diff --git a/backport-cksum-escape-filenames-with-a-leading-in-check-statu.patch b/backport-cksum-escape-filenames-with-a-leading-in-check-statu.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0c9f5fe6f0676ef7909ab2342c8139c9d1cfebf --- /dev/null +++ b/backport-cksum-escape-filenames-with-a-leading-in-check-statu.patch @@ -0,0 +1,108 @@ +From 86614ba1c2854d3209086db3788124f6cd07a9ff Mon Sep 17 00:00:00 2001 +From: Pádraig Brady +Date: Wed, 20 Aug 2025 16:24:56 +0800 +Subject: [PATCH] cksum: escape filenames with a leading '\' in --check status + +* src/digest.c (digest_check): Also escape in the case that the +file name contains '\'. +* tests/cksum/md5sum-bsd.sh: Add a test case. +* doc/coreutils.texi (md5um invocation): Clarify escaping operation. +* NEWS: Mention the bug fix. +Fixes https://bugs.gnu.org/64392 +--- + NEWS | 5 +++++ + doc/coreutils.texi | 6 ++++-- + src/digest.c | 23 ++++++++++++++--------- + 3 files changed, 23 insertions(+), 11 deletions(-) + +diff --git a/NEWS b/NEWS +index 2d3ab11..e7a1d1c 100644 +--- a/NEWS ++++ b/NEWS +@@ -3,6 +3,11 @@ GNU coreutils NEWS -*- outline -*- + * Noteworthy changes in release 9.0 (2021-09-24) [stable] + + ** Bug fixes ++ 'cksum --check' now ensures filenames with a leading backslash character ++ are escaped appropriately in the status output. ++ This also applies to the standalone checksumming utilities. ++ [bug introduced in coreutils-8.25] ++ + tac now handles short reads on its input. Previously it may have exited + erroneously, especially with large input files with no separators. + [This bug was present in "the beginning".] +diff --git a/doc/coreutils.texi b/doc/coreutils.texi +index ceefce9..13beb3f 100644 +--- a/doc/coreutils.texi ++++ b/doc/coreutils.texi +@@ -4074,6 +4074,8 @@ Without @option{--zero}, if @var{file} contains a backslash, newline, + or carriage return, the line is started with a backslash, and each + problematic character in the file name is escaped with a backslash, + making the output unambiguous even in the presence of arbitrary file names. ++Since the backslash character itself is escaped, any other backslash ++escape sequences are reserved for future use. + + If @var{file} is omitted or specified as @samp{-}, standard input is read. + +@@ -4165,8 +4167,8 @@ indicating there was a failure. + @cindex BSD output + Output BSD style checksums, which indicate the checksum algorithm used. + As a GNU extension, if @option{--zero} is not used, file names with problematic +-characters are escaped as described above, with the same escaping indicator of +-@samp{\} at the start of the line, being used. ++characters are escaped as described above, using the same escaping indicator of ++@samp{\} at the start of the line, as used with the other output format. + The @option{--tag} option implies binary mode, and is disallowed with + @option{--text} mode as supporting that would unnecessarily complicate + the output format, while providing little benefit. +diff --git a/src/digest.c b/src/digest.c +index 84e2a6b..123eda7 100644 +--- a/src/digest.c ++++ b/src/digest.c +@@ -542,6 +542,16 @@ or equivalent standalone program.\ + exit (status); + } + ++/* Given a string S, return TRUE if it contains problematic characters ++ that need escaping. Note we escape '\' itself to provide some forward ++ compat to introduce escaping of other characters. */ ++ ++static bool ++problematic_chars (char const *s) ++{ ++ return strchr (s, '\\') || strchr (s, '\n') || strchr (s, '\r'); ++} ++ + #define ISWHITE(c) ((c) == ' ' || (c) == '\t') + + /* Given a file name, S of length S_LEN, that is not NUL-terminated, +@@ -972,12 +982,9 @@ output_file (char const *file, int binary_file, void const *digest, + { + unsigned char const *bin_buffer = digest; + +- /* Output a leading backslash if the file name contains problematic chars. +- Note we escape '\' itself to provide some forward compat to introduce +- escaping of other characters. */ +- bool needs_escape = delim == '\n' && (strchr (file, '\\') +- || strchr (file, '\n') +- || strchr (file, '\r')); ++ /* Output a leading backslash if the file name contains problematic chars. */ ++ bool needs_escape = delim == '\n' && problematic_chars (file); ++ + if (needs_escape) + putchar ('\\'); + +@@ -1112,9 +1119,7 @@ digest_check (char const *checkfile_name) + 'c', 'd', 'e', 'f' }; + bool ok; + bool missing; +- /* Only escape in the edge case producing multiple lines, +- to ease automatic processing of status output. */ +- bool needs_escape = ! status_only && strchr (filename, '\n'); ++ bool needs_escape = ! status_only && problematic_chars (filename); + + properly_formatted_lines = true; + +-- +2.43.0 + diff --git a/coreutils.spec b/coreutils.spec index b44f458d316114e274a81b77bf3312f991299846..ee972182a41920d4ab487533f6d8c73743b2cd43 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,6 +1,6 @@ Name: coreutils Version: 9.0 -Release: 21 +Release: 22 License: GPLv3+ Summary: A set of basic GNU tools commonly used in shell scripts Url: https://www.gnu.org/software/coreutils/ @@ -67,6 +67,7 @@ Patch52: backport-CVE-2025-5278.patch Patch53: backport-dd-fix-error-detection-with-nocache-flag.patch Patch54: backport-tests-dd-ensure-posix_fadvise-errors-are-handled.patch Patch55: backport-timeout-ensure-infinitesimal-timeouts-timeout-quickl.patch +Patch56: backport-cksum-escape-filenames-with-a-leading-in-check-statu.patch Patch9001: coreutils-9.0-sw.patch @@ -195,6 +196,9 @@ fi %{_mandir}/man*/* %changelog +* Thu Aug 21 2025 cenhuilin - 9.0-22 +- cksum: escape filenames with a leading '\' in --check status + * Thu Aug 21 2025 yanglongkang - 9.0-21 - sync patches from community