Compare commits
13 Commits
master
...
stable/1.8
Author | SHA1 | Date |
---|---|---|
Ariadne Conill | 20db9ffcbe | |
Ariadne Conill | 5436648cd4 | |
Ariadne Conill | 66046df940 | |
Ariadne Conill | 81e1785db2 | |
wi24rd | 2b850d2648 | |
Eli Schwartz | c87a6c2ec1 | |
Doug Freed | 1f282295ff | |
Ariadne Conill | e3957c6155 | |
Doug Freed | f58d54e77b | |
Timo Röhling | 2837bbcc4c | |
Ariadne Conill | 0b5f360bce | |
Ariadne Conill | 81cc9b3e6d | |
Ariadne Conill | 4b0264de8b |
|
@ -22,6 +22,7 @@ EXTRA_DIST = pkg.m4 \
|
|||
libpkgconf/win-dirent.h \
|
||||
tests/lib-relocatable/lib/pkgconfig/foo.pc \
|
||||
tests/lib1/argv-parse-2.pc \
|
||||
tests/lib1/billion-laughs.pc \
|
||||
tests/lib1/dos-lineendings.pc \
|
||||
tests/lib1/paren-quoting.pc \
|
||||
tests/lib1/argv-parse-3.pc \
|
||||
|
|
8
NEWS
8
NEWS
|
@ -1,6 +1,14 @@
|
|||
Changes from previous version of pkgconf
|
||||
========================================
|
||||
|
||||
Changes from 1.8.0 to 1.8.1:
|
||||
----------------------------
|
||||
|
||||
* Fix a buffer overflow vulnerability involving very large variable expansions.
|
||||
CVE-2023-24056
|
||||
|
||||
* Fix handling of tildes in version strings.
|
||||
|
||||
Changes from 1.7.4 to 1.8.0:
|
||||
----------------------------
|
||||
|
||||
|
|
|
@ -1039,6 +1039,9 @@ main(int argc, char *argv[])
|
|||
if ((want_flags & PKG_STATIC) == PKG_STATIC || personality->want_default_static)
|
||||
want_client_flags |= (PKGCONF_PKG_PKGF_SEARCH_PRIVATE | PKGCONF_PKG_PKGF_MERGE_PRIVATE_FRAGMENTS);
|
||||
|
||||
if ((want_flags & PKG_EXISTS) == PKG_EXISTS)
|
||||
want_client_flags |= PKGCONF_PKG_PKGF_SEARCH_PRIVATE;
|
||||
|
||||
if ((want_flags & PKG_SHARED) == PKG_SHARED)
|
||||
want_client_flags &= ~(PKGCONF_PKG_PKGF_SEARCH_PRIVATE | PKGCONF_PKG_PKGF_MERGE_PRIVATE_FRAGMENTS);
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ dnl implied. In no event shall the authors be liable for any damages arising
|
|||
dnl from the use of this software.
|
||||
|
||||
AC_PREREQ([2.68])
|
||||
AC_INIT([pkgconf], [1.8.0], [https://github.com/pkgconf/pkgconf/issues/new])
|
||||
AC_INIT([pkgconf], [1.8.1], [https://github.com/pkgconf/pkgconf/issues/new])
|
||||
AC_CONFIG_SRCDIR([cli/main.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"])
|
||||
|
|
|
@ -76,7 +76,7 @@ routines.
|
|||
|
||||
:param char* a: The first version to compare in the pair.
|
||||
:param char* b: The second version to compare in the pair.
|
||||
:return: -1 if the first version is greater, 0 if both versions are equal, 1 if the second version is greater.
|
||||
:return: -1 if the first version is less than, 0 if both versions are equal, 1 if the second version is less than.
|
||||
:rtype: int
|
||||
|
||||
.. c:function:: pkgconf_pkg_t *pkgconf_builtin_pkg_get(const char *name)
|
||||
|
|
|
@ -78,8 +78,8 @@ typedef struct pkgconf_cross_personality_ pkgconf_cross_personality_t;
|
|||
#define PKGCONF_FOREACH_LIST_ENTRY_REVERSE(tail, value) \
|
||||
for ((value) = (tail); (value) != NULL; (value) = (value)->prev)
|
||||
|
||||
#define LIBPKGCONF_VERSION 10700
|
||||
#define LIBPKGCONF_VERSION_STR "1.7.0"
|
||||
#define LIBPKGCONF_VERSION 10801
|
||||
#define LIBPKGCONF_VERSION_STR "1.8.1"
|
||||
|
||||
struct pkgconf_fragment_ {
|
||||
pkgconf_node_t iter;
|
||||
|
|
|
@ -44,10 +44,18 @@ pkgconf_parser_parse(FILE *f, void *data, const pkgconf_parser_operand_func_t *o
|
|||
lineno++;
|
||||
|
||||
p = readbuf;
|
||||
while (*p && isspace((unsigned int)*p))
|
||||
p++;
|
||||
if (*p && p != readbuf)
|
||||
{
|
||||
warnfunc(data, "%s:" SIZE_FMT_SPECIFIER ": warning: whitespace encountered while parsing key section\n",
|
||||
filename, lineno);
|
||||
warned_key_whitespace = true;
|
||||
}
|
||||
key = p;
|
||||
while (*p && (isalpha((unsigned int)*p) || isdigit((unsigned int)*p) || *p == '_' || *p == '.'))
|
||||
p++;
|
||||
|
||||
key = readbuf;
|
||||
if (!isalpha((unsigned int)*key) && !isdigit((unsigned int)*p))
|
||||
continue;
|
||||
|
||||
|
@ -89,7 +97,6 @@ pkgconf_parser_parse(FILE *f, void *data, const pkgconf_parser_operand_func_t *o
|
|||
*p = '\0';
|
||||
p--;
|
||||
}
|
||||
|
||||
if (ops[(unsigned char) op])
|
||||
ops[(unsigned char) op](data, lineno, key, value);
|
||||
}
|
||||
|
|
|
@ -798,7 +798,7 @@ out:
|
|||
*
|
||||
* :param char* a: The first version to compare in the pair.
|
||||
* :param char* b: The second version to compare in the pair.
|
||||
* :return: -1 if the first version is greater, 0 if both versions are equal, 1 if the second version is greater.
|
||||
* :return: -1 if the first version is less than, 0 if both versions are equal, 1 if the second version is less than.
|
||||
* :rtype: int
|
||||
*/
|
||||
int
|
||||
|
@ -813,10 +813,10 @@ pkgconf_compare_version(const char *a, const char *b)
|
|||
|
||||
/* optimization: if version matches then it's the same version. */
|
||||
if (a == NULL)
|
||||
return 1;
|
||||
return -1;
|
||||
|
||||
if (b == NULL)
|
||||
return -1;
|
||||
return 1;
|
||||
|
||||
if (!strcasecmp(a, b))
|
||||
return 0;
|
||||
|
@ -837,9 +837,9 @@ pkgconf_compare_version(const char *a, const char *b)
|
|||
if (*one == '~' || *two == '~')
|
||||
{
|
||||
if (*one != '~')
|
||||
return -1;
|
||||
if (*two != '~')
|
||||
return 1;
|
||||
if (*two != '~')
|
||||
return -1;
|
||||
|
||||
one++;
|
||||
two++;
|
||||
|
|
|
@ -293,12 +293,23 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
|
|||
}
|
||||
}
|
||||
|
||||
PKGCONF_TRACE(client, "lookup tuple %s", varname);
|
||||
|
||||
size_t remain = PKGCONF_BUFSIZE - (bptr - buf);
|
||||
ptr += (pptr - ptr);
|
||||
kv = pkgconf_tuple_find_global(client, varname);
|
||||
if (kv != NULL)
|
||||
{
|
||||
strncpy(bptr, kv, PKGCONF_BUFSIZE - (bptr - buf));
|
||||
bptr += strlen(kv);
|
||||
size_t nlen = pkgconf_strlcpy(bptr, kv, remain);
|
||||
if (nlen > remain)
|
||||
{
|
||||
pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
|
||||
|
||||
bptr = buf + (PKGCONF_BUFSIZE - 1);
|
||||
break;
|
||||
}
|
||||
|
||||
bptr += nlen;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -306,12 +317,21 @@ pkgconf_tuple_parse(const pkgconf_client_t *client, pkgconf_list_t *vars, const
|
|||
|
||||
if (kv != NULL)
|
||||
{
|
||||
size_t nlen;
|
||||
|
||||
parsekv = pkgconf_tuple_parse(client, vars, kv);
|
||||
|
||||
strncpy(bptr, parsekv, PKGCONF_BUFSIZE - (bptr - buf));
|
||||
bptr += strlen(parsekv);
|
||||
|
||||
nlen = pkgconf_strlcpy(bptr, parsekv, remain);
|
||||
free(parsekv);
|
||||
|
||||
if (nlen > remain)
|
||||
{
|
||||
pkgconf_warn(client, "warning: truncating very long variable to 64KB\n");
|
||||
|
||||
bptr = buf + (PKGCONF_BUFSIZE - 1);
|
||||
break;
|
||||
}
|
||||
|
||||
bptr += nlen;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@ Properties are set using RFC822-style stanzas which consist of a keyword, follow
|
|||
by a colon (:) and then the value the property should be set to.
|
||||
Variable substitution is always performed regardless of property type.
|
||||
.Pp
|
||||
There are two types of property:
|
||||
There are three types of property:
|
||||
.\"
|
||||
.Bl -tag -width indent
|
||||
.\"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
project('pkgconf', 'c',
|
||||
version : '1.8.0',
|
||||
version : '1.8.1',
|
||||
license : 'ISC',
|
||||
meson_version : '>=0.47')
|
||||
|
||||
|
@ -107,4 +107,4 @@ install_man('man/pc.5')
|
|||
install_man('man/pkgconf-personality.5')
|
||||
install_data('pkg.m4', install_dir: 'share/aclocal')
|
||||
install_data('AUTHORS', install_dir: 'share/doc/pkgconf')
|
||||
install_data('README.md', install_dir: 'share/doc/pkgconf')
|
||||
install_data('README.md', install_dir: 'share/doc/pkgconf')
|
||||
|
|
|
@ -176,7 +176,7 @@ exists_version_bad3_body()
|
|||
export PKG_CONFIG_PATH="${selfdir}/lib1"
|
||||
atf_check \
|
||||
-s exit:1 \
|
||||
pkgconf --exists 'tilde <= 1.0.0'
|
||||
pkgconf --exists 'tilde >= 1.0.0'
|
||||
}
|
||||
|
||||
exists_body()
|
||||
|
@ -190,7 +190,7 @@ exists2_body()
|
|||
{
|
||||
export PKG_CONFIG_PATH="${selfdir}/lib1"
|
||||
atf_check \
|
||||
pkgconf --exists 'tilde >= 1.0.0'
|
||||
pkgconf --exists 'tilde <= 1.0.0'
|
||||
}
|
||||
|
||||
exists3_body()
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
v9=lol
|
||||
v8=${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}${v9}
|
||||
v7=${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}${v8}
|
||||
v6=${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}${v7}
|
||||
v5=${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}${v6}
|
||||
v4=${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}${v5}
|
||||
v3=${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}${v4}
|
||||
v2=${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}${v3}
|
||||
v1=${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}${v2}
|
||||
v0=${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}${v1}
|
||||
Name: One Billion Laughs
|
||||
Version: ${v0}
|
||||
Description: Don't install this!
|
|
@ -19,5 +19,4 @@ tests = [
|
|||
# yuck
|
||||
foreach test : tests
|
||||
configure_file(input: test + '.sh', output: test, copy: true)
|
||||
run_command('chmod', '755', join_paths(meson.build_root(), 'tests', test))
|
||||
endforeach
|
||||
|
|
|
@ -28,7 +28,8 @@ tests_init \
|
|||
malformed_1 \
|
||||
malformed_quoting \
|
||||
explicit_sysroot \
|
||||
empty_tuple
|
||||
empty_tuple \
|
||||
billion_laughs
|
||||
|
||||
# sysroot_munge \
|
||||
|
||||
|
@ -251,3 +252,9 @@ empty_tuple_body()
|
|||
atf_check -o inline:"\n" \
|
||||
pkgconf --with-path="${selfdir}/lib1" --cflags empty-tuple
|
||||
}
|
||||
|
||||
billion_laughs_body()
|
||||
{
|
||||
atf_check -o inline:"warning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\nwarning: truncating very long variable to 64KB\n" \
|
||||
pkgconf --with-path="${selfdir}/lib1" --validate billion-laughs
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue