diff --git a/backport-cksum-consistently-validate-length-attributes.patch b/backport-cksum-consistently-validate-length-attributes.patch new file mode 100644 index 0000000000000000000000000000000000000000..5f337342a859473394204ccd0d471d73be201951 --- /dev/null +++ b/backport-cksum-consistently-validate-length-attributes.patch @@ -0,0 +1,64 @@ +From fea833591ba787b1232d13ac4b985bea1e7601de Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?P=C3=A1draig=20Brady?= +Date: Mon, 4 Mar 2024 16:33:23 +0000 +Subject: [PATCH] cksum: consistently validate --length attributes + +* src/digest.c (main): Only validate the last used --length +for being a multiple of 8. +* tests/cksum/b2sum.sh: Add a test case. +Fixes https://bugs.gnu.org/69546 + +Reference:https://github.com/coreutils/coreutils/commit/fea833591ba787b1232d13ac4b985bea1e7601de +Conflict:NA + +--- + src/digest.c | 10 +++++----- + tests/cksum/b2sum.sh | 4 ++++ + 2 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/digest.c b/src/digest.c +index 0d82eb6b4..96b811b6c 100644 +--- a/src/digest.c ++++ b/src/digest.c +@@ -1397,11 +1397,6 @@ main (int argc, char **argv) + digest_length = xdectoumax (optarg, 0, UINTMAX_MAX, "", + _("invalid length"), 0); + digest_length_str = optarg; +- if (digest_length % 8 != 0) +- { +- error (0, 0, _("invalid length: %s"), quote (digest_length_str)); +- error (EXIT_FAILURE, 0, _("length is not a multiple of 8")); +- } + break; + #endif + #if !HASH_ALGO_SUM +@@ -1476,6 +1471,11 @@ main (int argc, char **argv) + error (EXIT_FAILURE, 0, + _("--length is only supported with --algorithm=blake2b")); + # endif ++ if (digest_length % 8 != 0) ++ { ++ error (0, 0, _("invalid length: %s"), quote (digest_length_str)); ++ error (EXIT_FAILURE, 0, _("length is not a multiple of 8")); ++ } + if (digest_length > BLAKE2B_MAX_LEN * 8) + { + error (0, 0, _("invalid length: %s"), quote (digest_length_str)); +diff --git a/tests/cksum/b2sum.sh b/tests/cksum/b2sum.sh +index cc480a478..43a62d2fb 100755 +--- a/tests/cksum/b2sum.sh ++++ b/tests/cksum/b2sum.sh +@@ -65,6 +65,10 @@ returns_ 1 $prog -c crash.check || fail=1 + printf '0A0BA0' > overflow.check || framework_failure_ + returns_ 1 $prog -c overflow.check || fail=1 + ++# This would fail before coreutil-9.4 ++# Only validate the last specified, used length ++$prog -l 123 -l 128 /dev/null || fail=1 ++ + done + + Exit $fail +-- +2.43.0 + diff --git a/backport-head-off_t-not-uintmax_t-for-file-offset.patch b/backport-head-off_t-not-uintmax_t-for-file-offset.patch new file mode 100644 index 0000000000000000000000000000000000000000..421a129d559c3e57bbf64118013f10b67db7f7da --- /dev/null +++ b/backport-head-off_t-not-uintmax_t-for-file-offset.patch @@ -0,0 +1,28 @@ +From 0f9e2719e0dd2366f0381daa832f9415f3162af2 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sat, 10 Aug 2024 18:55:09 -0700 +Subject: [PATCH] head: off_t not uintmax_t for file offset + +* src/head.c (elide_tail_lines_pipe): +Use off_t, not uintmax_t, for a local var that is +a file offset. +--- + src/head.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/head.c b/src/head.c +index 2795ae486..a9155c24c 100644 +--- a/src/head.c ++++ b/src/head.c +@@ -504,7 +504,7 @@ elide_tail_lines_pipe (char const *filename, int fd, uintmax_t n_elide, + size_t nlines; + struct linebuffer *next; + }; +- uintmax_t desired_pos = current_pos; ++ off_t desired_pos = current_pos; + typedef struct linebuffer LBUFFER; + LBUFFER *first, *last, *tmp; + size_t total_lines = 0; /* Total number of newlines in all buffers. */ +-- +2.43.0 + diff --git a/backport-maint-basenc-consistently-check-buffer-bounds-when-e.patch b/backport-maint-basenc-consistently-check-buffer-bounds-when-e.patch new file mode 100644 index 0000000000000000000000000000000000000000..5aabf9f032b20375d9950b30b794e3c474df8f0a --- /dev/null +++ b/backport-maint-basenc-consistently-check-buffer-bounds-when-e.patch @@ -0,0 +1,74 @@ +From a46f34bb56d545369a6b1321c2d78ac08b676c06 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?P=C3=A1draig=20Brady?= +Date: Tue, 19 Mar 2024 15:55:18 +0000 +Subject: [PATCH] maint: basenc: consistently check buffer bounds when encoding + +* src/basenc.c (base16_encode, base2msbf_encode, base2lsbf_encode): +Ensure we don't overflow the output buffer, whose length is +passed in the OUTLEN parameter. This issue was flagged by clang +with -Wunused-but-set-parameter. + +Reference:https://github.com/coreutils/coreutils/commit/a46f34bb56d545369a6b1321c2d78ac08b676c06 +Conflict:Adapt to context. + +--- + src/basenc.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/basenc.c b/src/basenc.c +index f4ca872..a3f89da 100644 +--- a/src/basenc.c ++++ b/src/basenc.c +@@ -508,12 +508,14 @@ static void + base16_encode (char const *restrict in, idx_t inlen, + char *restrict out, idx_t outlen) + { +- while (inlen--) ++ while (inlen && outlen) + { + unsigned char c = *in; + *out++ = base16[c >> 4]; + *out++ = base16[c & 0x0F]; + ++in; ++ inlen--; ++ outlen -= 2; + } + } + +@@ -784,7 +786,7 @@ inline static void + base2msbf_encode (char const *restrict in, idx_t inlen, + char *restrict out, idx_t outlen) + { +- while (inlen--) ++ while (inlen && outlen) + { + unsigned char c = *in; + for (int i = 0; i < 8; i++) +@@ -792,6 +794,7 @@ base2msbf_encode (char const *restrict in, idx_t inlen, + *out++ = c & 0x80 ? '1' : '0'; + c <<= 1; + } ++ inlen--; + outlen -= 8; + ++in; + } +@@ -801,7 +804,7 @@ inline static void + base2lsbf_encode (char const *restrict in, idx_t inlen, + char *restrict out, idx_t outlen) + { +- while (inlen--) ++ while (inlen && outlen) + { + unsigned char c = *in; + for (int i = 0; i < 8; i++) +@@ -809,6 +812,7 @@ base2lsbf_encode (char const *restrict in, idx_t inlen, + *out++ = c & 0x01 ? '1' : '0'; + c >>= 1; + } ++ inlen--; + outlen -= 8; + ++in; + } +-- +2.33.0 + diff --git a/backport-pinky-fix-string-size-calculation.patch b/backport-pinky-fix-string-size-calculation.patch new file mode 100644 index 0000000000000000000000000000000000000000..219363e25f3e70f253e861db4d4c5cd791d5cc5d --- /dev/null +++ b/backport-pinky-fix-string-size-calculation.patch @@ -0,0 +1,66 @@ +From 3e0d7787e67d4f732298d99eee772fc2631ddfb8 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sat, 11 Nov 2023 00:17:11 -0800 +Subject: [PATCH] pinky: fix string size calculation + +* src/pinky.c (count_ampersands): Simplify and return idx_t. +(create_fullname): Compute proper destination string size, +basically, by adding (ulen - 1) * ampersands rather than ulen * +(ampersands - 1). Problem found on CHERI-64. + +Reference:https://github.com/coreutils/coreutils/commit/3e0d7787e67d4f732298d99eee772fc2631ddfb8 +Conflict:NA + +--- + src/pinky.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/pinky.c b/src/pinky.c +index 8c872b2fe..82b2d842e 100644 +--- a/src/pinky.c ++++ b/src/pinky.c +@@ -82,15 +82,12 @@ static struct option const longopts[] = + /* Count and return the number of ampersands in STR. */ + + ATTRIBUTE_PURE +-static size_t ++static idx_t + count_ampersands (char const *str) + { +- size_t count = 0; +- do +- { +- if (*str == '&') +- count++; +- } while (*str++); ++ idx_t count = 0; ++ for (; *str; str++) ++ count += *str == '&'; + return count; + } + +@@ -103,16 +100,16 @@ count_ampersands (char const *str) + static char * + create_fullname (char const *gecos_name, char const *user_name) + { +- size_t rsize = strlen (gecos_name) + 1; ++ idx_t rsize = strlen (gecos_name) + 1; + char *result; + char *r; +- size_t ampersands = count_ampersands (gecos_name); ++ idx_t ampersands = count_ampersands (gecos_name); + + if (ampersands != 0) + { +- size_t ulen = strlen (user_name); +- size_t product; +- if (ckd_mul (&product, ulen, ampersands - 1) ++ idx_t ulen = strlen (user_name); ++ ptrdiff_t product; ++ if (ckd_mul (&product, ulen - 1, ampersands) + || ckd_add (&rsize, rsize, product)) + xalloc_die (); + } +-- +2.43.0 + diff --git a/backport-putenv-Don-t-crash-upon-out-of-memory.patch b/backport-putenv-Don-t-crash-upon-out-of-memory.patch new file mode 100644 index 0000000000000000000000000000000000000000..13d132ea41b1d1a1e7f3606aafcdf87ad48f9c14 --- /dev/null +++ b/backport-putenv-Don-t-crash-upon-out-of-memory.patch @@ -0,0 +1,30 @@ +From adb76c754290c328a88438af89e491ece7e6a9c5 Mon Sep 17 00:00:00 2001 +From: Bruno Haible +Date: Thu, 6 Jun 2024 02:24:44 +0200 +Subject: [PATCH] putenv: Don't crash upon out-of-memory. + +* lib/putenv.c (_unsetenv): Handle malloc failure. + +Reference:https://github.com/coreutils/gnulib/commit/adb76c754290c328a88438af89e491ece7e6a9c5 +Conflict:delete ChangeLog + +--- + lib/putenv.c | 2 ++ + 1 files changed, 2 insertions(+) + +diff --git a/lib/putenv.c b/lib/putenv.c +index 525d12ae..1d70717e 100644 +--- a/lib/putenv.c ++++ b/lib/putenv.c +@@ -92,6 +92,8 @@ _unsetenv (const char *name) + { + int putenv_result; + char *name_ = malloc (len + 2); ++ if (name_ == NULL) ++ return -1; + memcpy (name_, name, len); + name_[len] = '='; + name_[len + 1] = 0; +-- +2.43.0 + diff --git a/backport-shuf-avoid-integer-overflow-on-huge-inputs.patch b/backport-shuf-avoid-integer-overflow-on-huge-inputs.patch new file mode 100644 index 0000000000000000000000000000000000000000..7d02db5a9697788261c43def876cac5817a4e880 --- /dev/null +++ b/backport-shuf-avoid-integer-overflow-on-huge-inputs.patch @@ -0,0 +1,52 @@ +From 1ea7255f8b0661cdfabbd13f8f443f81665a07e0 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sat, 3 Aug 2024 22:59:12 -0700 +Subject: [PATCH] shuf: avoid integer overflow on huge inputs + +* gl/lib/randperm.c: Include . +(randperm_bound): Return SIZE_MAX if the multiplication overflows. +Do not overflow when converting bit count to byte count. + +Reference:https://github.com/coreutils/coreutils/commit/1ea7255f8b0661cdfabbd13f8f443f81665a07e0 +Conflict:change gl/lib/randperm.c to lib/randperm.c; Adaptation to floor_lg() + +--- + gl/lib/randperm.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/randperm.c b/lib/randperm.c +index 50328cd9a..14a304524 100644 +--- a/lib/randperm.c ++++ b/lib/randperm.c +@@ -23,6 +23,7 @@ + + #include + #include ++#include + #include + + #include "attribute.h" + +@@ -39,13 +40,15 @@ randperm_bound (size_t h, size_t n) + { + /* Upper bound on number of bits needed to generate the first number + of the permutation. */ +- uintmax_t lg_n = floor_lg (n) + 1; ++ unsigned int lg_n = floor_lg (n) + 1; + +- /* Upper bound on number of bits needed to generated the first H elements. */ +- uintmax_t ar = lg_n * h; ++ /* Upper bound on number of bits needed to generate the first H elements. */ ++ uintmax_t ar; ++ if (ckd_mul (&ar, lg_n, h)) ++ return SIZE_MAX; + + /* Convert the bit count to a byte count. */ +- size_t bound = (ar + CHAR_BIT - 1) / CHAR_BIT; ++ size_t bound = ar / CHAR_BIT + (ar % CHAR_BIT != 0); + + return bound; + } +-- +2.43.0 + diff --git a/backport-shuf-fix-randomness-bug.patch b/backport-shuf-fix-randomness-bug.patch new file mode 100644 index 0000000000000000000000000000000000000000..565666ba7b0852fa89b692605be6d6b2e978e22c --- /dev/null +++ b/backport-shuf-fix-randomness-bug.patch @@ -0,0 +1,40 @@ +From bfbb3ec7f798b179d7fa7b42673e068b18048899 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sat, 3 Aug 2024 22:31:20 -0700 +Subject: [PATCH] shuf: fix randomness bug + +Problem reported by Daniel Carpenter . +* gl/lib/randread.c (randread_new): Fill the ISAAC buffer +instead of storing at most BYTES_BOUND bytes into it. +--- + gl/lib/randread.c | 12 +++++++++++- + 1 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/lib/randread.c b/lib/randread.c +index cbee224bb..43c0cf09f 100644 +--- a/lib/randread.c ++++ b/lib/randread.c +@@ -189,9 +189,19 @@ randread_new (char const *name, size_t bytes_bound) + setvbuf (source, s->buf.c, _IOFBF, MIN (sizeof s->buf.c, bytes_bound)); + else + { ++ /* Fill the ISAAC buffer. Although it is tempting to read at ++ most BYTES_BOUND bytes, this is incorrect for two reasons. ++ First, BYTES_BOUND is just an estimate. ++ Second, even if the estimate is correct ++ ISAAC64 poorly randomizes when BYTES_BOUND is small ++ and just the first few bytes of s->buf.isaac.state.m ++ are random while the other bytes are all zero. See: ++ Aumasson J-P. On the pseudo-random generator ISAAC. ++ Cryptology ePrint Archive. 2006;438. ++ . */ + s->buf.isaac.buffered = 0; + if (! get_nonce (s->buf.isaac.state.m, +- MIN (sizeof s->buf.isaac.state.m, bytes_bound))) ++ sizeof s->buf.isaac.state.m)) + { + int e = errno; + randread_free_body (s); +-- +2.43.0 + diff --git a/backport-timeout-fix-narrow-race-in-failing-to-kill-processes.patch b/backport-timeout-fix-narrow-race-in-failing-to-kill-processes.patch new file mode 100644 index 0000000000000000000000000000000000000000..cbbaa87d211175d69a137b804cb037adfc9ee638 --- /dev/null +++ b/backport-timeout-fix-narrow-race-in-failing-to-kill-processes.patch @@ -0,0 +1,90 @@ +From ab4ffc85039f7398dde2ec4b307dfb2aa0fcf4f8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?P=C3=A1draig=20Brady?= +Date: Mon, 11 Mar 2024 13:46:24 +0000 +Subject: [PATCH] timeout: fix narrow race in failing to kill processes + +* src/timeout.c (main): Block cleanup signals earlier so that cleanup() +is not runnable until monitored_pid is in a deterministic state. +This ensures we always send a termination signal to the child +once it's forked. +* NEWS: Mention the bug fix. +Reported at https://github.com/coreutils/coreutils/issues/82 + +Reference:https://github.com/coreutils/coreutils/commit/ab4ffc85039f7398dde2ec4b307dfb2aa0fcf4f8 +Conflict:Delete NEWS. + +--- + src/timeout.c | 32 +++++++++++++++++++++----------- + 2 files changed, 21 insertions(+), 11 deletions(-) + +diff --git a/src/timeout.c b/src/timeout.c +index 9aa46a4f5..68d872b12 100644 +--- a/src/timeout.c ++++ b/src/timeout.c +@@ -248,7 +248,7 @@ cleanup (int sig) + { /* were in the parent, so let it continue to exit below. */ + } + else /* monitored_pid == 0 */ +- { /* we're the child or the child is not exec'd yet. */ ++ { /* parent hasn't forked yet, or child has not exec'd yet. */ + _exit (128 + sig); + } + } +@@ -537,14 +537,29 @@ main (int argc, char **argv) + signal (SIGTTOU, SIG_IGN); /* Don't stop if background child needs tty. */ + install_sigchld (); /* Interrupt sigsuspend() when child exits. */ + ++ /* We configure timers so that SIGALRM is sent on expiry. ++ Therefore ensure we don't inherit a mask blocking SIGALRM. */ ++ unblock_signal (SIGALRM); ++ ++ /* Block signals now, so monitored_pid is deterministic in cleanup(). */ ++ sigset_t orig_set; ++ block_cleanup_and_chld (term_signal, &orig_set); ++ + monitored_pid = fork (); + if (monitored_pid == -1) + { + error (0, errno, _("fork system call failed")); + return EXIT_CANCELED; + } +- else if (monitored_pid == 0) +- { /* child */ ++ else if (monitored_pid == 0) /* child */ ++ { ++ /* Restore signal mask for child. */ ++ if (sigprocmask (SIG_SETMASK, &orig_set, nullptr) != 0) ++ { ++ error (0, errno, _("child failed to reset signal mask")); ++ return EXIT_CANCELED; ++ } ++ + /* exec doesn't reset SIG_IGN -> SIG_DFL. */ + signal (SIGTTIN, SIG_DFL); + signal (SIGTTOU, SIG_DFL); +@@ -561,19 +576,14 @@ main (int argc, char **argv) + pid_t wait_result; + int status; + +- /* We configure timers so that SIGALRM is sent on expiry. +- Therefore ensure we don't inherit a mask blocking SIGALRM. */ +- unblock_signal (SIGALRM); +- + settimeout (timeout, true); + +- /* Ensure we don't cleanup() after waitpid() reaps the child, ++ /* Note signals remain blocked in parent here, to ensure ++ we don't cleanup() after waitpid() reaps the child, + to avoid sending signals to a possibly different process. */ +- sigset_t cleanup_set; +- block_cleanup_and_chld (term_signal, &cleanup_set); + + while ((wait_result = waitpid (monitored_pid, &status, WNOHANG)) == 0) +- sigsuspend (&cleanup_set); /* Wait with cleanup signals unblocked. */ ++ sigsuspend (&orig_set); /* Wait with cleanup signals unblocked. */ + + if (wait_result < 0) + { +-- +2.43.0 + diff --git a/backport-timeout-fix-race-where-we-might-kill-arbitrary-proce.patch b/backport-timeout-fix-race-where-we-might-kill-arbitrary-proce.patch new file mode 100644 index 0000000000000000000000000000000000000000..206cc89f3da09a84774cd97acab101a506502385 --- /dev/null +++ b/backport-timeout-fix-race-where-we-might-kill-arbitrary-proce.patch @@ -0,0 +1,51 @@ +From c1cf5148a1c6302d27661ff0af772de1e7dbb2b6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?P=C3=A1draig=20Brady?= +Date: Mon, 11 Mar 2024 13:18:37 +0000 +Subject: [PATCH] timeout: fix race where we might kill arbitrary processes + +* src/timeout.c (cleanup): Handle the case where monitored_pid +might be -1, which could happen if a signal was received +immediately after a failed fork() call. In that case it would +send the termination signal to all processes that the timeout +process has permission to send signals too. +* NEWS: Mention the bug fix. + +Reference:https://github.com/coreutils/coreutils/commit/c1cf5148a1c6302d27661ff0af772de1e7dbb2b6 +Conflict:Delete NEWS. + +--- + src/timeout.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/timeout.c b/src/timeout.c +index 6505634..641592c 100644 +--- a/src/timeout.c ++++ b/src/timeout.c +@@ -208,7 +208,7 @@ cleanup (int sig) + timed_out = 1; + sig = term_signal; + } +- if (monitored_pid) ++ if (0 < monitored_pid) + { + if (kill_after) + { +@@ -245,8 +245,13 @@ cleanup (int sig) + } + } + } +- else /* we're the child or the child is not exec'd yet. */ +- _exit (128 + sig); ++ else if (monitored_pid == -1) ++ { /* were in the parent, so let it continue to exit below. */ ++ } ++ else /* monitored_pid == 0 */ ++ { /* we're the child or the child is not exec'd yet. */ ++ _exit (128 + sig); ++ } + } + + void +-- +2.33.0 + diff --git a/coreutils.spec b/coreutils.spec index 1ace8e274302aa6079e229ed53d86001cc687456..7978c530a16c364d876b62b603da75cbfb0b178f 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,6 +1,6 @@ Name: coreutils Version: 9.4 -Release: 9 +Release: 10 License: GPLv3+ Summary: A set of basic GNU tools commonly used in shell scripts Url: https://www.gnu.org/software/coreutils/ @@ -28,6 +28,15 @@ patch13: backport-sort-don-t-trust-st_size-on-proc-files.patch patch14: backport-cat-don-t-trust-st_size-on-proc-files.patch patch15: backport-dd-don-t-trust-st_size-on-proc-files.patch patch16: backport-split-don-t-trust-st_size-on-proc-files.patch +Patch17: backport-pinky-fix-string-size-calculation.patch +Patch18: backport-cksum-consistently-validate-length-attributes.patch +Patch19: backport-timeout-fix-race-where-we-might-kill-arbitrary-proce.patch +Patch20: backport-timeout-fix-narrow-race-in-failing-to-kill-processes.patch +Patch21: backport-maint-basenc-consistently-check-buffer-bounds-when-e.patch +Patch22: backport-putenv-Don-t-crash-upon-out-of-memory.patch +Patch23: backport-head-off_t-not-uintmax_t-for-file-offset.patch +Patch24: backport-shuf-avoid-integer-overflow-on-huge-inputs.patch +Patch25: backport-shuf-fix-randomness-bug.patch Patch9001: coreutils-9.0-sw.patch @@ -168,6 +177,18 @@ fi %{_mandir}/man*/* %changelog +* Wed Sep 11 2024 huyubiao - 9.4-10 +- sync patches from community +- add backport-pinky-fix-string-size-calculation.patch + backport-cksum-consistently-validate-length-attributes.patch + backport-timeout-fix-race-where-we-might-kill-arbitrary-proce.patch + backport-timeout-fix-narrow-race-in-failing-to-kill-processes.patch + backport-maint-basenc-consistently-check-buffer-bounds-when-e.patch + backport-putenv-Don-t-crash-upon-out-of-memory.patch + backport-head-off_t-not-uintmax_t-for-file-offset.patch + backport-shuf-avoid-integer-overflow-on-huge-inputs.patch + backport-shuf-fix-randomness-bug.patch + * Tue Aug 13 2024 huyubiao - 9.4-9 - fix alias sm3sum not working on bash delete redundant backport-chmod-fix-exit-status-when-ignoring-symlinks.patch