forked from pool/coreutils
Accepting request 1140792 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1140792 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/coreutils?expand=0&rev=154
This commit is contained in:
commit
1d3a2aaae5
34
coreutils-9.4.split-CVE-2024-0684.patch
Normal file
34
coreutils-9.4.split-CVE-2024-0684.patch
Normal file
@ -0,0 +1,34 @@
|
||||
Upstream patch on top of coreutils-9.4 fixing CVE-2024-0684.
|
||||
https://git.sv.gnu.org/cgit/coreutils.git/commit/?id=c4c5ed8f4e9cd55a12966
|
||||
|
||||
From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Tue, 16 Jan 2024 13:48:32 -0800
|
||||
Subject: [PATCH] split: do not shrink hold buffer
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
* src/split.c (line_bytes_split): Do not shrink hold buffer.
|
||||
If it’s large for this batch it’s likely to be large for the next
|
||||
batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
|
||||
shrink it. Do not assume hold_size can be bufsize.
|
||||
---
|
||||
src/split.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/src/split.c b/src/split.c
|
||||
index 64020c859..037960a59 100644
|
||||
--- a/src/split.c
|
||||
+++ b/src/split.c
|
||||
@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
|
||||
{
|
||||
cwrite (n_out == 0, hold, n_hold);
|
||||
n_out += n_hold;
|
||||
- if (n_hold > bufsize)
|
||||
- hold = xirealloc (hold, bufsize);
|
||||
n_hold = 0;
|
||||
- hold_size = bufsize;
|
||||
}
|
||||
|
||||
/* Output to eol if present. */
|
@ -7,8 +7,8 @@ Subject: [PATCH] coreutils-i18n.patch
|
||||
bootstrap.conf | 1 +
|
||||
configure.ac | 6 +
|
||||
lib/linebuffer.h | 8 +
|
||||
lib/mbfile.c | 3 +
|
||||
lib/mbfile.h | 255 ++++++++++++
|
||||
lib/mbfile.c | 20 +
|
||||
lib/mbfile.h | 267 ++++++++++++
|
||||
m4/mbfile.m4 | 14 +
|
||||
src/cut.c | 508 +++++++++++++++++++++--
|
||||
src/expand-common.c | 114 ++++++
|
||||
@ -35,7 +35,7 @@ Subject: [PATCH] coreutils-i18n.patch
|
||||
tests/sort/sort.pl | 40 +-
|
||||
tests/unexpand/mb.sh | 172 ++++++++
|
||||
tests/uniq/uniq.pl | 55 +++
|
||||
31 files changed, 3703 insertions(+), 242 deletions(-)
|
||||
31 files changed, 3732 insertions(+), 242 deletions(-)
|
||||
create mode 100644 lib/mbfile.c
|
||||
create mode 100644 lib/mbfile.h
|
||||
create mode 100644 m4/mbfile.m4
|
||||
@ -101,34 +101,51 @@ index b4cc8e4..f2bbb52 100644
|
||||
/* Initialize linebuffer LINEBUFFER for use. */
|
||||
diff --git a/lib/mbfile.c b/lib/mbfile.c
|
||||
new file mode 100644
|
||||
index 0000000..b0a468e
|
||||
index 0000000..8d2957b
|
||||
--- /dev/null
|
||||
+++ b/lib/mbfile.c
|
||||
@@ -0,0 +1,3 @@
|
||||
@@ -0,0 +1,20 @@
|
||||
+/* Multibyte character I/O: macros for multi-byte encodings.
|
||||
+ Copyright (C) 2012-2023 Free Software Foundation, Inc.
|
||||
+
|
||||
+ This file is free software: you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU Lesser General Public License as
|
||||
+ published by the Free Software Foundation, either version 3 of the
|
||||
+ License, or (at your option) any later version.
|
||||
+
|
||||
+ This file is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ GNU Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public License
|
||||
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <config.h>
|
||||
+
|
||||
+#define MBFILE_INLINE _GL_EXTERN_INLINE
|
||||
+#include "mbfile.h"
|
||||
diff --git a/lib/mbfile.h b/lib/mbfile.h
|
||||
new file mode 100644
|
||||
index 0000000..11f1b12
|
||||
index 0000000..ad61c19
|
||||
--- /dev/null
|
||||
+++ b/lib/mbfile.h
|
||||
@@ -0,0 +1,255 @@
|
||||
@@ -0,0 +1,267 @@
|
||||
+/* Multibyte character I/O: macros for multi-byte encodings.
|
||||
+ Copyright (C) 2001, 2005, 2009-2015 Free Software Foundation, Inc.
|
||||
+ Copyright (C) 2001, 2005, 2009-2023 Free Software Foundation, Inc.
|
||||
+
|
||||
+ This program is free software: you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; either version 3 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+ This file is free software: you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU Lesser General Public License as
|
||||
+ published by the Free Software Foundation, either version 3 of the
|
||||
+ License, or (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful,
|
||||
+ This file is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ GNU General Public License for more details.
|
||||
+ GNU Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
+ You should have received a copy of the GNU Lesser General Public License
|
||||
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+/* Written by Mitsuru Chinen <mchinen@yamato.ibm.com>
|
||||
+ and Bruno Haible <bruno@clisp.org>. */
|
||||
@ -163,24 +180,18 @@ index 0000000..11f1b12
|
||||
+#ifndef _MBFILE_H
|
||||
+#define _MBFILE_H 1
|
||||
+
|
||||
+/* This file uses _GL_INLINE_HEADER_BEGIN, _GL_INLINE. */
|
||||
+#if !_GL_CONFIG_H_INCLUDED
|
||||
+ #error "Please include config.h first."
|
||||
+#endif
|
||||
+
|
||||
+#include <assert.h>
|
||||
+#include <stdbool.h>
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+
|
||||
+/* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
|
||||
+ <wchar.h>.
|
||||
+ BSD/OS 4.1 has a bug: <stdio.h> and <time.h> must be included before
|
||||
+ <wchar.h>. */
|
||||
+#include <stdio.h>
|
||||
+#include <time.h>
|
||||
+#include <wchar.h>
|
||||
+
|
||||
+#include "mbchar.h"
|
||||
+
|
||||
+#ifndef _GL_INLINE_HEADER_BEGIN
|
||||
+ #error "Please include config.h first."
|
||||
+#endif
|
||||
+_GL_INLINE_HEADER_BEGIN
|
||||
+#ifndef MBFILE_INLINE
|
||||
+# define MBFILE_INLINE _GL_INLINE
|
||||
@ -199,6 +210,7 @@ index 0000000..11f1b12
|
||||
+MBFILE_INLINE void
|
||||
+mbfile_multi_getc (struct mbchar *mbc, struct mbfile_multi *mbf)
|
||||
+{
|
||||
+ unsigned int new_bufcount;
|
||||
+ size_t bytes;
|
||||
+
|
||||
+ /* If EOF has already been seen, don't use getc. This matters if
|
||||
@ -214,64 +226,70 @@ index 0000000..11f1b12
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* Before using mbrtowc, we need at least one byte. */
|
||||
+ if (mbf->bufcount == 0)
|
||||
+ new_bufcount = mbf->bufcount;
|
||||
+
|
||||
+ /* If mbf->state is not in an initial state, some more 32-bit wide character
|
||||
+ may be hiding in the state. We need to call mbrtoc32 again. */
|
||||
+ #if GNULIB_MBRTOC32_REGULAR
|
||||
+ assert (mbsinit (&mbf->state));
|
||||
+ #else
|
||||
+ if (mbsinit (&mbf->state))
|
||||
+ #endif
|
||||
+ {
|
||||
+ int c = getc (mbf->fp);
|
||||
+ if (c == EOF)
|
||||
+ /* Before using mbrtoc32, we need at least one byte. */
|
||||
+ if (new_bufcount == 0)
|
||||
+ {
|
||||
+ mbf->eof_seen = true;
|
||||
+ goto eof;
|
||||
+ int c = getc (mbf->fp);
|
||||
+ if (c == EOF)
|
||||
+ {
|
||||
+ mbf->eof_seen = true;
|
||||
+ goto eof;
|
||||
+ }
|
||||
+ mbf->buf[0] = (unsigned char) c;
|
||||
+ new_bufcount++;
|
||||
+ }
|
||||
+
|
||||
+ /* Handle most ASCII characters quickly, without calling mbrtoc32(). */
|
||||
+ if (new_bufcount == 1 && is_basic (mbf->buf[0]))
|
||||
+ {
|
||||
+ /* These characters are part of the POSIX portable character set.
|
||||
+ For most of them, namely those in the ISO C basic character set,
|
||||
+ ISO C 99 guarantees that their wide character code is identical to
|
||||
+ their char code. For the few other ones, this is the case as well,
|
||||
+ in all locale encodings that are in use. The 32-bit wide character
|
||||
+ code is the same as well. */
|
||||
+ mbc->wc = mbc->buf[0] = mbf->buf[0];
|
||||
+ mbc->wc_valid = true;
|
||||
+ mbc->ptr = &mbc->buf[0];
|
||||
+ mbc->bytes = 1;
|
||||
+ mbf->bufcount = 0;
|
||||
+ return;
|
||||
+ }
|
||||
+ mbf->buf[0] = (unsigned char) c;
|
||||
+ mbf->bufcount++;
|
||||
+ }
|
||||
+
|
||||
+ /* Handle most ASCII characters quickly, without calling mbrtowc(). */
|
||||
+ if (mbf->bufcount == 1 && mbsinit (&mbf->state) && is_basic (mbf->buf[0]))
|
||||
+ {
|
||||
+ /* These characters are part of the basic character set. ISO C 99
|
||||
+ guarantees that their wide character code is identical to their
|
||||
+ char code. */
|
||||
+ mbc->wc = mbc->buf[0] = mbf->buf[0];
|
||||
+ mbc->wc_valid = true;
|
||||
+ mbc->ptr = &mbc->buf[0];
|
||||
+ mbc->bytes = 1;
|
||||
+ mbf->bufcount = 0;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* Use mbrtowc on an increasing number of bytes. Read only as many bytes
|
||||
+ /* Use mbrtoc32 on an increasing number of bytes. Read only as many bytes
|
||||
+ from mbf->fp as needed. This is needed to give reasonable interactive
|
||||
+ behaviour when mbf->fp is connected to an interactive tty. */
|
||||
+ for (;;)
|
||||
+ {
|
||||
+ /* We don't know whether the 'mbrtowc' function updates the state when
|
||||
+ it returns -2, - this is the ISO C 99 and glibc-2.2 behaviour - or
|
||||
+ not - amended ANSI C, glibc-2.1 and Solaris 2.7 behaviour. We
|
||||
+ don't have an autoconf test for this, yet.
|
||||
+ The new behaviour would allow us to feed the bytes one by one into
|
||||
+ mbrtowc. But the old behaviour forces us to feed all bytes since
|
||||
+ the end of the last character into mbrtowc. Since we want to retry
|
||||
+ with more bytes when mbrtowc returns -2, we must backup the state
|
||||
+ before calling mbrtowc, because implementations with the new
|
||||
+ behaviour will clobber it. */
|
||||
+ mbstate_t backup_state = mbf->state;
|
||||
+
|
||||
+ bytes = mbrtowc (&mbc->wc, &mbf->buf[0], mbf->bufcount, &mbf->state);
|
||||
+ /* Feed the bytes one by one into mbrtoc32. */
|
||||
+ bytes = mbrtoc32 (&mbc->wc, &mbf->buf[mbf->bufcount], new_bufcount - mbf->bufcount, &mbf->state);
|
||||
+
|
||||
+ if (bytes == (size_t) -1)
|
||||
+ {
|
||||
+ /* An invalid multibyte sequence was encountered. */
|
||||
+ mbf->bufcount = new_bufcount;
|
||||
+ /* Return a single byte. */
|
||||
+ bytes = 1;
|
||||
+ mbc->wc_valid = false;
|
||||
+ /* Allow the next invocation to continue from a sane state. */
|
||||
+ mbszero (&mbf->state);
|
||||
+ break;
|
||||
+ }
|
||||
+ else if (bytes == (size_t) -2)
|
||||
+ {
|
||||
+ /* An incomplete multibyte character. */
|
||||
+ mbf->state = backup_state;
|
||||
+ mbf->bufcount = new_bufcount;
|
||||
+ if (mbf->bufcount == MBCHAR_BUF_SIZE)
|
||||
+ {
|
||||
+ /* An overlong incomplete multibyte sequence was encountered. */
|
||||
@ -282,28 +300,42 @@ index 0000000..11f1b12
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ /* Read one more byte and retry mbrtowc. */
|
||||
+ /* Read one more byte and retry mbrtoc32. */
|
||||
+ int c = getc (mbf->fp);
|
||||
+ if (c == EOF)
|
||||
+ {
|
||||
+ /* An incomplete multibyte character at the end. */
|
||||
+ mbf->eof_seen = true;
|
||||
+ bytes = mbf->bufcount;
|
||||
+ bytes = new_bufcount;
|
||||
+ mbc->wc_valid = false;
|
||||
+ break;
|
||||
+ }
|
||||
+ mbf->buf[mbf->bufcount] = (unsigned char) c;
|
||||
+ mbf->bufcount++;
|
||||
+ mbf->buf[new_bufcount] = (unsigned char) c;
|
||||
+ new_bufcount++;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (bytes == 0)
|
||||
+ #if !GNULIB_MBRTOC32_REGULAR
|
||||
+ if (bytes == (size_t) -3)
|
||||
+ {
|
||||
+ /* A null wide character was encountered. */
|
||||
+ bytes = 1;
|
||||
+ assert (mbf->buf[0] == '\0');
|
||||
+ assert (mbc->wc == 0);
|
||||
+ /* The previous multibyte sequence produced an additional 32-bit
|
||||
+ wide character. */
|
||||
+ mbf->bufcount = new_bufcount;
|
||||
+ bytes = 0;
|
||||
+ }
|
||||
+ else
|
||||
+ #endif
|
||||
+ {
|
||||
+ bytes = mbf->bufcount + bytes;
|
||||
+ mbf->bufcount = new_bufcount;
|
||||
+ if (bytes == 0)
|
||||
+ {
|
||||
+ /* A null 32-bit wide character was encountered. */
|
||||
+ bytes = 1;
|
||||
+ assert (mbf->buf[0] == '\0');
|
||||
+ assert (mbc->wc == 0);
|
||||
+ }
|
||||
+ }
|
||||
+ mbc->wc_valid = true;
|
||||
+ break;
|
||||
@ -354,7 +386,7 @@ index 0000000..11f1b12
|
||||
+ ((mbf).fp = (stream), \
|
||||
+ (mbf).eof_seen = false, \
|
||||
+ (mbf).have_pushback = false, \
|
||||
+ memset (&(mbf).state, '\0', sizeof (mbstate_t)), \
|
||||
+ mbszero (&(mbf).state), \
|
||||
+ (mbf).bufcount = 0)
|
||||
+
|
||||
+#define mbf_getc(mbc, mbf) mbfile_multi_getc (&(mbc), &(mbf))
|
||||
@ -363,20 +395,17 @@ index 0000000..11f1b12
|
||||
+
|
||||
+#define mb_iseof(mbc) ((mbc).bytes == 0)
|
||||
+
|
||||
+#ifndef _GL_INLINE_HEADER_BEGIN
|
||||
+ #error "Please include config.h first."
|
||||
+#endif
|
||||
+_GL_INLINE_HEADER_BEGIN
|
||||
+_GL_INLINE_HEADER_END
|
||||
+
|
||||
+#endif /* _MBFILE_H */
|
||||
diff --git a/m4/mbfile.m4 b/m4/mbfile.m4
|
||||
new file mode 100644
|
||||
index 0000000..8589902
|
||||
index 0000000..83068a9
|
||||
--- /dev/null
|
||||
+++ b/m4/mbfile.m4
|
||||
@@ -0,0 +1,14 @@
|
||||
+# mbfile.m4 serial 7
|
||||
+dnl Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc.
|
||||
+dnl Copyright (C) 2005, 2008-2023 Free Software Foundation, Inc.
|
||||
+dnl This file is free software; the Free Software Foundation
|
||||
+dnl gives unlimited permission to copy and/or distribute it,
|
||||
+dnl with or without modifications, as long as this notice is preserved.
|
||||
@ -5527,5 +5556,5 @@ index a6354dc..e43cd6e 100755
|
||||
@Tests = triple_test \@Tests;
|
||||
|
||||
--
|
||||
2.41.0
|
||||
2.43.0
|
||||
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Jan 21 09:50:55 UTC 2024 - Bernhard Voelker <mail@bernhard-voelker.de>
|
||||
|
||||
- coreutils-9.4.split-CVE-2024-0684.patch: Add upstream patch:
|
||||
split: do not shrink hold buffer. (CVE-2024-0684)
|
||||
- coreutils-i18n.patch: Update from Fedora to fix build on i686 on GCC14.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 17 16:15:24 UTC 2023 - Bernhard Voelker <mail@bernhard-voelker.de>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -70,6 +70,7 @@ Patch501: coreutils-test_without_valgrind.patch
|
||||
# tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS.
|
||||
Patch810: coreutils-skip-tests-rm-ext3-perf.patch
|
||||
Patch900: coreutils-tests-workaround-make-fdleak.patch
|
||||
Patch920: coreutils-9.4.split-CVE-2024-0684.patch
|
||||
BuildRequires: automake
|
||||
BuildRequires: gmp-devel
|
||||
BuildRequires: hostname
|
||||
@ -173,6 +174,7 @@ This package contains the documentation for the GNU Core Utilities.
|
||||
|
||||
%patch810
|
||||
%patch900
|
||||
%patch920 -p1
|
||||
|
||||
# ================================================
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user