Sync from SUSE:SLFO:Main tre revision ba520e804efb34286de8cbd1d21013fd

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

0001-Remove-broken-agrep-test-entry.patch

@@ -0,0 +1,112 @@
+From 35f61f40d6b68928ca5d409fa9fc204ea77e2199 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fvogt@suse.de>
+Date: Tue, 11 Oct 2022 11:35:53 +0200
+Subject: [PATCH] Remove broken agrep test entry
+
+It's meant to cause agrep to return with exit code 2, but asserts that it's
+exit code 1 instead.
+
+It's meant to ensure that using ".*" as pattern results in exit code 2 because
+it matches also an empty string. However, glob expansion results in ".*"
+picking up files such as "." and ".." from the CWD, which get interpreted as
+valid pattern. This results in exit status 1 (no match found) which is what
+the .ok file expects, but that's invalid.
+
+With bash 5.2, glob expansion no longer matches "." and ".." by default, so
+the test works as intended by accident, causing a mismatch with the expected
+wrong exit code.
+
+It's unfortunately not easily possible to avoid glob expansion in this case.
+
+Just remove the test for now.
+---
+ tests/agrep/exitstatus.args |  1 -
+ tests/agrep/exitstatus.ok   | 61 -------------------------------------
+ 2 files changed, 62 deletions(-)
+
+diff --git a/tests/agrep/exitstatus.args b/tests/agrep/exitstatus.args
+index 808ae77..2f53e97 100644
+--- a/tests/agrep/exitstatus.args
++++ b/tests/agrep/exitstatus.args
+@@ -5,6 +5,5 @@ this-wont-be-found
+ .
+ -v .
+ # Some errors which should give exit status 2.
+--d .* dummy
+ -d {1 dummy
+ \
+diff --git a/tests/agrep/exitstatus.ok b/tests/agrep/exitstatus.ok
+index 28427bb..bd23b4c 100644
+--- a/tests/agrep/exitstatus.ok
++++ b/tests/agrep/exitstatus.ok
+@@ -521,67 +521,6 @@ Exit status 1.
+ Exit status 1.
+ #### TEST: agrep -H -n -s --color --show-position -v . < exitstatus.in
+ 
+-Exit status 1.
+-#### TEST: agrep  -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep  -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -c -d .* dummy exitstatus.in
+-exitstatus.in:0
+-
+-Exit status 1.
+-#### TEST: agrep -c -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -l -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -l -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -n -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -n -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -s -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -s -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -M -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -M -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --show-position -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --show-position -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --color -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --color -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -n -s --color --show-position -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -n -s --color --show-position -d .* dummy < exitstatus.in
+-
+ Exit status 1.
+ #### TEST: agrep  -d {1 dummy exitstatus.in
+ 
+-- 
+2.36.1
+

CVE-2016-8859.patch

@@ -0,0 +1,73 @@
+From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Thu, 6 Oct 2016 18:34:58 -0400
+Subject: fix missing integer overflow checks in regexec buffer size
+ computations
+
+most of the possible overflows were already ruled out in practice by
+regcomp having already succeeded performing larger allocations.
+however at least the num_states*num_tags multiplication can clearly
+overflow in practice. for safety, check them all, and use the proper
+type, size_t, rather than int.
+
+also improve comments, use calloc in place of malloc+memset, and
+remove bogus casts.
+---
+ src/regex/regexec.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+Note: patch was modified to apply to tre, parts were taken from
+https://github.com/laurikari/tre/issues/37
+
+--- a/lib/tre-match-parallel.c
++++ b/lib/tre-match-parallel.c
+@@ -59,6 +59,7 @@ char *alloca ();
+ #ifdef HAVE_MALLOC_H
+ #include <malloc.h>
+ #endif /* HAVE_MALLOC_H */
++#include <stdint.h>
+ 
+ #include "tre-internal.h"
+ #include "tre-match-utils.h"
+@@ -150,11 +151,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *
+ 
+   /* Allocate memory for temporary data required for matching.	This needs to
+      be done for every matching operation to be thread safe.  This allocates
+-     everything in a single large block from the stack frame using alloca()
+-     or with malloc() if alloca is unavailable. */
++     everything in a single large block with calloc(). */
+   {
+-    int tbytes, rbytes, pbytes, xbytes, total_bytes;
++    size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
+     char *tmp_buf;
++
++    /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
++     * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
++    if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
++      return REG_BADPAT;
++
++    /* Likewise check rbytes. */
++    if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
++      return REG_BADPAT;
++
++    /* Likewise check pbytes. */
++    if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
++      return REG_BADPAT;
++
+     /* Compute the length of the block we need. */
+     tbytes = sizeof(*tmp_tags) * num_tags;
+     rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
+@@ -168,11 +182,11 @@ tre_tnfa_run_parallel(const tre_tnfa_t *
+ #ifdef TRE_USE_ALLOCA
+     buf = alloca(total_bytes);
+ #else /* !TRE_USE_ALLOCA */
+-    buf = xmalloc((unsigned)total_bytes);
++    buf = xmalloc(total_bytes);
+ #endif /* !TRE_USE_ALLOCA */
+     if (buf == NULL)
+       return REG_ESPACE;
+-    memset(buf, 0, (size_t)total_bytes);
++    memset(buf, 0, total_bytes);
+ 
+     /* Get the various pointers within tmp_buf (properly aligned). */
+     tmp_tags = (void *)buf;

tre-chicken.patch

@@ -0,0 +1,21 @@
+diff -up tre-0.8.0/python/setup.py.in.chicken tre-0.8.0/python/setup.py.in
+--- tre-0.8.0/python/setup.py.in.chicken	2009-09-20 09:51:01.000000000 +0200
++++ tre-0.8.0/python/setup.py.in	2009-09-20 15:43:45.000000000 +0200
+@@ -10,7 +10,8 @@ import shutil
+ 
+ version = "@TRE_VERSION@"
+ data_files = []
+-include_dirs = ["../lib"]
++include_dirs = ["../include"]
++library_dirs = ["../lib/.libs"]
+ libraries = ["tre"]
+ 
+ if sys.platform == "win32":
+@@ -31,6 +32,7 @@ setup(name = "tre",
+                                sources = ["tre-python.c"],
+                                define_macros = [("HAVE_CONFIG_H", None)],
+                                include_dirs = include_dirs,
++                               library_dirs = library_dirs,
+                                libraries = libraries
+                                ),
+                      ],

tre.changes

@@ -0,0 +1,81 @@
+-------------------------------------------------------------------
+Tue Oct 11 09:44:20 UTC 2022 - Fabian Vogt <fvogt@suse.com>
+
+- Add patch to fix testsuite with bash >= 5.2:
+  * 0001-Remove-broken-agrep-test-entry.patch
+
+-------------------------------------------------------------------
+Thu Jan 27 20:23:27 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- require glibc-locale 
+
+-------------------------------------------------------------------
+Thu Jan 30 14:03:39 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- remove python2 bindings 
+
+-------------------------------------------------------------------
+Tue Jan 16 16:08:41 UTC 2018 - kbabioch@suse.com
+
+- CVE-2016-8859.patch: Fix multiple integer overflows which allowed
+  attackers to cause memory corruption via a large number of (1) states or
+  (2) tags, which triggered an out-of-bounds write (bnc#1005483)
+
+-------------------------------------------------------------------
+Thu Apr 24 09:06:44 UTC 2014 - pgajdos@suse.com
+
+- remove redundant setting of C(XX)FLAGS
+- package translations in tre-lang
+
+-------------------------------------------------------------------
+Tue Apr  8 10:01:26 CDT 2014 - bjones@ece.msstate.edu
+
+- Added make check tests
+- Added python-tre wrapper
+- Used updated source from https://github.com/laurikari/tre/
+- Added chicken.patch to correct Python build failures
+
+-------------------------------------------------------------------
+Tue May  8 12:47:43 UTC 2012 - cfarrell@suse.com
+
+- license update: BSD-3-Clause
+  Package is predominantly BSD-3-Clause licensed. This spec file license
+  update makes the openSUSE package license substantially similar to the
+  Fedora package license"
+
+-------------------------------------------------------------------
+Sun Jan 29 01:09:35 UTC 2012 - jengelh@medozas.de
+
+- Remove redundant tags/sections per specfile guideline suggestions
+- Parallel building using %_smp_mflags
+- Enable pkgconfig provides
+
+-------------------------------------------------------------------
+Thu Dec 10 12:47:07 CET 2009 - pgajdos@suse.cz
+
+- updated to 0.8.0:
+  - Added tre_ prefix to all functions exported from libtre.  This
+    changes the binary interface (ABI).  The old source interface
+    (API) is still available in <tre/regex.h>.  New programs should
+    use <tre/tre.h>.
+
+  - Visual C++ 6 project files replaced with Visual Studio 2008 files.
+
+  - Bug fixes.
+- package renamed to tre, splitted out subpackage libtre5
+
+-------------------------------------------------------------------
+Thu Jun 18 11:05:33 CEST 2009 - pgajdos@suse.cz
+
+- updated to 0.7.6 (see NEWS)
+
+-------------------------------------------------------------------
+Thu Jan 24 20:51:08 CET 2008 - coolo@suse.de
+
+- fix build
+
+-------------------------------------------------------------------
+Sun Feb 25 12:28:33 CET 2007 - dmueller@suse.de
+
+- Initial package (0.7.5)
+

tre.diff

@@ -0,0 +1,28 @@
+diff -ru tre-0.7.5/lib/tre-match-approx.c tre-0.7.5.new/lib/tre-match-approx.c
+--- tre-0.7.5/lib/tre-match-approx.c	2006-12-08 19:07:03.000000000 +0000
++++ tre-0.7.5.new/lib/tre-match-approx.c	2008-01-24 19:47:12.000000000 +0000
+@@ -23,24 +23,6 @@
+ #include <config.h>
+ #endif /* HAVE_CONFIG_H */
+ 
+-/* AIX requires this to be the first thing in the file.	 */
+-#ifdef TRE_USE_ALLOCA
+-#ifndef __GNUC__
+-# if HAVE_ALLOCA_H
+-#  include <alloca.h>
+-# else
+-#  ifdef _AIX
+- #pragma alloca
+-#  else
+-#   ifndef alloca /* predefined by HP cc +Olibcalls */
+-char *alloca ();
+-#   endif
+-#  endif
+-# endif
+-#endif
+-#endif /* TRE_USE_ALLOCA */
+-
+-#define __USE_STRING_INLINES
+ #undef __NO_INLINE__
+ 
+ #include <assert.h>

tre.spec

@@ -0,0 +1,120 @@
+#
+# spec file for package tre
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           tre
+Version:        0.8.0_git201402282055
+Release:        0
+Summary:        POSIX compatible regexp library with approximate matching
+License:        BSD-3-Clause
+Group:          System/Libraries
+URL:            https://laurikari.net/tre/
+# This source comes from https://github.com/laurikari/tre/, revision
+# c2f5d130c91b1696385a6ae0b5bcfd5214bcc9ca. The previously released
+# version 0.8.0 is old (2009) and no new released have been made by
+# the author, so I'm terming this 0.8.0_git201402282055.
+Source0:        tre-%{version}.tar.bz2
+Patch0:         %{name}.diff
+# Update the python build to fix wrong include and lib paths.
+# See https://github.com/laurikari/tre/pull/19.
+Patch1:         %{name}-chicken.patch
+Patch2:         CVE-2016-8859.patch
+# https://github.com/laurikari/tre/pull/87
+Patch3:         0001-Remove-broken-agrep-test-entry.patch
+BuildRequires:  gettext-devel
+BuildRequires:  glibc-locale
+BuildRequires:  libtool
+
+%description
+TRE is a lightweight, robust, and efficient POSIX compatible regexp
+matching library with some exciting features such as approximate
+matching.
+
+%package -n libtre5
+Summary:        POSIX compatible regexp library with approximate matching
+Group:          System/Libraries
+Requires:       %{name} = %{version}
+Recommends:     %{name}-lang = %{version}
+Obsoletes:      libtre
+Provides:       libtre
+
+%description -n libtre5
+TRE is a lightweight, robust, and efficient POSIX compatible regexp
+matching library with some exciting features such as approximate
+matching.
+
+%post -n libtre5 -p /sbin/ldconfig
+%postun -n libtre5 -p /sbin/ldconfig
+
+%package devel
+Summary:        POSIX compatible regexp library with approximate matching
+Group:          Development/Libraries/C and C++
+Requires:       libtre5 = %{version}
+Obsoletes:      libtre-devel
+Provides:       libtre-devel
+
+%description devel
+TRE is a lightweight, robust, and efficient POSIX compatible regexp
+matching library with some exciting features such as approximate
+matching.
+
+%package -n agrep
+Summary:        Another powerful grep with interesting features
+Group:          Productivity/Text/Utilities
+
+%description -n agrep
+agrep is another powerful grep which has the  ability to search for
+approximate patterns as well as block oriented search.
+
+%lang_package
+
+%prep
+%autosetup -p1
+./utils/autogen.sh
+
+%build
+%configure --disable-static --enable-shared
+%make_build
+
+%install
+%make_install
+find %{buildroot} -type f -name "*.la" -delete -print
+%find_lang %{name} || echo -n >> %{name}.lang
+
+%check
+%make_build check
+
+%files
+%license LICENSE
+%doc ABOUT-NLS AUTHORS NEWS README THANKS TODO
+
+%files -n libtre5
+%{_libdir}/libtre.so.*
+
+%files devel
+%doc doc/default.css doc/tre-api.html doc/tre-syntax.html
+%{_includedir}/*
+%{_libdir}/libtre.so
+%{_libdir}/pkgconfig/*
+
+%files -n agrep
+%{_bindir}/agrep
+%{_mandir}/man1/agrep.1%{?ext_man}
+
+%files lang -f %{name}.lang
+
+%changelog