Commit Graph

1453 Commits (dd6a8e3fc77bce6a63497fff9f74864fc1ab11a5)

Author SHA1 Message Date
Ariadne Conill 458101e787 pkgconf 1.7.4. 2021-03-18 07:05:03 -06:00
Ariadne Conill dbb6a232e5 path: don't use PATH_MAX, use PKGCONF_ITEM_SIZE * 4 for realpath buffer 2021-03-18 06:56:55 -06:00
Ariadne Conill a4e8cf87ad remove sourcehut CI config 2021-03-18 06:52:55 -06:00
Ariadne Conill 9f6b2ced47 README: use github CI badge 2021-03-18 06:52:31 -06:00
Ariadne Conill 37b596ccda CI: fix alpine autotools CI 2021-03-18 06:49:16 -06:00
Ariadne Conill caaf4861cf CI: fix alpine CI 2021-03-18 06:48:07 -06:00
Ariadne Conill 00cc9a8caf CI: add alpine CI alongside debian CI 2021-03-18 06:46:09 -06:00
Ariadne Conill 599dfcb264 main: extend copyright notice to 2021 2021-03-18 06:42:57 -06:00
Ariadne Conill 402fd9fe1f add funding.yml 2021-03-18 06:38:24 -06:00
Ariadne Conill fd1b8ccca6 main: if PKG_CONFIG_FDO_SYSROOT_RULES is set, or DESTDIR matches PKG_CONFIG_SYSROOT_DIRS, disable the automatic sysroot rewriting
Closes #205.
2021-03-18 06:22:11 -06:00
Ariadne Conill b6c8f6fb0a NEWS: document --static --pure default on Windows (closes #207) 2021-03-18 06:05:48 -06:00
Ariadne Conill 008d706958 libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows 2021-03-18 06:03:47 -06:00
Ariadne Conill f9531ce9fe add support for pkgconf_cross_personality_t.want_default_pure 2021-03-18 06:02:00 -06:00
Ariadne Conill 52d19e1b9e libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered
Fixes #215.
2021-03-18 05:45:41 -06:00
Ariadne Conill 347281ebfe tests: add fragment-comment testcase (ref #215) 2021-03-18 05:39:45 -06:00
Jeff Moguillansky dcf529b83d cli: add environment variable PKG_CONFIG_DONT_DEFINE_PREFIX
On Windows, pkgconf redefines the prefix by default.
This gives the user the option to disable this behavior via an environment variable.
The benefit of an environment variable is the user can change this behavior when
using a build system such as cmake or meson, which may not expose this
parameter to the user.
2021-02-06 14:06:04 -07:00
Ryan Scott ab404bc25b Fix #209
This commit fixes #209 by applying the suggestion from
https://github.com/pkgconf/pkgconf/issues/209#issuecomment-771609136.
2021-02-05 23:57:10 -07:00
Fabian Groffen 13a5d9a5f0 libpkgconf: path: supply buffer to realpath
To avoid a crash on some platforms (like Darwin 9) provide a buffer to
realpath(3).

Darwin 9 (last PPC target) documents realpath needs to be given a buffer
to the resolved_path argument large enough to hold PATH_MAX bytes.
With NULL argument it crashes.  Solaris makes no mention of
resolved_path to be allowed NULL, yet recent versions accept it and
malloc(3) accordingly.

Because the documentation explicitly mentions PATH_MAX being the limit
to what realpath(3) would write in resolved_path, switching to a static
buffer here doesn't limit resolution compared to dynamically allocating
a buffer by realpath(3).

While this change requires a bit more space on the stack, it avoids a
malloc/free sequence, and allows successful operation on (older)
platforms that lack support for dynamically allocating a return buffer
in realpath(3).

Signed-off-by: Fabian Groffen <grobian@gentoo.org>
2021-01-08 18:44:40 -05:00
Christoph Reiter 78a77dd497 meson: install README.md/AUTHORS to share/doc/pkgconf
To mirror what the autotools build does.
2020-11-28 19:42:00 -07:00
Christoph Reiter 0526364b85 meson: allow building a static version of libpkgconf
when using library() instead of shared_library() the user can decide
to build a shared or static version, or both. The default is still shared
as before.

This mirrors what the autotools based build sysstem can do.
2020-11-28 19:42:00 -07:00
Christoph Reiter a69bdfa28e meson: generate a .pc file for libpkgconf 2020-11-28 19:42:00 -07:00
Christoph Reiter de8fc9e438 meson: install headers into pkgconf/libpkgconf instead of just libpkgconf
To mirror what the autotools build does
2020-11-28 19:42:00 -07:00
Christoph Reiter 869f2a84d6 pkgconf_pkg_parser_version_func: fix whitespace detection
In case the version string has no whitespace then strcspn() returns
strlen() of the input, so whitespace is only found if len != strlen.

This fixes invalid warnings when parsing version fields.
2020-11-28 19:17:03 -07:00
Christoph Reiter b218cae5a9 Add CI for debian+meson/autotools
Builds and runs tests. Using Debian testing since the test framework
is only in testing right now.
2020-11-23 10:31:52 -07:00
Christoph Reiter 24589cddb0 Add basic CI for mingw-w64 32/64 bit
This only builds things with meson and no tests are run.
2020-11-23 04:13:05 -07:00
Ariadne Conill f418b997e5 configure: shift issue tracking back to github 2020-11-21 10:00:41 -07:00
orbea bd960e9d05 man: Silence pkgconf-personality.5 warning.
man: ./pkgconf-personality.5:97:2: WARNING: unusual Xr order: pc(5) after pkg.m4(7)
2020-08-09 20:22:14 -06:00
Ariadne Conill 1eeb4ee5c2 start NEWS for 1.7.4 2020-06-11 18:03:42 -06:00
Ariadne Conill 2a8bebf289 libpkgconf: path: rewrite DOS paths in non-cygwin case too 2020-06-11 18:00:56 -06:00
Tobias Stoeckmann 262a0c964f man: pkgconf: fixed typo
Fixed typo in it's vs its.
2020-06-10 00:20:36 -06:00
Tobias Stoeckmann f818a69b3d libpkgconf: pkg: fix out ouf boundary access
If a file with a matching "uninstalled" name exists but cannot be
parsed, an invalid memory area is accessed.

How to reproduce:
$ touch poc-uninstalled.pc
$ PKG_CONFIG_PATH=. pkgconf poc
2020-06-10 00:20:36 -06:00
Ariadne Conill ef135d819c meson: remove some autotools cruft 2020-06-02 18:58:00 -06:00
Ariadne Conill aca0674837 pkgconf 1.7.3. 2020-05-30 19:20:25 -06:00
Ariadne Conill 40726b14ac update NEWS 2020-05-30 19:20:25 -06:00
Ariadne Conill 354c87279b libpkgconf: tuple: fix truncation when no overflow occurs 2020-05-30 19:20:25 -06:00
Tobias Stoeckmann 5eb9cae009 libpkgconf: tuple: fix out of boundary write
This is the same issue which has been fixed in dependency code.

If a line contains a variable which is longer than PKGCONF_ITEM_SIZE,
then the varname buffer overflows.

The code itself still does not check if a closing } exists and
truncates variable names which are too long. Since these would
be functional changes and this commit is about a protection against
undefined behaviour on a language level, these changes are not
included.

Proof of concept:
$ echo "Description: poc" > poc.pc
$ echo "Version: 1" >> poc.pc
$ echo -n 'Name: ${'
$ dd if=/dev/zero bs=1 count=66535 | tr '\0' 'x' >> poc.pc
$ echo >> poc.pc
$ pkgconf poc.pc

On my Linux system, when compiled with gcc, the varname buffer overflows
directly into buf, which means that no crash can be notified.

It's easiest to figure out when adding strlen() and sizeof() output
as debug lines.
2020-05-30 19:09:24 -06:00
Tobias Stoeckmann 100bc605de libpkgconf: fragment: fix out of boundary write
fragment_quote adds quotation to fragments if needed. It allocates a
buffer and grows it as needed.

Unfortunately the dst pointer is not updated after a realloc, which
means that dst still points into the old memory area. Further writing
characters into that area leads to out of boundy writes.

Proof of concept:

$ cat > poc.pc << EOF
Name: poc
Description: poc
Version: 1
CFlags: -Ia
CFlags: -I%%%%%%%%%%%%%%%%%%%%b
CFlags: -I%%%%%%%%%%%%%%%%%%%%c
CFlags: -Id
EOF
$ pkgconf --cflags poc.pc

Most reliable attempt is to compile pkgconf with address sanitizer,
but this file should lead to an abort on a glibc system due to modified
chunk pointers (tested with Linux on amd64).

But since this is undefined behaviour, it depends on system details.
2020-05-30 19:05:53 -06:00
Ariadne Conill 7bd08a51bf update NEWS 2020-05-30 12:43:08 -06:00
Tobias Stoeckmann dc04193c48 libpkgconf: fragment: fix out of boundary read
Parsing a fragment which consists only of a single dash leads to
an out of boundary read. It duplicates the following entry which
is not expected behaviour if another fragment follows.

Proof of concept:

$ cat > poc.pc << "EOF"
Name: poc
Description: poc
Version: 1
Cflags: - -I/somewhere
EOF
$ PKG_CONFIG_PATH=. pkgconf --cflags poc
-I/somewhere -I/somewhere

If - is the last entry, it leads to an out of boundary read, which is
easy to see if pkgconf is compiled with address sanitizer.
2020-05-30 12:43:08 -06:00
Vincent Torri 42b355310f fix missing backslashes in paths on Windows
According to

https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file

backslashes (with slashes) are a path separator, hence must no be
considered as an escape code.

The first fix, in argvsplit.c, disables this. But because of fragment_quote(),
the backslashes are doubled. Hence the second fix in fragment.c

With this pc file :

prefix=C:/Documents/msys2/opt/efl_64
libdir=${prefix}/lib
includedir=${prefix}/include

Name: eina
Description: efl: eina
Version: 1.24.99
Requires.private: iconv
Libs: -L${libdir} -leina -pthread -levil
Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm
Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1
-I${includedir}/eina-1/eina -pthread

pkgconf.exe --cflags eina

returns :

-IC:\Documents\msys2\opt\efl_64/include/eina-1
-IC:\Documents\msys2\opt\efl_64/include/efl-1
-IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread
-DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include
2020-05-30 12:39:43 -06:00
Ariadne Conill e3e89926b5 start NEWS for 1.7.3 2020-05-26 14:04:34 -06:00
Tobias Stoeckmann fb9acedcad libpkgconf: dependency: fix out of boundary write
It is possible to trigger an out of boundary write in function
pkgconf_dependency_parse_str if a dependency line contains a very
long comparator. The comparator is stored in a temporary buffer which
has a size of PKGCONF_ITEM_SIZE.

The line which is parsed can be up to PKGCONF_BUFSIZE characters long,
which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX).

Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore
leads to an out of boundary write. Although it is undefined behaviour,
this can lead to an overridden compare variable, which in turn can lead
to an invalid instruction pointer, i.e. most likely a crash or code
execution (very unlikely).

Proof of concept:

$ echo "Requires: x " > poc.pc
$ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc
$ pkgconf poc.pc

Eiter compile pkgconf with address sanitizer or run pkgconf multiple
times, eventually it might crash (assuming that ASLR is in place).

In order to fix this, I decided to use an end pointer to avoid OOB write.
Alternative would be to increase the buffer size, but I try to avoid that
since this would be additional ~60 KB stack space for a very unlikely
situation.
2020-05-26 14:03:55 -06:00
Ariadne Conill c6b93941a0 pkgconf 1.7.2. 2020-05-26 13:46:20 -06:00
Ariadne Conill c613eb5cce libpkgconf: pkg: use a second pointer for demunging windows paths 2020-05-26 13:42:39 -06:00
Ariadne Conill 92b09aef9a pkgconf 1.7.1. 2020-05-26 11:06:35 -06:00
Ariadne Conill e70b536ea3 libpkgconf: pkg: when generating a search path, use the correct path separator
Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.
2020-05-26 11:01:46 -06:00
Ariadne Conill 47466470d2 main: extend copyright statement to 2020 in --about 2020-05-26 10:57:51 -06:00
Ariadne Conill ee1fe1a70a update NEWS for 1.7.1 changes so far 2020-05-26 07:49:15 -06:00
Ariadne Conill 0253fddc1d libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows.
Windows allows both \ and / as valid path characters.  A computed path
such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed
pkgconf_pkg_t.id of "pkgconfig/foo".

Accordingly, correct the path normalization for checking for / after
the \ path has been dealt with in all cases.
2020-05-26 07:41:16 -06:00
Neal Gompa be6b382dde Makefile.am: Add remaining Meson files to be included in dist tarballs
The tarballs produced by 'make distcheck' did not include all files
required for using Meson because they were not all enumerated in
EXTRA_DIST.

This change adds the remaining Meson files to the tarball.
2020-05-25 05:59:35 -06:00