Sync changes to SLFO-1.2 branch

2025-08-20 09:09:35 +02:00
14 changed files with 737 additions and 756 deletions
--- a/coreutils-9.6-ls-Z-crash-fix.patch
+++ b/coreutils-9.6-ls-Z-crash-fix.patch
@@ -0,0 +1,61 @@
 From 14f2d2317b2f935cb2277a4140c1afa569be9629 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
 Date: Fri, 17 Jan 2025 17:29:34 +0000
 Subject: [PATCH] ls: fix crash with --context
 * src/ls.c (main): Flag that we need to stat()
 if we're going to get security context (call file_has_aclinfo_cache).
 (file_has_aclinfo_cache): Be defensive and only lookup the device
 for the file if the stat has been performed.
 (has_capability_cache): Likewise.
 * tests/ls/selinux-segfault.sh: Add a test case.
 * NEWS: Mention the bug fix.
 Reported by Bruno Haible.
 ---
 src/ls.c                     |    6 +++---
 tests/ls/selinux-segfault.sh |    3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)
 Index: coreutils-9.6/src/ls.c
 ===================================================================
 --- coreutils-9.6.orig/src/ls.c
 +++ coreutils-9.6/src/ls.c
@@ -1768,7 +1768,7 @@ main (int argc, char **argv)
   format_needs_stat = ((sort_type == sort_time) | (sort_type == sort_size)
                        | (format == long_format)
 -                       | print_block_size | print_hyperlink);
 +                       | print_block_size | print_hyperlink | print_scontext);
   format_needs_type = ((! format_needs_stat)
                        & (recursive | print_with_color | print_scontext
                           | directories_first
@@ -3309,7 +3309,7 @@ file_has_aclinfo_cache (char const *file
   static int unsupported_scontext_err;
   static dev_t unsupported_device;
 -  if (f->stat.st_dev == unsupported_device)
 +  if (f->stat_ok && f->stat.st_dev == unsupported_device)
     {
       ai->buf = ai->u.__gl_acl_ch;
       ai->size = 0;
@@ -3342,7 +3342,7 @@ has_capability_cache (char const *file,
      found that has_capability fails indicating lack of support.  */
   static dev_t unsupported_device;
 -  if (f->stat.st_dev == unsupported_device)
 +  if (f->stat_ok && f->stat.st_dev == unsupported_device)
     {
       errno = ENOTSUP;
       return 0;
 Index: coreutils-9.6/tests/ls/selinux-segfault.sh
 ===================================================================
 --- coreutils-9.6.orig/tests/ls/selinux-segfault.sh
 +++ coreutils-9.6/tests/ls/selinux-segfault.sh
@@ -30,4 +30,7 @@ mkdir sedir || framework_failure_
 ln -sf missing sedir/broken || framework_failure_
 returns_ 1 ls -L -R -Z -m sedir > out || fail=1
 +# ls 9.6 would segfault with the following
 +ls -Z . > out || fail=1
 +
 Exit $fail
--- a/coreutils-9.6-sort-CVE-2025-5278.patch
+++ b/coreutils-9.6-sort-CVE-2025-5278.patch
@@ -1,5 +1,5 @@
 # based on commit 8c9602e3a145e9596dc1a63c6ed67865814b6633
-# removed offsets and fuzziness
+# removed NEWS, offsets and fuzziness
 Author: Pádraig Brady <P@draigBrady.com>
 Date:   Tue May 20 16:03:44 2025 +0100
@@ -15,33 +15,14 @@ Date:   Tue May 20 16:03:44 2025 +0100
    Fixes https://bugs.gnu.org/78507
 ---
 NEWS                           |   10 ++++++++++
 src/sort.c                     |   12 ++++++++++--
 tests/local.mk                 |    1 +
 tests/sort/sort-field-limit.sh |   35 +++++++++++++++++++++++++++++++++++
- 4 files changed, 56 insertions(+), 2 deletions(-)
+ 3 files changed, 46 insertions(+), 2 deletions(-)
 --- a/NEWS
 +++ b/NEWS
@@ -1,5 +1,15 @@
 GNU coreutils NEWS                                    -*- outline -*-
 +* Noteworthy changes in release ?.? (????-??-??) [?]
 +
 +** Bug fixes
 +
 +  sort with key character offsets of SIZE_MAX, could induce
 +  a read of 1 byte before an allocated heap buffer. For example:
 +  'sort +0.18446744073709551615R input' on 64 bit systems.
 +  [bug introduced in coreutils-7.2]
 +
 +
 * Noteworthy changes in release 9.7 (2025-04-09) [stable]
 ** Bug fixes
 --- a/src/sort.c
 +++ b/src/sort.c
-@@ -1793,7 +1793,11 @@ begfield_uni (const struct line *line, c
+@@ -1794,7 +1794,11 @@ begfield_uni (const struct line *line, c
       ++ptr;
   /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
@@ -54,7 +35,7 @@ Date:   Tue May 20 16:03:44 2025 +0100
   return ptr;
 }
-@@ -1954,7 +1958,11 @@ limfield_uni (struct line const *line, s
+@@ -1955,7 +1959,11 @@ limfield_uni (struct line const *line, s
           ++ptr;
       /* Advance PTR by ECHAR (if possible), but no further than LIM.  */
--- a/coreutils-9.6.tar.xz
+++ b/coreutils-9.6.tar.xz
--- a/coreutils-9.6.tar.xz.sig
+++ b/coreutils-9.6.tar.xz.sig
@@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEbDfcEhIaUAa8HbgE32/ZcTBgN9kFAmeKeeoACgkQ32/ZcTBg
 N9m4JA/8DDvn6KAIa5q95yH37wtJfp2nau1BqjCYDxh51x4q0RX6dc7VHXvxkNeD
 JCkL8tkzWEEZyK1NHHfaXq9xO0WgXvo0NPdAzSeB1+yDgH9RZR5EdkcgTmOsdx5A
 gO/Ki/rVpUh9Xi5+Njc55xrH1H9NNT+71aWFde+DIU1iUqQRpBW7foEH4gjsTx+z
 eyZ8CIbNwoQqhS4p0UzgQlYAO7cA0KyOVDcwfloa5dd9laJxKFTKJjsWXi07u5iR
 tC34n1ZYOO5PVlpHCQ6zpGzkvRHpxhduvPi17wpLeE7kmx8DsjfGvk2L3qyJKcHg
 58c7Ca7IvxcPePezK6k6/zYmGtj1Bol89YHNFVV0ERnL9BuT0v7LGJqZu9Efuutt
 6hlkgMRpScm3G0dGAoPl9Qqpya8EtMF6WypAtiGH2lR+SV7F7C4lRUUKR56DKKd2
 RvlTpWkgNYytnm52hVNEIOYnGcsj4EmURRuGiEhqBRph0VxEKs8+2P67UQib/k7M
 7E/5JEpNAOS8ikkN6Fyq2AzPoDKOrCGqNScqbb2xxViNomWyQlc8RDIOG/ydDIaW
 J8cqiT07Sw4mUXJTs/E3WdW4ZOP9vpr2KeirG5eoYE+1osx5ZP9npE+gNMGJzYhX
 MX8iIuc9DdPGxxvL/Td++gEIG0QzSh+W0TUVcdk5qdtXlf7R2ok=
 =ChFm
 -----END PGP SIGNATURE-----
--- a/coreutils-9.7.tar.xz
+++ b/coreutils-9.7.tar.xz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e8bb26ad0293f9b5a1fc43fb42ba970e312c66ce92c1b0b16713d7500db251bf
 size 6158960
--- a/coreutils-9.7.tar.xz.sig
+++ b/coreutils-9.7.tar.xz.sig
@@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEbDfcEhIaUAa8HbgE32/ZcTBgN9kFAmf2WecACgkQ32/ZcTBg
 N9nppA/+MUNHBWrhVCFNzdMRQaSmwTyUkOpA+z4pL0a/i+9o3AD1RYF/Zrpen0+E
 6K9VTcYsmW/R7ZPL1xg4dl4WVBJ/1LrKu3D5ZP3kydpKH7PYriekeYR7dgJQMd9Q
 RIrE7RoXOWSa6aSEhQQ9U/9BQiGrwo46Ja9A3LSn/c8Ty1/49e5HA3pQG0U2GIGb
 cxLKz6nWcI2MYnTWm3nuSk0AlL9LetVEyoNR7SUufjzqCpgCZTAd7vN6y476A+kv
 ajsBVTj1OGj3FKNff/a5Qhc0i+Xmtn/81S5sG8DnTJtb7q1J7B/5odchq5jQsGyH
 8QfxYnu++pOgsLThGR98Io5hA/rqcofZFU2rIIXm65Qb7YB4yLgcS9m6STlUEFLU
 mOOF8I5pVvbxewUz0WVxit1ist1P+AIFwBvv3H/2zgl2AOua+WpKxt2gISRY9j1c
 E4KOvwlpu4ebFo2CcK0NxLF82YXY8sQQVtR1HCmg10inAZp0XsfRocbYj+dOnvY5
 7jthL4GxWAIeDrAiS/oJmtL0Savhq9hB6u6zR5G5Puh6SigDX0NmMPqMsGtQ3t8n
 GlnLldNVujaNe6NYYHSATGu6yHByBOSGNk7IDEeRFyF74p9w6gV+qJNYuS7EtXVt
 sdNiA/UIxhk0KyL4rhDwUw9AbbTP/HhlB+FD+LJX61bxQfFnWuQ=
 =YizV
 -----END PGP SIGNATURE-----
--- a/coreutils-disable_tests.patch
+++ b/coreutils-disable_tests.patch
@@ -6,7 +6,7 @@ Index: gnulib-tests/gnulib.mk
 ===================================================================
 --- gnulib-tests/gnulib.mk.orig
 +++ gnulib-tests/gnulib.mk
-@@ -1548,10 +1548,10 @@ EXTRA_DIST += getlocalename_l-unsafe.h l
+@@ -1528,10 +1528,10 @@ EXTRA_DIST += test-getloadavg.c signatur
 ## begin gnulib module getlogin-tests
--- a/coreutils-getaddrinfo.patch
+++ b/coreutils-getaddrinfo.patch
@@ -6,7 +6,7 @@ Index: gnulib-tests/test-getaddrinfo.c
 ===================================================================
 --- gnulib-tests/test-getaddrinfo.c.orig
 +++ gnulib-tests/test-getaddrinfo.c
-@@ -115,11 +115,7 @@ simple (int pass, char const *host, char
+@@ -93,11 +93,7 @@ simple (char const *host, char const *se
          the test merely because someone is down the country on their
          in-law's farm. */
       if (res == EAI_AGAIN)
--- a/coreutils-i18n.patch
+++ b/coreutils-i18n.patch
--- a/coreutils-remove_kill_documentation.patch
+++ b/coreutils-remove_kill_documentation.patch
@@ -33,7 +33,7 @@ Index: doc/coreutils.texi
 Delaying
 * sleep invocation::             Delay for a specified time
-@@ -18923,90 +18917,6 @@ timeout -s INT 5s env --ignore-signal=IN
+@@ -18918,90 +18912,6 @@ timeout -s INT 5s env --ignore-signal=IN
 timeout -s INT -k 3s 5s env --ignore-signal=INT sleep 20
 @end example
--- a/coreutils-skip-gnulib-test-tls.patch
+++ b/coreutils-skip-gnulib-test-tls.patch
@@ -21,7 +21,7 @@ Index: gnulib-tests/gnulib.mk
 ===================================================================
 --- gnulib-tests/gnulib.mk.orig
 +++ gnulib-tests/gnulib.mk
-@@ -3605,9 +3605,10 @@ EXTRA_DIST += test-timespec.c macros.h
+@@ -3567,9 +3567,10 @@ EXTRA_DIST += test-timespec.c macros.h
 ## begin gnulib module tls-tests
--- a/coreutils-tests-shorten-extreme-factor-tests.patch
+++ b/coreutils-tests-shorten-extreme-factor-tests.patch
@@ -16,7 +16,7 @@ Index: tests/local.mk
 ===================================================================
 --- tests/local.mk.orig
 +++ tests/local.mk
-@@ -759,14 +759,9 @@ all_tests =					\
+@@ -758,14 +758,9 @@ all_tests =					\
 # See tests/factor/create-test.sh.
 tf = tests/factor
 factor_tests = \
--- a/coreutils.changes
+++ b/coreutils.changes
@@ -1,56 +1,11 @@
 -------------------------------------------------------------------
 Mon Jun  2 09:30:09 UTC 2025 - rw@suse.com
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
+- coreutils-9.6-sort-CVE-2025-5278.patch: Add upstream patch:
  sort with key character offsets of SIZE_MAX, could induce
  a read of 1 byte before an allocated heap buffer.
  (CVE-2025-5278, bsc#1243767)
 -------------------------------------------------------------------
 Sun Apr 13 18:32:55 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
 - coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit
  used by coreutils-9.7:
    https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d
    mainly to pick up these commits:
    - c67c553e758 mbfile: Support pushback characters also right before EOF.
    - 87ee7ef66ee mbfile: Allow 2 pushback characters.
 -------------------------------------------------------------------
 Thu Apr 10 20:56:23 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
 - Update to 9.7:
  Bug fixes
  * 'cat' would fail with "input file is output file" if input and
    output are the same terminal device and the output is append-only.
    [bug introduced in coreutils-9.6]
  * 'cksum -a crc' misbehaved on aarch64 with 32-bit uint_fast32_t.
    [bug introduced in coreutils-9.6]
  * dd with the 'nocache' flag will now detect all failures to drop the
    cache for the whole file.  Previously it may have erroneously succeeded.
    [bug introduced with the "nocache" feature in coreutils-8.11]
  * 'ls -Z dir' would crash on all systems, and 'ls -l' could crash
    on systems like Android with SELinux but without xattr support.
    [bug introduced in coreutils-9.6]
  * `ls -l` could output spurious "Not supported" errors in certain cases,
    like with dangling symlinks on cygwin.
    [bug introduced in coreutils-9.6]
  * timeout would fail to timeout commands with infinitesimal timeouts.
    For example `timeout 1e-5000 sleep inf` would never timeout.
    [bug introduced with timeout in coreutils-7.0]
  * sleep, tail, and timeout would sometimes sleep for slightly less
    time than requested.
    [bug introduced in coreutils-5.0]
  * 'who -m' now outputs entries for remote logins.  Previously login
    entries prefixed with the service (like "sshd") were not matched.
    [bug introduced in coreutils-9.4]
  Improvements
  * 'logname' correctly returns the user who logged in the session,
    on more systems.  Previously on musl or uclibc it would have merely
    output the LOGNAME environment variable.
 - coreutils-9.6-ls-Z-crash-fix.patch: Remove now-upstream patch.
 - Refresh all other patches.
 -------------------------------------------------------------------
 Fri Jan 17 22:22:08 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -30,7 +30,7 @@
 %global psuffix %{nil}
 %endif
 Name:           coreutils%{?psuffix}
-Version:        9.7
+Version:        9.6
 Release:        0
 Summary:        GNU Core Utilities
 License:        GPL-3.0-or-later
@@ -44,7 +44,6 @@ Patch1:         coreutils-remove_hostname_documentation.patch
 Patch3:         coreutils-remove_kill_documentation.patch
 Patch4:         coreutils-i18n.patch
 Patch8:         coreutils-sysinfo.patch
 Patch10:        coreutils-9.7-sort-CVE-2025-5278.patch
 # OBS / RPMLINT require /usr/bin/timeout to be built with the -fpie option.
 Patch100:       coreutils-build-timeout-as-pie.patch
 # There is no network in the build root so make the test succeed
@@ -65,7 +64,12 @@ Patch501:       coreutils-test_without_valgrind.patch
 # tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS.
 Patch810:       coreutils-skip-tests-rm-ext3-perf.patch
 Patch900:       coreutils-tests-workaround-make-fdleak.patch
-
+# Upstream coreutils patch right after the release was done:
 #   `ls -Z dir` would crash. [bug introduced in coreutils-9.6]
 #   see <https://lists.gnu.org/r/coreutils/2025-01/msg00054.html>
 Patch920:       coreutils-9.6-ls-Z-crash-fix.patch
 # Upstream security fix
 Patch921:        coreutils-9.6-sort-CVE-2025-5278.patch
 BuildRequires:  automake
 BuildRequires:  gmp-devel
 BuildRequires:  hostname
@@ -147,7 +151,6 @@ This package contains the documentation for the GNU Core Utilities.
 %patch -P 1
 %patch -P 3
 %patch -P 8
 %patch -P 10 -p1
 #
 %if 0%{?suse_version} <= 1320
 %patch -P 100
@@ -168,6 +171,8 @@ This package contains the documentation for the GNU Core Utilities.
 %patch -P 810
 %patch -P 900
 %patch -P 920 -p1
 %patch -P 921 -p1
 # ================================================
 %build