Commit Graph

1294 Commits (71974d8c54852c6afd21e20aabe90916c2d9d60f)

Author SHA1 Message Date
Ariadne Conill 382a89c173 pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case 2020-05-24 14:18:16 -06:00
Tobias Stoeckmann 92745ad9cb libpkgconf: parser: fix out of boundary access
It is possible to trigger an out of boundary access with specially
crafted files. If a line consist of only a key and spaces, then
op will point to '\0'-ending of the buffer. Since p is iterated by
one byte right past this ending '\0', the next read access to p is
effectively out of bounds.

Theoretically this can also lead to out of boundary writes if spaces
are encountered.

Proof of concept (I recommend to compile with address sanitizer):

$ echo -n a > poc.pc
$ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc
$ pkgconf poc.pc
2020-05-24 14:10:18 -06:00
Tobias Stoeckmann bd4ed1ca02 libpkgconf: fileio: prevent buffer overflow.
pkgconf_fgetline is called with a user-defined buffer, its size, and
a FILE stream to read input from.

If the buffer is almost completely filled and the file stream contains
an escaped character, then it is possible to trigger an off-by-one
buffer overflow with a '\0' character.

Easiest example to trigger this:

char buf[2];
pkgconf_fgetline(buf, sizeof(buf), stdin);

Enter "\\" (two backslashes) and press enter. If the library and the
program are compiled with address sanitizer, you will see the program
crashing. Otherwise it depends on your architecture what happens.

Since nobody should be using a buffer of only size 1 or 2, keep enough
space for a possibly escaped character in while loop by subtracting one
more byte for this situation, not just for '\0'.
2020-05-24 14:09:44 -06:00
Ariadne Conill 62bbd3b664 cli: remove --version to --modversion remapping
This has been a source of frequent complaints, so we drop it.
Resolves: https://todo.sr.ht/~kaniini/pkgconf/6
2020-01-21 10:32:36 -06:00
Ariadne Conill 48dc665ae3 personality: add support for WantDefaultStatic setting 2019-10-19 00:56:17 -05:00
Ariadne Conill 40fe48355b cli: main: add --shared option 2019-10-19 00:46:32 -05:00
Ariadne Conill f1ce393632 fix pkgconf-personality man page 2019-09-30 05:22:21 -05:00
Ariadne Conill 2adafc2729 libpkgconf: personality: return the default personality if loading a personality file failed 2019-08-23 12:48:11 -05:00
Ariadne Conill 19aa93e371 prepare for pkgconf 2.0 development 2019-08-04 15:54:24 -05:00
Nicolas Braud-Santoni 1d8c6b71d6 Fix troff markup in pkgconf-personality(5)
A list was started with .Bl but not ended (with .El)
2019-07-12 09:54:02 -05:00
Nicolas Braud-Santoni db3ba0ef86 Fix spelling in pkg.m4(7) 2019-07-12 09:54:02 -05:00
Ariadne Conill af1fbf9820 builds: add fedora meson build 2019-07-12 08:57:25 -05:00
Ariadne Conill 3f178f71d7 builds: add fedora rawhide build 2019-07-12 08:50:23 -05:00
Ariadne Conill f3e1073f96 build: include meson build files in generated tarballs 2019-07-12 08:31:21 -05:00
Ariadne Conill d351e6ae59 Revert "tests: remove some no longer relevant bitrot in the test environment file"
This reverts commit 107ad34f8f.

Breaks autoconf.
2019-07-12 08:23:36 -05:00
Ariadne Conill 061627f091 meson: bump required version to 0.47 for copy directive 2019-07-12 08:20:05 -05:00
Ariadne Conill 107ad34f8f tests: remove some no longer relevant bitrot in the test environment file 2019-07-12 08:19:19 -05:00
Ariadne Conill c862e030cf pkgconf 1.6.3. 2019-07-12 06:53:37 -05:00
Ariadne Conill 5f3aa3a8d2 cli: bump copyright notice to 2019 2019-07-12 06:53:25 -05:00
Ariadne Conill 286e354785 update NEWS for 1.6.3. 2019-07-12 06:46:29 -05:00
Ariadne Conill 3740bfb6d7 tests: add test for malformed versions generating a diagnostic with --validate 2019-07-12 06:42:08 -05:00
Ariadne Conill a91e0bf215 tests: explicitly test --print-provides with malformed versions 2019-07-12 06:37:46 -05:00
Ariadne Conill c10f69994b libpkgconf: pkg: generate diagnostic for and trim malformed versions 2019-07-12 06:35:48 -05:00
Ariadne Conill 312b4e51a9 tests: add test for malformed version handling 2019-07-12 06:22:41 -05:00
Ariadne Conill 3783d65784 tests: add malformed-version fixture 2019-07-12 06:15:35 -05:00
Ariadne Conill 6c3356a094 update README [ci skip] 2019-07-12 05:56:35 -05:00
Ariadne Conill 833294f592 builds: add freebsd CI build 2019-07-12 05:52:37 -05:00
Ariadne Conill cab8eddc3a build: remove no longer included CMakeLists files 2019-07-12 05:48:22 -05:00
Ariadne Conill 7a395932f2 drop CMake support 2019-07-12 05:45:16 -05:00
Ariadne Conill c816ce6969 pkgconf 1.6.2. (closes #38, #40, #41) 2019-07-11 03:50:00 -05:00
Ariadne Conill 0a247fa102 man: pkgconf: add --modversion description (closes #34) 2019-07-11 03:43:18 -05:00
Ariadne Conill 7e0b0fadab libpkgconf: path: fix memory leak when deduping paths (closes #39) 2019-07-11 03:43:18 -05:00
Ariadne Conill 03e5d0fd31 update AUTHORS using `git shortlog -e` 2019-07-11 03:30:56 -05:00
Ariadne Conill c7c3ddbfcf add mailmap 2019-07-11 03:27:15 -05:00
kaniini 984dc98438 Merge branch 'lfs-fix' of a_tsoy/pkgconf into master 2019-06-16 05:59:03 +00:00
Alexander Tsoy db9c1e96a1
fix the order of header includes
config.h should be included before stdinc.h, otherwise large file
support is not enabled.

Downstream bug: https://bugs.gentoo.org/687548
2019-06-08 04:55:52 +03:00
William Pitcock ebfcaf5081 normalize include guards. closes #33 2019-05-25 16:00:09 -05:00
kaniini 7460d2870e Merge branch 'fix-msvc-build' of seungha.yang/pkgconf into master 2019-05-18 00:52:09 +00:00
Seungha Yang 5436558eb8 main: Fix build with MSVC
Use pkgconf_strndup() since strndup() might be unavailable
2019-05-11 01:17:32 +09:00
William Pitcock 0ba98da26c lite: remove --simulate 2019-05-06 15:22:11 -05:00
William Pitcock 2d0c1f5cb7 lite: disable debug logging 2019-05-06 15:17:08 -05:00
William Pitcock 43ca536b9f lite: disable some bloat 2019-05-06 15:13:17 -05:00
William Pitcock fb98f5a866 lite: add build system for pkgconf-lite mode 2019-05-06 14:48:38 -05:00
William Pitcock bd6f90a8e6 ci: add freebsd test build 2019-05-04 03:03:24 -05:00
William Pitcock 7a8f96a98c add cmake test build 2019-05-04 02:54:52 -05:00
William Pitcock 8d322b8959 add meson test build 2019-05-04 02:51:32 -05:00
William Pitcock bf1c18a181 add test sr.ht autoconf alpine edge build 2019-05-04 02:47:28 -05:00
William Pitcock be6011222b pkgconf 1.6.1. 2019-03-23 22:38:50 -05:00
William Pitcock 662957ca7d libpkgconf: tuple: tighten quoting logic a bit
closes #12
2019-03-23 22:34:11 -05:00
William Pitcock 3afd14c49e libpkgconf: path: use realpath(3) to deduplicate the search path
closes #24
2019-03-23 22:27:05 -05:00