diff --git a/coreutils-8.22-doc-ls-kibibytes.patch b/coreutils-8.22-doc-ls-kibibytes.patch new file mode 100644 index 0000000000000000000000000000000000000000..207fa12c5ef3ec846c07531f3ccdd8e02b53519b --- /dev/null +++ b/coreutils-8.22-doc-ls-kibibytes.patch @@ -0,0 +1,32 @@ +From c6418e3a5cb3a65af79117162a93a66026cc8c36 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Thu, 6 Dec 2018 14:28:00 +0100 +Subject: [PATCH] doc: improve wording of the --kibibytes option description + +Bug: https://bugzilla.redhat.com/1527391 +--- + doc/coreutils.texi | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/doc/coreutils.texi b/doc/coreutils.texi +index 88d6506..772aab6 100644 +--- a/doc/coreutils.texi ++++ b/doc/coreutils.texi +@@ -7615,9 +7615,11 @@ Append @samp{*} for executable regular files, otherwise behave as for + @opindex --kibibytes + Set the default block size to its normal value of 1024 bytes, + overriding any contrary specification in environment variables +-(@pxref{Block size}). This option is in turn overridden by the +-@option{--block-size}, @option{-h} or @option{--human-readable}, and +-@option{--si} options. ++(@pxref{Block size}). If @option{--block-size}, @option{-h}, ++@option{--human-readable}, or @option{--si} options are used, ++they take precedence over @option{-k} or @option{--kibibytes} ++even if @option{-k} or @option{--kibibytes} is placed after ++the other options. + + The @option{-k} or @option{--kibibytes} option affects the + per-directory block count written by the @option{-l} and similar +-- +2.17.2 + diff --git a/coreutils-8.30.tar.xz b/coreutils-8.30.tar.xz deleted file mode 100644 index 0ea8f879ecc91fd504bcfbdc1bbc7a3767ed5ddf..0000000000000000000000000000000000000000 Binary files a/coreutils-8.30.tar.xz and /dev/null differ diff --git a/coreutils-9.0-autofs-no-mount.patch b/coreutils-9.0-autofs-no-mount.patch new file mode 100644 index 0000000000000000000000000000000000000000..083a9e04c89b5e39d0bd19a294224189ac2c384e --- /dev/null +++ b/coreutils-9.0-autofs-no-mount.patch @@ -0,0 +1,87 @@ +From f4422844dbcd839ce486bcbc15b7bd5b72c9198d Mon Sep 17 00:00:00 2001 +From: Rohan Sable +Date: Mon, 7 Mar 2022 14:14:13 +0000 +Subject: [PATCH 1/2] ls: avoid triggering automounts + +statx() has different defaults wrt automounting +compared to stat() or lstat(), so explicitly +set the AT_NO_AUTOMOUNT flag to suppress that behavior, +and avoid unintended operations or potential errors. + +* src/ls.c (do_statx): Pass AT_NO_AUTOMOUNT to avoid this behavior. +Fixes https://bugs.gnu.org/54286 + +Signed-off-by: Rohan Sable + +Upstream-commit: 85c975df2c25bd799370b04bb294e568e001102f +Signed-off-by: Kamil Dudka +--- + src/ls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ls.c b/src/ls.c +index 1047801..fe0e9f8 100644 +--- a/src/ls.c ++++ b/src/ls.c +@@ -1126,7 +1126,7 @@ do_statx (int fd, const char *name, struct stat *st, int flags, + unsigned int mask) + { + struct statx stx; +- int ret = statx (fd, name, flags, mask, &stx); ++ int ret = statx (fd, name, flags | AT_NO_AUTOMOUNT, mask, &stx); + if (ret >= 0) + statx_to_stat (&stx, st); + return ret; +-- +2.34.1 + + +From 3d227f9e4f3fe806064721e4b9451ee06526bc80 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?P=C3=A1draig=20Brady?= +Date: Mon, 7 Mar 2022 23:29:20 +0000 +Subject: [PATCH 2/2] stat: only automount with --cached=never + +Revert to the default behavior before the introduction of statx(). + +* src/stat.c (do_stat): Set AT_NO_AUTOMOUNT without --cached=never. +* doc/coreutils.texi (stat invocation): Mention the automount +behavior with --cached=never. + +Fixes https://bugs.gnu.org/54287 + +Upstream-commit: 92cb8427c537f37edd43c5cef1909585201372ab +Signed-off-by: Kamil Dudka +--- + doc/coreutils.texi | 1 + + src/stat.c | 3 +++ + 2 files changed, 4 insertions(+) + +diff --git a/doc/coreutils.texi b/doc/coreutils.texi +index 19b535c..0f5c16a 100644 +--- a/doc/coreutils.texi ++++ b/doc/coreutils.texi +@@ -12204,6 +12204,7 @@ Always read the already cached attributes if available. + + @item never + Always sychronize with the latest file system attributes. ++This also mounts automounted files. + + @item default + Leave the caching behavior to the underlying file system. +diff --git a/src/stat.c b/src/stat.c +index 0c34501..803340a 100644 +--- a/src/stat.c ++++ b/src/stat.c +@@ -1343,6 +1343,9 @@ do_stat (char const *filename, char const *format, char const *format2) + else if (force_sync) + flags |= AT_STATX_FORCE_SYNC; + ++ if (! force_sync) ++ flags |= AT_NO_AUTOMOUNT; ++ + fd = statx (fd, pathname, flags, format_to_mask (format), &stx); + if (fd < 0) + { +-- +2.34.1 + diff --git a/coreutils-df-direct.patch b/coreutils-df-direct.patch index 248a6aecbf454bf1447a79dcfc6cf91b915654bc..88015a1637e4e5053f7210caaaa77730e7551bf1 100644 --- a/coreutils-df-direct.patch +++ b/coreutils-df-direct.patch @@ -1,8 +1,20 @@ +From 6e36198f10a2f63b89c89ebb5d5c185b20fb3a63 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 29 Mar 2010 17:20:34 +0000 +Subject: [PATCH] coreutils-df-direct.patch + +--- + doc/coreutils.texi | 7 ++++++ + src/df.c | 34 ++++++++++++++++++++++++++-- + tests/df/direct.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 94 insertions(+), 2 deletions(-) + create mode 100755 tests/df/direct.sh + diff --git a/doc/coreutils.texi b/doc/coreutils.texi -index a507280..400e135 100644 +index 5b9a597..6810c15 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi -@@ -11303,6 +11303,13 @@ some systems (notably SunOS), doing this yields more up to date results, +@@ -11898,6 +11898,13 @@ some systems (notably SunOS), doing this yields more up to date results, but in general this option makes @command{df} much slower, especially when there are many or very busy file systems. @@ -17,10 +29,10 @@ index a507280..400e135 100644 @opindex --total @cindex grand total of disk size, usage and available space diff --git a/src/df.c b/src/df.c -index 8f760db..a7385fd 100644 +index 48025b9..c8efa5b 100644 --- a/src/df.c +++ b/src/df.c -@@ -120,6 +120,9 @@ static bool print_type; +@@ -125,6 +125,9 @@ static bool print_type; /* If true, print a grand total at the end. */ static bool print_grand_total; @@ -30,7 +42,7 @@ index 8f760db..a7385fd 100644 /* Grand total data. */ static struct fs_usage grand_fsu; -@@ -247,13 +250,15 @@ enum +@@ -252,13 +255,15 @@ enum NO_SYNC_OPTION = CHAR_MAX + 1, SYNC_OPTION, TOTAL_OPTION, @@ -47,7 +59,7 @@ index 8f760db..a7385fd 100644 {"inodes", no_argument, NULL, 'i'}, {"human-readable", no_argument, NULL, 'h'}, {"si", no_argument, NULL, 'H'}, -@@ -509,7 +514,10 @@ get_header (void) +@@ -561,7 +566,10 @@ get_header (void) for (col = 0; col < ncolumns; col++) { char *cell = NULL; @@ -59,7 +71,7 @@ index 8f760db..a7385fd 100644 if (columns[col]->field == SIZE_FIELD && (header_mode == DEFAULT_MODE -@@ -1397,6 +1405,19 @@ get_point (const char *point, const struct stat *statp) +@@ -1464,6 +1472,17 @@ get_point (const char *point, const struct stat *statp) static void get_entry (char const *name, struct stat const *statp) { @@ -68,9 +80,7 @@ index 8f760db..a7385fd 100644 + char *resolved = canonicalize_file_name (name); + if (resolved) + { -+ char *mp = find_mount_point (name, statp); -+ get_dev (NULL, mp, resolved, NULL, NULL, false, false, NULL, false); -+ free(mp); ++ get_dev (NULL, resolved, name, NULL, NULL, false, false, NULL, false); + free (resolved); + return; + } @@ -79,7 +89,7 @@ index 8f760db..a7385fd 100644 if ((S_ISBLK (statp->st_mode) || S_ISCHR (statp->st_mode)) && get_disk (name)) return; -@@ -1467,6 +1488,7 @@ or all file systems by default.\n\ +@@ -1534,6 +1553,7 @@ or all file systems by default.\n\ -B, --block-size=SIZE scale sizes by SIZE before printing them; e.g.,\n\ '-BM' prints sizes in units of 1,048,576 bytes;\n\ see SIZE format below\n\ @@ -87,7 +97,7 @@ index 8f760db..a7385fd 100644 -h, --human-readable print sizes in powers of 1024 (e.g., 1023M)\n\ -H, --si print sizes in powers of 1000 (e.g., 1.1G)\n\ "), stdout); -@@ -1557,6 +1579,9 @@ main (int argc, char **argv) +@@ -1624,6 +1644,9 @@ main (int argc, char **argv) xstrtol_fatal (e, oi, c, long_options, optarg); } break; @@ -97,7 +107,7 @@ index 8f760db..a7385fd 100644 case 'i': if (header_mode == OUTPUT_MODE) { -@@ -1653,6 +1678,13 @@ main (int argc, char **argv) +@@ -1720,6 +1743,13 @@ main (int argc, char **argv) } } @@ -172,3 +182,6 @@ index 0000000..8e4cfb8 +compare file_out file_exp || fail=1 + +Exit $fail +-- +2.31.1 + diff --git a/coreutils-i18n-expand-unexpand.patch b/coreutils-i18n-expand-unexpand.patch index b5f571f5fb6c4b8424964f444e5d42794ac9e3f4..8fc8dffb29a9df2129ad8a87082a7854576e40d6 100644 --- a/coreutils-i18n-expand-unexpand.patch +++ b/coreutils-i18n-expand-unexpand.patch @@ -572,16 +572,18 @@ index 7801274..569a7ee 100644 { /* Go back one column, and force recalculation of the next tab stop. */ -@@ -221,7 +235,7 @@ unexpand (void) +@@ -221,16 +235,20 @@ unexpand (void) } else { - column++; +- if (!column) ++ const uintmax_t orig_column = column; + column += mb_width (c); - if (!column) ++ if (column < orig_column) die (EXIT_FAILURE, 0, _("input line is too long")); } -@@ -229,8 +243,11 @@ unexpand (void) + if (pending) { if (pending > 1 && one_blank_before_tab_stop) @@ -595,7 +597,7 @@ index 7801274..569a7ee 100644 die (EXIT_FAILURE, errno, _("write error")); pending = 0; one_blank_before_tab_stop = false; -@@ -240,16 +257,17 @@ unexpand (void) +@@ -240,16 +258,17 @@ unexpand (void) convert &= convert_entire_line || blank; } diff --git a/coreutils-i18n-fix-unexpand.patch b/coreutils-i18n-fix-unexpand.patch deleted file mode 100644 index f0c347cd2f4d02ea24fa645cf0553b5532b80900..0000000000000000000000000000000000000000 --- a/coreutils-i18n-fix-unexpand.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 02424bfcd719bbaa695f4e1c3ef17ad91b0d23c0 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Thu, 28 Jan 2016 20:57:22 +0100 -Subject: [PATCH] unexpand: fix blank line handling - - echo '' |./src/unexpand -a - -Really? ---- - src/unexpand.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/unexpand.c b/src/unexpand.c -index 569a7ee..3bbbd66 100644 ---- a/src/unexpand.c -+++ b/src/unexpand.c -@@ -233,7 +233,7 @@ unexpand (void) - next_tab_column = column; - tab_index -= !!tab_index; - } -- else -+ else if (!mb_iseq (c, '\n')) - { - column += mb_width (c); - if (!column) --- -2.7.4 - diff --git a/coreutils-nfsv4-acls.patch b/coreutils-nfsv4-acls.patch new file mode 100644 index 0000000000000000000000000000000000000000..040312c9a0dfe485c573c455a16050b5aac683be --- /dev/null +++ b/coreutils-nfsv4-acls.patch @@ -0,0 +1,625 @@ +From 5a6af47c3db45b6303bac4dcd6da186fd5cd178c Mon Sep 17 00:00:00 2001 +From: Ondrej Valousek +Date: Fri, 2 Dec 2022 13:40:19 +0100 +Subject: [PATCH 1/3] file-has-acl: Basic support for checking NFSv4 ACLs in + Linux. + +* lib/acl-internal.h (acl_nfs4_nontrivial): New declaration. +* lib/acl-internal.c (acl_nfs4_nontrivial): New function. +* lib/file-has-acl.c: Include . +(XATTR_NAME_NFSV4_ACL, TRIVIAL_NFS4_ACL_MAX_LENGTH): New macros. +(file_has_acl): Test for NFSv4 ACLs. +* doc/acl-nfsv4.txt: New file. + +Upstream-commit: b0604a8e134dbcc307c0ffdd5ebd3693e9de7081 +Signed-off-by: Kamil Dudka +--- + doc/acl-nfsv4.txt | 17 ++++++++ + lib/acl-internal.c | 100 +++++++++++++++++++++++++++++++++++++++++++++ + lib/acl-internal.h | 3 ++ + lib/file-has-acl.c | 21 ++++++++++ + 4 files changed, 141 insertions(+) + create mode 100644 doc/acl-nfsv4.txt + +diff --git a/doc/acl-nfsv4.txt b/doc/acl-nfsv4.txt +new file mode 100644 +index 0000000..71352f5 +--- /dev/null ++++ b/doc/acl-nfsv4.txt +@@ -0,0 +1,17 @@ ++General introduction: ++ https://linux.die.net/man/5/nfs4_acl ++ ++The NFSv4 acls are defined in RFC7530 and as such, every NFSv4 server supporting ACLs ++will support this kind of ACLs (note the difference from POSIX draft ACLs) ++ ++The ACLs can be obtained via the nfsv4-acl-tools, i.e. ++ ++$ nfs4_getfacl ++ ++# file: ++A::OWNER@:rwaDxtTnNcCy ++A::GROUP@:rwaDxtTnNcy ++A::EVERYONE@:rwaDxtTnNcy ++ ++Gnulib is aiming to only provide a basic support of these, i.e. recognize trivial ++and non-trivial ACLs +diff --git a/lib/acl-internal.c b/lib/acl-internal.c +index be244c6..4c65dff 100644 +--- a/lib/acl-internal.c ++++ b/lib/acl-internal.c +@@ -25,6 +25,9 @@ + + #if USE_ACL && HAVE_ACL_GET_FILE + ++# include ++# include ++ + # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ + + /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. +@@ -122,6 +125,103 @@ acl_default_nontrivial (acl_t acl) + return (acl_entries (acl) > 0); + } + ++# define ACE4_WHO_OWNER "OWNER@" ++# define ACE4_WHO_GROUP "GROUP@" ++# define ACE4_WHO_EVERYONE "EVERYONE@" ++ ++# define ACE4_ACCESS_ALLOWED_ACE_TYPE 0 ++# define ACE4_ACCESS_DENIED_ACE_TYPE 1 ++ ++/* ACE flag values */ ++# define ACE4_IDENTIFIER_GROUP 0x00000040 ++# define ROUNDUP(x, y) (((x) + (y) - 1) & - (y)) ++ ++int ++acl_nfs4_nontrivial (char *xattr, int len) ++{ ++ int bufs = len; ++ uint32_t num_aces = ntohl (*((uint32_t*)(xattr))), /* Grab the number of aces in the acl */ ++ num_a_aces = 0, ++ num_d_aces = 0; ++ char *bufp = xattr; ++ ++ bufp += 4; /* sizeof(uint32_t); */ ++ bufs -= 4; ++ ++ for (uint32_t ace_n = 0; num_aces > ace_n ; ace_n++) ++ { ++ int d_ptr; ++ uint32_t flag, ++ wholen, ++ type; ++ ++ /* Get the acl type */ ++ if (bufs <= 0) ++ return -1; ++ ++ type = ntohl (*((uint32_t*)bufp)); ++ ++ bufp += 4; ++ bufs -= 4; ++ if (bufs <= 0) ++ return -1; ++ ++ flag = ntohl (*((uint32_t*)bufp)); ++ /* As per RFC 7530, the flag should be 0, but we are just generous to Netapp ++ * and also accept the Group flag ++ */ ++ if (flag & ~ACE4_IDENTIFIER_GROUP) ++ return 1; ++ ++ /* we skip mask - ++ * it's too risky to test it and it does not seem to be actually needed */ ++ bufp += 2*4; ++ bufs -= 2*4; ++ ++ if (bufs <= 0) ++ return -1; ++ ++ wholen = ntohl (*((uint32_t*)bufp)); ++ ++ bufp += 4; ++ bufs -= 4; ++ ++ /* Get the who string */ ++ if (bufs <= 0) ++ return -1; ++ ++ /* for trivial ACL, we expect max 5 (typically 3) ACES, 3 Allow, 2 deny */ ++ if (((strncmp (bufp, ACE4_WHO_OWNER, wholen) == 0) ++ || (strncmp (bufp, ACE4_WHO_GROUP, wholen) == 0)) ++ && wholen == 6) ++ { ++ if (type == ACE4_ACCESS_ALLOWED_ACE_TYPE) ++ num_a_aces++; ++ if (type == ACE4_ACCESS_DENIED_ACE_TYPE) ++ num_d_aces++; ++ } ++ else ++ if ((strncmp (bufp, ACE4_WHO_EVERYONE, wholen) == 0) ++ && (type == ACE4_ACCESS_ALLOWED_ACE_TYPE) ++ && (wholen == 9)) ++ num_a_aces++; ++ else ++ return 1; ++ ++ d_ptr = ROUNDUP (wholen, 4); ++ bufp += d_ptr; ++ bufs -= d_ptr; ++ ++ /* Make sure we aren't outside our domain */ ++ if (bufs < 0) ++ return -1; ++ ++ } ++ return !((num_a_aces <= 3) && (num_d_aces <= 2) ++ && (num_a_aces + num_d_aces == num_aces)); ++ ++} ++ + # endif + + #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ +diff --git a/lib/acl-internal.h b/lib/acl-internal.h +index 9353376..2a249ff 100644 +--- a/lib/acl-internal.h ++++ b/lib/acl-internal.h +@@ -143,6 +143,9 @@ rpl_acl_set_fd (int fd, acl_t acl) + # define acl_entries rpl_acl_entries + extern int acl_entries (acl_t); + # endif ++/* Return 1 if given ACL in XDR format is non-trivial ++ * Return 0 if it is trivial */ ++extern int acl_nfs4_nontrivial (char *, int); + + # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ + /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. +diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c +index e02f062..1710234 100644 +--- a/lib/file-has-acl.c ++++ b/lib/file-has-acl.c +@@ -32,6 +32,11 @@ + #if GETXATTR_WITH_POSIX_ACLS + # include + # include ++# include ++# ifndef XATTR_NAME_NFSV4_ACL ++# define XATTR_NAME_NFSV4_ACL "system.nfs4_acl" ++# endif ++# define TRIVIAL_NFS4_ACL_MAX_LENGTH 128 + #endif + + /* Return 1 if NAME has a nontrivial access control list, +@@ -67,6 +72,22 @@ file_has_acl (char const *name, struct stat const *sb) + return 1; + } + ++ if (ret < 0) ++ { /* we might be on NFS, so try to check NFSv4 ACLs too */ ++ char xattr[TRIVIAL_NFS4_ACL_MAX_LENGTH]; ++ ++ errno = 0; /* we need to reset errno set by the previous getxattr() */ ++ ret = getxattr (name, XATTR_NAME_NFSV4_ACL, xattr, TRIVIAL_NFS4_ACL_MAX_LENGTH); ++ if (ret < 0 && errno == ENODATA) ++ ret = 0; ++ else ++ if (ret < 0 && errno == ERANGE) ++ return 1; /* we won't fit into the buffer, so non-trivial ACL is presented */ ++ else ++ if (ret > 0) ++ /* looks like trivial ACL, but we need to investigate further */ ++ return acl_nfs4_nontrivial (xattr, ret); ++ } + if (ret < 0) + return - acl_errno_valid (errno); + return ret; +-- +2.38.1 + + +From c5266d204a446bea619fa18da8520dceb0a54192 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Fri, 23 Dec 2022 15:18:29 -0800 +Subject: [PATCH 2/3] file-has-acl: improve recent NFSv4 support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes a link failure with emacsclient on GNU/Linux. This +program wants file_has_acl but none of the other ACL primitives, +so it doesn’t link acl-internal.o; this way it doesn’t need to +link with -lacl. While I was at it I reviewed the recent changes, +fixed some unlikely overflow bugs, and adjusted to GNU style. +* doc/acl-nfsv4.txt: Remove. Its contents are now in a +comment in lib/file-has-acl.c. +* lib/acl-internal.c, lib/acl-internal.h: Move recent changes +relating to acl_nfs4_nontrivial to lib/file-has-acl.c, so that +there is no trouble linking programs that need only file_has_acl. +* lib/file-has-acl.c (acl_nfs4_nontrivial): Move here from +lib/acl-internal.c, so that we needn't link -lacl in +programs that want only file_has_acl, such as emacsclient. +Do not assume a char buffer is aligned for uint32_t. +Check more carefully for buffer read overrun. +Allow up to 6 ACEs, since other code does; but check +that they’re distinct. Avoid integer overflow. +Use memcmp rather than strncmp to compare memory blocks. +(file_has_acl): Preserve initial errno instead of setting to 0. +Allocate a bit more room for trivial ACL buffer. +Use EINVAL for botchedk NFSv4 ACLs (which shouldn’t happen). + +Upstream-commit: 35bd46f0c816948dc1a0430c8ba8b10a01167320 +Signed-off-by: Kamil Dudka +--- + doc/acl-nfsv4.txt | 17 ------ + lib/acl-internal.c | 100 ----------------------------------- + lib/acl-internal.h | 3 -- + lib/file-has-acl.c | 129 +++++++++++++++++++++++++++++++++++++++------ + 4 files changed, 113 insertions(+), 136 deletions(-) + delete mode 100644 doc/acl-nfsv4.txt + +diff --git a/doc/acl-nfsv4.txt b/doc/acl-nfsv4.txt +deleted file mode 100644 +index 71352f5..0000000 +--- a/doc/acl-nfsv4.txt ++++ /dev/null +@@ -1,17 +0,0 @@ +-General introduction: +- https://linux.die.net/man/5/nfs4_acl +- +-The NFSv4 acls are defined in RFC7530 and as such, every NFSv4 server supporting ACLs +-will support this kind of ACLs (note the difference from POSIX draft ACLs) +- +-The ACLs can be obtained via the nfsv4-acl-tools, i.e. +- +-$ nfs4_getfacl +- +-# file: +-A::OWNER@:rwaDxtTnNcCy +-A::GROUP@:rwaDxtTnNcy +-A::EVERYONE@:rwaDxtTnNcy +- +-Gnulib is aiming to only provide a basic support of these, i.e. recognize trivial +-and non-trivial ACLs +diff --git a/lib/acl-internal.c b/lib/acl-internal.c +index 4c65dff..be244c6 100644 +--- a/lib/acl-internal.c ++++ b/lib/acl-internal.c +@@ -25,9 +25,6 @@ + + #if USE_ACL && HAVE_ACL_GET_FILE + +-# include +-# include +- + # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ + + /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. +@@ -125,103 +122,6 @@ acl_default_nontrivial (acl_t acl) + return (acl_entries (acl) > 0); + } + +-# define ACE4_WHO_OWNER "OWNER@" +-# define ACE4_WHO_GROUP "GROUP@" +-# define ACE4_WHO_EVERYONE "EVERYONE@" +- +-# define ACE4_ACCESS_ALLOWED_ACE_TYPE 0 +-# define ACE4_ACCESS_DENIED_ACE_TYPE 1 +- +-/* ACE flag values */ +-# define ACE4_IDENTIFIER_GROUP 0x00000040 +-# define ROUNDUP(x, y) (((x) + (y) - 1) & - (y)) +- +-int +-acl_nfs4_nontrivial (char *xattr, int len) +-{ +- int bufs = len; +- uint32_t num_aces = ntohl (*((uint32_t*)(xattr))), /* Grab the number of aces in the acl */ +- num_a_aces = 0, +- num_d_aces = 0; +- char *bufp = xattr; +- +- bufp += 4; /* sizeof(uint32_t); */ +- bufs -= 4; +- +- for (uint32_t ace_n = 0; num_aces > ace_n ; ace_n++) +- { +- int d_ptr; +- uint32_t flag, +- wholen, +- type; +- +- /* Get the acl type */ +- if (bufs <= 0) +- return -1; +- +- type = ntohl (*((uint32_t*)bufp)); +- +- bufp += 4; +- bufs -= 4; +- if (bufs <= 0) +- return -1; +- +- flag = ntohl (*((uint32_t*)bufp)); +- /* As per RFC 7530, the flag should be 0, but we are just generous to Netapp +- * and also accept the Group flag +- */ +- if (flag & ~ACE4_IDENTIFIER_GROUP) +- return 1; +- +- /* we skip mask - +- * it's too risky to test it and it does not seem to be actually needed */ +- bufp += 2*4; +- bufs -= 2*4; +- +- if (bufs <= 0) +- return -1; +- +- wholen = ntohl (*((uint32_t*)bufp)); +- +- bufp += 4; +- bufs -= 4; +- +- /* Get the who string */ +- if (bufs <= 0) +- return -1; +- +- /* for trivial ACL, we expect max 5 (typically 3) ACES, 3 Allow, 2 deny */ +- if (((strncmp (bufp, ACE4_WHO_OWNER, wholen) == 0) +- || (strncmp (bufp, ACE4_WHO_GROUP, wholen) == 0)) +- && wholen == 6) +- { +- if (type == ACE4_ACCESS_ALLOWED_ACE_TYPE) +- num_a_aces++; +- if (type == ACE4_ACCESS_DENIED_ACE_TYPE) +- num_d_aces++; +- } +- else +- if ((strncmp (bufp, ACE4_WHO_EVERYONE, wholen) == 0) +- && (type == ACE4_ACCESS_ALLOWED_ACE_TYPE) +- && (wholen == 9)) +- num_a_aces++; +- else +- return 1; +- +- d_ptr = ROUNDUP (wholen, 4); +- bufp += d_ptr; +- bufs -= d_ptr; +- +- /* Make sure we aren't outside our domain */ +- if (bufs < 0) +- return -1; +- +- } +- return !((num_a_aces <= 3) && (num_d_aces <= 2) +- && (num_a_aces + num_d_aces == num_aces)); +- +-} +- + # endif + + #elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */ +diff --git a/lib/acl-internal.h b/lib/acl-internal.h +index 2a249ff..9353376 100644 +--- a/lib/acl-internal.h ++++ b/lib/acl-internal.h +@@ -143,9 +143,6 @@ rpl_acl_set_fd (int fd, acl_t acl) + # define acl_entries rpl_acl_entries + extern int acl_entries (acl_t); + # endif +-/* Return 1 if given ACL in XDR format is non-trivial +- * Return 0 if it is trivial */ +-extern int acl_nfs4_nontrivial (char *, int); + + # if HAVE_ACL_TYPE_EXTENDED /* Mac OS X */ + /* ACL is an ACL, from a file, stored as type ACL_TYPE_EXTENDED. +diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c +index 1710234..676523b 100644 +--- a/lib/file-has-acl.c ++++ b/lib/file-has-acl.c +@@ -29,14 +29,97 @@ + + #include "acl-internal.h" + +-#if GETXATTR_WITH_POSIX_ACLS ++#if USE_ACL && GETXATTR_WITH_POSIX_ACLS ++# include ++# include + # include + # include +-# include + # ifndef XATTR_NAME_NFSV4_ACL + # define XATTR_NAME_NFSV4_ACL "system.nfs4_acl" + # endif +-# define TRIVIAL_NFS4_ACL_MAX_LENGTH 128 ++ ++enum { ++ /* ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000, */ ++ ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001, ++ ACE4_IDENTIFIER_GROUP = 0x00000040 ++}; ++ ++/* Return 1 if given ACL in XDR format is non-trivial, 0 if it is trivial. ++ -1 upon failure to determine it. Possibly change errno. Assume that ++ the ACL is valid, except avoid undefined behavior even if invalid. ++ ++ See . The NFSv4 acls are ++ defined in Internet RFC 7530 and as such, every NFSv4 server ++ supporting ACLs should support NFSv4 ACLs (they differ from from ++ POSIX draft ACLs). The ACLs can be obtained via the ++ nfsv4-acl-tools, e.g., the nfs4_getfacl command. Gnulib provides ++ only basic support of NFSv4 ACLs, i.e., recognize trivial vs ++ nontrivial ACLs. */ ++ ++static int ++acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes) ++{ ++ enum { BYTES_PER_NETWORK_UINT = 4}; ++ ++ /* Grab the number of aces in the acl. */ ++ nbytes -= BYTES_PER_NETWORK_UINT; ++ if (nbytes < 0) ++ return -1; ++ uint32_t num_aces = ntohl (*xattr++); ++ if (6 < num_aces) ++ return 1; ++ int ace_found = 0; ++ ++ for (int ace_n = 0; ace_n < num_aces; ace_n++) ++ { ++ /* Get the acl type and flag. Skip the mask; it's too risky to ++ test it and it does not seem to be needed. Get the wholen. */ ++ nbytes -= 4 * BYTES_PER_NETWORK_UINT; ++ if (nbytes < 0) ++ return -1; ++ uint32_t type = ntohl (xattr[0]); ++ uint32_t flag = ntohl (xattr[1]); ++ uint32_t wholen = ntohl (xattr[3]); ++ xattr += 4; ++ int64_t wholen4 = wholen; ++ wholen4 = ((wholen4 + (BYTES_PER_NETWORK_UINT)) ++ & ~ (BYTES_PER_NETWORK_UINT - 1)); ++ ++ /* Trivial ACLs have only ACE4_ACCESS_ALLOWED_ACE_TYPE or ++ ACE4_ACCESS_DENIED_ACE_TYPE. */ ++ if (ACE4_ACCESS_DENIED_ACE_TYPE < type) ++ return 1; ++ ++ /* RFC 7530 says FLAG should be 0, but be generous to NetApp and ++ also accept the group flag. */ ++ if (flag & ~ACE4_IDENTIFIER_GROUP) ++ return 1; ++ ++ /* Get the who string. Check NBYTES - WHOLEN4 before storing ++ into NBYTES, to avoid truncation on conversion. */ ++ if (nbytes - wholen4 < 0) ++ return -1; ++ nbytes -= wholen4; ++ ++ /* For a trivial ACL, max 6 (typically 3) ACEs, 3 allow, 3 deny. ++ Check that there is at most one ACE of each TYPE and WHO. */ ++ int who2 ++ = (wholen == 6 && memcmp (xattr, "OWNER@", 6) == 0 ? 0 ++ : wholen == 6 && memcmp (xattr, "GROUP@", 6) == 0 ? 2 ++ : wholen == 9 && memcmp (xattr, "EVERYONE@", 9) == 0 ? 4 ++ : -1); ++ if (who2 < 0) ++ return 1; ++ int ace_found_bit = 1 << (who2 | type); ++ if (ace_found & ace_found_bit) ++ return 1; ++ ace_found |= ace_found_bit; ++ ++ xattr = (uint32_t *) ((char *) xattr + wholen4); ++ } ++ ++ return 0; ++} + #endif + + /* Return 1 if NAME has a nontrivial access control list, +@@ -56,6 +139,7 @@ file_has_acl (char const *name, struct stat const *sb) + # if GETXATTR_WITH_POSIX_ACLS + + ssize_t ret; ++ int initial_errno = errno; + + ret = getxattr (name, XATTR_NAME_POSIX_ACL_ACCESS, NULL, 0); + if (ret < 0 && errno == ENODATA) +@@ -73,20 +157,33 @@ file_has_acl (char const *name, struct stat const *sb) + } + + if (ret < 0) +- { /* we might be on NFS, so try to check NFSv4 ACLs too */ +- char xattr[TRIVIAL_NFS4_ACL_MAX_LENGTH]; +- +- errno = 0; /* we need to reset errno set by the previous getxattr() */ +- ret = getxattr (name, XATTR_NAME_NFSV4_ACL, xattr, TRIVIAL_NFS4_ACL_MAX_LENGTH); +- if (ret < 0 && errno == ENODATA) +- ret = 0; ++ { ++ /* Check for NFSv4 ACLs. The max length of a trivial ++ ACL is 6 words for owner, 6 for group, 7 for everyone, ++ all times 2 because there are both allow and deny ACEs. ++ There are 6 words for owner because of type, flag, mask, ++ wholen, "OWNER@"+pad and similarly for group; everyone is ++ another word to hold "EVERYONE@". */ ++ uint32_t xattr[2 * (6 + 6 + 7)]; ++ ++ ret = getxattr (name, XATTR_NAME_NFSV4_ACL, xattr, sizeof xattr); ++ if (ret < 0) ++ switch (errno) ++ { ++ case ENODATA: return 0; ++ case ERANGE : return 1; /* ACL must be nontrivial. */ ++ } + else +- if (ret < 0 && errno == ERANGE) +- return 1; /* we won't fit into the buffer, so non-trivial ACL is presented */ +- else +- if (ret > 0) +- /* looks like trivial ACL, but we need to investigate further */ +- return acl_nfs4_nontrivial (xattr, ret); ++ { ++ /* It looks like a trivial ACL, but investigate further. */ ++ ret = acl_nfs4_nontrivial (xattr, ret); ++ if (ret < 0) ++ { ++ errno = EINVAL; ++ return ret; ++ } ++ errno = initial_errno; ++ } + } + if (ret < 0) + return - acl_errno_valid (errno); +-- +2.38.1 + + +From faf965110372c82cd99e9f44f0c64f03cdabb2c1 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 27 Dec 2022 20:00:58 -0800 +Subject: [PATCH 3/3] file-has-acl: fix recently-introduced NFSv4 bug + +* lib/file-has-acl.c (acl_nfs4_nontrivial): Fix off-by-one +error when rounding WHOLEN up to next multiple of 4. +Pacify GCC 12.2.1 -Wcast-align. + +Upstream-commit: d65e5a8ba77595a598c9ddb8dfa09c4aea732659 +Signed-off-by: Kamil Dudka +--- + lib/file-has-acl.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c +index 676523b..7876edc 100644 +--- a/lib/file-has-acl.c ++++ b/lib/file-has-acl.c +@@ -81,9 +81,10 @@ acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes) + uint32_t flag = ntohl (xattr[1]); + uint32_t wholen = ntohl (xattr[3]); + xattr += 4; +- int64_t wholen4 = wholen; +- wholen4 = ((wholen4 + (BYTES_PER_NETWORK_UINT)) +- & ~ (BYTES_PER_NETWORK_UINT - 1)); ++ int whowords = (wholen / BYTES_PER_NETWORK_UINT ++ + (wholen % BYTES_PER_NETWORK_UINT != 0)); ++ int64_t wholen4 = whowords; ++ wholen4 *= BYTES_PER_NETWORK_UINT; + + /* Trivial ACLs have only ACE4_ACCESS_ALLOWED_ACE_TYPE or + ACE4_ACCESS_DENIED_ACE_TYPE. */ +@@ -115,7 +116,7 @@ acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes) + return 1; + ace_found |= ace_found_bit; + +- xattr = (uint32_t *) ((char *) xattr + wholen4); ++ xattr += whowords; + } + + return 0; +-- +2.38.1 + diff --git a/coreutils.spec b/coreutils.spec index 493fc1f29d75f2cfc144d0518ad6649602bd6921..8f8cbc591198c80c6d2f458474fd5c70bd3e3161 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,7 +1,7 @@ Summary: A set of basic GNU tools commonly used in shell scripts Name: coreutils Version: 8.30 -Release: 12%{?dist} +Release: 15%{?dist} License: GPLv3+ Group: System Environment/Base Url: https://www.gnu.org/software/coreutils/ @@ -50,14 +50,23 @@ Patch11: coreutils-8.32-fuse-portal.patch # tail: fix stack out-of-bounds write with --follow (#1974784) Patch12: coreutils-8.30-tail-use-poll.patch +# doc: improve description of the --kibibytes option of ls (#1527391) +Patch13: coreutils-8.22-doc-ls-kibibytes.patch + # df: fix duplicated remote entries due to bind mounts (#1962515) Patch17: coreutils-8.32-df-duplicated-entries.patch +# ls, stat: avoid triggering automounts (#2044981) +Patch18: coreutils-9.0-autofs-no-mount.patch + +# basic support for checking NFSv4 ACLs (#2158747) +Patch19: coreutils-nfsv4-acls.patch + # disable the test-lock gnulib test prone to deadlock Patch100: coreutils-8.26-test-lock.patch # require_selinux_(): use selinuxenabled(8) if available -Patch105: coreutils-8.26-selinuxenable.patch +Patch101: coreutils-8.26-selinuxenable.patch # downstream changes to default DIR_COLORS Patch102: coreutils-8.25-DIR_COLORS.patch @@ -79,8 +88,6 @@ Patch800: coreutils-i18n.patch Patch801: coreutils-i18n-expand-unexpand.patch # i18n patch for cut - old version - used Patch804: coreutils-i18n-cut-old.patch -# The unexpand patch above is not correct. Sent to the patch authors -Patch803: coreutils-i18n-fix-unexpand.patch #(un)expand - allow multiple files on input - broken by patch 801 Patch805: coreutils-i18n-fix2-expand-unexpand.patch #(un)expand - test BOM headers @@ -286,6 +293,17 @@ fi %license COPYING %changelog +* Mon Jan 02 2023 Kamil Dudka - 8.30-15 +- basic support for checking NFSv4 ACLs (#2158747) + +* Mon Aug 01 2022 Kamil Dudka - 8.30-14 +- prevent unexpand from failing on control characters (#2112870) + +* Tue Mar 01 2022 Kamil Dudka - 8.30-13 +- ls, stat: avoid triggering automounts (#2044981) +- make `df --direct` work again (#2058686) +- doc: improve description of the --kibibytes option of ls (#1527391) + * Wed Jul 07 2021 Kamil Dudka - 8.30-12 - df: fix duplicated remote entries due to bind mounts (#1962515) diff --git a/dist b/dist new file mode 100644 index 0000000000000000000000000000000000000000..9c0e36ec42a2d9bfefacb21ac6354c9ddd910533 --- /dev/null +++ b/dist @@ -0,0 +1 @@ +an8 diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..81739880f6e0572678e312dc7ed956a5ac68e9f4 --- /dev/null +++ b/download @@ -0,0 +1 @@ +ab06d68949758971fe744db66b572816 coreutils-8.30.tar.xz