packages/gnulib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade to version 0-43.20220212git

Browse Source
This commit is contained in:
wang--ge 2022-06-21 18:54:06 +08:00
parent 281d9706ed
commit b1a3eb7a42
7 changed files with 245 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
CVE-2018-17942.patch
View File

@ -1,84 +0,0 @@
From ac5a6fe5b87b4d61e03645598b33c33d964c62f0 Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Sun, 23 Sep 2018 14:13:52 +0200
Subject: [PATCH] vasnprintf: Fix heap memory overrun bug.
Reported by Ben Pfaff <blp@cs.stanford.edu> in
<https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>.
* lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of
memory.
* tests/test-vasnprintf.c (test_function): Add another test.
---
ChangeLog | 9 +++++++++
lib/vasnprintf.c | 4 +++-
tests/test-vasnprintf.c | 21 ++++++++++++++++++++-
3 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7daeebe..1de72f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2018-09-23 Bruno Haible <bruno@clisp.org>
+
+ vasnprintf: Fix heap memory overrun bug.
+ Reported by Ben Pfaff <blp@cs.stanford.edu> in
+ <https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html>.
+ * lib/vasnprintf.c (convert_to_decimal): Allocate one more byte of
+ memory.
+ * tests/test-vasnprintf.c (test_function): Add another test.
+
2018-07-17 Paul Eggert <eggert@cs.ucla.edu>
hard-locale: simplify by removing hard-locale.m4
diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
index 56ffbe3..30d021b 100644
--- a/lib/vasnprintf.c
+++ b/lib/vasnprintf.c
@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
size_t a_len = a.nlimbs;
/* 0.03345 is slightly larger than log(2)/(9*log(10)). */
size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
+ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
+ digits of a, followed by 1 byte for the terminating NUL. */
+ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
if (c_ptr != NULL)
{
char *d_ptr = c_ptr;
diff --git a/tests/test-vasnprintf.c b/tests/test-vasnprintf.c
index 19731bc..93d81d7 100644
--- a/tests/test-vasnprintf.c
+++ b/tests/test-vasnprintf.c
@@ -53,7 +53,26 @@ test_function (char * (*my_asnprintf) (char *, size_t *, const char *, ...))
ASSERT (result != NULL);
ASSERT (strcmp (result, "12345") == 0);
ASSERT (length == 5);
- if (size < 6)
+ if (size < 5 + 1)
+ ASSERT (result != buf);
+ ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0);
+ if (result != buf)
+ free (result);
+ }
+
+ /* Note: This test assumes IEEE 754 representation of 'double' floats. */
+ for (size = 0; size <= 8; size++)
+ {
+ size_t length;
+ char *result;
+
+ memcpy (buf, "DEADBEEF", 8);
+ length = size;
+ result = my_asnprintf (buf, &length, "%2.0f", 1.6314159265358979e+125);
+ ASSERT (result != NULL);
+ ASSERT (strcmp (result, "163141592653589790215729350939528493057529598899734151772468186268423257777068536614838678161083520756952076273094236944990208") == 0);
+ ASSERT (length == 126);
+ if (size < 126 + 1)
ASSERT (result != buf);
ASSERT (memcmp (buf + size, &"DEADBEEF"[size], 8 - size) == 0);
if (result != buf)
--
2.30.0

33
check-module.1 Normal file
View File

@ -0,0 +1,33 @@
.TH CHECK-MODULE 1 "2006-06-01" "0.0.20060601" "GNU Portability Library"
.SH NAME
check-module \- program to check gnulib modules.
.SH SYNOPSIS
.B check-module [OPTIONS] FILE...
.SH DESCRIPTION
The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your programs.
.PP
.B check-module
reads a module description file and derives the set of files included directly by any .c or .h file listed in the `Files:' section. First, it takes the union of all such sets for any dependent modules. Then, it compares that set with the set derived from the names listed in the various Files: sections.
.PP
.SH OPTIONS
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-v, \-\-version
Show version of program.
.SH BUGS
Report bugs to <bug-gnulib@gnu.org>.
.SH SEE ALSO
.BR gnulib (1).
.SH AUTHOR
check-module was written by the Free Software Foundation and others (sources of various origins).
.PP
This manual page was written by Daniel Baumann <daniel@debian.org>, for the Debian project (but may be used by others).

BIN
gnulib-68df637.tar.gz
View File

Binary file not shown.

BIN
gnulib-9f48fb9.tar.gz Normal file
View File

Binary file not shown.

182
gnulib-tool.1 Normal file
View File

@ -0,0 +1,182 @@
.TH GNULIB\-TOOL 1 "2006-06-01" "0.0.20060601" "GNU Portability Library"
.SH NAME
gnulib\-tool \- program for authors or maintainers which want to import modules
from gnulib into their packages.
.SH SYNOPSIS
.B gnulib\-tool
\-\-list
.PP
.B gnulib\-tool
\-\-import [module1 ... moduleN]
.PP
.B gnulib\-tool
\-\-update
.PP
.B gnulib\-tool
\-\-create-testdir \-\-dir=directory module1 ... moduleN
.PP
.B gnulib\-tool
\-\-create-megatestdir \-\-dir=directory [module1 ... moduleN]
.PP
.B gnulib\-tool
\-\-test \-\-dir=directory module1 ... moduleN
.PP
.B gnulib\-tool
\-\-megatest \-\-dir=directory [module1 ... moduleN]
.PP
.B gnulib\-tool
\-\-extract-description module
.PP
.B gnulib\-tool
\-\-extract-filelist module
.PP
.B gnulib\-tool
\-\-extract-dependencies module
.PP
.B gnulib\-tool
\-\-extract-autoconf-snippet module
.PP
.B gnulib\-tool
\-\-extract-automake-snippet module
.PP
.B gnulib\-tool
\-\-extract-include-directive module
.PP
.B gnulib\-tool
\-\-extract-license module
.PP
.B gnulib\-tool
\-\-extract-maintainer module
.PP
.B gnulib\-tool
\-\-extract-tests-module module
.SH DESCRIPTION
The GNU portability library is a macro system and C declarations and definitions
for commonly-used API elements and abstracted system behaviors. It can be used
to improve portability and other functionality in your programs.
.PP
.SH OPTIONS
Operation modes:
.TP
.B \-\-list
print the available module names.
.TP
.B \-\-import
import the given modules into the current package; if no modules are specified,
update the current package from the current gnulib.
.TP
.B \-\-update
update the current package, restore files omitted from CVS.
.TP
.B \-\-create-testdir
create a scratch package with the given modules.
.TP
.B \-\-create-megatestdir
create a mega scratch package with the given modules one by one and all
together.
.TP
.B \-\-test
test the combination of the given modules (recommended to use CC="gcc \-Wall"
here).
.TP
.B \-\-megatest
test the given modules one by one and all together (recommended to use CC="gcc
\-Wall" here).
.TP
.B \-\-extract-description
extract the description.
.TP
.B \-\-extract-filelist
extract the list of files.
.TP
.B \-\-extract-dependencies
extract the dependencies.
.TP
.B \-\-extract-autoconf-snippet
extract the snippet for configure.ac.
.TP
.B \-\-extract-automake-snippet
extract the snippet for lib/Makefile.am.
.TP
.B \-\-extract-include-directive
extract the #include directive.
.TP
.B \-\-extract-license
report the license terms of the source files under lib/.
.TP
.B \-\-extract-maintainer
report the maintainer(s) inside gnulib.
.TP
.B \-\-extract-tests-module
report the unit test module, if it exists.
.PP
Options:
.TP
.B \-\-dir=DIRECTORY
specify the target directory. For \-\-import, this specifies where your
configure.ac can be found. Defaults to current directory.
.TP
.B \-\-lib=LIBRARY
Specify the library name. Defaults to 'libgnu'.
.TP
.B \-\-source-base=DIRECTORY
Directory relative \-\-dir where source code is placed (default "lib"), for
\-\-import.
.TP
.B \-\-m4-base=DIRECTORY
Directory relative \-\-dir where *.m4 macros are placed (default "m4"), for
\-\-import.
.TP
.B \-\-tests-base=DIRECTORY
Directory relative \-\-dir where unit tests are placed (default "tests"), for
\-\-import.
.TP
.B \-\-aux-dir=DIRECTORY
Directory relative \-\-dir where auxiliary build tools are placed (default
"build-aux").
.TP
.B \-\-with-tests
Include unit tests for the included modules.
.TP
.B \-\-avoid=MODULE
Avoid including the given MODULE. Useful if you have code that provides
equivalent functionality. This option can be repeated.
.TP
.B \-\-lgpl
Abort if modules aren't available under the LGPL. Also modify license template
from GPL to LGPL.
.TP
.B \-\-libtool
Use libtool rules, for \-\-import.
.TP
.B \-\-macro-prefix=PREFIX
Specify the prefix of the macros 'gl_EARLY' and 'gl_INIT'. Default is 'gl'.
.TP
.B \-\-no-changelog
don't update or create ChangeLog files.
.TP
.B \-\-dry-run
For \-\-import, only print what would have been done.
.TP
.B -s, \-\-symbolic, \-\-symlink
Make symbolic links instead of copying files.
.PP
.TP
.B \-h, \-\-help
Show summary of options.
.SH BUGS
Report bugs to <bug-gnulib@gnu.org>.
.SH SEE ALSO
.BR check-module (1).
.SH AUTHOR
gnulib was written by the Free Software Foundation and others (sources of various origins).
.PP
This manual page was written by Daniel Baumann <daniel@debian.org>, for the Debian project (but may be used by others).

23
gnulib.spec
View File

@ -1,12 +1,16 @@
Name: gnulib
Version: 0
Release: 29.20180720git
Release: 43.20220212git
Summary: The GNU Portability Library
License: Public Domain and BSD and GPLv2+ and GPLv3 and GPLv3+ and LGPLv2 and LGPLv2+ and LGPLv3+
URL: https://www.gnu.org/software/gnulib
Source0: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=snapshot;h=68df637;sf=tgz;name=gnulib-68df637.tar.gz#/gnulib-68df637.tar.gz
Patch0: CVE-2018-17942.patch
BuildRequires: perl-generators texinfo java-devel gettext-devel bison gperf libtool help2man git gcc_secure
Source0: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=snapshot;h=9f48fb9;sf=tgz;name=gnulib-9f48fb9.tar.gz#/gnulib-9f48fb9.tar.gz
Source1: https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/check-module.1
Source2: https://erislabs.net/gitweb/?p=gnulib.git;a=blob_plain;hb=HEAD;f=debian/manpages/gnulib-tool.1
Patch0: test-u8-strstr-alarm.diff
BuildRequires: perl-generators texinfo gettext-devel bison gperf libtool help2man git make ncurses-devel
BuildRequires: gcc_secure java-11-openjdk-devel
%description
Gnulib is a central location for common GNU code, intended to be
@ -37,7 +41,7 @@ Obsoletes: git-merge-changelog < %{version}-%{release}
This package contains help docs for gnulib. And Provides ChangeLog files.
%prep
%autosetup -n gnulib-68df637 -p1 -Sgit
%autosetup -n gnulib-9f48fb9 -p1 -Sgit
toRemove="lib-symbol-visibility havelib .*-obsolete localcharset gettext-h gettext alloca-opt alloca "
@ -50,6 +54,8 @@ done
rm lib/javaversion.class
./gnulib-tool --create-testdir --dir=build-gnulib-root git-merge-changelog
cp lib/timevar.def build-tests/gllib/
%build
cd build-gnulib-root
%configure --prefix=%_prefix
@ -61,7 +67,9 @@ cd build-tests
%make_build
cd -
javac -d lib -source 1.3 -target 1.3 lib/javaversion.java
home_path=`ls /usr/lib/jvm | grep java-11-openjdk`
[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/${home_path}
javac -d lib -source 11 -target 11 lib/javaversion.java
%make_build MODULES.html
sed -i -r 's#HREF="(lib|m4|modules)#HREF="%{_datadir}/gnulib/\1#g' MODULES.html
sed -i "/^[ ]*gnulib_dir=/s#\`[^\`]*\`#%{_datadir}/gnulib#" gnulib-tool
@ -115,6 +123,9 @@ fi
%license doc/COPYINGv2
%changelog
* Tue Jun 21 2022 Ge Wang <wangge20@h-partners.com> - 0-43.20220212git
- Upgrade to version 43.20220212git
* Wed Feb 23 2022 yaoxin <yaoxin30@huawei.com> - 0-29.20180720git
- Fix CVE-2018-17942

13
test-u8-strstr-alarm.diff Normal file
View File

@ -0,0 +1,13 @@
diff --git gnulib-68df637/tests/unistr/test-u8-strstr.c~ gnulib-68df637/tests/unistr/test-u8-strstr.c
index 9fbf28e6e5..2e90d32a50 100644
--- gnulib-68df637/tests/unistr/test-u8-strstr.c
+++ gnulib-68df637/tests/unistr/test-u8-strstr.c
@@ -41,7 +41,7 @@ main (void)
same system that we did the check to ensure it has linear
performance characteristics. */
signal (SIGALRM, SIG_DFL);
- alarm (5);
+ alarm (25);
#endif
test_u_strstr ();