From 79d651a2d90f80aed880ef226633cb2ec8afd081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Mon, 20 Apr 2015 15:21:51 +0100 Subject: [PATCH 1/7] sync/adjust LS_COLORS * coreutils-DIR_COLORS: sync with upstream (remove old Xiph formats, add m4a audio format). * coreutils-DIR_COLORS.256color: Likewise. Also sync with 8 color mode above, by removing the specific MULTIHARDLINK coloring, and giving MISSING symlink targets a red background. Also lighten the DIR and EXEC color a little (as discussed in bug 1196642) * coreutils-DIR_COLORS.lightbgcolor: Sync terminal types with other 2 databases above. --- coreutils-DIR_COLORS | 9 +++-- coreutils-DIR_COLORS.256color | 13 ++++--- coreutils-DIR_COLORS.lightbgcolor | 57 ++++++++++++++++++++++--------- coreutils.spec | 5 ++- 4 files changed, 55 insertions(+), 29 deletions(-) diff --git a/coreutils-DIR_COLORS b/coreutils-DIR_COLORS index 6abc937..10ebf7a 100644 --- a/coreutils-DIR_COLORS +++ b/coreutils-DIR_COLORS @@ -84,11 +84,11 @@ EIGHTBIT 1 # 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white #NORMAL 00 # no color code at all #FILE 00 # normal file, use no color at all -RESET 0 # reset to "normal" color +RESET 0 # reset to "normal" color DIR 01;34 # directory LINK 01;36 # symbolic link (If you set this to 'target' instead of a # numerical value, the color is as for the file pointed to.) -MULTIHARDLINK 00 # regular file with more than one link +MULTIHARDLINK 00 # regular file with more than one link FIFO 40;33 # pipe SOCK 01;35 # socket DOOR 01;35 # door @@ -209,8 +209,6 @@ EXEC 01;32 .emf 01;35 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axv 01;35 -.anx 01;35 .ogv 01;35 .ogx 01;35 @@ -218,6 +216,7 @@ EXEC 01;32 .aac 01;36 .au 01;36 .flac 01;36 +.m4a 01;36 .mid 01;36 .midi 01;36 .mka 01;36 @@ -228,8 +227,8 @@ EXEC 01;32 .wav 01;36 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axa 01;36 .oga 01;36 +.opus 01;36 .spx 01;36 .xspf 01;36 diff --git a/coreutils-DIR_COLORS.256color b/coreutils-DIR_COLORS.256color index 4efaca1..5290aea 100644 --- a/coreutils-DIR_COLORS.256color +++ b/coreutils-DIR_COLORS.256color @@ -55,17 +55,17 @@ EIGHTBIT 1 #NORMAL 00 # global default, no color code at all #FILE 00 # normal file, use no color at all RESET 0 # reset to "normal" color -DIR 38;5;27 # directory +DIR 38;5;33 # directory LINK 38;5;51 # symbolic link (If you set this to 'target' instead of a # numerical value, the color is as for the file pointed to.) -MULTIHARDLINK 44;38;5;15 # regular file with more than one link +MULTIHARDLINK 00 # regular file with more than one link FIFO 40;38;5;11 # pipe SOCK 38;5;13 # socket DOOR 38;5;5 # door BLK 48;5;232;38;5;11 # block device driver CHR 48;5;232;38;5;3 # character device driver ORPHAN 48;5;232;38;5;9 # symlink to nonexistent file, or non-stat'able file -MISSING 05;48;5;232;38;5;15 # ... and the files they point to +MISSING 01;05;37;41 # ... and the files they point to SETUID 48;5;196;38;5;15 # file that is setuid (u+s) SETGID 48;5;11;38;5;16 # file that is setgid (g+s) CAPABILITY 48;5;196;38;5;226 # file with capability @@ -74,7 +74,7 @@ OTHER_WRITABLE 48;5;10;38;5;21 # dir that is other-writable (o+w) and not sticky STICKY 48;5;21;38;5;15 # dir with the sticky bit set (+t) and not other-writable # This is for files with execute permission: -EXEC 38;5;34 +EXEC 38;5;40 # List any file extensions like '.gz' or '.tar' that you would like ls # to colorize below. Put the extension, a space, and the color init string. @@ -179,8 +179,6 @@ EXEC 38;5;34 .emf 38;5;13 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axv 38;5;13 -.anx 38;5;13 .ogv 38;5;13 .ogx 38;5;13 @@ -188,6 +186,7 @@ EXEC 38;5;34 .aac 38;5;45 .au 38;5;45 .flac 38;5;45 +.m4a 38;5;45 .mid 38;5;45 .midi 38;5;45 .mka 38;5;45 @@ -198,8 +197,8 @@ EXEC 38;5;34 .wav 38;5;45 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axa 38;5;45 .oga 38;5;45 +.opus 38;5;45 .spx 38;5;45 .xspf 38;5;45 diff --git a/coreutils-DIR_COLORS.lightbgcolor b/coreutils-DIR_COLORS.lightbgcolor index 43820b2..bf3e5b3 100644 --- a/coreutils-DIR_COLORS.lightbgcolor +++ b/coreutils-DIR_COLORS.lightbgcolor @@ -1,4 +1,4 @@ -# Configuration file for the color ls utility - modified for gray backgrounds +# Configuration file for the color ls utility - modified for lighter backgrounds # Synchronized with coreutils 8.5 dircolors # This file goes in the /etc directory, and must be world readable. # You can copy this file to .dir_colors in your $HOME directory to override @@ -16,8 +16,9 @@ COLOR tty OPTIONS -F -T 0 # Below, there should be one TERM entry for each termtype that is colorizable -TERM linux -TERM console +TERM Eterm +TERM ansi +TERM color-xterm TERM con132x25 TERM con132x30 TERM con132x43 @@ -29,20 +30,46 @@ TERM con80x43 TERM con80x50 TERM con80x60 TERM cons25 -TERM xterm -TERM xterm-16color -TERM xterm-88color -TERM xterm-256color +TERM console +TERM cygwin +TERM dtterm +TERM eterm-color +TERM gnome +TERM gnome-256color +TERM jfbterm +TERM konsole +TERM kterm +TERM linux +TERM linux-c +TERM mach-color +TERM mlterm +TERM putty +TERM putty-256color TERM rxvt TERM rxvt-256color +TERM rxvt-cygwin +TERM rxvt-cygwin-native TERM rxvt-unicode TERM rxvt-unicode-256color TERM rxvt-unicode256 -TERM xterm-color -TERM color-xterm +TERM screen +TERM screen-256color +TERM screen-256color-bce +TERM screen-bce +TERM screen-w +TERM screen.Eterm +TERM screen.rxvt +TERM screen.linux +TERM st +TERM st-256color +TERM terminator TERM vt100 -TERM dtterm -TERM color_xterm +TERM xterm +TERM xterm-16color +TERM xterm-256color +TERM xterm-88color +TERM xterm-color +TERM xterm-debian # EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output) EIGHTBIT 1 @@ -57,7 +84,7 @@ EIGHTBIT 1 # 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white #NORMAL 00 # no color code at all #FILE 00 # normal file, use no color at all -RESET 0 +RESET 0 # reset to "normal" color DIR 00;34 # directory LINK 00;36 # symbolic link (If you set this to 'target' instead of a # numerical value, the color is as for the file pointed to.) @@ -76,7 +103,6 @@ STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable - # This is for files with execute permission: EXEC 00;32 @@ -182,8 +208,6 @@ EXEC 00;32 .emf 00;35 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axv 00;35 -.anx 00;35 .ogv 00;35 .ogx 00;35 @@ -191,6 +215,7 @@ EXEC 00;32 .aac 00;36 .au 00;36 .flac 00;36 +.m4a 00;36 .mid 00;36 .midi 00;36 .mka 00;36 @@ -201,8 +226,8 @@ EXEC 00;32 .wav 00;36 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions -.axa 00;36 .oga 00;36 +.opus 00;36 .spx 00;36 .xspf 00;36 diff --git a/coreutils.spec b/coreutils.spec index 71c57ff..b482fa2 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.23 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -373,6 +373,9 @@ fi %{_sbindir}/chroot %changelog +* Mon Apr 20 2015 Pádraig Brady - 8.23-9 +- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) + * Sun Mar 22 2015 Peter Robinson 8.23-8 - Drop large ancient docs From 8d61fd496c22d7c0cca29cb1ef28c53e825ac58a Mon Sep 17 00:00:00 2001 From: Ondrej Oprala Date: Wed, 13 May 2015 10:53:55 +0200 Subject: [PATCH 2/7] sort - fix buffer overflow in some case conversions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - patch by Pádraig Brady --- coreutils-i18n.patch | 40 +++++++++++++++++++++++++++++++++++++--- coreutils.spec | 6 +++++- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch index e7005cf..948b555 100644 --- a/coreutils-i18n.patch +++ b/coreutils-i18n.patch @@ -3245,8 +3245,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c + + if (ignore || translate) + { -+ char *copy_a = (char *) xmalloc (lena + 1 + lenb + 1); -+ char *copy_b = copy_a + lena + 1; ++ char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2); ++ char *copy_b = copy_a + lena * MB_CUR_MAX + 1; + size_t new_len_a, new_len_b; + size_t i, j; + @@ -3452,6 +3452,39 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c } break; +diff -urNp coreutils-8.23-orig/tests/i18n/sort.sh coreutils-8.23/tests/i18n/sort.sh +--- coreutils-8.23-orig/tests/i18n/sort.sh 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-8.23/tests/i18n/sort.sh 2014-07-22 13:45:52.733652016 +0200 +@@ -0,0 +1,29 @@ ++#!/bin/sh ++# Verify sort's multi-byte support. ++ ++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src ++print_ver_ sort ++ ++export LC_ALL=en_US.UTF-8 ++locale -k LC_CTYPE | grep -q "charmap.*UTF-8" \ ++ || skip_ "No UTF-8 locale available" ++ ++# Enable heap consistency checkng on older systems ++export MALLOC_CHECK_=2 ++ ++ ++# check buffer overflow issue due to ++# expanding multi-byte representation due to case conversion ++# https://bugzilla.suse.com/show_bug.cgi?id=928749 ++cat < exp ++. ++ɑ ++EOF ++cat < out || fail=1 ++. ++ɑ ++EOF ++compare exp out || { fail=1; cat out; } ++ ++ ++Exit $fail diff -urNp coreutils-8.23-orig/src/unexpand.c coreutils-8.23/src/unexpand.c --- coreutils-8.23-orig/src/unexpand.c 2014-07-11 13:00:07.000000000 +0200 +++ coreutils-8.23/src/unexpand.c 2014-07-22 13:45:52.721651968 +0200 @@ -4099,11 +4132,12 @@ diff -urNp coreutils-8.23-orig/src/uniq.c coreutils-8.23/src/uniq.c diff -urNp coreutils-8.23-orig/tests/local.mk coreutils-8.23/tests/local.mk --- coreutils-8.23-orig/tests/local.mk 2014-07-22 13:45:10.494422571 +0200 +++ coreutils-8.23/tests/local.mk 2014-07-22 13:45:52.726651988 +0200 -@@ -331,6 +331,7 @@ all_tests = \ +@@ -331,6 +331,8 @@ all_tests = \ tests/misc/sort-discrim.sh \ tests/misc/sort-files0-from.pl \ tests/misc/sort-float.sh \ + tests/misc/sort-mb-tests.sh \ ++ tests/i18n/sort.sh \ tests/misc/sort-merge.pl \ tests/misc/sort-merge-fdlimit.sh \ tests/misc/sort-month.sh \ diff --git a/coreutils.spec b/coreutils.spec index b482fa2..94cd5e3 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.23 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -373,6 +373,10 @@ fi %{_sbindir}/chroot %changelog +* Wed May 13 2015 Ondrej Oprala - 8.23-9 - Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642) From a3f34c1ef0a982ec3baa1caca4f32c5742953deb Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 14 May 2015 14:35:17 +0200 Subject: [PATCH 3/7] coreutils.spec: fix a typo in the last changelog entry --- coreutils.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coreutils.spec b/coreutils.spec index 94cd5e3..e14d261 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -373,7 +373,7 @@ fi %{_sbindir}/chroot %changelog -* Wed May 13 2015 Ondrej Oprala - 8.23-10 - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady From 0bd8bcd1c013531d00802236d4e60c9076bda69e Mon Sep 17 00:00:00 2001 From: Jaromir Capik Date: Thu, 11 Jun 2015 15:16:00 +0200 Subject: [PATCH 4/7] Adding STAGE1 bootstrap recipe --- STAGE1-coreutils | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 STAGE1-coreutils diff --git a/STAGE1-coreutils b/STAGE1-coreutils new file mode 100644 index 0000000..bfe73b5 --- /dev/null +++ b/STAGE1-coreutils @@ -0,0 +1,7 @@ +srpm coreutils +mcd $BUILDDIR/$1 +(cd $SRC/${1}-*/ ; autoreconf -vif) +$SRC/${1}-*/configure $TCONFIGARGS --disable-pam +notparallel +make $J man1_MANS= V=1 +make $J man1_MANS= install DESTDIR=${ROOTFS} From c9593824f9e178a6889cde0cbdb9ba228b2cf6e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= Date: Thu, 4 Jun 2015 10:47:11 +0200 Subject: [PATCH 5/7] call utilities in colorls.* scripts with full path (#1222140) --- coreutils-colorls.csh | 18 +++++++++--------- coreutils-colorls.sh | 18 +++++++++--------- coreutils.spec | 5 ++++- 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/coreutils-colorls.csh b/coreutils-colorls.csh index a146dd1..f631762 100755 --- a/coreutils-colorls.csh +++ b/coreutils-colorls.csh @@ -16,7 +16,7 @@ set COLORS=/etc/DIR_COLORS if ($?TERM) then if ( -e "/etc/DIR_COLORS.256color" ) then - if ( "`tput colors`" == "256" ) then + if ( "`/usr/bin/tput colors`" == "256" ) then set COLORS=/etc/DIR_COLORS.256color endif endif @@ -30,29 +30,29 @@ if ($?TERM) then if ( -f ~/.dircolors."$TERM" ) set COLORS=~/.dircolors."$TERM" if ( -f ~/.dir_colors."$TERM" ) set COLORS=~/.dir_colors."$TERM" endif -set INCLUDE="`cat "$COLORS" | grep '^INCLUDE' | cut -d ' ' -f2-`" +set INCLUDE="`/usr/bin/cat "$COLORS" | /usr/bin/grep '^INCLUDE' | /usr/bin/cut -d ' ' -f2-`" if ( ! -e "$COLORS" ) exit -set _tmp="`mktemp .colorlsXXX -q --tmpdir=/tmp`" +set _tmp="`/usr/bin/mktemp .colorlsXXX -q --tmpdir=/tmp`" #if mktemp fails, exit when include was active, otherwise use $COLORS file if ( "$_tmp" == '' ) then if ( "$INCLUDE" == '' ) then - eval "`dircolors -c $COLORS`" + eval "`/usr/bin/dircolors -c $COLORS`" endif goto cleanup endif -if ( "$INCLUDE" != '' ) cat "$INCLUDE" >> $_tmp -grep -v '^INCLUDE' "$COLORS" >> $_tmp +if ( "$INCLUDE" != '' ) /usr/bin/cat "$INCLUDE" >> $_tmp +/usr/bin/grep -v '^INCLUDE' "$COLORS" >> $_tmp -eval "`dircolors -c $_tmp`" +eval "`/usr/bin/dircolors -c $_tmp`" -rm -f $_tmp +/usr/bin/rm -f $_tmp if ( "$LS_COLORS" == '' ) exit cleanup: -set color_none=`sed -n '/^COLOR.*none/Ip' < $COLORS` +set color_none=`/usr/bin/sed -n '/^COLOR.*none/Ip' < $COLORS` if ( "$color_none" != '' ) then unset color_none exit diff --git a/coreutils-colorls.sh b/coreutils-colorls.sh index f9484b3..cfd2288 100755 --- a/coreutils-colorls.sh +++ b/coreutils-colorls.sh @@ -15,7 +15,7 @@ if [ -z "$USER_LS_COLORS" ]; then for colors in "$HOME/.dir_colors.$TERM" "$HOME/.dircolors.$TERM" \ "$HOME/.dir_colors" "$HOME/.dircolors"; do [ -e "$colors" ] && COLORS="$colors" && \ - INCLUDE="`cat "$COLORS" | grep '^INCLUDE' | cut -d ' ' -f2-`" && \ + INCLUDE="`/usr/bin/cat "$COLORS" | /usr/bin/grep '^INCLUDE' | /usr/bin/cut -d ' ' -f2-`" && \ break done @@ -23,7 +23,7 @@ if [ -z "$USER_LS_COLORS" ]; then COLORS="/etc/DIR_COLORS.$TERM" [ -z "$COLORS" ] && [ -e "/etc/DIR_COLORS.256color" ] && \ - [ "x`tty -s && tput colors 2>/dev/null`" = "x256" ] && \ + [ "x`/usr/bin/tty -s && /usr/bin/tput colors 2>/dev/null`" = "x256" ] && \ COLORS="/etc/DIR_COLORS.256color" [ -z "$COLORS" ] && [ -e "/etc/DIR_COLORS" ] && \ @@ -34,20 +34,20 @@ if [ -z "$USER_LS_COLORS" ]; then if [ -e "$INCLUDE" ]; then - TMP="`mktemp .colorlsXXX -q --tmpdir=/tmp`" + TMP="`/usr/bin/mktemp .colorlsXXX -q --tmpdir=/tmp`" [ -z "$TMP" ] && return - cat "$INCLUDE" >> $TMP - grep -v '^INCLUDE' "$COLORS" >> $TMP + /usr/bin/cat "$INCLUDE" >> $TMP + /usr/bin/grep -v '^INCLUDE' "$COLORS" >> $TMP - eval "`dircolors --sh $TMP 2>/dev/null`" - rm -f $TMP + eval "`/usr/bin/dircolors --sh $TMP 2>/dev/null`" + /usr/bin/rm -f $TMP else - eval "`dircolors --sh $COLORS 2>/dev/null`" + eval "`/usr/bin/dircolors --sh $COLORS 2>/dev/null`" fi [ -z "$LS_COLORS" ] && return - grep -qi "^COLOR.*none" $COLORS >/dev/null 2>/dev/null && return + /usr/bin/grep -qi "^COLOR.*none" $COLORS >/dev/null 2>/dev/null && return fi unset TMP COLORS INCLUDE diff --git a/coreutils.spec b/coreutils.spec index e14d261..61adf85 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.23 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ @@ -373,6 +373,9 @@ fi %{_sbindir}/chroot %changelog +* Wed Sep 16 2015 Kamil Dudka - 8.23-11 +- call utilities in colorls.* scripts with full path (#1222140) + * Wed May 13 2015 Ondrej Oprala - 8.23-10 - sort - fix buffer overflow in some case conversions - patch by Pádraig Brady From 4989cfaef5bcc6dad9ece95b25d8bf0aefcce902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= Date: Thu, 16 Jul 2015 10:35:36 +0200 Subject: [PATCH 6/7] use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042 --- coreutils-i18n.patch | 6 ++++-- coreutils.spec | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch index 948b555..90d2063 100644 --- a/coreutils-i18n.patch +++ b/coreutils-i18n.patch @@ -3132,7 +3132,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c else if (key->random) diff = compare_random (ta, tlena, tb, tlenb); else if (key->version) -@@ -2695,6 +3135,209 @@ keycompare (struct line const *a, struct +@@ -2694,6 +3134,211 @@ keycompare (struct line const *a, struct return key->reverse ? -diff : diff; } @@ -3245,7 +3245,9 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c + + if (ignore || translate) + { -+ char *copy_a = (char *) xmalloc ((lena + lenb) * MB_CUR_MAX + 2); ++ if (SIZE_MAX - lenb - 2 < lena) ++ xalloc_die (); ++ char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX); + char *copy_b = copy_a + lena * MB_CUR_MAX + 1; + size_t new_len_a, new_len_b; + size_t i, j; diff --git a/coreutils.spec b/coreutils.spec index 61adf85..7c691cb 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -374,6 +374,7 @@ fi %changelog * Wed Sep 16 2015 Kamil Dudka - 8.23-11 +- use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042 - call utilities in colorls.* scripts with full path (#1222140) * Wed May 13 2015 Ondrej Oprala - 8.23-10 From fc04e600ea40c4705e86f145657d874c9bcf0f57 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 16 Sep 2015 19:58:21 +0200 Subject: [PATCH 7/7] Resolves: #1259942 - fix memory leak in sort/I18N MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patches written by Pádraig. Note that the corresponding i18n/sort-month test was not included because it breaks unless sort is compiled -Dlint and we do not want to decrease performance of the resulting RPMs (and valgrind is not installed in production buildroots anyway). --- coreutils-i18n.patch | 67 +++++++++++++++++++++++++++++++------------- coreutils.spec | 1 + 2 files changed, 48 insertions(+), 20 deletions(-) diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch index 90d2063..7cdea77 100644 --- a/coreutils-i18n.patch +++ b/coreutils-i18n.patch @@ -3047,8 +3047,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c + register int lo = 0, hi = MONTHS_PER_YEAR, result; + char *tmp; + size_t wclength, mblength; -+ const char **pp; -+ const wchar_t **wpp; ++ const char *pp; ++ const wchar_t *wpp; + wchar_t *month_wcs; + mbstate_t state; + @@ -3061,17 +3061,19 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c + if (len == 0) + return 0; + -+ month = (char *) xmalloc (len + 1); ++ if (SIZE_MAX - len < 1) ++ xalloc_die (); + -+ tmp = (char *) xmalloc (len + 1); ++ month = (char *) xnmalloc (len + 1, MB_CUR_MAX); ++ ++ pp = tmp = (char *) xnmalloc (len + 1, MB_CUR_MAX); + memcpy (tmp, s, len); + tmp[len] = '\0'; -+ pp = (const char **)&tmp; -+ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t)); -+ memset (&state, '\0', sizeof(mbstate_t)); ++ wpp = month_wcs = (wchar_t *) xnmalloc (len + 1, sizeof (wchar_t)); ++ memset (&state, '\0', sizeof (mbstate_t)); + -+ wclength = mbsrtowcs (month_wcs, pp, len + 1, &state); -+ if (wclength == (size_t)-1 || *pp != NULL) ++ wclength = mbsrtowcs (month_wcs, &pp, len + 1, &state); ++ if (wclength == (size_t)-1 || pp != NULL) + error (SORT_FAILURE, 0, _("Invalid multibyte input %s."), quote(s)); + + for (i = 0; i < wclength; i++) @@ -3084,10 +3086,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c + } + } + -+ wpp = (const wchar_t **)&month_wcs; -+ -+ mblength = wcsrtombs (month, wpp, len + 1, &state); -+ assert (mblength != (-1) && *wpp == NULL); ++ mblength = wcsrtombs (month, &wpp, (len + 1) * MB_CUR_MAX, &state); ++ assert (mblength != (-1) && wpp == NULL); + + do + { @@ -3132,7 +3132,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c else if (key->random) diff = compare_random (ta, tlena, tb, tlenb); else if (key->version) -@@ -2694,6 +3134,211 @@ keycompare (struct line const *a, struct +@@ -2695,6 +3135,211 @@ keycompare (struct line const *a, struct line const *b) return key->reverse ? -diff : diff; } @@ -3344,7 +3344,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c /* Compare two lines A and B, returning negative, zero, or positive depending on whether A compares less than, equal to, or greater than B. */ -@@ -2722,7 +3347,7 @@ compare (struct line const *a, struct li +@@ -2722,7 +3367,7 @@ compare (struct line const *a, struct line const *b) diff = - NONZERO (blen); else if (blen == 0) diff = 1; @@ -3353,7 +3353,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c { /* Note xmemcoll0 is a performance enhancement as it will not unconditionally write '\0' after the -@@ -4121,6 +4746,7 @@ set_ordering (char const *s, struct keyf +@@ -4121,6 +4766,7 @@ set_ordering (char const *s, struct keyfield *key, enum blanktype blanktype) break; case 'f': key->translate = fold_toupper; @@ -3361,7 +3361,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c break; case 'g': key->general_numeric = true; -@@ -4198,7 +4824,7 @@ main (int argc, char **argv) +@@ -4198,7 +4844,7 @@ main (int argc, char **argv) initialize_exit_failure (SORT_FAILURE); hard_LC_COLLATE = hard_locale (LC_COLLATE); @@ -3370,7 +3370,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c hard_LC_TIME = hard_locale (LC_TIME); #endif -@@ -4219,6 +4845,29 @@ main (int argc, char **argv) +@@ -4219,6 +4865,29 @@ main (int argc, char **argv) thousands_sep = -1; } @@ -3400,7 +3400,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c have_read_stdin = false; inittables (); -@@ -4493,13 +5142,34 @@ main (int argc, char **argv) +@@ -4493,13 +5162,34 @@ main (int argc, char **argv) case 't': { @@ -3439,7 +3439,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c else { /* Provoke with 'sort -txx'. Complain about -@@ -4510,9 +5180,12 @@ main (int argc, char **argv) +@@ -4510,9 +5200,12 @@ main (int argc, char **argv) quote (optarg)); } } @@ -3454,6 +3454,33 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c } break; +@@ -4682,10 +5375,10 @@ main (int argc, char **argv) + + if (nfiles == 0) + { +- static char *minus = (char *) "-"; + nfiles = 1; + free (files); +- files = − ++ files = xmalloc (sizeof *files); ++ *files = (char *) "-"; + } + + /* Need to re-check that we meet the minimum requirement for memory +@@ -4743,6 +5436,13 @@ main (int argc, char **argv) + sort (files, nfiles, outfile, nthreads); + } + ++#ifdef lint ++ if (files_from) ++ readtokens0_free (&tok); ++ else ++ free (files); ++#endif ++ + if (have_read_stdin && fclose (stdin) == EOF) + die (_("close failed"), "-"); + diff -urNp coreutils-8.23-orig/tests/i18n/sort.sh coreutils-8.23/tests/i18n/sort.sh --- coreutils-8.23-orig/tests/i18n/sort.sh 1970-01-01 01:00:00.000000000 +0100 +++ coreutils-8.23/tests/i18n/sort.sh 2014-07-22 13:45:52.733652016 +0200 diff --git a/coreutils.spec b/coreutils.spec index 7c691cb..2cbf6c0 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -374,6 +374,7 @@ fi %changelog * Wed Sep 16 2015 Kamil Dudka - 8.23-11 +- fix memory leak in sort/I18N (patches written by Pádraig, #1259942) - use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042 - call utilities in colorls.* scripts with full path (#1222140)