Accepting request 1034608 from home:AndreasStieger:branches:Base:System

GNU sed 4.9

OBS-URL: https://build.opensuse.org/request/show/1034608
OBS-URL: https://build.opensuse.org/package/show/Base:System/sed?expand=0&rev=48
This commit is contained in:
Stanislav Brabec 2022-11-10 22:48:45 +00:00 committed by Git OBS Bridge
parent 5de068c48d
commit 65e982badc
8 changed files with 55 additions and 163 deletions

View File

@ -1,101 +0,0 @@
Avoid false-positive error in gnulib tests 'test-perror2' and 'test-strerror_r'.
On openSUSE OBS, the above gnulib tests fail on armv7l.
Corresponding report on the gnulib mailing list:
https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
From: Florian Weimer
Date: Thu, 27 Aug 2020 09:41:34 +0200
Subject: Use-after-free in test-perror2, test-strerror_r
The problem is visible with glibc 2.32 under valgrind:
==20== Invalid read of size 1
==20== at 0x483DAB4: strcmp (vg_replace_strmem.c:847)
==20== by 0x109414: main (test-perror2.c:84)
==20== Address 0x4a1a3d0 is 0 bytes inside a block of size 17 free'd
==20== at 0x483A9F5: free (vg_replace_malloc.c:538)
==20== by 0x48E2134: strerror_l (in /usr/lib64/libc-2.32.so)
==20== by 0x109328: main (test-perror2.c:72)
==20== Block was alloc'd at
==20== at 0x4839809: malloc (vg_replace_malloc.c:307)
==20== by 0x48CA03F: __vasprintf_internal (in /usr/lib64/libc-2.32.so)
==20== by 0x48A46F9: asprintf (in /usr/lib64/libc-2.32.so)
==20== by 0x48E2184: strerror_l (in /usr/lib64/libc-2.32.so)
==20== by 0x1092E2: main (test-perror2.c:67)
==20==
==20== Invalid read of size 1
==20== at 0x483DAC8: strcmp (vg_replace_strmem.c:847)
==20== by 0x109414: main (test-perror2.c:84)
==20== Address 0x4a1a3d1 is 1 bytes inside a block of size 17 free'd
==20== at 0x483A9F5: free (vg_replace_malloc.c:538)
==20== by 0x48E2134: strerror_l (in /usr/lib64/libc-2.32.so)
==20== by 0x109328: main (test-perror2.c:72)
==20== Block was alloc'd at
==20== at 0x4839809: malloc (vg_replace_malloc.c:307)
==20== by 0x48CA03F: __vasprintf_internal (in /usr/lib64/libc-2.32.so)
==20== by 0x48A46F9: asprintf (in /usr/lib64/libc-2.32.so)
==20== by 0x48E2184: strerror_l (in /usr/lib64/libc-2.32.so)
==20== by 0x1092E2: main (test-perror2.c:67)
I think it's the test that's invalid.
This was reported as an actual grep test failure (without valgrind) on
32-bit Arm, where glibc malloc happens to return a different buffer
address for the internal allocation (so that msg3 != msg4).
test-strerror_r has the same issue.
Thanks,
Florian
Upstream patch:
https://git.sv.gnu.org/cgit/gnulib.git/commit/?id=175e0bc72808
From 175e0bc72808d564074c4adcc72aeadb74adfcc6 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 27 Aug 2020 17:52:58 -0700
Subject: [PATCH] perror, strerror_r: remove unportable tests
Problem reported by Florian Weimer in:
https://lists.gnu.org/r/bug-gnulib/2020-08/msg00220.html
* tests/test-perror2.c (main):
* tests/test-strerror_r.c (main): Omit unportable tests.
This downstream patch is identical to upstream one modulo the ChangeLog entry.
---
gnulib-tests/test-perror2.c | 3 ---
gnulib-tests/test-strerror_r.c | 3 ---
2 files changed, 6 deletions(-)
Index: gnulib-tests/test-perror2.c
===================================================================
--- gnulib-tests/test-perror2.c.orig
+++ gnulib-tests/test-perror2.c
@@ -79,9 +79,6 @@ main (void)
errno = -5;
perror ("");
ASSERT (!ferror (stderr));
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
ASSERT (STREQ (msg4, str4));
free (str1);
Index: gnulib-tests/test-strerror_r.c
===================================================================
--- gnulib-tests/test-strerror_r.c.orig
+++ gnulib-tests/test-strerror_r.c
@@ -165,9 +165,6 @@ main (void)
strerror_r (EACCES, buf, sizeof buf);
strerror_r (-5, buf, sizeof buf);
- ASSERT (msg1 == msg2 || msg1 == msg4 || STREQ (msg1, str1));
- ASSERT (msg2 == msg4 || STREQ (msg2, str2));
- ASSERT (msg3 == msg4 || STREQ (msg3, str3));
ASSERT (STREQ (msg4, str4));
free (str1);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f79b0cfea71b37a8eeec8490db6c5f7ae7719c35587f21edb0617f370eeff633
size 1348048

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFV0/xQDINEhtHupnf9n8ywAL7u4FAl4ekRoACgkQf9n8ywAL
7u62aA//a9WOFsQR4oTCAX5yYw/RDD4600hMdWmhoV4gSTZxaPWlA5MX0hdT4Y3X
GZ3/QFckfJ1k8U5ZEsCPkCCh0U2k8031+Sc4a5Jn8NEIqeP2VGPoB0APZOkEJFdm
tWwD3cAyyDX6S2HCA1OqQsbeSmBIzn/iZU7jPTplih2VO4mzglcv2eJiDIICipSI
FRnQ9QqHA5kyO4ndNB51ESpUGvCgQ7dGe85kozaM6xbhoTdIVLvxjUuAGQNaeSNa
fqnFqEfEfWE5qfw0hPoUU2WVdayRq+3Sm977hIcdy8FzM4k4zU66GZnYd6aSfVEj
RpAwJRFG8GkLIf+ALMeGUcIWDX64E5XLjFXFM9zV9ffI+Snlpqz745ru3SXBF9js
6Xvab+tAkP17Okj1SzfWjUHs5PAaF59dt/SQGpa+8CroYZJo0/xT05oI4EuNRL0n
gfb9PQPYcF+aQNsBEU1av+x/cui1uQKxFzJ8TdvJsLjKux7tPOyQA/QLGF969JwO
sjaNyTpGk7dkOX/7dCtXAFXRsJVTKCc6p8LzEWnMV0rEhzznq0Ey42n2xEJF6NGL
ipV5uKRXoD/6ok6ZIfSTbyY3N4pdBAlkz5o3s1ikbQ1D/eiqq7v3Rpsy5lvpvQeZ
5GsHowlh6BmlK5kYcavDmr7RKoBUwQttkEu3OuDOrFhVIIKWB8Q=
=XavH
-----END PGP SIGNATURE-----

BIN
sed-4.9.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

16
sed-4.9.tar.xz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFV0/xQDINEhtHupnf9n8ywAL7u4FAmNoLIYACgkQf9n8ywAL
7u7Q3w//es7+47eG6Av4Kp4KMrJB8DbFRgshO/nTSAGX4HsZVtcEyOnKWQPjr8hB
1pNLZHWzEPmfhs3bP+l5r7CF3ryjxScZwuRC4+eIysJSXYJ7fWYLM1D0D/T9nOrl
B7mmswoYgWijHAwGW/jMvttcO9eKluCkXczxRYNdnrLaVh9deS2D4BgWEM3fM/KR
tXQj5P4v2o4fpixsjgEqBY9RUkNWZZ4GPQwVVE7JYgY2r74mjsgwwSa+Eb/dEJT5
o+nTafvlFJXwnZvJeDG23tQbT4e+fW0+TzSMBubLCiDV29K8uOB4p3dw/3swRiCz
wwKr0twtJ50K6PwsayoSWaF1vMKRgzK+kzFVC1fxqGGYm522ssdqFjRGYfwZJv2x
+Mpxy5fj20KiHnfjN95nd+EDxEblbbyWhn8EG6rR/qoVku74DEV5dntxf/GVBZsy
+NMKGz2+W5/KBRWApYoQBHjLlQpoYzmQSBRNsInlPMWhoRnF/7sry1H3Dlnu+5QY
mVSXfzFyUY1a4dcJXIHBs27uIGzLhuf2hVqfcOs4eDLbA7gzBn3Tl/GJcFW7lQzB
9a97YCnDETPN8rU4IhIlmH0LJIVMpBPy/sCTYYuoE2oFaB91si5IHBqB9TV7P3VV
bCCduHjHyER8S50gFJY+qkBdkfqOH/o18L0bgTRzoixSOY/32Qk=
=FMyH
-----END PGP SIGNATURE-----

View File

@ -1,16 +0,0 @@
http://lists.gnu.org/archive/html/bug-gnu-utils/2014-06/msg00000.html
Index: sed-4.6/sed/utils.c
===================================================================
--- sed-4.6.orig/sed/utils.c
+++ sed-4.6/sed/utils.c
@@ -267,8 +267,8 @@ ck_fclose (FILE *stream)
{
if (!stream || stream == cur->fp)
{
- do_ck_fclose (cur->fp);
prev->link = cur->link;
+ do_ck_fclose (cur->fp);
free (cur->name);
free (cur);
}

View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Mon Nov 7 18:49:22 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- GNU sed 4.9:
* 'sed --follow-symlinks -i' no longer loops forever when its
operand is a symbolic link cycle.
* a program with an execution line longer than 2GB can no longer
trigger an out-of-bounds memory write.
* using the R command to read an input line of length longer than
2GB can no longer trigger an out-of-bounds memory read.
* In locales using UTF-8 encoding, the regular expression '.' no
longer sometimes fails to match Unicode characters U+D400
through U+D7FF (some Hangul Syllables, and Hangul Jamo
Extended-B) and Unicode characters U+108000 through U+10FFFF
(half of Supplemental Private Use Area plane B).
* I/O errors involving temp files no longer confuse sed into
using a FILE * pointer after fclosing it, which has undefined
behavior in C.
* New: The 'r' command now accepts address 0, allowing inserting
a file before the first line.
* Sed now prints the less-surprising variant in a corner case of
POSIX-unspecified behavior. Before, this would print "n".
Now, it prints "X":
printf n | sed 'sn\nnXn'; echo
- drop patches now upstream:
* gnulib-test-avoid-FP-perror-strerror.patch
* sed-dont_close_twice.patch
- disable profile guided optimization in build due to what seems to
be a bug in gnulib
-------------------------------------------------------------------
Fri Oct 16 08:47:29 UTC 2020 - Ludwig Nussel <lnussel@suse.de>

View File

@ -1,7 +1,7 @@
#
# spec file for package sed
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: sed
Version: 4.8
Version: 4.9
Release: 0
Summary: A Stream-Oriented Non-Interactive Text Editor
License: GPL-3.0-or-later
@ -26,13 +26,8 @@ URL: https://www.gnu.org/software/sed/
Source0: https://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz
Source1: https://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz.sig
Source2: %{name}.keyring
# PATCH-FIX-SLE sed-dont_close_twice.patch bnc@880817 tcech@suse.cz -- Fix double close.
Patch0: sed-dont_close_twice.patch
Patch1: gnulib-test-avoid-FP-perror-strerror.patch
BuildRequires: libacl-devel
BuildRequires: libselinux-devel
Requires(post): %{install_info_prereq}
Requires(preun): %{install_info_prereq}
Provides: base:/bin/sed
%description
@ -44,9 +39,7 @@ occurrences of a string within a file.
%lang_package
%prep
%setup -q
%patch0 -p1
%patch1
%autosetup -p1
%build
%define warn_flags -Wall -Wstrict-prototypes -Wpointer-arith -Wformat-security
@ -54,15 +47,7 @@ export CFLAGS="%{optflags} %{warn_flags} -fPIE"
export LDFLAGS="-pie"
%configure \
--without-included-regex
%if 0%{?do_profiling}
make %{?_smp_mflags} CFLAGS="$CFLAGS %{cflags_profile_generate}" V=1
make %{?_smp_mflags} CFLAGS="$CFLAGS %{cflags_profile_generate}" check
make %{?_smp_mflags} clean
make %{?_smp_mflags} CFLAGS="$CFLAGS %{cflags_profile_feedback}" V=1
%else
make %{?_smp_mflags} V=1
%endif
make %{?_smp_mflags} check
%make_build
%install
%make_install
@ -73,14 +58,7 @@ ln -s %{_bindir}/sed %{buildroot}/bin/sed
%find_lang %{name}
%check
# run check once more with final binaries
make %{?_smp_mflags} check
%post
%install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info}
%preun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info%{ext_info}
%make_build check
%files
%license COPYING*
@ -93,5 +71,6 @@ make %{?_smp_mflags} check
%{_infodir}/sed.info*%{ext_info}
%files lang -f %{name}.lang
%license COPYING*
%changelog