Sync changes to SLFO-1.2 branch

coreutils-9.6-ls-Z-crash-fix.patch

@@ -0,0 +1,61 @@
+From 14f2d2317b2f935cb2277a4140c1afa569be9629 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Fri, 17 Jan 2025 17:29:34 +0000
+Subject: [PATCH] ls: fix crash with --context
+
+* src/ls.c (main): Flag that we need to stat()
+if we're going to get security context (call file_has_aclinfo_cache).
+(file_has_aclinfo_cache): Be defensive and only lookup the device
+for the file if the stat has been performed.
+(has_capability_cache): Likewise.
+* tests/ls/selinux-segfault.sh: Add a test case.
+* NEWS: Mention the bug fix.
+Reported by Bruno Haible.
+---
+ src/ls.c                     |    6 +++---
+ tests/ls/selinux-segfault.sh |    3 +++
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+Index: coreutils-9.6/src/ls.c
+===================================================================
+--- coreutils-9.6.orig/src/ls.c
++++ coreutils-9.6/src/ls.c
+@@ -1768,7 +1768,7 @@ main (int argc, char **argv)
+ 
+   format_needs_stat = ((sort_type == sort_time) | (sort_type == sort_size)
+                        | (format == long_format)
+-                       | print_block_size | print_hyperlink);
++                       | print_block_size | print_hyperlink | print_scontext);
+   format_needs_type = ((! format_needs_stat)
+                        & (recursive | print_with_color | print_scontext
+                           | directories_first
+@@ -3309,7 +3309,7 @@ file_has_aclinfo_cache (char const *file
+   static int unsupported_scontext_err;
+   static dev_t unsupported_device;
+ 
+-  if (f->stat.st_dev == unsupported_device)
++  if (f->stat_ok && f->stat.st_dev == unsupported_device)
+     {
+       ai->buf = ai->u.__gl_acl_ch;
+       ai->size = 0;
+@@ -3342,7 +3342,7 @@ has_capability_cache (char const *file,
+      found that has_capability fails indicating lack of support.  */
+   static dev_t unsupported_device;
+ 
+-  if (f->stat.st_dev == unsupported_device)
++  if (f->stat_ok && f->stat.st_dev == unsupported_device)
+     {
+       errno = ENOTSUP;
+       return 0;
+Index: coreutils-9.6/tests/ls/selinux-segfault.sh
+===================================================================
+--- coreutils-9.6.orig/tests/ls/selinux-segfault.sh
++++ coreutils-9.6/tests/ls/selinux-segfault.sh
+@@ -30,4 +30,7 @@ mkdir sedir || framework_failure_
+ ln -sf missing sedir/broken || framework_failure_
+ returns_ 1 ls -L -R -Z -m sedir > out || fail=1
+ 
++# ls 9.6 would segfault with the following
++ls -Z . > out || fail=1
++
+ Exit $fail

coreutils-9.6-sort-CVE-2025-5278.patch

@@ -1,5 +1,5 @@
 # based on commit 8c9602e3a145e9596dc1a63c6ed67865814b6633
-# removed offsets and fuzziness
+# removed NEWS, offsets and fuzziness
 Author: Pádraig Brady <P@draigBrady.com>
 Date:   Tue May 20 16:03:44 2025 +0100
 
@@ -15,33 +15,14 @@ Date:   Tue May 20 16:03:44 2025 +0100
     Fixes https://bugs.gnu.org/78507
 
 ---
- NEWS                           |   10 ++++++++++
  src/sort.c                     |   12 ++++++++++--
  tests/local.mk                 |    1 +
  tests/sort/sort-field-limit.sh |   35 +++++++++++++++++++++++++++++++++++
- 4 files changed, 56 insertions(+), 2 deletions(-)
+ 3 files changed, 46 insertions(+), 2 deletions(-)
 
---- a/NEWS
-+++ b/NEWS
-@@ -1,5 +1,15 @@
- GNU coreutils NEWS                                    -*- outline -*-
- 
-+* Noteworthy changes in release ?.? (????-??-??) [?]
-+
-+** Bug fixes
-+
-+  sort with key character offsets of SIZE_MAX, could induce
-+  a read of 1 byte before an allocated heap buffer. For example:
-+  'sort +0.18446744073709551615R input' on 64 bit systems.
-+  [bug introduced in coreutils-7.2]
-+
-+
- * Noteworthy changes in release 9.7 (2025-04-09) [stable]
- 
- ** Bug fixes
 --- a/src/sort.c
 +++ b/src/sort.c
-@@ -1793,7 +1793,11 @@ begfield_uni (const struct line *line, c
+@@ -1794,7 +1794,11 @@ begfield_uni (const struct line *line, c
        ++ptr;
  
    /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
@@ -54,7 +35,7 @@ Date:   Tue May 20 16:03:44 2025 +0100
  
    return ptr;
  }
-@@ -1954,7 +1958,11 @@ limfield_uni (struct line const *line, s
+@@ -1955,7 +1959,11 @@ limfield_uni (struct line const *line, s
            ++ptr;
  
        /* Advance PTR by ECHAR (if possible), but no further than LIM.  */

coreutils-9.6.tar.xz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEbDfcEhIaUAa8HbgE32/ZcTBgN9kFAmeKeeoACgkQ32/ZcTBg
+N9m4JA/8DDvn6KAIa5q95yH37wtJfp2nau1BqjCYDxh51x4q0RX6dc7VHXvxkNeD
+JCkL8tkzWEEZyK1NHHfaXq9xO0WgXvo0NPdAzSeB1+yDgH9RZR5EdkcgTmOsdx5A
+gO/Ki/rVpUh9Xi5+Njc55xrH1H9NNT+71aWFde+DIU1iUqQRpBW7foEH4gjsTx+z
+eyZ8CIbNwoQqhS4p0UzgQlYAO7cA0KyOVDcwfloa5dd9laJxKFTKJjsWXi07u5iR
+tC34n1ZYOO5PVlpHCQ6zpGzkvRHpxhduvPi17wpLeE7kmx8DsjfGvk2L3qyJKcHg
+58c7Ca7IvxcPePezK6k6/zYmGtj1Bol89YHNFVV0ERnL9BuT0v7LGJqZu9Efuutt
+6hlkgMRpScm3G0dGAoPl9Qqpya8EtMF6WypAtiGH2lR+SV7F7C4lRUUKR56DKKd2
+RvlTpWkgNYytnm52hVNEIOYnGcsj4EmURRuGiEhqBRph0VxEKs8+2P67UQib/k7M
+7E/5JEpNAOS8ikkN6Fyq2AzPoDKOrCGqNScqbb2xxViNomWyQlc8RDIOG/ydDIaW
+J8cqiT07Sw4mUXJTs/E3WdW4ZOP9vpr2KeirG5eoYE+1osx5ZP9npE+gNMGJzYhX
+MX8iIuc9DdPGxxvL/Td++gEIG0QzSh+W0TUVcdk5qdtXlf7R2ok=
+=ChFm
+-----END PGP SIGNATURE-----

coreutils-9.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e8bb26ad0293f9b5a1fc43fb42ba970e312c66ce92c1b0b16713d7500db251bf
-size 6158960

coreutils-9.7.tar.xz.sig

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEbDfcEhIaUAa8HbgE32/ZcTBgN9kFAmf2WecACgkQ32/ZcTBg
-N9nppA/+MUNHBWrhVCFNzdMRQaSmwTyUkOpA+z4pL0a/i+9o3AD1RYF/Zrpen0+E
-6K9VTcYsmW/R7ZPL1xg4dl4WVBJ/1LrKu3D5ZP3kydpKH7PYriekeYR7dgJQMd9Q
-RIrE7RoXOWSa6aSEhQQ9U/9BQiGrwo46Ja9A3LSn/c8Ty1/49e5HA3pQG0U2GIGb
-cxLKz6nWcI2MYnTWm3nuSk0AlL9LetVEyoNR7SUufjzqCpgCZTAd7vN6y476A+kv
-ajsBVTj1OGj3FKNff/a5Qhc0i+Xmtn/81S5sG8DnTJtb7q1J7B/5odchq5jQsGyH
-8QfxYnu++pOgsLThGR98Io5hA/rqcofZFU2rIIXm65Qb7YB4yLgcS9m6STlUEFLU
-mOOF8I5pVvbxewUz0WVxit1ist1P+AIFwBvv3H/2zgl2AOua+WpKxt2gISRY9j1c
-E4KOvwlpu4ebFo2CcK0NxLF82YXY8sQQVtR1HCmg10inAZp0XsfRocbYj+dOnvY5
-7jthL4GxWAIeDrAiS/oJmtL0Savhq9hB6u6zR5G5Puh6SigDX0NmMPqMsGtQ3t8n
-GlnLldNVujaNe6NYYHSATGu6yHByBOSGNk7IDEeRFyF74p9w6gV+qJNYuS7EtXVt
-sdNiA/UIxhk0KyL4rhDwUw9AbbTP/HhlB+FD+LJX61bxQfFnWuQ=
-=YizV
------END PGP SIGNATURE-----

coreutils-disable_tests.patch

@@ -6,7 +6,7 @@ Index: gnulib-tests/gnulib.mk
 ===================================================================
 --- gnulib-tests/gnulib.mk.orig
 +++ gnulib-tests/gnulib.mk
-@@ -1548,10 +1548,10 @@ EXTRA_DIST += getlocalename_l-unsafe.h l
+@@ -1528,10 +1528,10 @@ EXTRA_DIST += test-getloadavg.c signatur
  
  ## begin gnulib module getlogin-tests
  

coreutils-getaddrinfo.patch

@@ -6,7 +6,7 @@ Index: gnulib-tests/test-getaddrinfo.c
 ===================================================================
 --- gnulib-tests/test-getaddrinfo.c.orig
 +++ gnulib-tests/test-getaddrinfo.c
-@@ -115,11 +115,7 @@ simple (int pass, char const *host, char
+@@ -93,11 +93,7 @@ simple (char const *host, char const *se
           the test merely because someone is down the country on their
           in-law's farm. */
        if (res == EAI_AGAIN)

coreutils-remove_kill_documentation.patch

@@ -33,7 +33,7 @@ Index: doc/coreutils.texi
  Delaying
  
  * sleep invocation::             Delay for a specified time
-@@ -18923,90 +18917,6 @@ timeout -s INT 5s env --ignore-signal=IN
+@@ -18918,90 +18912,6 @@ timeout -s INT 5s env --ignore-signal=IN
  timeout -s INT -k 3s 5s env --ignore-signal=INT sleep 20
  @end example
  

coreutils-skip-gnulib-test-tls.patch

@@ -21,7 +21,7 @@ Index: gnulib-tests/gnulib.mk
 ===================================================================
 --- gnulib-tests/gnulib.mk.orig
 +++ gnulib-tests/gnulib.mk
-@@ -3605,9 +3605,10 @@ EXTRA_DIST += test-timespec.c macros.h
+@@ -3567,9 +3567,10 @@ EXTRA_DIST += test-timespec.c macros.h
  
  ## begin gnulib module tls-tests
  

coreutils-tests-shorten-extreme-factor-tests.patch

@@ -16,7 +16,7 @@ Index: tests/local.mk
 ===================================================================
 --- tests/local.mk.orig
 +++ tests/local.mk
-@@ -759,14 +759,9 @@ all_tests =					\
+@@ -758,14 +758,9 @@ all_tests =					\
  # See tests/factor/create-test.sh.
  tf = tests/factor
  factor_tests = \

coreutils.changes

@@ -1,56 +1,11 @@
 -------------------------------------------------------------------
 Mon Jun  2 09:30:09 UTC 2025 - rw@suse.com
 
-- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
+- coreutils-9.6-sort-CVE-2025-5278.patch: Add upstream patch:
   sort with key character offsets of SIZE_MAX, could induce
   a read of 1 byte before an allocated heap buffer.
   (CVE-2025-5278, bsc#1243767)
 
--------------------------------------------------------------------
-Sun Apr 13 18:32:55 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
-
-- coreutils-i18n.patch: update gnulib mbchar+mbfile to the commit
-  used by coreutils-9.7:
-    https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=41e7b7e0d
-    mainly to pick up these commits:
-    - c67c553e758 mbfile: Support pushback characters also right before EOF.
-    - 87ee7ef66ee mbfile: Allow 2 pushback characters.
-
--------------------------------------------------------------------
-Thu Apr 10 20:56:23 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
-
-- Update to 9.7:
-  Bug fixes
-  * 'cat' would fail with "input file is output file" if input and
-    output are the same terminal device and the output is append-only.
-    [bug introduced in coreutils-9.6]
-  * 'cksum -a crc' misbehaved on aarch64 with 32-bit uint_fast32_t.
-    [bug introduced in coreutils-9.6]
-  * dd with the 'nocache' flag will now detect all failures to drop the
-    cache for the whole file.  Previously it may have erroneously succeeded.
-    [bug introduced with the "nocache" feature in coreutils-8.11]
-  * 'ls -Z dir' would crash on all systems, and 'ls -l' could crash
-    on systems like Android with SELinux but without xattr support.
-    [bug introduced in coreutils-9.6]
-  * `ls -l` could output spurious "Not supported" errors in certain cases,
-    like with dangling symlinks on cygwin.
-    [bug introduced in coreutils-9.6]
-  * timeout would fail to timeout commands with infinitesimal timeouts.
-    For example `timeout 1e-5000 sleep inf` would never timeout.
-    [bug introduced with timeout in coreutils-7.0]
-  * sleep, tail, and timeout would sometimes sleep for slightly less
-    time than requested.
-    [bug introduced in coreutils-5.0]
-  * 'who -m' now outputs entries for remote logins.  Previously login
-    entries prefixed with the service (like "sshd") were not matched.
-    [bug introduced in coreutils-9.4]
-  Improvements
-  * 'logname' correctly returns the user who logged in the session,
-    on more systems.  Previously on musl or uclibc it would have merely
-    output the LOGNAME environment variable.
-- coreutils-9.6-ls-Z-crash-fix.patch: Remove now-upstream patch.
-- Refresh all other patches.
-
 -------------------------------------------------------------------
 Fri Jan 17 22:22:08 UTC 2025 - Bernhard Voelker <mail@bernhard-voelker.de>
 

coreutils.spec

@@ -30,7 +30,7 @@
 %global psuffix %{nil}
 %endif
 Name:           coreutils%{?psuffix}
-Version:        9.7
+Version:        9.6
 Release:        0
 Summary:        GNU Core Utilities
 License:        GPL-3.0-or-later
@@ -44,7 +44,6 @@ Patch1:         coreutils-remove_hostname_documentation.patch
 Patch3:         coreutils-remove_kill_documentation.patch
 Patch4:         coreutils-i18n.patch
 Patch8:         coreutils-sysinfo.patch
-Patch10:        coreutils-9.7-sort-CVE-2025-5278.patch
 # OBS / RPMLINT require /usr/bin/timeout to be built with the -fpie option.
 Patch100:       coreutils-build-timeout-as-pie.patch
 # There is no network in the build root so make the test succeed
@@ -65,7 +64,12 @@ Patch501:       coreutils-test_without_valgrind.patch
 # tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS.
 Patch810:       coreutils-skip-tests-rm-ext3-perf.patch
 Patch900:       coreutils-tests-workaround-make-fdleak.patch
-
+# Upstream coreutils patch right after the release was done:
+#   `ls -Z dir` would crash. [bug introduced in coreutils-9.6]
+#   see <https://lists.gnu.org/r/coreutils/2025-01/msg00054.html>
+Patch920:       coreutils-9.6-ls-Z-crash-fix.patch
+# Upstream security fix
+Patch921:        coreutils-9.6-sort-CVE-2025-5278.patch
 BuildRequires:  automake
 BuildRequires:  gmp-devel
 BuildRequires:  hostname
@@ -147,7 +151,6 @@ This package contains the documentation for the GNU Core Utilities.
 %patch -P 1
 %patch -P 3
 %patch -P 8
-%patch -P 10 -p1
 #
 %if 0%{?suse_version} <= 1320
 %patch -P 100
@@ -168,6 +171,8 @@ This package contains the documentation for the GNU Core Utilities.
 
 %patch -P 810
 %patch -P 900
+%patch -P 920 -p1
+%patch -P 921 -p1
 
 # ================================================
 %build