From c4b6303437bd5453dc3a652034b428ba287f03805fb95bd45bcde73b7cbc153c Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Wed, 14 Feb 2024 16:38:04 +0000 Subject: [PATCH] Accepting request 1146164 from home:AndreasStieger:branches:devel:tools pkgconf 2.1.1 OBS-URL: https://build.opensuse.org/request/show/1146164 OBS-URL: https://build.opensuse.org/package/show/devel:tools/pkgconf?expand=0&rev=28 --- pkgconf-1.8.0.tar.xz | 3 -- pkgconf-2.1.1.tar.xz | 3 ++ pkgconf-CVE-2023-24056.patch | 53 ------------------------------------ pkgconf.changes | 21 ++++++++++++++ pkgconf.spec | 14 +++------- 5 files changed, 28 insertions(+), 66 deletions(-) delete mode 100644 pkgconf-1.8.0.tar.xz create mode 100644 pkgconf-2.1.1.tar.xz delete mode 100644 pkgconf-CVE-2023-24056.patch diff --git a/pkgconf-1.8.0.tar.xz b/pkgconf-1.8.0.tar.xz deleted file mode 100644 index fa350b2..0000000 --- a/pkgconf-1.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ef9c7e61822b7cb8356e6e9e1dca58d9556f3200d78acab35e4347e9d4c2bbaf -size 296304 diff --git a/pkgconf-2.1.1.tar.xz b/pkgconf-2.1.1.tar.xz new file mode 100644 index 0000000..0750147 --- /dev/null +++ b/pkgconf-2.1.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3a224f2accf091b77a5781316e27b9ee3ba82c083cc2e539e08940b68a44fec5 +size 311956 diff --git a/pkgconf-CVE-2023-24056.patch b/pkgconf-CVE-2023-24056.patch deleted file mode 100644 index cb13c4f..0000000 --- a/pkgconf-CVE-2023-24056.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -Nura pkgconf-1.8.0/libpkgconf/tuple.c pkgconf-1.8.0_new/libpkgconf/tuple.c ---- pkgconf-1.8.0/libpkgconf/tuple.c 2021-03-18 20:15:16.000000000 +0800 -+++ pkgconf-1.8.0_new/libpkgconf/tuple.c 2023-01-30 16:07:40.750297141 +0800 -@@ -293,12 +293,23 @@ - } - } - -+ PKGCONF_TRACE(client, "lookup tuple %s", varname); -+ -+ size_t remain = PKGCONF_BUFSIZE - (bptr - buf); - ptr += (pptr - ptr); - kv = pkgconf_tuple_find_global(client, varname); - if (kv != NULL) - { -- strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf)); -- bptr += strlen(kv); -+ size_t nlen = pkgconf_strlcpy(bptr, kv, remain); -+ if (nlen > remain) -+ { -+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); -+ -+ bptr = buf + (PKGCONF_BUFSIZE - 1); -+ break; -+ } -+ -+ bptr += nlen; - } - else - { -@@ -306,12 +317,20 @@ - - if (kv != NULL) - { -+ size_t nlen; -+ - parsekv = pkgconf_tuple_parse(client, vars, kv); -+ nlen = pkgconf_strlcpy(bptr, parsekv, remain); -+ free(parsekv); - -- strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf)); -- bptr += strlen(parsekv); -+ if (nlen > remain) -+ { -+ pkgconf_warn(client, "warning: truncating very long variable to 64KB\n"); -+ bptr = buf + (PKGCONF_BUFSIZE - 1); -+ break; -+ } - -- free(parsekv); -+ bptr += nlen; - } - } - } diff --git a/pkgconf.changes b/pkgconf.changes index 71120ec..56a1d03 100644 --- a/pkgconf.changes +++ b/pkgconf.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Mon Feb 12 12:29:11 UTC 2024 - Andreas Stieger + +- update to 2.1.1: + * Fix --modversion with constraints + * Reintroduce an optimization to the dependency graph walker + which avoids revisiting already visited nodes + * Add a regression test to check that the dependency flattener is + working as expected + +------------------------------------------------------------------- +Mon Dec 18 10:41:18 UTC 2023 - Andreas Stieger + +- update to 2.1.0: + * new solver for higher performance with complicated graphs + * Add --license selector to the pkgconf CLI + * Add flag --verbose and --solution to CLI + * Changes and fixes to --modversion + * bug fixes and developer visible changes +- drop pkgconf-CVE-2023-24056.patch, now included + ------------------------------------------------------------------- Sun Jan 29 09:26:47 UTC 2023 - Cliff Zhao diff --git a/pkgconf.spec b/pkgconf.spec index f7b9b31..bb74746 100644 --- a/pkgconf.spec +++ b/pkgconf.spec @@ -1,7 +1,7 @@ # # spec file for package pkgconf # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # Copyright (c) 2020 Neal Gompa . # # All modifications and additions to the file contributed by third parties @@ -40,12 +40,12 @@ # Search path for pc files for pkgconf %global pkgconf_libdirs %{_libdir}/pkgconfig:%{_datadir}/pkgconfig -%global somajor 3 +%global somajor 4 %global libname lib%{name}%{somajor} %global devname lib%{name}-devel Name: pkgconf -Version: 1.8.0 +Version: 2.1.1 Release: 0 Summary: Package compiler and linker metadata toolkit License: ISC @@ -54,13 +54,7 @@ URL: http://pkgconf.org/ Source0: https://distfiles.dereferenced.org/%{name}/%{name}-%{version}.tar.xz # Simple wrapper script to offer platform versions of pkgconfig from Fedora Source1: platform-pkg-config.in -# PATCH-FIX-UPSTREAM pkgconf-CVE-2023-24056.patch bsc#1207394 CVE-2023-24056 qzhao@suse.com -- Backport commit 628b2b2baf from upstream, test for, and stop string processing, on truncation. -Patch0: pkgconf-CVE-2023-24056.patch -# For regenerating autotools scripts -BuildRequires: autoconf -BuildRequires: automake BuildRequires: gcc -BuildRequires: libtool BuildRequires: make # pkgconf uses libpkgconf internally Requires: %{libname}%{?_isa} = %{version}-%{release} @@ -135,7 +129,6 @@ the system provider of pkg-config. %autosetup -p1 %build -autoreconf -fiv %configure --disable-static \ --with-pkg-config-dir=%{pkgconf_libdirs} \ --with-system-includedir=%{_includedir} \ @@ -196,6 +189,7 @@ rm -rf %{buildroot}%{_mandir}/man7 %license COPYING %doc README.md AUTHORS NEWS %{_bindir}/%{name} +%{_bindir}/bomtool %{_mandir}/man1/%{name}.1* %{_mandir}/man5/pc.5* %{_mandir}/man5/%{name}-personality.5*