forked from pool/coreutils
Accepting request 226325 from Base:System
- Add upstream patch (gnu#16855): * coreutils-shuf-repeat-avoid-crash-when-input-empty.patch: Add patch for shuf: with -r, don't dump core if the input is empty. - Add upstream patch (gnu#16872): * coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for date: fix crash or infinite loop when parsing a malformed TZ="". - Add upstream patch (gnu#17010): * coreutils-ln-avoid-segfault-for-empty-target.patch: Add patch to avoid that ln(1) segfaults for an empty, relative target. OBS-URL: https://build.opensuse.org/request/show/226325 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/coreutils?expand=0&rev=102
This commit is contained in:
parent
f7ba1756f1
commit
914f747484
154
coreutils-date-avoid-crash-in-TZ-parsing.patch
Normal file
154
coreutils-date-avoid-crash-in-TZ-parsing.patch
Normal file
@ -0,0 +1,154 @@
|
||||
Port upstream fix for date(1), to be removed with v8.23:
|
||||
|
||||
date could crash or go into an infinite loop when parsing a malformed TZ="".
|
||||
[bug introduced with the --date='TZ="" ..' parsing feature in coreutils-5.3.0]
|
||||
|
||||
This patch consists of 2 upstream commits:
|
||||
|
||||
http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2
|
||||
http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=a4faa6a0a3
|
||||
|
||||
While the former commit in gnulib actually fixes the issue (and adds a test
|
||||
there), the latter commit in upstream coreutils pulls in that change from
|
||||
gnulib and adds a test for the previously crashing date(1) command.
|
||||
|
||||
-----------------------------------------------
|
||||
commit a10acfb1d2118f9a180181d3fed5399dbbe1df3c
|
||||
Author: Pádraig Brady <P@draigBrady.com>
|
||||
Date: Tue Feb 25 10:58:48 2014 +0000
|
||||
|
||||
parse-datetime: fix crash or infloop in TZ="" parsing
|
||||
|
||||
This was reported in http://bugs.gnu.org/16872
|
||||
from the coreutils command: date -d 'TZ="""'
|
||||
|
||||
The infinite loop for this case was present since the
|
||||
initial TZ="" parsing support in commit de95bdc2 29-10-2004.
|
||||
This was changed to a crash or heap corruption depending
|
||||
on the platform with commit 2e3e4195 18-01-2010.
|
||||
|
||||
* lib/parse-datetime.y (parse_datetime): Break out of the
|
||||
TZ="" parsing loop once the second significant " is found.
|
||||
Also skip over any subsequent whitespace to be consistent
|
||||
with the non TZ= case.
|
||||
* tests/test-parse-datetime.c: Add test cases for TZ="" parsing.
|
||||
|
||||
Omit the NEWS entry from the original patch.
|
||||
|
||||
-----------------------------------------------
|
||||
commit a4faa6a0a3ae93c01d036d830ae7a21b74913baf
|
||||
Author: Pádraig Brady <P@draigBrady.com>
|
||||
Date: Thu Feb 27 23:43:34 2014 +0000
|
||||
|
||||
date: fix crash or infinite loop when parsing a malformed TZ=""
|
||||
|
||||
* gnulib: Update to incorporate the fix.
|
||||
This is the only change in this gnulib update.
|
||||
* tests/misc/date.pl: Add a test for this case.
|
||||
|
||||
Fixes http://bugs.gnu.org/16872
|
||||
|
||||
Omit the NEWS entry from the original patch.
|
||||
---
|
||||
gnulib-tests/test-parse-datetime.c | 16 ++++++++++++++++
|
||||
lib/parse-datetime.c | 7 +++++--
|
||||
lib/parse-datetime.y | 7 +++++--
|
||||
tests/misc/date.pl | 7 +++++++
|
||||
4 files changed, 33 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: lib/parse-datetime.y
|
||||
===================================================================
|
||||
--- lib/parse-datetime.y.orig
|
||||
+++ lib/parse-datetime.y
|
||||
@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result,
|
||||
char tz1buf[TZBUFSIZE];
|
||||
bool large_tz = TZBUFSIZE < tzsize;
|
||||
bool setenv_ok;
|
||||
- /* Free tz0, in case this is the 2nd or subsequent time through. */
|
||||
- free (tz0);
|
||||
tz0 = get_tz (tz0buf);
|
||||
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
|
||||
for (s = tzbase; *s != '"'; s++)
|
||||
@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result,
|
||||
if (!setenv_ok)
|
||||
goto fail;
|
||||
tz_was_altered = true;
|
||||
+
|
||||
p = s + 1;
|
||||
+ while (c = *p, c_isspace (c))
|
||||
+ p++;
|
||||
+
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
|
||||
Index: lib/parse-datetime.c
|
||||
===================================================================
|
||||
--- lib/parse-datetime.c.orig
|
||||
+++ lib/parse-datetime.c
|
||||
@@ -3207,8 +3207,6 @@ parse_datetime (struct timespec *result,
|
||||
char tz1buf[TZBUFSIZE];
|
||||
bool large_tz = TZBUFSIZE < tzsize;
|
||||
bool setenv_ok;
|
||||
- /* Free tz0, in case this is the 2nd or subsequent time through. */
|
||||
- free (tz0);
|
||||
tz0 = get_tz (tz0buf);
|
||||
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
|
||||
for (s = tzbase; *s != '"'; s++)
|
||||
@@ -3220,7 +3218,12 @@ parse_datetime (struct timespec *result,
|
||||
if (!setenv_ok)
|
||||
goto fail;
|
||||
tz_was_altered = true;
|
||||
+
|
||||
p = s + 1;
|
||||
+ while (c = *p, c_isspace (c))
|
||||
+ p++;
|
||||
+
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
|
||||
Index: tests/misc/date.pl
|
||||
===================================================================
|
||||
--- tests/misc/date.pl.orig
|
||||
+++ tests/misc/date.pl
|
||||
@@ -287,6 +287,13 @@ my @Tests =
|
||||
{ERR => "date: invalid date '\\260'\n"},
|
||||
{EXIT => 1},
|
||||
],
|
||||
+
|
||||
+ # From coreutils-5.3.0 to 8.22 inclusive
|
||||
+ # this would either infinite loop or crash
|
||||
+ ['invalid-TZ-crash', "-d 'TZ=\"\"\"'",
|
||||
+ {ERR => "date: invalid date 'TZ=\"\"\"'\n"},
|
||||
+ {EXIT => 1},
|
||||
+ ],
|
||||
);
|
||||
|
||||
# Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364.
|
||||
Index: gnulib-tests/test-parse-datetime.c
|
||||
===================================================================
|
||||
--- gnulib-tests/test-parse-datetime.c.orig
|
||||
+++ gnulib-tests/test-parse-datetime.c
|
||||
@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv)
|
||||
starting with a high-bit-set byte would be treated like "0". */
|
||||
ASSERT ( ! parse_datetime (&result, "\xb0", &now));
|
||||
|
||||
+ /* Exercise TZ="" parsing code. */
|
||||
+ /* These two would infloop or segfault before Feb 2014. */
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now));
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now));
|
||||
+ /* Exercise invalid patterns. */
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"", &now));
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now));
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now));
|
||||
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now));
|
||||
+ /* Exercise valid patterns. */
|
||||
+ ASSERT ( parse_datetime (&result, "TZ=\"\"", &now));
|
||||
+ ASSERT ( parse_datetime (&result, "TZ=\"\" ", &now));
|
||||
+ ASSERT ( parse_datetime (&result, " TZ=\"\"", &now));
|
||||
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\\\"", &now));
|
||||
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\"\"", &now));
|
||||
+
|
||||
return 0;
|
||||
}
|
75
coreutils-ln-avoid-segfault-for-empty-target.patch
Normal file
75
coreutils-ln-avoid-segfault-for-empty-target.patch
Normal file
@ -0,0 +1,75 @@
|
||||
Port upstream commit, to be removed with v8.23:
|
||||
|
||||
http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=0093ac8d57
|
||||
|
||||
ln: with -sr, don't segfault for a TARGET of ''
|
||||
|
||||
ln -sr '' F no longer segfaults. Now works as expected.
|
||||
[bug introduced with the --relative feature in coreutils-8.16]
|
||||
|
||||
The changes in NEWS and THANKS.in in the original patch have been omitted.
|
||||
|
||||
-----------------------------------------------
|
||||
commit 0093ac8d57a0f1a16fd09d98f6a524dddb6053e7
|
||||
Author: Jim Meyering <meyering@fb.com>
|
||||
Date: Thu Mar 13 17:05:04 2014 -0700
|
||||
|
||||
ln: with -sr, don't segfault for a TARGET of ''
|
||||
|
||||
Prior to this change, "ln -sr '' F" would segfault, attempting
|
||||
to read path2[1] in relpath.c's path_common_prefix function.
|
||||
This problem arises whenever canonicalize_filename_mode returns
|
||||
NULL.
|
||||
* src/ln.c (convert_abs_rel): Call relpath only when
|
||||
both canonicalize_filename_mode calls return non-NULL.
|
||||
* tests/ln/relative.sh: Add a test to trigger this failure.
|
||||
Reported by Erik Bernstein in 739752@bugs.debian.org.
|
||||
Fixes http://bugs.gnu.org/17010.
|
||||
|
||||
---
|
||||
src/ln.c | 16 ++++++++++------
|
||||
tests/ln/relative.sh | 5 +++++
|
||||
2 files changed, 15 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: src/ln.c
|
||||
===================================================================
|
||||
--- src/ln.c.orig
|
||||
+++ src/ln.c
|
||||
@@ -139,13 +139,17 @@ convert_abs_rel (const char *from, const
|
||||
char *realdest = canonicalize_filename_mode (targetdir, CAN_MISSING);
|
||||
char *realfrom = canonicalize_filename_mode (from, CAN_MISSING);
|
||||
|
||||
- /* Write to a PATH_MAX buffer. */
|
||||
- char *relative_from = xmalloc (PATH_MAX);
|
||||
-
|
||||
- if (!relpath (realfrom, realdest, relative_from, PATH_MAX))
|
||||
+ char *relative_from = NULL;
|
||||
+ if (realdest && realfrom)
|
||||
{
|
||||
- free (relative_from);
|
||||
- relative_from = NULL;
|
||||
+ /* Write to a PATH_MAX buffer. */
|
||||
+ relative_from = xmalloc (PATH_MAX);
|
||||
+
|
||||
+ if (!relpath (realfrom, realdest, relative_from, PATH_MAX))
|
||||
+ {
|
||||
+ free (relative_from);
|
||||
+ relative_from = NULL;
|
||||
+ }
|
||||
}
|
||||
|
||||
free (targetdir);
|
||||
Index: tests/ln/relative.sh
|
||||
===================================================================
|
||||
--- tests/ln/relative.sh.orig
|
||||
+++ tests/ln/relative.sh
|
||||
@@ -45,4 +45,9 @@ mkdir web
|
||||
ln -sr latest web/latest
|
||||
test $(readlink web/latest) = '../release2' || fail=1
|
||||
|
||||
+# Expect this to fail with exit status 1, or to succeed quietly (freebsd).
|
||||
+# Prior to coreutils-8.23, it would segfault.
|
||||
+ln -sr '' F
|
||||
+case $? in [01]) ;; *) fail=1;; esac
|
||||
+
|
||||
Exit $fail
|
85
coreutils-shuf-repeat-avoid-crash-when-input-empty.patch
Normal file
85
coreutils-shuf-repeat-avoid-crash-when-input-empty.patch
Normal file
@ -0,0 +1,85 @@
|
||||
Port upstream fix for shuf, to be removed with v8.23:
|
||||
|
||||
shuf --repeat no longer dumps core if the input is empty.
|
||||
[bug introduced with the --repeat feature in coreutils-8.22]
|
||||
|
||||
This patch squashes these 2 upstream commits:
|
||||
|
||||
http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=9f60f37a28
|
||||
http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=5475e6083f
|
||||
|
||||
While the former implements the actual fix for the problem,
|
||||
the latter only changes the new error diagnostic. The change in the
|
||||
NEWS entry in the latter patch is not visible in the following patch
|
||||
because that hunk is omitted; however, that corrected NEWS entry is
|
||||
above.
|
||||
|
||||
-----------------------------------------------
|
||||
commit 9f60f37a28c37acb66aa38003ccaa07f13abbd9d
|
||||
Author: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Sun Feb 23 15:34:48 2014 -0800
|
||||
|
||||
shuf: with -r, don't dump core if the input is empty
|
||||
|
||||
Problem reported by valiant xiao in <http://bugs.gnu.org/16855>.
|
||||
* src/shuf.c (main): With -r, report an error if the input is empty.
|
||||
* tests/misc/shuf.sh: Test for the bug.
|
||||
|
||||
-----------------------------------------------
|
||||
commit 5475e6083f46a2f9f7ccf4173f391bf518421523
|
||||
Author: Bernhard Voelker <mail@bernhard-voelker.de>
|
||||
Date: Wed Feb 26 08:36:50 2014 +0100
|
||||
|
||||
shuf: convert error diagnostic to lowercase
|
||||
|
||||
* src/shuf.c (main): s/No/no/, introduced by commit v8.22-25-g9f60f37.
|
||||
|
||||
Prompted by the syntax-check rule sc_error_message_uppercase
|
||||
|
||||
---
|
||||
src/shuf.c | 15 +++++++++++----
|
||||
tests/misc/shuf.sh | 4 ++++
|
||||
2 files changed, 15 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: src/shuf.c
|
||||
===================================================================
|
||||
--- src/shuf.c.orig
|
||||
+++ src/shuf.c
|
||||
@@ -576,11 +576,18 @@ main (int argc, char **argv)
|
||||
/* Generate output according to requested method */
|
||||
if (repeat)
|
||||
{
|
||||
- if (input_range)
|
||||
- i = write_random_numbers (randint_source, head_lines,
|
||||
- lo_input, hi_input, eolbyte);
|
||||
+ if (head_lines == 0)
|
||||
+ i = 0;
|
||||
else
|
||||
- i = write_random_lines (randint_source, head_lines, line, n_lines);
|
||||
+ {
|
||||
+ if (n_lines == 0)
|
||||
+ error (EXIT_FAILURE, 0, _("no lines to repeat"));
|
||||
+ if (input_range)
|
||||
+ i = write_random_numbers (randint_source, head_lines,
|
||||
+ lo_input, hi_input, eolbyte);
|
||||
+ else
|
||||
+ i = write_random_lines (randint_source, head_lines, line, n_lines);
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
Index: tests/misc/shuf.sh
|
||||
===================================================================
|
||||
--- tests/misc/shuf.sh.orig
|
||||
+++ tests/misc/shuf.sh
|
||||
@@ -43,6 +43,10 @@ compare in out1 || { fail=1; echo "not a
|
||||
t=$(shuf -e a b c d e | sort | fmt)
|
||||
test "$t" = 'a b c d e' || { fail=1; echo "not a permutation" 1>&2; }
|
||||
|
||||
+# coreutils-8.22 dumps core.
|
||||
+shuf -er
|
||||
+test $? -eq 1 || fail=1
|
||||
+
|
||||
# Before coreutils-6.3, this would infloop.
|
||||
# "seq 1860" produces 8193 (8K + 1) bytes of output.
|
||||
seq 1860 | shuf > /dev/null || fail=1
|
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 20:38:48 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#16855):
|
||||
* coreutils-shuf-repeat-avoid-crash-when-input-empty.patch: Add
|
||||
patch for shuf: with -r, don't dump core if the input is empty.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#16872):
|
||||
* coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for
|
||||
date: fix crash or infinite loop when parsing a malformed TZ="".
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#17010):
|
||||
* coreutils-ln-avoid-segfault-for-empty-target.patch: Add patch
|
||||
to avoid that ln(1) segfaults for an empty, relative target.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 24 14:59:35 CET 2014 - pth@suse.de
|
||||
|
||||
|
@ -131,6 +131,17 @@ Patch303: coreutils-tests-shorten-extreme-factor-tests.patch
|
||||
# tests: avoid test framework failure if the file system lacks ACL support
|
||||
Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch
|
||||
|
||||
# Port upstream patch, to be removed with v8.23:
|
||||
# ln: with -sr, don't segfault for a TARGET of ''
|
||||
Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch
|
||||
|
||||
# Upstream patch for date(1), to be removed with v8.23:
|
||||
Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch
|
||||
|
||||
# Upstream patch for shuf(1), to be removed with v8.23:
|
||||
# shuf --repeat no longer dumps core if the input is empty.
|
||||
Patch307: coreutils-shuf-repeat-avoid-crash-when-input-empty.patch
|
||||
|
||||
# ================================================
|
||||
%description
|
||||
These are the GNU core utilities. This package is the union of
|
||||
@ -172,6 +183,9 @@ the GNU fileutils, sh-utils, and textutils packages.
|
||||
%patch302
|
||||
%patch303
|
||||
%patch304
|
||||
%patch305
|
||||
%patch306
|
||||
%patch307
|
||||
|
||||
#???## We need to statically link to gmp, otherwise we have a build loop
|
||||
#???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in
|
||||
|
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 20:38:48 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#16855):
|
||||
* coreutils-shuf-repeat-avoid-crash-when-input-empty.patch: Add
|
||||
patch for shuf: with -r, don't dump core if the input is empty.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#16872):
|
||||
* coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for
|
||||
date: fix crash or infinite loop when parsing a malformed TZ="".
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de
|
||||
|
||||
- Add upstream patch (gnu#17010):
|
||||
* coreutils-ln-avoid-segfault-for-empty-target.patch: Add patch
|
||||
to avoid that ln(1) segfaults for an empty, relative target.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 24 14:59:35 CET 2014 - pth@suse.de
|
||||
|
||||
|
@ -131,6 +131,17 @@ Patch303: coreutils-tests-shorten-extreme-factor-tests.patch
|
||||
# tests: avoid test framework failure if the file system lacks ACL support
|
||||
Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch
|
||||
|
||||
# Port upstream patch, to be removed with v8.23:
|
||||
# ln: with -sr, don't segfault for a TARGET of ''
|
||||
Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch
|
||||
|
||||
# Upstream patch for date(1), to be removed with v8.23:
|
||||
Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch
|
||||
|
||||
# Upstream patch for shuf(1), to be removed with v8.23:
|
||||
# shuf --repeat no longer dumps core if the input is empty.
|
||||
Patch307: coreutils-shuf-repeat-avoid-crash-when-input-empty.patch
|
||||
|
||||
# ================================================
|
||||
%description
|
||||
These are the GNU core utilities. This package is the union of
|
||||
@ -172,6 +183,9 @@ the GNU fileutils, sh-utils, and textutils packages.
|
||||
%patch302
|
||||
%patch303
|
||||
%patch304
|
||||
%patch305
|
||||
%patch306
|
||||
%patch307
|
||||
|
||||
#???## We need to statically link to gmp, otherwise we have a build loop
|
||||
#???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in
|
||||
|
Loading…
Reference in New Issue
Block a user