From 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:19:19 -0500 Subject: [PATCH 01/35] tests: remove some no longer relevant bitrot in the test environment file --- tests/test_env.sh.in | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/test_env.sh.in b/tests/test_env.sh.in index 17ee1f5..619ea74 100644 --- a/tests/test_env.sh.in +++ b/tests/test_env.sh.in @@ -30,9 +30,6 @@ Msys|CYGWIN*) PATH_SEP=";";; Haiku) LIBRARY_PATH_ENV="BELIBRARIES";; esac -prefix="@prefix@" -exec_prefix="@exec_prefix@" -datarootdir="@datarootdir@" pcpath="@PKG_DEFAULT_PATH@" tests_init() -- 2.41.0 From 061627f091753bb967886d02c49dcf8c5326efd4 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:20:05 -0500 Subject: [PATCH 02/35] meson: bump required version to 0.47 for copy directive --- meson.build | 2 +- tests/meson.build | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 77c37cd..96177d2 100644 --- a/meson.build +++ b/meson.build @@ -1,7 +1,7 @@ project('pkgconf', 'c', version : '1.6.3', license : 'ISC', - meson_version : '>=0.40') + meson_version : '>=0.47') cc = meson.get_compiler('c') diff --git a/tests/meson.build b/tests/meson.build index e8ef6c4..1f21e04 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -18,6 +18,6 @@ tests = [ # yuck foreach test : tests - configure_file(input: test + '.sh', output: test, configuration: configuration_data()) + configure_file(input: test + '.sh', output: test, copy: true) run_command('chmod', '755', join_paths(meson.build_root(), 'tests', test)) endforeach -- 2.41.0 From d351e6ae59acc9d35407bb3ac89939a8ed97095a Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:23:36 -0500 Subject: [PATCH 03/35] Revert "tests: remove some no longer relevant bitrot in the test environment file" This reverts commit 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250. Breaks autoconf. --- tests/test_env.sh.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/test_env.sh.in b/tests/test_env.sh.in index 619ea74..17ee1f5 100644 --- a/tests/test_env.sh.in +++ b/tests/test_env.sh.in @@ -30,6 +30,9 @@ Msys|CYGWIN*) PATH_SEP=";";; Haiku) LIBRARY_PATH_ENV="BELIBRARIES";; esac +prefix="@prefix@" +exec_prefix="@exec_prefix@" +datarootdir="@datarootdir@" pcpath="@PKG_DEFAULT_PATH@" tests_init() -- 2.41.0 From f3e1073f96bff955b1d0a42455cb3e5fb73df32b Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:31:21 -0500 Subject: [PATCH 04/35] build: include meson build files in generated tarballs --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index e1d4cb3..3999bdd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,6 +15,7 @@ bin_PROGRAMS = pkgconf lib_LTLIBRARIES = libpkgconf.la EXTRA_DIST = pkg.m4 \ + meson.build \ libpkgconf/win-dirent.h \ tests/lib-relocatable/lib/pkgconfig/foo.pc \ tests/lib1/argv-parse-2.pc \ @@ -93,7 +94,6 @@ EXTRA_DIST = pkg.m4 \ tests/lib1/tuple-quoting.pc \ tests/lib1/empty-tuple.pc \ tests/lib1/orphaned-requires-private.pc \ - tests/test_env.sh \ $(test_scripts) \ doc/conf.py \ doc/extract.py \ @@ -110,7 +110,7 @@ EXTRA_DIST = pkg.m4 \ doc/libpkgconf-queue.rst \ doc/libpkgconf-tuple.rst -test_scripts= \ +test_scripts= tests/meson.build \ tests/basic.sh \ tests/builtins.sh \ tests/conflicts.sh \ -- 2.41.0 From 3f178f71d74c8ddf71eba7c2cee07583c93b0a6b Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:42:11 -0500 Subject: [PATCH 05/35] builds: add fedora rawhide build --- .builds/autoconf-fedora-rawhide.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .builds/autoconf-fedora-rawhide.yml diff --git a/.builds/autoconf-fedora-rawhide.yml b/.builds/autoconf-fedora-rawhide.yml new file mode 100644 index 0000000..22b3e92 --- /dev/null +++ b/.builds/autoconf-fedora-rawhide.yml @@ -0,0 +1,25 @@ +image: fedora/rawhide +packages: + - make + - kernel-devel + - gcc + - gcc-c++ + - autoconf + - automake + - libtool + - kyua + - libatf-sh + - xz + - gzip +sources: + - https://git.sr.ht/~kaniini/pkgconf +tasks: + - autogen: | + cd ~/pkgconf + sh autogen.sh + - configure: | + cd ~/pkgconf + ./configure + - distcheck: | + cd ~/pkgconf + make distcheck -- 2.41.0 From af1fbf9820624b65d8d54841d2cda46c62507fc7 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 12 Jul 2019 08:54:24 -0500 Subject: [PATCH 06/35] builds: add fedora meson build --- .builds/meson-fedora-rawhide.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .builds/meson-fedora-rawhide.yml diff --git a/.builds/meson-fedora-rawhide.yml b/.builds/meson-fedora-rawhide.yml new file mode 100644 index 0000000..37f9d84 --- /dev/null +++ b/.builds/meson-fedora-rawhide.yml @@ -0,0 +1,16 @@ +image: fedora/rawhide +packages: + - meson + - ninja-build + - kyua + - libatf-sh +sources: + - https://git.sr.ht/~kaniini/pkgconf +tasks: + - configure: | + cd ~/pkgconf + meson build + - distcheck: | + cd ~/pkgconf + ninja -C build + ninja -C build test -- 2.41.0 From db3ba0ef86b67b7f748fc4dd3171eeb30d49796e Mon Sep 17 00:00:00 2001 From: Nicolas Braud-Santoni Date: Fri, 12 Jul 2019 16:50:50 +0200 Subject: [PATCH 07/35] Fix spelling in pkg.m4(7) --- man/pkg.m4.7 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/pkg.m4.7 b/man/pkg.m4.7 index 448dda8..f921070 100644 --- a/man/pkg.m4.7 +++ b/man/pkg.m4.7 @@ -87,7 +87,7 @@ be changed by passing the .Nm DIRECTORY parameter. .Pp -This value can be overriden with the +This value can be overridden with the .Fl -with-pkgconfigdir configure parameter. .Ss "PKG_NOARCH_INSTALLDIR(DIRECTORY)" @@ -99,7 +99,7 @@ be changed by passing the .Nm DIRECTORY parameter. .Pp -This value can be overriden with the +This value can be overridden with the .Fl -with-noarch-pkgconfigdir configure parameter. .Ss "PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])" -- 2.41.0 From 1d8c6b71d67a121313a204f98729e51157c89f10 Mon Sep 17 00:00:00 2001 From: Nicolas Braud-Santoni Date: Fri, 12 Jul 2019 16:50:51 +0200 Subject: [PATCH 08/35] Fix troff markup in pkgconf-personality(5) A list was started with .Bl but not ended (with .El) --- man/pkgconf-personality.5 | 1 + 1 file changed, 1 insertion(+) diff --git a/man/pkgconf-personality.5 b/man/pkgconf-personality.5 index 5815948..8db85b3 100644 --- a/man/pkgconf-personality.5 +++ b/man/pkgconf-personality.5 @@ -72,6 +72,7 @@ A list of directories that are included by default in the search path for libraries. (mandatory; fragment list) .\" +.El .Sh EXAMPLES An example .personality file: .Bd -literal -- 2.41.0 From 19aa93e3717be40305778f4409d86030098f8ed0 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 4 Aug 2019 15:54:24 -0500 Subject: [PATCH 09/35] prepare for pkgconf 2.0 development --- configure.ac | 2 +- libpkgconf/libpkgconf.h | 4 ++-- meson.build | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index b6096ab..8d2fdfc 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl implied. In no event shall the authors be liable for any damages arising dnl from the use of this software. AC_PREREQ([2.68]) -AC_INIT([pkgconf], [1.6.3], [https://todo.sr.ht/~kaniini/pkgconf]) +AC_INIT([pkgconf], [1.9.90], [https://todo.sr.ht/~kaniini/pkgconf]) AC_CONFIG_SRCDIR([cli/main.c]) AC_CONFIG_MACRO_DIRS([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) diff --git a/libpkgconf/libpkgconf.h b/libpkgconf/libpkgconf.h index 44a9e7f..d139c50 100644 --- a/libpkgconf/libpkgconf.h +++ b/libpkgconf/libpkgconf.h @@ -78,8 +78,8 @@ typedef struct pkgconf_cross_personality_ pkgconf_cross_personality_t; #define PKGCONF_FOREACH_LIST_ENTRY_REVERSE(tail, value) \ for ((value) = (tail); (value) != NULL; (value) = (value)->prev) -#define LIBPKGCONF_VERSION 10603 -#define LIBPKGCONF_VERSION_STR "1.6.3" +#define LIBPKGCONF_VERSION 10990 +#define LIBPKGCONF_VERSION_STR "1.9.90" struct pkgconf_fragment_ { pkgconf_node_t iter; diff --git a/meson.build b/meson.build index 96177d2..6df0ccf 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pkgconf', 'c', - version : '1.6.3', + version : '1.9.90', license : 'ISC', meson_version : '>=0.47') -- 2.41.0 From 2adafc27292d660ab4ad2c72e292cba79bdc8710 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 23 Aug 2019 12:47:22 -0500 Subject: [PATCH 10/35] libpkgconf: personality: return the default personality if loading a personality file failed --- libpkgconf/personality.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpkgconf/personality.c b/libpkgconf/personality.c index bbbbbf9..f3c56f4 100644 --- a/libpkgconf/personality.c +++ b/libpkgconf/personality.c @@ -248,6 +248,6 @@ pkgconf_cross_personality_find(const char *triplet) finish: pkgconf_path_free(&plist); - return out; + return out != NULL ? out : pkgconf_cross_personality_default(); } #endif -- 2.41.0 From f1ce39363210cb3f5cfc3a17d79f1918acf2cb87 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Mon, 30 Sep 2019 05:22:21 -0500 Subject: [PATCH 11/35] fix pkgconf-personality man page --- man/pkgconf-personality.5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/pkgconf-personality.5 b/man/pkgconf-personality.5 index 8db85b3..ea7ad59 100644 --- a/man/pkgconf-personality.5 +++ b/man/pkgconf-personality.5 @@ -47,6 +47,7 @@ The property will be set to the text of the value. The property will be set to a list of fragments parsed from the text. The input text must be in a format that is suitable for passing to a POSIX shell without any shell expansions after variable substitution has been done. +Elements are delimited with a colon. .\" .El .Ss PROPERTY KEYWORDS @@ -79,8 +80,7 @@ An example .personality file: # This is a comment Triplet: x86_64-pc-linux-gnu SysrootDir: /home/kaniini/sysroot/x86_64-pc-linux-gnu -DefaultSearchPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib/pkgconfig \\ - /home/kaniini/sysroot/x86_64-pc-linux-gnu/share/pkgconfig +DefaultSearchPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib/pkgconfig:/home/kaniini/sysroot/x86_64-pc-linux-gnu/share/pkgconfig SystemIncludePaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/include SystemLibraryPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib .Ed -- 2.41.0 From 40fe48355bbb4e84229ae8a7b436078751ab89ca Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sat, 19 Oct 2019 00:45:49 -0500 Subject: [PATCH 12/35] cli: main: add --shared option --- cli/main.c | 6 ++++++ man/pkgconf.1 | 2 ++ 2 files changed, 8 insertions(+) diff --git a/cli/main.c b/cli/main.c index 3627818..7b1ea84 100644 --- a/cli/main.c +++ b/cli/main.c @@ -69,6 +69,7 @@ #define PKG_MSVC_SYNTAX (((uint64_t) 1) << 41) #define PKG_INTERNAL_CFLAGS (((uint64_t) 1) << 42) #define PKG_DUMP_PERSONALITY (((uint64_t) 1) << 43) +#define PKG_SHARED (((uint64_t) 1) << 44) static pkgconf_client_t pkg_client; static const pkgconf_fragment_render_ops_t *want_render_ops = NULL; @@ -664,6 +665,7 @@ usage(void) printf(" --maximum-traverse-depth maximum allowed depth for dependency graph\n"); printf(" --static be more aggressive when computing dependency graph\n"); printf(" (for static linking)\n"); + printf(" --shared use a simplified dependency graph (usually default)\n"); printf(" --pure optimize a static dependency graph as if it were a normal\n"); printf(" dependency graph\n"); printf(" --env-only look only for package entries in PKG_CONFIG_PATH\n"); @@ -827,6 +829,7 @@ main(int argc, char *argv[]) { "short-errors", no_argument, &want_flags, PKG_SHORT_ERRORS, }, { "maximum-traverse-depth", required_argument, NULL, 11, }, { "static", no_argument, &want_flags, PKG_STATIC, }, + { "shared", no_argument, &want_flags, PKG_SHARED, }, { "pure", no_argument, &want_flags, PKG_PURE, }, { "print-requires", no_argument, &want_flags, PKG_REQUIRES, }, { "print-variables", no_argument, &want_flags, PKG_VARIABLES|PKG_PRINT_ERRORS, }, @@ -1040,6 +1043,9 @@ main(int argc, char *argv[]) if ((want_flags & PKG_STATIC) == PKG_STATIC) want_client_flags |= (PKGCONF_PKG_PKGF_SEARCH_PRIVATE | PKGCONF_PKG_PKGF_MERGE_PRIVATE_FRAGMENTS); + if ((want_flags & PKG_SHARED) == PKG_SHARED) + want_client_flags &= ~(PKGCONF_PKG_PKGF_SEARCH_PRIVATE | PKGCONF_PKG_PKGF_MERGE_PRIVATE_FRAGMENTS); + /* if --static and --pure are both specified, then disable merge-back. * this allows for a --static which searches private modules, but has the same fragment behaviour as if * --static were disabled. see for rationale. diff --git a/man/pkgconf.1 b/man/pkgconf.1 index 78d29ae..2169639 100644 --- a/man/pkgconf.1 +++ b/man/pkgconf.1 @@ -58,6 +58,8 @@ dependencies of modules added to the resolver's solution. .It Fl -static Compute a deeper dependency graph and use compiler/linker flags intended for static linking. +.It Fl -shared +Compute a simple dependency graph that is only suitable for shared linking. .It Fl -pure Treats the computed dependency graph as if it were pure. This is mainly intended for use with the -- 2.41.0 From 48dc665ae3efa3cd9907518dc449525eea8bb2c8 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sat, 19 Oct 2019 00:56:17 -0500 Subject: [PATCH 13/35] personality: add support for WantDefaultStatic setting --- cli/main.c | 2 +- libpkgconf/libpkgconf.h | 2 ++ libpkgconf/personality.c | 11 +++++++++++ man/pkgconf-personality.5 | 7 +++++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/cli/main.c b/cli/main.c index 7b1ea84..563ec8f 100644 --- a/cli/main.c +++ b/cli/main.c @@ -1040,7 +1040,7 @@ main(int argc, char *argv[]) if ((want_flags & PKG_IGNORE_CONFLICTS) == PKG_IGNORE_CONFLICTS || getenv("PKG_CONFIG_IGNORE_CONFLICTS") != NULL) want_client_flags |= PKGCONF_PKG_PKGF_SKIP_CONFLICTS; - if ((want_flags & PKG_STATIC) == PKG_STATIC) + if ((want_flags & PKG_STATIC) == PKG_STATIC || personality->want_default_static) want_client_flags |= (PKGCONF_PKG_PKGF_SEARCH_PRIVATE | PKGCONF_PKG_PKGF_MERGE_PRIVATE_FRAGMENTS); if ((want_flags & PKG_SHARED) == PKG_SHARED) diff --git a/libpkgconf/libpkgconf.h b/libpkgconf/libpkgconf.h index d139c50..2c0a561 100644 --- a/libpkgconf/libpkgconf.h +++ b/libpkgconf/libpkgconf.h @@ -202,6 +202,8 @@ struct pkgconf_cross_personality_ { pkgconf_list_t filter_includedirs; char *sysroot_dir; + + bool want_default_static; }; /* client.c */ diff --git a/libpkgconf/personality.c b/libpkgconf/personality.c index f3c56f4..f5ca367 100644 --- a/libpkgconf/personality.c +++ b/libpkgconf/personality.c @@ -119,6 +119,16 @@ typedef struct { const ptrdiff_t offset; } personality_keyword_pair_t; +static void +personality_bool_func(pkgconf_cross_personality_t *p, const char *keyword, const size_t lineno, const ptrdiff_t offset, char *value) +{ + (void) keyword; + (void) lineno; + + bool *dest = (bool *)((char *) p + offset); + *dest = strcasecmp(value, "true") || strcasecmp(value, "yes") || *value == '1'; +} + static void personality_copy_func(pkgconf_cross_personality_t *p, const char *keyword, const size_t lineno, const ptrdiff_t offset, char *value) { @@ -146,6 +156,7 @@ static const personality_keyword_pair_t personality_keyword_pairs[] = { {"SystemIncludePaths", personality_fragment_func, offsetof(pkgconf_cross_personality_t, filter_includedirs)}, {"SystemLibraryPaths", personality_fragment_func, offsetof(pkgconf_cross_personality_t, filter_libdirs)}, {"Triplet", personality_copy_func, offsetof(pkgconf_cross_personality_t, name)}, + {"WantDefaultStatic", personality_bool_func, offsetof(pkgconf_cross_personality_t, want_default_static)}, }; static int diff --git a/man/pkgconf-personality.5 b/man/pkgconf-personality.5 index ea7ad59..7941d9e 100644 --- a/man/pkgconf-personality.5 +++ b/man/pkgconf-personality.5 @@ -49,6 +49,10 @@ The input text must be in a format that is suitable for passing to a POSIX shell without any shell expansions after variable substitution has been done. Elements are delimited with a colon. .\" +.It Boolean +The property will be set to true if the value is one of: true, yes or 1. +Otherwise it will be set to false. +.\" .El .Ss PROPERTY KEYWORDS .Bl -tag -width indent @@ -72,6 +76,9 @@ include files. A list of directories that are included by default in the search path for libraries. (mandatory; fragment list) +.It WantDefaultStatic +If true, pkgconf will default to operating in static linking mode. +(optional; boolean; default is false) .\" .El .Sh EXAMPLES -- 2.41.0 From 62bbd3b664d4b03011a4b382ed20353a91c30406 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 21 Jan 2020 10:32:36 -0600 Subject: [PATCH 14/35] cli: remove --version to --modversion remapping This has been a source of frequent complaints, so we drop it. Resolves: https://todo.sr.ht/~kaniini/pkgconf/6 --- cli/main.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/cli/main.c b/cli/main.c index 563ec8f..fc698a4 100644 --- a/cli/main.c +++ b/cli/main.c @@ -1005,18 +1005,8 @@ main(int argc, char *argv[]) if ((want_flags & PKG_VERSION) == PKG_VERSION) { - if (argc > 2) - { - fprintf(stderr, "%s: --version specified with other options or module names, assuming --modversion.\n", argv[0]); - - want_flags &= ~PKG_VERSION; - want_flags |= PKG_MODVERSION; - } - else - { - version(); - return EXIT_SUCCESS; - } + version(); + return EXIT_SUCCESS; } if ((want_flags & PKG_HELP) == PKG_HELP) -- 2.41.0 From bd4ed1ca026c7244388888c2203f5cffa293d464 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sun, 24 May 2020 20:51:48 +0200 Subject: [PATCH 15/35] libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'. --- libpkgconf/fileio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpkgconf/fileio.c b/libpkgconf/fileio.c index b64205d..22281f2 100644 --- a/libpkgconf/fileio.c +++ b/libpkgconf/fileio.c @@ -20,7 +20,7 @@ char * pkgconf_fgetline(char *line, size_t size, FILE *stream) { char *s = line; - char *end = line + size - 1; + char *end = line + size - 2; bool quoted = false; int c = '\0', c2; -- 2.41.0 From 92745ad9cb0404c5af097596300f6d26320a5581 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sun, 24 May 2020 21:51:14 +0200 Subject: [PATCH 16/35] libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc --- libpkgconf/parser.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libpkgconf/parser.c b/libpkgconf/parser.c index 17aa697..7ac9362 100644 --- a/libpkgconf/parser.c +++ b/libpkgconf/parser.c @@ -66,8 +66,11 @@ pkgconf_parser_parse(FILE *f, void *data, const pkgconf_parser_operand_func_t *o } op = *p; - *p = '\0'; - p++; + if (*p != '\0') + { + *p = '\0'; + p++; + } while (*p && isspace((unsigned int)*p)) p++; -- 2.41.0 From 382a89c1738367df95fb3772e18bf3531ac85610 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:18:16 -0600 Subject: [PATCH 17/35] pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case --- libpkgconf/pkg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpkgconf/pkg.c b/libpkgconf/pkg.c index d91ccde..81503e7 100644 --- a/libpkgconf/pkg.c +++ b/libpkgconf/pkg.c @@ -860,8 +860,8 @@ pkgconf_compare_version(const char *a, const char *b) } ret = strcmp(one, two); - if (ret) - return ret; + if (ret != 0) + return ret < 0 ? -1 : 1; *str1 = oldch1; *str2 = oldch2; -- 2.41.0 From 80508f7138eb86fd6dd50d92667088bf2a77d4a4 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:27:52 -0600 Subject: [PATCH 18/35] NEWS: start NEWS for 1.7.0 was hoping to go straight into 2.0 but we need a new maintenance branch :( --- NEWS | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/NEWS b/NEWS index 9f8fe5f..14be65d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,24 @@ Changes from previous version of pkgconf ======================================== +Changes from 1.6.3 to 1.7.0: +---------------------------- + +* Bug fixes: + - Fix a possible buffer overflow involving newline escaping. + Patch by Tobias Stöckmann. + - Fix an out of boundary access in the parser. + Patch by Tobias Stöckmann. + - Fix leakage of strcmp() result value in pkgconf_compare_version() + responses. + - Return the default personality if loading a cross-compile + personality file failed. + +* Enhancements: + - A new --shared option and WantDefaultStatic cross-compile + configuration option have been added. This allows for toolchains + to specify that static linking should be used by default. + Changes from 1.6.2 to 1.6.3: ---------------------------- -- 2.41.0 From cdc2bf887ef9d0ef6203c1239f5931fb6117b89b Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Sun, 24 May 2020 14:29:19 -0600 Subject: [PATCH 19/35] use correct autoconf macro name AC_CONFIG_MACRO_DIR without trailing S is known by autoconf since 2.58. AC_CONFIG_MACRO_DIR with trailing S is known by autoconf newer than 2.69. This fixes libtool after 'autoreconf -fi'. Fixes commit a8a65c7f6c6b6463bbdee119c0ff71536925e455 Related to issue #145 Signed-off-by: Olaf Hering --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 8d2fdfc..85ca8d4 100644 --- a/configure.ac +++ b/configure.ac @@ -14,7 +14,7 @@ dnl from the use of this software. AC_PREREQ([2.68]) AC_INIT([pkgconf], [1.9.90], [https://todo.sr.ht/~kaniini/pkgconf]) AC_CONFIG_SRCDIR([cli/main.c]) -AC_CONFIG_MACRO_DIRS([m4]) +AC_CONFIG_MACRO_DIR([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) AX_CHECK_COMPILE_FLAG([-Wextra], [CFLAGS="$CFLAGS -Wextra"]) AX_CHECK_COMPILE_FLAG([-Wformat=2], [CFLAGS="$CFLAGS -Wformat=2"]) -- 2.41.0 From fce1199b53d47f2ff98a0b8f2b03f99d353f6304 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:34:17 -0600 Subject: [PATCH 20/35] cli: add support for PKG_CONFIG_MSVC_SYNTAX env variable Patch from Dan Kegel. --- NEWS | 2 ++ cli/main.c | 2 +- man/pkgconf.1 | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 14be65d..c3a532f 100644 --- a/NEWS +++ b/NEWS @@ -18,6 +18,8 @@ Changes from 1.6.3 to 1.7.0: - A new --shared option and WantDefaultStatic cross-compile configuration option have been added. This allows for toolchains to specify that static linking should be used by default. + - Support for the PKG_CONFIG_MSVC_SYNTAX environment variable has + been added. Patch by Dan Kegel. Changes from 1.6.2 to 1.6.3: ---------------------------- diff --git a/cli/main.c b/cli/main.c index fc698a4..f198f3b 100644 --- a/cli/main.c +++ b/cli/main.c @@ -971,7 +971,7 @@ main(int argc, char *argv[]) pkgconf_client_init(&pkg_client, error_handler, NULL, personality); #ifndef PKGCONF_LITE - if ((want_flags & PKG_MSVC_SYNTAX) == PKG_MSVC_SYNTAX) + if ((want_flags & PKG_MSVC_SYNTAX) == PKG_MSVC_SYNTAX || getenv("PKG_CONFIG_MSVC_SYNTAX") != NULL) want_render_ops = msvc_renderer_get(); #endif diff --git a/man/pkgconf.1 b/man/pkgconf.1 index 2169639..d5488a1 100644 --- a/man/pkgconf.1 +++ b/man/pkgconf.1 @@ -211,6 +211,8 @@ If set, enables additional debug logging. The format of the debug log messages is implementation-specific. .It Va PKG_CONFIG_DONT_RELOCATE_PATHS If set, disables the path relocation feature. +.It Va PKG_CONFIG_MSVC_SYNTAX +If set, uses MSVC syntax for fragments. .El .Sh EXAMPLES Displaying the CFLAGS of a package: -- 2.41.0 From 011db1bb88da5e33e70a1177eb4a79dca2cc5aba Mon Sep 17 00:00:00 2001 From: Ben Date: Sun, 26 Apr 2020 17:28:03 +0000 Subject: [PATCH 21/35] Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15 --- libpkgconf/pkg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpkgconf/pkg.c b/libpkgconf/pkg.c index 81503e7..fd85ec8 100644 --- a/libpkgconf/pkg.c +++ b/libpkgconf/pkg.c @@ -99,7 +99,7 @@ pkgconf_pkg_parser_version_func(const pkgconf_client_t *client, pkgconf_pkg_t *p /* cut at any detected whitespace */ p = pkgconf_tuple_parse(client, &pkg->vars, value); - len = strcspn(p, " \t\r\n"); + len = strcspn(p, " \t"); if (len) { i = p + (ptrdiff_t) len; -- 2.41.0 From fb9c2258d14d7fa171435b0db2688e014cfbbe3f Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:37:13 -0600 Subject: [PATCH 22/35] update NEWS for previous patch --- NEWS | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS b/NEWS index c3a532f..2528926 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,7 @@ Changes from 1.6.3 to 1.7.0: responses. - Return the default personality if loading a cross-compile personality file failed. + - Do not complain about newlines when validating package versions. * Enhancements: - A new --shared option and WantDefaultStatic cross-compile -- 2.41.0 From 4fb7683c3eeac7184d6c791581484b7574fdafbe Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:40:47 -0600 Subject: [PATCH 23/35] add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2. --- NEWS | 4 ++++ libpkgconf/fragment.c | 3 ++- libpkgconf/libpkgconf.h | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 2528926..ad28500 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ Changes from 1.6.3 to 1.7.0: to specify that static linking should be used by default. - Support for the PKG_CONFIG_MSVC_SYNTAX environment variable has been added. Patch by Dan Kegel. + - Support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS + client flag which disables emulation of freedesktop.org pkg-config + fragment merging semantics has been added. + Patch by Karen Arutyunov. Changes from 1.6.2 to 1.6.3: ---------------------------- diff --git a/libpkgconf/fragment.c b/libpkgconf/fragment.c index b431694..37830c8 100644 --- a/libpkgconf/fragment.c +++ b/libpkgconf/fragment.c @@ -150,7 +150,8 @@ pkgconf_fragment_add(const pkgconf_client_t *client, pkgconf_list_t *list, const { char mungebuf[PKGCONF_ITEM_SIZE]; - if (list->tail != NULL && list->tail->data != NULL) + if (list->tail != NULL && list->tail->data != NULL && + !(client->flags & PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS)) { pkgconf_fragment_t *parent = list->tail->data; diff --git a/libpkgconf/libpkgconf.h b/libpkgconf/libpkgconf.h index 2c0a561..ebc1d5e 100644 --- a/libpkgconf/libpkgconf.h +++ b/libpkgconf/libpkgconf.h @@ -249,6 +249,7 @@ PKGCONF_API pkgconf_cross_personality_t *pkgconf_cross_personality_find(const ch #define PKGCONF_PKG_PKGF_DONT_RELOCATE_PATHS 0x0800 #define PKGCONF_PKG_PKGF_SIMPLIFY_ERRORS 0x1000 #define PKGCONF_PKG_PKGF_DONT_FILTER_INTERNAL_CFLAGS 0x2000 +#define PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS 0x4000 #define PKGCONF_PKG_DEPF_INTERNAL 0x1 -- 2.41.0 From 82d57184e77f790f398483e01b0b2581bd120550 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:53:37 -0600 Subject: [PATCH 24/35] meson: fix detection of strndup() on windows --- NEWS | 1 + meson.build | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index ad28500..79a233c 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,7 @@ Changes from 1.6.3 to 1.7.0: - Return the default personality if loading a cross-compile personality file failed. - Do not complain about newlines when validating package versions. + - Properly detect strndup() on Windows when building with Meson. * Enhancements: - A new --shared option and WantDefaultStatic cross-compile diff --git a/meson.build b/meson.build index 6df0ccf..8ef596f 100644 --- a/meson.build +++ b/meson.build @@ -28,14 +28,14 @@ foreach h : check_headers endforeach check_functions = [ - ['HAVE_CYGWIN_CONV_PATH', 'cygwin_conv_path', '#include'], - ['HAVE_STRLCAT', 'strlcat', '#include'], - ['HAVE_STRLCPY', 'strlcpy', '#include'], - ['HAVE_STRNDUP', 'strndup', '#include'], + ['HAVE_CYGWIN_CONV_PATH', 'cygwin_conv_path', 'sys/cygwin.h'], + ['HAVE_STRLCAT', 'strlcat', 'string.h'], + ['HAVE_STRLCPY', 'strlcpy', 'string.h'], + ['HAVE_STRNDUP', 'strndup', 'string.h'], ] foreach f : check_functions - if cc.has_function(f.get(1), prefix : f.get(2)) + if cc.has_function(f.get(1), prefix : '#include <' + f.get(2) + '>') and cc.has_header_symbol(f.get(2), f.get(1)) cdata.set(f.get(0), 1) endif endforeach -- 2.41.0 From dd57abfe9f53ae6822e5a736e3b1692953a682fc Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Sun, 24 May 2020 14:44:01 -0600 Subject: [PATCH 25/35] pkgconf 1.7.0. --- configure.ac | 2 +- libpkgconf/libpkgconf.h | 4 ++-- meson.build | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 85ca8d4..b0a0779 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl implied. In no event shall the authors be liable for any damages arising dnl from the use of this software. AC_PREREQ([2.68]) -AC_INIT([pkgconf], [1.9.90], [https://todo.sr.ht/~kaniini/pkgconf]) +AC_INIT([pkgconf], [1.7.0], [https://todo.sr.ht/~kaniini/pkgconf]) AC_CONFIG_SRCDIR([cli/main.c]) AC_CONFIG_MACRO_DIR([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) diff --git a/libpkgconf/libpkgconf.h b/libpkgconf/libpkgconf.h index ebc1d5e..ca448eb 100644 --- a/libpkgconf/libpkgconf.h +++ b/libpkgconf/libpkgconf.h @@ -78,8 +78,8 @@ typedef struct pkgconf_cross_personality_ pkgconf_cross_personality_t; #define PKGCONF_FOREACH_LIST_ENTRY_REVERSE(tail, value) \ for ((value) = (tail); (value) != NULL; (value) = (value)->prev) -#define LIBPKGCONF_VERSION 10990 -#define LIBPKGCONF_VERSION_STR "1.9.90" +#define LIBPKGCONF_VERSION 10700 +#define LIBPKGCONF_VERSION_STR "1.7.0" struct pkgconf_fragment_ { pkgconf_node_t iter; diff --git a/meson.build b/meson.build index 8ef596f..dcc7fa2 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pkgconf', 'c', - version : '1.9.90', + version : '1.7.0', license : 'ISC', meson_version : '>=0.47') -- 2.41.0 From 9e16d2709c2e0857c6c0f46869eb6a254444a7d5 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sun, 24 May 2020 23:13:19 +0200 Subject: [PATCH 26/35] libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf --- libpkgconf/personality.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpkgconf/personality.c b/libpkgconf/personality.c index f5ca367..ab9ef74 100644 --- a/libpkgconf/personality.c +++ b/libpkgconf/personality.c @@ -179,7 +179,7 @@ personality_keyword_set(pkgconf_cross_personality_t *p, const size_t lineno, con pair->func(p, keyword, lineno, pair->offset, value); } -static const pkgconf_parser_operand_func_t personality_parser_ops[] = { +static const pkgconf_parser_operand_func_t personality_parser_ops[256] = { [':'] = (pkgconf_parser_operand_func_t) personality_keyword_set }; -- 2.41.0 From be6b382ddedfebd98ac0a5711d52f372721a2e12 Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Mon, 25 May 2020 07:56:05 -0400 Subject: [PATCH 27/35] Makefile.am: Add remaining Meson files to be included in dist tarballs The tarballs produced by 'make distcheck' did not include all files required for using Meson because they were not all enumerated in EXTRA_DIST. This change adds the remaining Meson files to the tarball. --- Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile.am b/Makefile.am index 3999bdd..a0d3b5e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -16,6 +16,9 @@ lib_LTLIBRARIES = libpkgconf.la EXTRA_DIST = pkg.m4 \ meson.build \ + meson_options.txt \ + libpkgconf/meson.build \ + libpkgconf/config.h.meson \ libpkgconf/win-dirent.h \ tests/lib-relocatable/lib/pkgconfig/foo.pc \ tests/lib1/argv-parse-2.pc \ -- 2.41.0 From 0253fddc1d6462efe8d951b89e5985d3b265d5ba Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 07:41:16 -0600 Subject: [PATCH 28/35] libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases. --- libpkgconf/pkg.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libpkgconf/pkg.c b/libpkgconf/pkg.c index fd85ec8..b0c390b 100644 --- a/libpkgconf/pkg.c +++ b/libpkgconf/pkg.c @@ -381,13 +381,18 @@ pkgconf_pkg_new_from_file(pkgconf_client_t *client, const char *filename, FILE * /* make module id */ if ((idptr = strrchr(pkg->filename, PKG_DIR_SEP_S)) != NULL) idptr++; -#ifdef _WIN32 - else if ((idptr = strrchr(pkg->filename, '/')) != NULL) - idptr++; -#endif else idptr = pkg->filename; +#ifdef _WIN32 + /* On Windows, both \ and / are allowed in paths, so we have to chop both. + * strrchr() took us to the last \ in that case, so we just have to see if + * it is followed by a /. If so, lop it off. + */ + if ((idptr = strrchr(idptr, '/')) != NULL) + idptr++; +#endif + pkg->id = strdup(idptr); idptr = strrchr(pkg->id, '.'); if (idptr) -- 2.41.0 From ee1fe1a70a542fb0ba8254f1c9aa396ec3e43ff2 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 07:49:15 -0600 Subject: [PATCH 29/35] update NEWS for 1.7.1 changes so far --- NEWS | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/NEWS b/NEWS index 79a233c..b475a7b 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,17 @@ Changes from previous version of pkgconf ======================================== +Changes from 1.7.0 to 1.7.1: +---------------------------- + +* Bug fixes: + - Fix a possible out of boundary access in the parser for the + cross-compile database. Patch by Tobias Stöckmann. + - Missing files for building with Meson are now included in the + tarball. Patch by Neal Gompa. + - Fix calculation of package atoms on Windows with paths that + use both directory separator characters. + Changes from 1.6.3 to 1.7.0: ---------------------------- -- 2.41.0 From 47466470d297f7307fb8f5cd7681da7aa5b0a53b Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 10:57:51 -0600 Subject: [PATCH 30/35] main: extend copyright statement to 2020 in --about --- cli/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/main.c b/cli/main.c index f198f3b..db27775 100644 --- a/cli/main.c +++ b/cli/main.c @@ -603,7 +603,7 @@ static void about(void) { printf("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION); - printf("Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019\n"); + printf("Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020\n"); printf(" pkgconf authors (see AUTHORS in documentation directory).\n\n"); printf("Permission to use, copy, modify, and/or distribute this software for any\n"); printf("purpose with or without fee is hereby granted, provided that the above\n"); -- 2.41.0 From e70b536ea35a496b85dba65221d4b2145022f340 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 11:01:46 -0600 Subject: [PATCH 31/35] libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows. --- libpkgconf/pkg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpkgconf/pkg.c b/libpkgconf/pkg.c index b0c390b..808b70f 100644 --- a/libpkgconf/pkg.c +++ b/libpkgconf/pkg.c @@ -531,8 +531,8 @@ pkgconf_pkg_try_specific_path(pkgconf_client_t *client, const char *path, const PKGCONF_TRACE(client, "trying path: %s for %s", path, name); - snprintf(locbuf, sizeof locbuf, "%s/%s" PKG_CONFIG_EXT, path, name); - snprintf(uninst_locbuf, sizeof uninst_locbuf, "%s/%s-uninstalled" PKG_CONFIG_EXT, path, name); + snprintf(locbuf, sizeof locbuf, "%s%c%s" PKG_CONFIG_EXT, path, PKG_DIR_SEP_S, name); + snprintf(uninst_locbuf, sizeof uninst_locbuf, "%s%c%s-uninstalled" PKG_CONFIG_EXT, path, PKG_DIR_SEP_S, name); if (!(client->flags & PKGCONF_PKG_PKGF_NO_UNINSTALLED) && (f = fopen(uninst_locbuf, "r")) != NULL) { -- 2.41.0 From 92b09aef9a5096d5981cf721a13c3bba1eaf616c Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 11:06:35 -0600 Subject: [PATCH 32/35] pkgconf 1.7.1. --- configure.ac | 2 +- meson.build | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index b0a0779..97f38df 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl implied. In no event shall the authors be liable for any damages arising dnl from the use of this software. AC_PREREQ([2.68]) -AC_INIT([pkgconf], [1.7.0], [https://todo.sr.ht/~kaniini/pkgconf]) +AC_INIT([pkgconf], [1.7.1], [https://todo.sr.ht/~kaniini/pkgconf]) AC_CONFIG_SRCDIR([cli/main.c]) AC_CONFIG_MACRO_DIR([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) diff --git a/meson.build b/meson.build index dcc7fa2..9de0096 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pkgconf', 'c', - version : '1.7.0', + version : '1.7.1', license : 'ISC', meson_version : '>=0.47') -- 2.41.0 From b2a0225d5039a6c6770999f300738d9ff623ac82 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Tue, 26 May 2020 21:42:13 +0200 Subject: [PATCH 33/35] libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation. --- libpkgconf/dependency.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libpkgconf/dependency.c b/libpkgconf/dependency.c index b3722b1..d5cdf3c 100644 --- a/libpkgconf/dependency.c +++ b/libpkgconf/dependency.c @@ -237,6 +237,7 @@ pkgconf_dependency_parse_str(const pkgconf_client_t *client, pkgconf_list_t *dep char *vstart = NULL; char *package = NULL, *version = NULL; char *cnameptr = cmpname; + char *cnameend = cmpname + PKGCONF_ITEM_SIZE - 1; memset(cmpname, '\0', sizeof cmpname); @@ -304,7 +305,8 @@ pkgconf_dependency_parse_str(const pkgconf_client_t *client, pkgconf_list_t *dep if (PKGCONF_IS_OPERATOR_CHAR(*ptr)) { state = INSIDE_OPERATOR; - *cnameptr++ = *ptr; + if (cnameptr < cnameend) + *cnameptr++ = *ptr; } break; @@ -315,7 +317,7 @@ pkgconf_dependency_parse_str(const pkgconf_client_t *client, pkgconf_list_t *dep state = AFTER_OPERATOR; compare = pkgconf_pkg_comparator_lookup_by_name(cmpname); } - else + else if (cnameptr < cnameend) *cnameptr++ = *ptr; break; -- 2.41.0 From c613eb5ccee2e61b185bd6bdb705e2630edce88f Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 13:41:39 -0600 Subject: [PATCH 34/35] libpkgconf: pkg: use a second pointer for demunging windows paths --- NEWS | 6 ++++++ libpkgconf/pkg.c | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index b475a7b..ba554f4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ Changes from previous version of pkgconf ======================================== +Changes from 1.7.1 to 1.7.2: +---------------------------- + +* Bug fixes: + - Fix a windows-specific crash relating to path fixups. + Changes from 1.7.0 to 1.7.1: ---------------------------- diff --git a/libpkgconf/pkg.c b/libpkgconf/pkg.c index 808b70f..214f544 100644 --- a/libpkgconf/pkg.c +++ b/libpkgconf/pkg.c @@ -389,8 +389,9 @@ pkgconf_pkg_new_from_file(pkgconf_client_t *client, const char *filename, FILE * * strrchr() took us to the last \ in that case, so we just have to see if * it is followed by a /. If so, lop it off. */ - if ((idptr = strrchr(idptr, '/')) != NULL) - idptr++; + char *mungeptr; + if ((mungeptr = strrchr(idptr, '/')) != NULL) + idptr = mungeptr++; #endif pkg->id = strdup(idptr); -- 2.41.0 From c6b93941a03fc330d260d815614dc36468481af2 Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Tue, 26 May 2020 13:46:20 -0600 Subject: [PATCH 35/35] pkgconf 1.7.2. --- configure.ac | 2 +- meson.build | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 97f38df..d7ea369 100644 --- a/configure.ac +++ b/configure.ac @@ -12,7 +12,7 @@ dnl implied. In no event shall the authors be liable for any damages arising dnl from the use of this software. AC_PREREQ([2.68]) -AC_INIT([pkgconf], [1.7.1], [https://todo.sr.ht/~kaniini/pkgconf]) +AC_INIT([pkgconf], [1.7.2], [https://todo.sr.ht/~kaniini/pkgconf]) AC_CONFIG_SRCDIR([cli/main.c]) AC_CONFIG_MACRO_DIR([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) diff --git a/meson.build b/meson.build index 9de0096..577db3f 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('pkgconf', 'c', - version : '1.7.1', + version : '1.7.2', license : 'ISC', meson_version : '>=0.47') -- 2.41.0