_MSVC_SYNTAX environment variable has
been added. Patch by Dan Kegel.
+ Support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS
client flag which disables emulation of freedesktop.org pkg-config
fragment merging semantics has been added.
Patch by Karen Arutyunov.
-------------------------------------------------------------------
Mon Aug 12 09:35:34 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Update to 1.6.3
+ Fixed a memory leak when deduplicating paths.
+ Fixed strndup-related build regression on Windows.
+ Added --modversion description to pkgconf(1) man page.
+ Properly tokenize versions. Versions cannot logically contain
whitespace, as dependency-lists would not properly tokenize if
they could. A diagnostic is generated for malformed version
strings containing whitespace when --validate is used.
-------------------------------------------------------------------
Fri Aug 9 00:19:43 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Co-own aclocal directory to avoid requiring autoconf-archive
-------------------------------------------------------------------
Mon Aug 5 12:46:49 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Add missing -gnu ABI suffix to platform names in pkgconf-pkg-config (boo#1144318)
-------------------------------------------------------------------
Mon Jul 15 00:28:33 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Fix license tag for pkgconf-m4
-------------------------------------------------------------------
Mon Jul 15 00:04:56 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Set pkgconf to provide pkgconfig on Tumbleweed (post SUSE Linux 15)
-------------------------------------------------------------------
Wed May 1 12:32:54 UTC 2019 - Neal Gompa <ngompa13@gmail.com>
- Update to 1.6.1
+ Fixed an issue where a personality may not be properly selected
due to argv[0] containing a full path.
+ Fixed a regression where having an empty PKG_CONFIG_LIBDIR
environment variable would not eliminate the default search
paths.
+ Use POSIX realpath(3) instead of readlink() for deduplicating the
search path. Use _fullpath() on Windows for the same purpose.
+ The dequoting logic for tuples has been improved to ensure that
quotes *inside* a value remain quoted when necessary.
+ Fixed issue where packages which referenced missing packages in
Requires.private may have crashed due to memory corruption issues
in some circumstances.
+ Fixed warnings reported by GCC 8 diagnostics.
+ Add LIBPKGCONF_VERSION and LIBPKGCONF_VERSION_STR macros for
determining libpkgconf version.
+ Add pkgconf_fragment_copy_list() to copy a fragment list to
another fragment list.
+ Fix edge cases for path canonicalization (especially on Windows)
- Add personality.d directories for cross-targets
- Add pkgconf rpm macros for pkgconf directories
- Simplify platform-pkg-config wrapper to work with POSIX sh
-------------------------------------------------------------------
Tue Aug 21 12:27:05 UTC 2018 - Neal Gompa <ngompa13@gmail.com>
- Update to 1.5.3
+ Fix edge cases involving dequoting zero-length tuples that can lead to a
buffer overflow under the right circumstances. Thanks to A. Wilcox for
reporting and supplying a patch. (boo#1105438 - CVE-2018-1000221)
+ Ensure environment variables override values learned from personality files
or built-in defaults.
+ Add pkgconf-personality(5) manpage documenting the personality file format.
- Drop BR pkgconfig and manually specified pkgconfig() Provides for
devel subpackage to avoid dependency loops.
-------------------------------------------------------------------
Wed Jun 20 10:51:58 UTC 2018 - Karol Babioch <kbabioch@suse.com>
- Update to version 1.5.1
- fixed a crash with some invalid multi-line .pc files
- Update to version 1.5.0
- pkgconf now supports the proposed Requires.internal pkg-config extension,
by merging it with the Requires.private list (there is no functional difference
between the two in our resolver implementation)
- Support for cross-compilation personalities have been added. To make use of this
functionality, create a file in the new personality.d directory that sits inside
the pkgconfig directory. The personality file format is described in
pc-personality(5).
- Support for Haiku has been added, including interpretation of BELIBRARIES and
other toolchain specifics.
- tuples are now appropriately dequoted when added by the parser
- Applied spec-cleaner
-------------------------------------------------------------------
Sun May 20 12:34:57 UTC 2018 - Neal Gompa <ngompa13@gmail.com>
- Add BR pkgconfig to generate pkgconfig() deps
-------------------------------------------------------------------
Sun May 20 01:32:46 UTC 2018 - Neal Gompa <ngompa13@gmail.com>
- Update to 1.4.2
+ Bug fixes
- ensure pkgconf_dependency_t nodes have a solution marked
when satisfied by an indirect provider (gh#pkgconf/pkgconf#172)
- revert some quoting changes because they don't work well
with certain GCC edge cases (gh#pkgconf/pkgconf#168)
-------------------------------------------------------------------
Mon Feb 19 15:56:36 UTC 2018 - Neal Gompa <ngompa13@gmail.com>
- Initial packaging based on Fedora and Mageia packaging

229
pkgconf.spec Normal file
View File

@ -0,0 +1,229 @@
#
# spec file for package pkgconf
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2020 Neal Gompa <ngompa13@gmail.com>.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# Compatibility macros
%{!?make_build: %global make_build %{__make} %{?_smp_mflags}}
%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d}
# pkgconf acts as pkgconfig for Tumbleweed (post SUSE Linux 15)
%if 0%{?suse_version} >= 1550
%bcond_without pkgconfig_compat
%else
%bcond_with pkgconfig_compat
%endif
%if %{with pkgconfig_compat}
%global pkgconfig_ver 0.29.2
# For obsoleting pkgconfig, bump the ver to a number higher than latest version
%global pkgconfig_obsver %{pkgconfig_ver}+1
%endif
# pkgconfig platform
%global pkgconf_target_platform %{_target_platform}%{?_gnu}
# Search path for pc files for pkgconf
%global pkgconf_libdirs %{_libdir}/pkgconfig:%{_datadir}/pkgconfig
%global somajor 3
%global libname lib%{name}%{somajor}
%global devname lib%{name}-devel
Name: pkgconf
Version: 1.8.0
Release: 0
Summary: Package compiler and linker metadata toolkit
License: ISC
Group: Development/Tools/Building
URL: http://pkgconf.org/
Source0: https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz
# Simple wrapper script to offer platform versions of pkgconfig from Fedora
Source1: platform-pkg-config.in
# PATCH-FIX-UPSTREAM pkgconf-CVE-2023-24056.patch bsc#1207394 CVE-2023-24056 qzhao@suse.com -- Backport commit 628b2b2baf from upstream, test for, and stop string processing, on truncation.
Patch0: pkgconf-CVE-2023-24056.patch
# For regenerating autotools scripts
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: libtool
BuildRequires: make
# pkgconf uses libpkgconf internally
Requires: %{libname}%{?_isa} = %{version}-%{release}
# This is defined within pkgconf code as a virtual pc (just like in pkgconfig)
Provides: pkgconfig(pkgconf) = %{version}
%description
pkgconf is a program which helps to configure compiler and linker flags
for development frameworks. It is similar to pkg-config from freedesktop.org
and handles .pc files in a similar manner as pkg-config.
%package -n %{libname}
Summary: Backend library for %{name}
License: ISC
Group: System/Libraries
%description -n %{libname}
This package provides libraries for applications to use the functionality
of %{name}.
%package -n %{devname}
Summary: Development files for lib%{name}
License: ISC
Group: Development/Libraries/C and C++
Requires: %{libname}%{?_isa} = %{version}-%{release}
# Avoid dependency loop on itself by specifying the Provides directly
Provides: pkgconfig(libpkgconf) = %{version}
%description -n %{devname}
This package provides files necessary for developing applications
to use functionality provided by %{name}.
%if %{with pkgconfig_compat}
%package m4
Summary: m4 macros for pkgconf
License: GPL-2.0-or-later WITH Autoconf-exception-2.0
Group: Development/Libraries/Other
BuildArch: noarch
# Ensure that it Conflicts and Obsoletes pkgconfig since it contains content formerly from it
Conflicts: pkgconfig < %{pkgconfig_obsver}
Obsoletes: pkgconfig < %{pkgconfig_obsver}
%description m4
This package includes m4 macros used to support PKG_CHECK_MODULES
when using pkgconf with autotools.
%package pkg-config
Summary: %{name} shim to provide /usr/bin/pkg-config
# Ensure that it Conflicts with pkg-config and is considered "better"
License: ISC
Group: Development/Tools/Building
Conflicts: pkg-config < %{pkgconfig_obsver}
Obsoletes: pkg-config < %{pkgconfig_obsver}
Provides: pkg-config = %{pkgconfig_obsver}
Provides: pkg-config%{?_isa} = %{pkgconfig_obsver}
# This is in the original pkgconfig package, set to match output from pkgconf
Provides: pkgconfig(pkg-config) = %{version}
# Fedora/Mageia pkgconfig Provides for those who might use alternate package name
Provides: pkgconfig = %{pkgconfig_obsver}
Provides: pkgconfig%{?_isa} = %{pkgconfig_obsver}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-m4 = %{version}-%{release}
%description pkg-config
This package provides the shim links for pkgconf to be automatically
used in place of pkgconfig. This ensures that pkgconf is used as
the system provider of pkg-config.
%endif
%prep
%autosetup -p1
%build
autoreconf -fiv
%configure --disable-static \
--with-pkg-config-dir=%{pkgconf_libdirs} \
--with-system-includedir=%{_includedir} \
--with-system-libdir=%{_libdir}
%make_build
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}%{_sysconfdir}/pkgconfig/personality.d
mkdir -p %{buildroot}%{_datadir}/pkgconfig/personality.d
# pkgconf rpm macros
mkdir -p %{buildroot}%{_rpmmacrodir}/
cat > %{buildroot}%{_rpmmacrodir}/macros.pkgconf <<EOM
%%pkgconfig_personalitydir %{_datadir}/pkgconfig/personality.d
EOM
# Purge autotools-created docdir, as we'll docify with the SUSE-specific documentation paths later
rm -rf %{buildroot}%{_datadir}/doc/%{name}
%if %{with pkgconfig_compat}
install -pm 0755 %{SOURCE1} %{buildroot}%{_bindir}/%{pkgconf_target_platform}-pkg-config
sed -e "s|@TARGET_PLATFORM@|%{pkgconf_target_platform}|" \
-e "s|@PKGCONF_LIBDIRS_LOCAL@|/usr/local/%{_lib}/pkgconfig:/usr/local/share/pkgconfig:%{pkgconf_libdirs}|" \
-e "s|@PKGCONF_SYSLIBDIR_LOCAL@|/usr/local/%{_lib}:%{_libdir}|" \
-e "s|@PKGCONF_SYSINCDIR_LOCAL@|/usr/local/include:%{_includedir}|" \
-e "s|@PKGCONF_LIBDIRS@|%{pkgconf_libdirs}|" \
-e "s|@PKGCONF_SYSLIBDIR@|%{_libdir}|" \
-e "s|@PKGCONF_SYSINCDIR@|%{_includedir}|" \
-i %{buildroot}%{_bindir}/%{pkgconf_target_platform}-pkg-config
ln -sr %{buildroot}%{_bindir}/%{pkgconf_target_platform}-pkg-config %{buildroot}%{_bindir}/pkg-config
# Link pkg-config(1) to pkgconf(1)
echo ".so man1/pkgconf.1" > %{buildroot}%{_mandir}/man1/pkg-config.1
mkdir -p %{buildroot}%{_libdir}/pkgconfig
mkdir -p %{buildroot}%{_datadir}/pkgconfig
%endif
# If we're not providing pkgconfig override & compat
# we should not provide the pkgconfig m4 macros
%if ! %{with pkgconfig_compat}
rm -rf %{buildroot}%{_datadir}/aclocal
rm -rf %{buildroot}%{_mandir}/man7
%endif
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
%files
%license COPYING
%doc README.md AUTHORS NEWS
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.1*
%{_mandir}/man5/pc.5*
%{_mandir}/man5/%{name}-personality.5*
%{_rpmmacrodir}/macros.pkgconf
%dir %{_sysconfdir}/pkgconfig
%dir %{_sysconfdir}/pkgconfig/personality.d
%dir %{_datadir}/pkgconfig/personality.d
%files -n %{libname}
%license COPYING
%{_libdir}/lib%{name}*.so.%{somajor}
%{_libdir}/lib%{name}*.so.%{somajor}.*
%files -n %{devname}
%{_libdir}/lib%{name}*.so
%{_includedir}/%{name}/
%{_libdir}/pkgconfig/lib%{name}.pc
%if %{with pkgconfig_compat}
%files m4
%dir %{_datadir}/aclocal
%{_datadir}/aclocal/pkg.m4
%{_mandir}/man7/pkg.m4.7%{?ext_man}
%files pkg-config
%{_bindir}/pkg-config
%{_bindir}/%{pkgconf_target_platform}-pkg-config
%{_mandir}/man1/pkg-config.1%{?ext_man}
%endif
%changelog

16
platform-pkg-config.in Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
# Simple wrapper to tell pkgconf to behave as a platform-specific version of pkg-config
# Platform: @TARGET_PLATFORM@
if [ -z "${RPM_BUILD_ROOT}" ]; then
export PKG_CONFIG_LIBDIR="${PKG_CONFIG_LIBDIR:-@PKGCONF_LIBDIRS_LOCAL@}"
export PKG_CONFIG_SYSTEM_LIBRARY_PATH="${PKG_CONFIG_SYSTEM_LIBRARY_PATH:-@PKGCONF_SYSLIBDIR_LOCAL@}"
export PKG_CONFIG_SYSTEM_INCLUDE_PATH="${PKG_CONFIG_SYSTEM_INCLUDE_PATH:-@PKGCONF_SYSINCDIR_LOCAL@}"
else
export PKG_CONFIG_LIBDIR="${PKG_CONFIG_LIBDIR:-@PKGCONF_LIBDIRS@}"
export PKG_CONFIG_SYSTEM_LIBRARY_PATH="${PKG_CONFIG_SYSTEM_LIBRARY_PATH:-@PKGCONF_SYSLIBDIR@}"
export PKG_CONFIG_SYSTEM_INCLUDE_PATH="${PKG_CONFIG_SYSTEM_INCLUDE_PATH:-@PKGCONF_SYSINCDIR@}"
fi
exec pkgconf "$@"