diff --git a/coreutils-date-avoid-crash-in-TZ-parsing.patch b/coreutils-date-avoid-crash-in-TZ-parsing.patch new file mode 100644 index 0000000..0438684 --- /dev/null +++ b/coreutils-date-avoid-crash-in-TZ-parsing.patch @@ -0,0 +1,154 @@ +Port upstream fix for date(1), to be removed with v8.23: + + date could crash or go into an infinite loop when parsing a malformed TZ="". + [bug introduced with the --date='TZ="" ..' parsing feature in coreutils-5.3.0] + +This patch consists of 2 upstream commits: + + http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2 + http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=a4faa6a0a3 + +While the former commit in gnulib actually fixes the issue (and adds a test +there), the latter commit in upstream coreutils pulls in that change from +gnulib and adds a test for the previously crashing date(1) command. + +----------------------------------------------- +commit a10acfb1d2118f9a180181d3fed5399dbbe1df3c +Author: Pádraig Brady +Date: Tue Feb 25 10:58:48 2014 +0000 + + parse-datetime: fix crash or infloop in TZ="" parsing + + This was reported in http://bugs.gnu.org/16872 + from the coreutils command: date -d 'TZ="""' + + The infinite loop for this case was present since the + initial TZ="" parsing support in commit de95bdc2 29-10-2004. + This was changed to a crash or heap corruption depending + on the platform with commit 2e3e4195 18-01-2010. + + * lib/parse-datetime.y (parse_datetime): Break out of the + TZ="" parsing loop once the second significant " is found. + Also skip over any subsequent whitespace to be consistent + with the non TZ= case. + * tests/test-parse-datetime.c: Add test cases for TZ="" parsing. + +Omit the NEWS entry from the original patch. + +----------------------------------------------- +commit a4faa6a0a3ae93c01d036d830ae7a21b74913baf +Author: Pádraig Brady +Date: Thu Feb 27 23:43:34 2014 +0000 + + date: fix crash or infinite loop when parsing a malformed TZ="" + + * gnulib: Update to incorporate the fix. + This is the only change in this gnulib update. + * tests/misc/date.pl: Add a test for this case. + + Fixes http://bugs.gnu.org/16872 + +Omit the NEWS entry from the original patch. +--- + gnulib-tests/test-parse-datetime.c | 16 ++++++++++++++++ + lib/parse-datetime.c | 7 +++++-- + lib/parse-datetime.y | 7 +++++-- + tests/misc/date.pl | 7 +++++++ + 4 files changed, 33 insertions(+), 4 deletions(-) + +Index: lib/parse-datetime.y +=================================================================== +--- lib/parse-datetime.y.orig ++++ lib/parse-datetime.y +@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result, + char tz1buf[TZBUFSIZE]; + bool large_tz = TZBUFSIZE < tzsize; + bool setenv_ok; +- /* Free tz0, in case this is the 2nd or subsequent time through. */ +- free (tz0); + tz0 = get_tz (tz0buf); + z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; + for (s = tzbase; *s != '"'; s++) +@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result, + if (!setenv_ok) + goto fail; + tz_was_altered = true; ++ + p = s + 1; ++ while (c = *p, c_isspace (c)) ++ p++; ++ ++ break; + } + } + +Index: lib/parse-datetime.c +=================================================================== +--- lib/parse-datetime.c.orig ++++ lib/parse-datetime.c +@@ -3207,8 +3207,6 @@ parse_datetime (struct timespec *result, + char tz1buf[TZBUFSIZE]; + bool large_tz = TZBUFSIZE < tzsize; + bool setenv_ok; +- /* Free tz0, in case this is the 2nd or subsequent time through. */ +- free (tz0); + tz0 = get_tz (tz0buf); + z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf; + for (s = tzbase; *s != '"'; s++) +@@ -3220,7 +3218,12 @@ parse_datetime (struct timespec *result, + if (!setenv_ok) + goto fail; + tz_was_altered = true; ++ + p = s + 1; ++ while (c = *p, c_isspace (c)) ++ p++; ++ ++ break; + } + } + +Index: tests/misc/date.pl +=================================================================== +--- tests/misc/date.pl.orig ++++ tests/misc/date.pl +@@ -287,6 +287,13 @@ my @Tests = + {ERR => "date: invalid date '\\260'\n"}, + {EXIT => 1}, + ], ++ ++ # From coreutils-5.3.0 to 8.22 inclusive ++ # this would either infinite loop or crash ++ ['invalid-TZ-crash', "-d 'TZ=\"\"\"'", ++ {ERR => "date: invalid date 'TZ=\"\"\"'\n"}, ++ {EXIT => 1}, ++ ], + ); + + # Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364. +Index: gnulib-tests/test-parse-datetime.c +=================================================================== +--- gnulib-tests/test-parse-datetime.c.orig ++++ gnulib-tests/test-parse-datetime.c +@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv) + starting with a high-bit-set byte would be treated like "0". */ + ASSERT ( ! parse_datetime (&result, "\xb0", &now)); + ++ /* Exercise TZ="" parsing code. */ ++ /* These two would infloop or segfault before Feb 2014. */ ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now)); ++ /* Exercise invalid patterns. */ ++ ASSERT ( ! parse_datetime (&result, "TZ=\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now)); ++ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now)); ++ /* Exercise valid patterns. */ ++ ASSERT ( parse_datetime (&result, "TZ=\"\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\" ", &now)); ++ ASSERT ( parse_datetime (&result, " TZ=\"\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\\\\\"", &now)); ++ ASSERT ( parse_datetime (&result, "TZ=\"\\\"\"", &now)); ++ + return 0; + } diff --git a/coreutils-ln-avoid-segfault-for-empty-target.patch b/coreutils-ln-avoid-segfault-for-empty-target.patch new file mode 100644 index 0000000..b79c74a --- /dev/null +++ b/coreutils-ln-avoid-segfault-for-empty-target.patch @@ -0,0 +1,75 @@ +Port upstream commit, to be removed with v8.23: + + http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=0093ac8d57 + + ln: with -sr, don't segfault for a TARGET of '' + + ln -sr '' F no longer segfaults. Now works as expected. + [bug introduced with the --relative feature in coreutils-8.16] + +The changes in NEWS and THANKS.in in the original patch have been omitted. + +----------------------------------------------- +commit 0093ac8d57a0f1a16fd09d98f6a524dddb6053e7 +Author: Jim Meyering +Date: Thu Mar 13 17:05:04 2014 -0700 + + ln: with -sr, don't segfault for a TARGET of '' + + Prior to this change, "ln -sr '' F" would segfault, attempting + to read path2[1] in relpath.c's path_common_prefix function. + This problem arises whenever canonicalize_filename_mode returns + NULL. + * src/ln.c (convert_abs_rel): Call relpath only when + both canonicalize_filename_mode calls return non-NULL. + * tests/ln/relative.sh: Add a test to trigger this failure. + Reported by Erik Bernstein in 739752@bugs.debian.org. + Fixes http://bugs.gnu.org/17010. + +--- + src/ln.c | 16 ++++++++++------ + tests/ln/relative.sh | 5 +++++ + 2 files changed, 15 insertions(+), 6 deletions(-) + +Index: src/ln.c +=================================================================== +--- src/ln.c.orig ++++ src/ln.c +@@ -139,13 +139,17 @@ convert_abs_rel (const char *from, const + char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING); + char *realfrom = canonicalize_filename_mode (from, CAN_MISSING); + +- /* Write to a PATH_MAX buffer. */ +- char *relative_from = xmalloc (PATH_MAX); +- +- if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) ++ char *relative_from = NULL; ++ if (realdest && realfrom) + { +- free (relative_from); +- relative_from = NULL; ++ /* Write to a PATH_MAX buffer. */ ++ relative_from = xmalloc (PATH_MAX); ++ ++ if (!relpath (realfrom, realdest, relative_from, PATH_MAX)) ++ { ++ free (relative_from); ++ relative_from = NULL; ++ } + } + + free (targetdir); +Index: tests/ln/relative.sh +=================================================================== +--- tests/ln/relative.sh.orig ++++ tests/ln/relative.sh +@@ -45,4 +45,9 @@ mkdir web + ln -sr latest web/latest + test $(readlink web/latest) = '../release2' || fail=1 + ++# Expect this to fail with exit status 1, or to succeed quietly (freebsd). ++# Prior to coreutils-8.23, it would segfault. ++ln -sr '' F ++case $? in [01]) ;; *) fail=1;; esac ++ + Exit $fail diff --git a/coreutils-shuf-repeat-avoid-crash-when-input-empty.patch b/coreutils-shuf-repeat-avoid-crash-when-input-empty.patch new file mode 100644 index 0000000..2874c1b --- /dev/null +++ b/coreutils-shuf-repeat-avoid-crash-when-input-empty.patch @@ -0,0 +1,85 @@ +Port upstream fix for shuf, to be removed with v8.23: + + shuf --repeat no longer dumps core if the input is empty. + [bug introduced with the --repeat feature in coreutils-8.22] + +This patch squashes these 2 upstream commits: + + http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=9f60f37a28 + http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=5475e6083f + +While the former implements the actual fix for the problem, +the latter only changes the new error diagnostic. The change in the +NEWS entry in the latter patch is not visible in the following patch +because that hunk is omitted; however, that corrected NEWS entry is +above. + +----------------------------------------------- +commit 9f60f37a28c37acb66aa38003ccaa07f13abbd9d +Author: Paul Eggert +Date: Sun Feb 23 15:34:48 2014 -0800 + + shuf: with -r, don't dump core if the input is empty + + Problem reported by valiant xiao in . + * src/shuf.c (main): With -r, report an error if the input is empty. + * tests/misc/shuf.sh: Test for the bug. + +----------------------------------------------- +commit 5475e6083f46a2f9f7ccf4173f391bf518421523 +Author: Bernhard Voelker +Date: Wed Feb 26 08:36:50 2014 +0100 + + shuf: convert error diagnostic to lowercase + + * src/shuf.c (main): s/No/no/, introduced by commit v8.22-25-g9f60f37. + + Prompted by the syntax-check rule sc_error_message_uppercase + +--- + src/shuf.c | 15 +++++++++++---- + tests/misc/shuf.sh | 4 ++++ + 2 files changed, 15 insertions(+), 4 deletions(-) + +Index: src/shuf.c +=================================================================== +--- src/shuf.c.orig ++++ src/shuf.c +@@ -576,11 +576,18 @@ main (int argc, char **argv) + /* Generate output according to requested method */ + if (repeat) + { +- if (input_range) +- i = write_random_numbers (randint_source, head_lines, +- lo_input, hi_input, eolbyte); ++ if (head_lines == 0) ++ i = 0; + else +- i = write_random_lines (randint_source, head_lines, line, n_lines); ++ { ++ if (n_lines == 0) ++ error (EXIT_FAILURE, 0, _("no lines to repeat")); ++ if (input_range) ++ i = write_random_numbers (randint_source, head_lines, ++ lo_input, hi_input, eolbyte); ++ else ++ i = write_random_lines (randint_source, head_lines, line, n_lines); ++ } + } + else + { +Index: tests/misc/shuf.sh +=================================================================== +--- tests/misc/shuf.sh.orig ++++ tests/misc/shuf.sh +@@ -43,6 +43,10 @@ compare in out1 || { fail=1; echo "not a + t=$(shuf -e a b c d e | sort | fmt) + test "$t" = 'a b c d e' || { fail=1; echo "not a permutation" 1>&2; } + ++# coreutils-8.22 dumps core. ++shuf -er ++test $? -eq 1 || fail=1 ++ + # Before coreutils-6.3, this would infloop. + # "seq 1860" produces 8193 (8K + 1) bytes of output. + seq 1860 | shuf > /dev/null || fail=1 diff --git a/coreutils-testsuite.changes b/coreutils-testsuite.changes index f5a59be..913e8db 100644 --- a/coreutils-testsuite.changes +++ b/coreutils-testsuite.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sun Mar 16 20:38:48 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16855): + * coreutils-shuf-repeat-avoid-crash-when-input-empty.patch: Add + patch for shuf: with -r, don't dump core if the input is empty. + +------------------------------------------------------------------- +Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16872): + * coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for + date: fix crash or infinite loop when parsing a malformed TZ="". + +------------------------------------------------------------------- +Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#17010): + * coreutils-ln-avoid-segfault-for-empty-target.patch: Add patch + to avoid that ln(1) segfaults for an empty, relative target. + ------------------------------------------------------------------- Mon Feb 24 14:59:35 CET 2014 - pth@suse.de diff --git a/coreutils-testsuite.spec b/coreutils-testsuite.spec index 7a52fec..9d96cbc 100644 --- a/coreutils-testsuite.spec +++ b/coreutils-testsuite.spec @@ -131,6 +131,17 @@ Patch303: coreutils-tests-shorten-extreme-factor-tests.patch # tests: avoid test framework failure if the file system lacks ACL support Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch +# Port upstream patch, to be removed with v8.23: +# ln: with -sr, don't segfault for a TARGET of '' +Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch + +# Upstream patch for date(1), to be removed with v8.23: +Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch + +# Upstream patch for shuf(1), to be removed with v8.23: +# shuf --repeat no longer dumps core if the input is empty. +Patch307: coreutils-shuf-repeat-avoid-crash-when-input-empty.patch + # ================================================ %description These are the GNU core utilities. This package is the union of @@ -172,6 +183,9 @@ the GNU fileutils, sh-utils, and textutils packages. %patch302 %patch303 %patch304 +%patch305 +%patch306 +%patch307 #???## We need to statically link to gmp, otherwise we have a build loop #???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in diff --git a/coreutils.changes b/coreutils.changes index f5a59be..913e8db 100644 --- a/coreutils.changes +++ b/coreutils.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sun Mar 16 20:38:48 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16855): + * coreutils-shuf-repeat-avoid-crash-when-input-empty.patch: Add + patch for shuf: with -r, don't dump core if the input is empty. + +------------------------------------------------------------------- +Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#16872): + * coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for + date: fix crash or infinite loop when parsing a malformed TZ="". + +------------------------------------------------------------------- +Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de + +- Add upstream patch (gnu#17010): + * coreutils-ln-avoid-segfault-for-empty-target.patch: Add patch + to avoid that ln(1) segfaults for an empty, relative target. + ------------------------------------------------------------------- Mon Feb 24 14:59:35 CET 2014 - pth@suse.de diff --git a/coreutils.spec b/coreutils.spec index 946bcc8..cfd1fe1 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -131,6 +131,17 @@ Patch303: coreutils-tests-shorten-extreme-factor-tests.patch # tests: avoid test framework failure if the file system lacks ACL support Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch +# Port upstream patch, to be removed with v8.23: +# ln: with -sr, don't segfault for a TARGET of '' +Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch + +# Upstream patch for date(1), to be removed with v8.23: +Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch + +# Upstream patch for shuf(1), to be removed with v8.23: +# shuf --repeat no longer dumps core if the input is empty. +Patch307: coreutils-shuf-repeat-avoid-crash-when-input-empty.patch + # ================================================ %description These are the GNU core utilities. This package is the union of @@ -172,6 +183,9 @@ the GNU fileutils, sh-utils, and textutils packages. %patch302 %patch303 %patch304 +%patch305 +%patch306 +%patch307 #???## We need to statically link to gmp, otherwise we have a build loop #???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in