SHA256
1
0
forked from pool/coreutils

Accepting request 1140326 from home:berny:branches:Base:System

- coreutils-9.4.split-CVE-2024-0684.patch: Add upstream patch:
  split: do not shrink hold buffer.  (CVE-2024-0684)
- coreutils-i18n.patch: Update from Fedora to fix build on i686 on GCC14.

OBS-URL: https://build.opensuse.org/request/show/1140326
OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=356
This commit is contained in:
Bernhard Voelker 2024-01-23 09:45:29 +00:00 committed by Git OBS Bridge
parent b027767dc6
commit 051cc75b06
4 changed files with 154 additions and 82 deletions

View File

@ -0,0 +1,34 @@
Upstream patch on top of coreutils-9.4 fixing CVE-2024-0684.
https://git.sv.gnu.org/cgit/coreutils.git/commit/?id=c4c5ed8f4e9cd55a12966
From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 16 Jan 2024 13:48:32 -0800
Subject: [PATCH] split: do not shrink hold buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* src/split.c (line_bytes_split): Do not shrink hold buffer.
If its large for this batch its likely to be large for the next
batch, and for split its not worth the complexity/CPU hassle to
shrink it. Do not assume hold_size can be bufsize.
---
src/split.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/split.c b/src/split.c
index 64020c859..037960a59 100644
--- a/src/split.c
+++ b/src/split.c
@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
{
cwrite (n_out == 0, hold, n_hold);
n_out += n_hold;
- if (n_hold > bufsize)
- hold = xirealloc (hold, bufsize);
n_hold = 0;
- hold_size = bufsize;
}
/* Output to eol if present. */

View File

@ -7,8 +7,8 @@ Subject: [PATCH] coreutils-i18n.patch
bootstrap.conf | 1 + bootstrap.conf | 1 +
configure.ac | 6 + configure.ac | 6 +
lib/linebuffer.h | 8 + lib/linebuffer.h | 8 +
lib/mbfile.c | 3 + lib/mbfile.c | 20 +
lib/mbfile.h | 255 ++++++++++++ lib/mbfile.h | 267 ++++++++++++
m4/mbfile.m4 | 14 + m4/mbfile.m4 | 14 +
src/cut.c | 508 +++++++++++++++++++++-- src/cut.c | 508 +++++++++++++++++++++--
src/expand-common.c | 114 ++++++ src/expand-common.c | 114 ++++++
@ -35,7 +35,7 @@ Subject: [PATCH] coreutils-i18n.patch
tests/sort/sort.pl | 40 +- tests/sort/sort.pl | 40 +-
tests/unexpand/mb.sh | 172 ++++++++ tests/unexpand/mb.sh | 172 ++++++++
tests/uniq/uniq.pl | 55 +++ tests/uniq/uniq.pl | 55 +++
31 files changed, 3703 insertions(+), 242 deletions(-) 31 files changed, 3732 insertions(+), 242 deletions(-)
create mode 100644 lib/mbfile.c create mode 100644 lib/mbfile.c
create mode 100644 lib/mbfile.h create mode 100644 lib/mbfile.h
create mode 100644 m4/mbfile.m4 create mode 100644 m4/mbfile.m4
@ -101,34 +101,51 @@ index b4cc8e4..f2bbb52 100644
/* Initialize linebuffer LINEBUFFER for use. */ /* Initialize linebuffer LINEBUFFER for use. */
diff --git a/lib/mbfile.c b/lib/mbfile.c diff --git a/lib/mbfile.c b/lib/mbfile.c
new file mode 100644 new file mode 100644
index 0000000..b0a468e index 0000000..8d2957b
--- /dev/null --- /dev/null
+++ b/lib/mbfile.c +++ b/lib/mbfile.c
@@ -0,0 +1,3 @@ @@ -0,0 +1,20 @@
+/* Multibyte character I/O: macros for multi-byte encodings.
+ Copyright (C) 2012-2023 Free Software Foundation, Inc.
+
+ This file is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version.
+
+ This file is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+#include <config.h> +#include <config.h>
+
+#define MBFILE_INLINE _GL_EXTERN_INLINE +#define MBFILE_INLINE _GL_EXTERN_INLINE
+#include "mbfile.h" +#include "mbfile.h"
diff --git a/lib/mbfile.h b/lib/mbfile.h diff --git a/lib/mbfile.h b/lib/mbfile.h
new file mode 100644 new file mode 100644
index 0000000..11f1b12 index 0000000..ad61c19
--- /dev/null --- /dev/null
+++ b/lib/mbfile.h +++ b/lib/mbfile.h
@@ -0,0 +1,255 @@ @@ -0,0 +1,267 @@
+/* Multibyte character I/O: macros for multi-byte encodings. +/* Multibyte character I/O: macros for multi-byte encodings.
+ Copyright (C) 2001, 2005, 2009-2015 Free Software Foundation, Inc. + Copyright (C) 2001, 2005, 2009-2023 Free Software Foundation, Inc.
+ +
+ This program is free software: you can redistribute it and/or modify + This file is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by + it under the terms of the GNU Lesser General Public License as
+ the Free Software Foundation; either version 3 of the License, or + published by the Free Software Foundation, either version 3 of the
+ (at your option) any later version. + License, or (at your option) any later version.
+ +
+ This program is distributed in the hope that it will be useful, + This file is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of + but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details. + GNU Lesser General Public License for more details.
+ +
+ You should have received a copy of the GNU General Public License + You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */ + along with this program. If not, see <https://www.gnu.org/licenses/>. */
+ +
+/* Written by Mitsuru Chinen <mchinen@yamato.ibm.com> +/* Written by Mitsuru Chinen <mchinen@yamato.ibm.com>
+ and Bruno Haible <bruno@clisp.org>. */ + and Bruno Haible <bruno@clisp.org>. */
@ -163,24 +180,18 @@ index 0000000..11f1b12
+#ifndef _MBFILE_H +#ifndef _MBFILE_H
+#define _MBFILE_H 1 +#define _MBFILE_H 1
+ +
+/* This file uses _GL_INLINE_HEADER_BEGIN, _GL_INLINE. */
+#if !_GL_CONFIG_H_INCLUDED
+ #error "Please include config.h first."
+#endif
+
+#include <assert.h> +#include <assert.h>
+#include <stdbool.h>
+#include <stdio.h> +#include <stdio.h>
+#include <string.h> +#include <string.h>
+
+/* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
+ <wchar.h>.
+ BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
+ <wchar.h>. */
+#include <stdio.h>
+#include <time.h>
+#include <wchar.h> +#include <wchar.h>
+ +
+#include "mbchar.h" +#include "mbchar.h"
+ +
+#ifndef _GL_INLINE_HEADER_BEGIN
+ #error "Please include config.h first."
+#endif
+_GL_INLINE_HEADER_BEGIN +_GL_INLINE_HEADER_BEGIN
+#ifndef MBFILE_INLINE +#ifndef MBFILE_INLINE
+# define MBFILE_INLINE _GL_INLINE +# define MBFILE_INLINE _GL_INLINE
@ -199,6 +210,7 @@ index 0000000..11f1b12
+MBFILE_INLINE void +MBFILE_INLINE void
+mbfile_multi_getc (struct mbchar *mbc, struct mbfile_multi *mbf) +mbfile_multi_getc (struct mbchar *mbc, struct mbfile_multi *mbf)
+{ +{
+ unsigned int new_bufcount;
+ size_t bytes; + size_t bytes;
+ +
+ /* If EOF has already been seen, don't use getc. This matters if + /* If EOF has already been seen, don't use getc. This matters if
@ -214,64 +226,70 @@ index 0000000..11f1b12
+ return; + return;
+ } + }
+ +
+ /* Before using mbrtowc, we need at least one byte. */ + new_bufcount = mbf->bufcount;
+ if (mbf->bufcount == 0) +
+ /* If mbf->state is not in an initial state, some more 32-bit wide character
+ may be hiding in the state. We need to call mbrtoc32 again. */
+ #if GNULIB_MBRTOC32_REGULAR
+ assert (mbsinit (&mbf->state));
+ #else
+ if (mbsinit (&mbf->state))
+ #endif
+ { + {
+ int c = getc (mbf->fp); + /* Before using mbrtoc32, we need at least one byte. */
+ if (c == EOF) + if (new_bufcount == 0)
+ { + {
+ mbf->eof_seen = true; + int c = getc (mbf->fp);
+ goto eof; + if (c == EOF)
+ {
+ mbf->eof_seen = true;
+ goto eof;
+ }
+ mbf->buf[0] = (unsigned char) c;
+ new_bufcount++;
+ }
+
+ /* Handle most ASCII characters quickly, without calling mbrtoc32(). */
+ if (new_bufcount == 1 && is_basic (mbf->buf[0]))
+ {
+ /* These characters are part of the POSIX portable character set.
+ For most of them, namely those in the ISO C basic character set,
+ ISO C 99 guarantees that their wide character code is identical to
+ their char code. For the few other ones, this is the case as well,
+ in all locale encodings that are in use. The 32-bit wide character
+ code is the same as well. */
+ mbc->wc = mbc->buf[0] = mbf->buf[0];
+ mbc->wc_valid = true;
+ mbc->ptr = &mbc->buf[0];
+ mbc->bytes = 1;
+ mbf->bufcount = 0;
+ return;
+ } + }
+ mbf->buf[0] = (unsigned char) c;
+ mbf->bufcount++;
+ } + }
+ +
+ /* Handle most ASCII characters quickly, without calling mbrtowc(). */ + /* Use mbrtoc32 on an increasing number of bytes. Read only as many bytes
+ if (mbf->bufcount == 1 && mbsinit (&mbf->state) && is_basic (mbf->buf[0]))
+ {
+ /* These characters are part of the basic character set. ISO C 99
+ guarantees that their wide character code is identical to their
+ char code. */
+ mbc->wc = mbc->buf[0] = mbf->buf[0];
+ mbc->wc_valid = true;
+ mbc->ptr = &mbc->buf[0];
+ mbc->bytes = 1;
+ mbf->bufcount = 0;
+ return;
+ }
+
+ /* Use mbrtowc on an increasing number of bytes. Read only as many bytes
+ from mbf->fp as needed. This is needed to give reasonable interactive + from mbf->fp as needed. This is needed to give reasonable interactive
+ behaviour when mbf->fp is connected to an interactive tty. */ + behaviour when mbf->fp is connected to an interactive tty. */
+ for (;;) + for (;;)
+ { + {
+ /* We don't know whether the 'mbrtowc' function updates the state when + /* Feed the bytes one by one into mbrtoc32. */
+ it returns -2, - this is the ISO C 99 and glibc-2.2 behaviour - or + bytes = mbrtoc32 (&mbc->wc, &mbf->buf[mbf->bufcount], new_bufcount - mbf->bufcount, &mbf->state);
+ not - amended ANSI C, glibc-2.1 and Solaris 2.7 behaviour. We
+ don't have an autoconf test for this, yet.
+ The new behaviour would allow us to feed the bytes one by one into
+ mbrtowc. But the old behaviour forces us to feed all bytes since
+ the end of the last character into mbrtowc. Since we want to retry
+ with more bytes when mbrtowc returns -2, we must backup the state
+ before calling mbrtowc, because implementations with the new
+ behaviour will clobber it. */
+ mbstate_t backup_state = mbf->state;
+
+ bytes = mbrtowc (&mbc->wc, &mbf->buf[0], mbf->bufcount, &mbf->state);
+ +
+ if (bytes == (size_t) -1) + if (bytes == (size_t) -1)
+ { + {
+ /* An invalid multibyte sequence was encountered. */ + /* An invalid multibyte sequence was encountered. */
+ mbf->bufcount = new_bufcount;
+ /* Return a single byte. */ + /* Return a single byte. */
+ bytes = 1; + bytes = 1;
+ mbc->wc_valid = false; + mbc->wc_valid = false;
+ /* Allow the next invocation to continue from a sane state. */
+ mbszero (&mbf->state);
+ break; + break;
+ } + }
+ else if (bytes == (size_t) -2) + else if (bytes == (size_t) -2)
+ { + {
+ /* An incomplete multibyte character. */ + /* An incomplete multibyte character. */
+ mbf->state = backup_state; + mbf->bufcount = new_bufcount;
+ if (mbf->bufcount == MBCHAR_BUF_SIZE) + if (mbf->bufcount == MBCHAR_BUF_SIZE)
+ { + {
+ /* An overlong incomplete multibyte sequence was encountered. */ + /* An overlong incomplete multibyte sequence was encountered. */
@ -282,28 +300,42 @@ index 0000000..11f1b12
+ } + }
+ else + else
+ { + {
+ /* Read one more byte and retry mbrtowc. */ + /* Read one more byte and retry mbrtoc32. */
+ int c = getc (mbf->fp); + int c = getc (mbf->fp);
+ if (c == EOF) + if (c == EOF)
+ { + {
+ /* An incomplete multibyte character at the end. */ + /* An incomplete multibyte character at the end. */
+ mbf->eof_seen = true; + mbf->eof_seen = true;
+ bytes = mbf->bufcount; + bytes = new_bufcount;
+ mbc->wc_valid = false; + mbc->wc_valid = false;
+ break; + break;
+ } + }
+ mbf->buf[mbf->bufcount] = (unsigned char) c; + mbf->buf[new_bufcount] = (unsigned char) c;
+ mbf->bufcount++; + new_bufcount++;
+ } + }
+ } + }
+ else + else
+ { + {
+ if (bytes == 0) + #if !GNULIB_MBRTOC32_REGULAR
+ if (bytes == (size_t) -3)
+ { + {
+ /* A null wide character was encountered. */ + /* The previous multibyte sequence produced an additional 32-bit
+ bytes = 1; + wide character. */
+ assert (mbf->buf[0] == '\0'); + mbf->bufcount = new_bufcount;
+ assert (mbc->wc == 0); + bytes = 0;
+ }
+ else
+ #endif
+ {
+ bytes = mbf->bufcount + bytes;
+ mbf->bufcount = new_bufcount;
+ if (bytes == 0)
+ {
+ /* A null 32-bit wide character was encountered. */
+ bytes = 1;
+ assert (mbf->buf[0] == '\0');
+ assert (mbc->wc == 0);
+ }
+ } + }
+ mbc->wc_valid = true; + mbc->wc_valid = true;
+ break; + break;
@ -354,7 +386,7 @@ index 0000000..11f1b12
+ ((mbf).fp = (stream), \ + ((mbf).fp = (stream), \
+ (mbf).eof_seen = false, \ + (mbf).eof_seen = false, \
+ (mbf).have_pushback = false, \ + (mbf).have_pushback = false, \
+ memset (&(mbf).state, '\0', sizeof (mbstate_t)), \ + mbszero (&(mbf).state), \
+ (mbf).bufcount = 0) + (mbf).bufcount = 0)
+ +
+#define mbf_getc(mbc, mbf) mbfile_multi_getc (&(mbc), &(mbf)) +#define mbf_getc(mbc, mbf) mbfile_multi_getc (&(mbc), &(mbf))
@ -363,20 +395,17 @@ index 0000000..11f1b12
+ +
+#define mb_iseof(mbc) ((mbc).bytes == 0) +#define mb_iseof(mbc) ((mbc).bytes == 0)
+ +
+#ifndef _GL_INLINE_HEADER_BEGIN +_GL_INLINE_HEADER_END
+ #error "Please include config.h first."
+#endif
+_GL_INLINE_HEADER_BEGIN
+ +
+#endif /* _MBFILE_H */ +#endif /* _MBFILE_H */
diff --git a/m4/mbfile.m4 b/m4/mbfile.m4 diff --git a/m4/mbfile.m4 b/m4/mbfile.m4
new file mode 100644 new file mode 100644
index 0000000..8589902 index 0000000..83068a9
--- /dev/null --- /dev/null
+++ b/m4/mbfile.m4 +++ b/m4/mbfile.m4
@@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
+# mbfile.m4 serial 7 +# mbfile.m4 serial 7
+dnl Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. +dnl Copyright (C) 2005, 2008-2023 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation +dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it, +dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved. +dnl with or without modifications, as long as this notice is preserved.
@ -5527,5 +5556,5 @@ index a6354dc..e43cd6e 100755
@Tests = triple_test \@Tests; @Tests = triple_test \@Tests;
-- --
2.41.0 2.43.0

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Jan 21 09:50:55 UTC 2024 - Bernhard Voelker <mail@bernhard-voelker.de>
- coreutils-9.4.split-CVE-2024-0684.patch: Add upstream patch:
split: do not shrink hold buffer. (CVE-2024-0684)
- coreutils-i18n.patch: Update from Fedora to fix build on i686 on GCC14.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Sep 17 16:15:24 UTC 2023 - Bernhard Voelker <mail@bernhard-voelker.de> Sun Sep 17 16:15:24 UTC 2023 - Bernhard Voelker <mail@bernhard-voelker.de>

View File

@ -1,7 +1,7 @@
# #
# spec file # spec file
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -70,6 +70,7 @@ Patch501: coreutils-test_without_valgrind.patch
# tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS. # tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS.
Patch810: coreutils-skip-tests-rm-ext3-perf.patch Patch810: coreutils-skip-tests-rm-ext3-perf.patch
Patch900: coreutils-tests-workaround-make-fdleak.patch Patch900: coreutils-tests-workaround-make-fdleak.patch
Patch920: coreutils-9.4.split-CVE-2024-0684.patch
BuildRequires: automake BuildRequires: automake
BuildRequires: gmp-devel BuildRequires: gmp-devel
BuildRequires: hostname BuildRequires: hostname
@ -173,6 +174,7 @@ This package contains the documentation for the GNU Core Utilities.
%patch810 %patch810
%patch900 %patch900
%patch920 -p1
# ================================================ # ================================================
%build %build