From 792a8ec8279e9d8cc87bcf442bb218f8798282e18c5ea6dc969d396579a49e42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 19:22:25 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main pkgconf revision 321e4027ee2cea701ca84b496c9b6004 --- .gitattributes | 23 ++++ pkgconf-1.8.0.tar.xz | 3 + pkgconf-CVE-2023-24056.patch | 53 ++++++++ pkgconf.changes | 188 ++++++++++++++++++++++++++++ pkgconf.spec | 229 +++++++++++++++++++++++++++++++++++ platform-pkg-config.in | 16 +++ 6 files changed, 512 insertions(+) create mode 100644 .gitattributes create mode 100644 pkgconf-1.8.0.tar.xz create mode 100644 pkgconf-CVE-2023-24056.patch create mode 100644 pkgconf.changes create mode 100644 pkgconf.spec create mode 100644 platform-pkg-config.in diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/pkgconf-1.8.0.tar.xz b/pkgconf-1.8.0.tar.xz new file mode 100644 index 0000000..fa350b2 --- /dev/null +++ b/pkgconf-1.8.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ef9c7e61822b7cb8356e6e9e1dca58d9556f3200d78acab35e4347e9d4c2bbaf +size 296304 diff --git a/pkgconf-CVE-2023-24056.patch b/pkgconf-CVE-2023-24056.patch new file mode 100644 index 0000000..cb13c4f --- /dev/null +++ b/pkgconf-CVE-2023-24056.patch @@ -0,0 +1,53 @@ +diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c +--- pkgconf-1.8.0/libpkgconf/tuple.c 2021-03-18 20:15:16.000000000 +0800 ++++ pkgconf-1.8.0_new/libpkgconf/tuple.c 2023-01-30 16:07:40.750297141 +0800 +@@ -293,12 +293,23 @@ + } + } + ++ PKGCONF_TRACE(client, "lookup tuple %s", varname); ++ ++ size_t remain = PKGCONF_BUFSIZE - (bptr - buf); + ptr += (pptr - ptr); + kv = pkgconf_tuple_find_global(client, varname); + if (kv != NULL) + { +- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf)); +- bptr += strlen(kv); ++ size_t nlen = pkgconf_strlcpy(bptr, kv, remain); ++ if (nlen > remain) ++ { ++ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); ++ ++ bptr = buf + (PKGCONF_BUFSIZE - 1); ++ break; ++ } ++ ++ bptr += nlen; + } + else + { +@@ -306,12 +317,20 @@ + + if (kv != NULL) + { ++ size_t nlen; ++ + parsekv = pkgconf_tuple_parse(client, vars, kv); ++ nlen = pkgconf_strlcpy(bptr, parsekv, remain); ++ free(parsekv); + +- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf)); +- bptr += strlen(parsekv); ++ if (nlen > remain) ++ { ++ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); ++ bptr = buf + (PKGCONF_BUFSIZE - 1); ++ break; ++ } + +- free(parsekv); ++ bptr += nlen; + } + } + } diff --git a/pkgconf.changes b/pkgconf.changes new file mode 100644 index 0000000..71120ec --- /dev/null +++ b/pkgconf.changes @@ -0,0 +1,188 @@ +------------------------------------------------------------------- +Sun Jan 29 09:26:47 UTC 2023 - Cliff Zhao + +- Add pkgconf-CVE-2023-24056.patch: Backport commit 628b2b2baf from + upstream, test for, and stop string processing, on truncation + (bsc#1207394 CVE-2023-24056). + +------------------------------------------------------------------- +Mon Aug 23 09:18:29 UTC 2021 - Callum Farmer + +- Update to version 1.8.0: + + Fix a minor memory leak relating to cross-personalities + + Fix some edge cases with --redefine-prefix + + Do not prepend sysroot_dir if the .pc file does not exist + in the sysroot + + Do not perform path filtering on default system include + and library path lists. + +------------------------------------------------------------------- +Wed Jun 30 15:33:37 UTC 2021 - Callum Farmer + +- Update to 1.7.4 + + Add PKG_CONFIG_DONT_DEFINE_PREFIX environment variable + + Handle platforms where realpath(3) requires a pre-allocated + buffer + + Fix null-dereference crash when pulling a malformed + 'uninstalled' .pc file into a dependency tree. + +------------------------------------------------------------------- +Wed Apr 7 16:19:46 UTC 2021 - Dirk Müller + +- do not own directories provided by filesystem +- small cleanups inspired by spec-cleaner + +------------------------------------------------------------------- +Mon Aug 10 05:03:07 UTC 2020 - Neal Gompa + +- Add /usr/local paths to pkg-config(1) search path for non RPM builds (boo#1175039) + +------------------------------------------------------------------- +Mon Jun 15 08:30:00 UTC 2020 - Callum Farmer + +- Update to 1.7.3 + - Bug fixes: + + Fix a possible out of boundary write when evaluating dependencies. + Patch by Tobias Stöckmann. + + Fix escaping logic on Windows. Patch by Vincent Torri. + + Fix out of boundary reads and writes with a malformed fragment. + Patches by Tobias Stöckmann. + + Fix a possible out of boundary write when evaluating tuples. + Patch by Tobias Stöckmann. + + Fix a windows-specific crash relating to path fixups. + + Fix a possible out of boundary access in the parser for the + cross-compile database. Patch by Tobias Stöckmann. + + Missing files for building with Meson are now included in the + tarball. Patch by Neal Gompa. + + Fix calculation of package atoms on Windows with paths that + use both directory separator characters. + + Fix a possible buffer overflow involving newline escaping. + Patch by Tobias Stöckmann. + + Fix an out of boundary access in the parser. + Patch by Tobias Stöckmann. + + Fix leakage of strcmp() result value in pkgconf_compare_version() + responses. + + Return the default personality if loading a cross-compile + personality file failed. + + Do not complain about newlines when validating package versions. + + Properly detect strndup() on Windows when building with Meson. + - Enhancements: + + A new --shared option and WantDefaultStatic cross-compile + configuration option have been added. This allows for toolchains + to specify that static linking should be used by default. + + Support for the PKG_CONFIG_MSVC_SYNTAX environment variable has + been added. Patch by Dan Kegel. + + Support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS + client flag which disables emulation of freedesktop.org pkg-config + fragment merging semantics has been added. + Patch by Karen Arutyunov. + +------------------------------------------------------------------- +Mon Aug 12 09:35:34 UTC 2019 - Neal Gompa + +- Update to 1.6.3 + + Fixed a memory leak when deduplicating paths. + + Fixed strndup-related build regression on Windows. + + Added --modversion description to pkgconf(1) man page. + + Properly tokenize versions. Versions cannot logically contain + whitespace, as dependency-lists would not properly tokenize if + they could. A diagnostic is generated for malformed version + strings containing whitespace when --validate is used. + +------------------------------------------------------------------- +Fri Aug 9 00:19:43 UTC 2019 - Neal Gompa + +- Co-own aclocal directory to avoid requiring autoconf-archive + +------------------------------------------------------------------- +Mon Aug 5 12:46:49 UTC 2019 - Neal Gompa + +- Add missing -gnu ABI suffix to platform names in pkgconf-pkg-config (boo#1144318) + +------------------------------------------------------------------- +Mon Jul 15 00:28:33 UTC 2019 - Neal Gompa + +- Fix license tag for pkgconf-m4 + +------------------------------------------------------------------- +Mon Jul 15 00:04:56 UTC 2019 - Neal Gompa + +- Set pkgconf to provide pkgconfig on Tumbleweed (post SUSE Linux 15) + +------------------------------------------------------------------- +Wed May 1 12:32:54 UTC 2019 - Neal Gompa + +- Update to 1.6.1 + + Fixed an issue where a personality may not be properly selected + due to argv[0] containing a full path. + + Fixed a regression where having an empty PKG_CONFIG_LIBDIR + environment variable would not eliminate the default search + paths. + + Use POSIX realpath(3) instead of readlink() for deduplicating the + search path. Use _fullpath() on Windows for the same purpose. + + The dequoting logic for tuples has been improved to ensure that + quotes *inside* a value remain quoted when necessary. + + Fixed issue where packages which referenced missing packages in + Requires.private may have crashed due to memory corruption issues + in some circumstances. + + Fixed warnings reported by GCC 8 diagnostics. + + Add LIBPKGCONF_VERSION and LIBPKGCONF_VERSION_STR macros for + determining libpkgconf version. + + Add pkgconf_fragment_copy_list() to copy a fragment list to + another fragment list. + + Fix edge cases for path canonicalization (especially on Windows) +- Add personality.d directories for cross-targets +- Add pkgconf rpm macros for pkgconf directories +- Simplify platform-pkg-config wrapper to work with POSIX sh + +------------------------------------------------------------------- +Tue Aug 21 12:27:05 UTC 2018 - Neal Gompa + +- Update to 1.5.3 + + Fix edge cases involving dequoting zero-length tuples that can lead to a + buffer overflow under the right circumstances. Thanks to A. Wilcox for + reporting and supplying a patch. (boo#1105438 - CVE-2018-1000221) + + Ensure environment variables override values learned from personality files + or built-in defaults. + + Add pkgconf-personality(5) manpage documenting the personality file format. +- Drop BR pkgconfig and manually specified pkgconfig() Provides for + devel subpackage to avoid dependency loops. + +------------------------------------------------------------------- +Wed Jun 20 10:51:58 UTC 2018 - Karol Babioch + +- Update to version 1.5.1 + - fixed a crash with some invalid multi-line .pc files + +- Update to version 1.5.0 + - pkgconf now supports the proposed Requires.internal pkg-config extension, + by merging it with the Requires.private list (there is no functional difference + between the two in our resolver implementation) + - Support for cross-compilation personalities have been added. To make use of this + functionality, create a file in the new personality.d directory that sits inside + the pkgconfig directory. The personality file format is described in + pc-personality(5). + - Support for Haiku has been added, including interpretation of BELIBRARIES and + other toolchain specifics. + - tuples are now appropriately dequoted when added by the parser +- Applied spec-cleaner + +------------------------------------------------------------------- +Sun May 20 12:34:57 UTC 2018 - Neal Gompa + +- Add BR pkgconfig to generate pkgconfig() deps + +------------------------------------------------------------------- +Sun May 20 01:32:46 UTC 2018 - Neal Gompa + +- Update to 1.4.2 + + Bug fixes + - ensure pkgconf_dependency_t nodes have a solution marked + when satisfied by an indirect provider (gh#pkgconf/pkgconf#172) + - revert some quoting changes because they don't work well + with certain GCC edge cases (gh#pkgconf/pkgconf#168) + +------------------------------------------------------------------- +Mon Feb 19 15:56:36 UTC 2018 - Neal Gompa + +- Initial packaging based on Fedora and Mageia packaging diff --git a/pkgconf.spec b/pkgconf.spec new file mode 100644 index 0000000..f7b9b31 --- /dev/null +++ b/pkgconf.spec @@ -0,0 +1,229 @@ +# +# spec file for package pkgconf +# +# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2020 Neal Gompa . +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# Compatibility macros +%{!?make_build: %global make_build %{__make} %{?_smp_mflags}} +%{!?_rpmmacrodir: %global _rpmmacrodir %{_rpmconfigdir}/macros.d} + +# pkgconf acts as pkgconfig for Tumbleweed (post SUSE Linux 15) +%if 0%{?suse_version} >= 1550 +%bcond_without pkgconfig_compat +%else +%bcond_with pkgconfig_compat +%endif + +%if %{with pkgconfig_compat} +%global pkgconfig_ver 0.29.2 +# For obsoleting pkgconfig, bump the ver to a number higher than latest version +%global pkgconfig_obsver %{pkgconfig_ver}+1 +%endif + +# pkgconfig platform +%global pkgconf_target_platform %{_target_platform}%{?_gnu} + +# Search path for pc files for pkgconf +%global pkgconf_libdirs %{_libdir}/pkgconfig:%{_datadir}/pkgconfig + +%global somajor 3 +%global libname lib%{name}%{somajor} +%global devname lib%{name}-devel + +Name: pkgconf +Version: 1.8.0 +Release: 0 +Summary: Package compiler and linker metadata toolkit +License: ISC +Group: Development/Tools/Building +URL: http://pkgconf.org/ +Source0: https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz +# Simple wrapper script to offer platform versions of pkgconfig from Fedora +Source1: platform-pkg-config.in +# PATCH-FIX-UPSTREAM pkgconf-CVE-2023-24056.patch bsc#1207394 CVE-2023-24056 qzhao@suse.com -- Backport commit 628b2b2baf from upstream, test for, and stop string processing, on truncation. +Patch0: pkgconf-CVE-2023-24056.patch +# For regenerating autotools scripts +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: libtool +BuildRequires: make +# pkgconf uses libpkgconf internally +Requires: %{libname}%{?_isa} = %{version}-%{release} +# This is defined within pkgconf code as a virtual pc (just like in pkgconfig) +Provides: pkgconfig(pkgconf) = %{version} + +%description +pkgconf is a program which helps to configure compiler and linker flags +for development frameworks. It is similar to pkg-config from freedesktop.org +and handles .pc files in a similar manner as pkg-config. + +%package -n %{libname} +Summary: Backend library for %{name} +License: ISC +Group: System/Libraries + +%description -n %{libname} +This package provides libraries for applications to use the functionality +of %{name}. + +%package -n %{devname} +Summary: Development files for lib%{name} +License: ISC +Group: Development/Libraries/C and C++ +Requires: %{libname}%{?_isa} = %{version}-%{release} +# Avoid dependency loop on itself by specifying the Provides directly +Provides: pkgconfig(libpkgconf) = %{version} + +%description -n %{devname} +This package provides files necessary for developing applications +to use functionality provided by %{name}. + +%if %{with pkgconfig_compat} +%package m4 +Summary: m4 macros for pkgconf +License: GPL-2.0-or-later WITH Autoconf-exception-2.0 +Group: Development/Libraries/Other +BuildArch: noarch +# Ensure that it Conflicts and Obsoletes pkgconfig since it contains content formerly from it +Conflicts: pkgconfig < %{pkgconfig_obsver} +Obsoletes: pkgconfig < %{pkgconfig_obsver} + +%description m4 +This package includes m4 macros used to support PKG_CHECK_MODULES +when using pkgconf with autotools. + +%package pkg-config +Summary: %{name} shim to provide /usr/bin/pkg-config +# Ensure that it Conflicts with pkg-config and is considered "better" +License: ISC +Group: Development/Tools/Building +Conflicts: pkg-config < %{pkgconfig_obsver} +Obsoletes: pkg-config < %{pkgconfig_obsver} +Provides: pkg-config = %{pkgconfig_obsver} +Provides: pkg-config%{?_isa} = %{pkgconfig_obsver} +# This is in the original pkgconfig package, set to match output from pkgconf +Provides: pkgconfig(pkg-config) = %{version} +# Fedora/Mageia pkgconfig Provides for those who might use alternate package name +Provides: pkgconfig = %{pkgconfig_obsver} +Provides: pkgconfig%{?_isa} = %{pkgconfig_obsver} +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-m4 = %{version}-%{release} + +%description pkg-config +This package provides the shim links for pkgconf to be automatically +used in place of pkgconfig. This ensures that pkgconf is used as +the system provider of pkg-config. + +%endif + +%prep +%autosetup -p1 + +%build +autoreconf -fiv +%configure --disable-static \ + --with-pkg-config-dir=%{pkgconf_libdirs} \ + --with-system-includedir=%{_includedir} \ + --with-system-libdir=%{_libdir} + +%make_build + +%install +%make_install + +find %{buildroot} -type f -name "*.la" -delete -print + +mkdir -p %{buildroot}%{_sysconfdir}/pkgconfig/personality.d +mkdir -p %{buildroot}%{_datadir}/pkgconfig/personality.d + +# pkgconf rpm macros +mkdir -p %{buildroot}%{_rpmmacrodir}/ + +cat > %{buildroot}%{_rpmmacrodir}/macros.pkgconf < %{buildroot}%{_mandir}/man1/pkg-config.1 + +mkdir -p %{buildroot}%{_libdir}/pkgconfig +mkdir -p %{buildroot}%{_datadir}/pkgconfig +%endif + +# If we're not providing pkgconfig override & compat +# we should not provide the pkgconfig m4 macros +%if ! %{with pkgconfig_compat} +rm -rf %{buildroot}%{_datadir}/aclocal +rm -rf %{buildroot}%{_mandir}/man7 +%endif + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files +%license COPYING +%doc README.md AUTHORS NEWS +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1* +%{_mandir}/man5/pc.5* +%{_mandir}/man5/%{name}-personality.5* +%{_rpmmacrodir}/macros.pkgconf +%dir %{_sysconfdir}/pkgconfig +%dir %{_sysconfdir}/pkgconfig/personality.d +%dir %{_datadir}/pkgconfig/personality.d + +%files -n %{libname} +%license COPYING +%{_libdir}/lib%{name}*.so.%{somajor} +%{_libdir}/lib%{name}*.so.%{somajor}.* + +%files -n %{devname} +%{_libdir}/lib%{name}*.so +%{_includedir}/%{name}/ +%{_libdir}/pkgconfig/lib%{name}.pc + +%if %{with pkgconfig_compat} +%files m4 +%dir %{_datadir}/aclocal +%{_datadir}/aclocal/pkg.m4 +%{_mandir}/man7/pkg.m4.7%{?ext_man} + +%files pkg-config +%{_bindir}/pkg-config +%{_bindir}/%{pkgconf_target_platform}-pkg-config +%{_mandir}/man1/pkg-config.1%{?ext_man} +%endif + +%changelog diff --git a/platform-pkg-config.in b/platform-pkg-config.in new file mode 100644 index 0000000..5e9ff62 --- /dev/null +++ b/platform-pkg-config.in @@ -0,0 +1,16 @@ +#!/bin/sh + +# Simple wrapper to tell pkgconf to behave as a platform-specific version of pkg-config +# Platform: @TARGET_PLATFORM@ + +if [ -z "${RPM_BUILD_ROOT}" ]; then + export PKG_CONFIG_LIBDIR="${PKG_CONFIG_LIBDIR:-@PKGCONF_LIBDIRS_LOCAL@}" + export PKG_CONFIG_SYSTEM_LIBRARY_PATH="${PKG_CONFIG_SYSTEM_LIBRARY_PATH:-@PKGCONF_SYSLIBDIR_LOCAL@}" + export PKG_CONFIG_SYSTEM_INCLUDE_PATH="${PKG_CONFIG_SYSTEM_INCLUDE_PATH:-@PKGCONF_SYSINCDIR_LOCAL@}" +else + export PKG_CONFIG_LIBDIR="${PKG_CONFIG_LIBDIR:-@PKGCONF_LIBDIRS@}" + export PKG_CONFIG_SYSTEM_LIBRARY_PATH="${PKG_CONFIG_SYSTEM_LIBRARY_PATH:-@PKGCONF_SYSLIBDIR@}" + export PKG_CONFIG_SYSTEM_INCLUDE_PATH="${PKG_CONFIG_SYSTEM_INCLUDE_PATH:-@PKGCONF_SYSINCDIR@}" +fi + +exec pkgconf "$@"