Hello community,
here is the log from the commit of package pkgconf for openSUSE:Factory checked
in at 2018-08-22 14:20:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pkgconf (Old)
and /work/SRC/openSUSE:Factory/.pkgconf.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pkgconf"
Wed Aug 22 14:20:58 2018 rev:3 rq:630780 version:1.5.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/pkgconf/pkgconf.changes 2018-06-22
13:34:37.860318963 +0200
+++ /work/SRC/openSUSE:Factory/.pkgconf.new/pkgconf.changes 2018-08-22
14:21:00.322444377 +0200
@@ -1,0 +2,13 @@
+Tue Aug 21 12:27:05 UTC 2018 - Neal Gompa <ngomp...@gmail.com>
+
+- Update to 1.5.3
+ + Fix edge cases involving dequoting zero-length tuples that can lead to a
+ buffer overflow under the right circumstances. Thanks to A. Wilcox for
+ reporting and supplying a patch. (boo#1105438 - CVE-2018-1000221)
+ + Ensure environment variables override values learned from personality files
+ or built-in defaults.
+ + Add pkgconf-personality(5) manpage documenting the personality file format.
+- Drop BR pkgconfig and manually specified pkgconfig() Provides for
+ devel subpackage to avoid dependency loops.
+
+-------------------------------------------------------------------
Old:
----
pkgconf-1.5.1.tar.xz
New:
----
pkgconf-1.5.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pkgconf.spec ++++++
--- /var/tmp/diff_new_pack.v5rTRD/_old 2018-08-22 14:21:00.966445902 +0200
+++ /var/tmp/diff_new_pack.v5rTRD/_new 2018-08-22 14:21:00.966445902 +0200
@@ -37,7 +37,7 @@
%global devname lib%{name}-devel
Name: pkgconf
-Version: 1.5.1
+Version: 1.5.3
Release: 0
Summary: Package compiler and linker metadata toolkit
License: ISC
@@ -56,9 +56,6 @@
BuildRequires: automake
BuildRequires: libtool
-# To ensure that the pkgconfig() deps are generated
-BuildRequires: pkgconfig
-
# pkgconf uses libpkgconf internally
Requires: %{libname}%{?_isa} = %{version}-%{release}
@@ -83,6 +80,8 @@
Summary: Development files for lib%{name}
License: ISC
Group: Development/Libraries/C and C++
+# Avoid dependency loop on itself by specifying the Provides directly
+Provides: pkgconfig(libpkgconf) = %{version}
Requires: %{libname}%{?_isa} = %{version}-%{release}
%description -n %{devname}
@@ -181,6 +180,7 @@
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.1*
%{_mandir}/man5/pc.5*
+%{_mandir}/man5/%{name}-personality.5*
%files -n %{libname}
%license COPYING
++++++ pkgconf-1.5.1.tar.xz -> pkgconf-1.5.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/Makefile.am
new/pkgconf-1.5.3/Makefile.am
--- old/pkgconf-1.5.1/Makefile.am 2018-06-16 23:34:57.000000000 +0200
+++ new/pkgconf-1.5.3/Makefile.am 2018-07-29 02:45:43.000000000 +0200
@@ -92,6 +92,7 @@
tests/lib1/requires-internal-missing.pc \
tests/lib1/requires-internal-collision.pc \
tests/lib1/tuple-quoting.pc \
+ tests/lib1/empty-tuple.pc \
tests/test_env.sh \
$(test_scripts) \
doc/conf.py \
@@ -146,7 +147,8 @@
dist_man_MANS = \
man/pkgconf.1 \
man/pkg.m4.7 \
- man/pc.5
+ man/pc.5 \
+ man/pkgconf-personality.5
pkgconf_LDADD = libpkgconf.la
pkgconf_SOURCES = \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/Makefile.in
new/pkgconf-1.5.3/Makefile.in
--- old/pkgconf-1.5.1/Makefile.in 2018-06-16 23:38:31.000000000 +0200
+++ new/pkgconf-1.5.3/Makefile.in 2018-07-29 02:49:23.000000000 +0200
@@ -480,6 +480,7 @@
tests/lib1/requires-internal-missing.pc \
tests/lib1/requires-internal-collision.pc \
tests/lib1/tuple-quoting.pc \
+ tests/lib1/empty-tuple.pc \
tests/test_env.sh \
$(test_scripts) \
doc/conf.py \
@@ -532,7 +533,8 @@
dist_man_MANS = \
man/pkgconf.1 \
man/pkg.m4.7 \
- man/pc.5
+ man/pc.5 \
+ man/pkgconf-personality.5
pkgconf_LDADD = libpkgconf.la
pkgconf_SOURCES = \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/NEWS new/pkgconf-1.5.3/NEWS
--- old/pkgconf-1.5.1/NEWS 2018-06-16 23:37:32.000000000 +0200
+++ new/pkgconf-1.5.3/NEWS 2018-07-29 02:38:15.000000000 +0200
@@ -1,6 +1,24 @@
Changes from previous version of pkgconf
========================================
+Changes from 1.5.2 to 1.5.3:
+----------------------------
+
+* Security fixes:
+ - Fix edge cases involving dequoting zero-length tuples that can lead to a
+ buffer overflow under the right circumstances. Thanks to A. Wilcox for
+ reporting and supplying a patch. (MR 3)
+
+Changes from 1.5.1 to 1.5.2:
+----------------------------
+
+* Bug fixes:
+ - Ensure environment variables override values learned from personality files
+ or built-in defaults.
+
+* Documentation enhancements:
+ - Add pkgconf-personality(5) manpage documenting the personality file format.
+
Changes from 1.5.0 to 1.5.1:
----------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/configure new/pkgconf-1.5.3/configure
--- old/pkgconf-1.5.1/configure 2018-06-16 23:38:32.000000000 +0200
+++ new/pkgconf-1.5.3/configure 2018-07-29 02:49:24.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pkgconf 1.5.1.
+# Generated by GNU Autoconf 2.69 for pkgconf 1.5.3.
#
# Report bugs to <http://github.com/pkgconf/pkgconf/issues>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='pkgconf'
PACKAGE_TARNAME='pkgconf'
-PACKAGE_VERSION='1.5.1'
-PACKAGE_STRING='pkgconf 1.5.1'
+PACKAGE_VERSION='1.5.3'
+PACKAGE_STRING='pkgconf 1.5.3'
PACKAGE_BUGREPORT='http://github.com/pkgconf/pkgconf/issues'
PACKAGE_URL=''
@@ -1333,7 +1333,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pkgconf 1.5.1 to adapt to many kinds of systems.
+\`configure' configures pkgconf 1.5.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1404,7 +1404,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pkgconf 1.5.1:";;
+ short | recursive ) echo "Configuration of pkgconf 1.5.3:";;
esac
cat <<\_ACEOF
@@ -1523,7 +1523,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pkgconf configure 1.5.1
+pkgconf configure 1.5.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1892,7 +1892,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pkgconf $as_me 1.5.1, which was
+It was created by pkgconf $as_me 1.5.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4268,7 +4268,7 @@
# Define the identity of the package.
PACKAGE='pkgconf'
- VERSION='1.5.1'
+ VERSION='1.5.3'
cat >>confdefs.h <<_ACEOF
@@ -13725,7 +13725,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pkgconf $as_me 1.5.1, which was
+This file was extended by pkgconf $as_me 1.5.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -13791,7 +13791,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pkgconf config.status 1.5.1
+pkgconf config.status 1.5.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/configure.ac
new/pkgconf-1.5.3/configure.ac
--- old/pkgconf-1.5.1/configure.ac 2018-06-16 23:36:35.000000000 +0200
+++ new/pkgconf-1.5.3/configure.ac 2018-07-29 02:47:49.000000000 +0200
@@ -12,7 +12,7 @@
dnl from the use of this software.
AC_PREREQ([2.68])
-AC_INIT([pkgconf], [1.5.1], [http://github.com/pkgconf/pkgconf/issues])
+AC_INIT([pkgconf], [1.5.3], [http://github.com/pkgconf/pkgconf/issues])
AC_CONFIG_SRCDIR([cli/main.c])
AC_CONFIG_MACRO_DIRS([m4])
AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/libpkgconf/client.c
new/pkgconf-1.5.3/libpkgconf/client.c
--- old/pkgconf-1.5.1/libpkgconf/client.c 2018-06-16 08:43:55.000000000
+0200
+++ new/pkgconf-1.5.3/libpkgconf/client.c 2018-07-20 00:03:42.000000000
+0200
@@ -96,11 +96,15 @@
pkgconf_client_set_buildroot_dir(client, NULL);
pkgconf_client_set_prefix_varname(client, NULL);
- pkgconf_path_copy_list(&client->filter_libdirs,
&personality->filter_libdirs);
- pkgconf_path_copy_list(&client->filter_includedirs,
&personality->filter_includedirs);
+ if(getenv("PKG_CONFIG_SYSTEM_LIBRARY_PATH") == NULL)
+ pkgconf_path_copy_list(&client->filter_libdirs,
&personality->filter_libdirs);
+ else
+
pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_LIBRARY_PATH", NULL,
&client->filter_libdirs, false);
- pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_LIBRARY_PATH", NULL,
&client->filter_libdirs, false);
- pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_INCLUDE_PATH", NULL,
&client->filter_includedirs, false);
+ if(getenv("PKG_CONFIG_SYSTEM_INCLUDE_PATH") == NULL)
+ pkgconf_path_copy_list(&client->filter_includedirs,
&personality->filter_includedirs);
+ else
+
pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_INCLUDE_PATH", NULL,
&client->filter_includedirs, false);
/* GCC uses these environment variables to define system include paths,
so we should check them. */
#ifdef __HAIKU__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/libpkgconf/tuple.c
new/pkgconf-1.5.3/libpkgconf/tuple.c
--- old/pkgconf-1.5.1/libpkgconf/tuple.c 2018-06-16 08:43:55.000000000
+0200
+++ new/pkgconf-1.5.3/libpkgconf/tuple.c 2018-07-29 02:34:56.000000000
+0200
@@ -139,7 +139,7 @@
static char *
dequote(const char *value)
{
- char *buf = calloc(strlen(value) * 2, 1);
+ char *buf = calloc((strlen(value) + 1) * 2, 1);
char *bptr = buf;
const char *i;
char quote = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/man/pkgconf-personality.5
new/pkgconf-1.5.3/man/pkgconf-personality.5
--- old/pkgconf-1.5.1/man/pkgconf-personality.5 1970-01-01 01:00:00.000000000
+0100
+++ new/pkgconf-1.5.3/man/pkgconf-personality.5 2018-07-20 00:22:06.000000000
+0200
@@ -0,0 +1,89 @@
+.\" Copyright (c) 2018 pkgconf authors (see AUTHORS).
+.\"
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" This software is provided 'as is' and without any warranty, express or
+.\" implied. In no event shall the authors be liable for any damages arising
+.\" from the use of this software.
+.Dd July 19, 2018
+.Dt PKGCONF-PERSONALITY 5
+.Os
+.Sh NAME
+.Nm file.personality
+.Nd pkgconf cross-compile personality file format
+.Sh DESCRIPTION
+pkgconf cross-compile personality files provide a useful mechanism for storing
+various information about system toolchains.
+Information stored by
+.Nm .personality
+files include information about paths used by a cross-compile toolchain, such
as
+the sysroot directory and default include and library paths. pkgconf uses this
+information to determine what information is necessary to use libraries.
+.\"
+.Ss FILE SYNTAX
+The
+.Nm .personality
+file follows a format inspired by RFC822.
+Comments are prefixed by a pound sign, hash sign or octothorpe (#), and
variable
+assignment is similar to POSIX shell.
+Properties are defined using RFC822-style stanzas.
+.\"
+.Ss PROPERTIES
+.\"
+Properties are set using RFC822-style stanzas which consist of a keyword,
followed
+by a colon (:) and then the value the property should be set to.
+Variable substitution is always performed regardless of property type.
+.Pp
+There are two types of property:
+.\"
+.Bl -tag -width indent
+.\"
+.It Literal
+The property will be set to the text of the value.
+.\"
+.It Fragment List
+The property will be set to a list of fragments parsed from the text.
+The input text must be in a format that is suitable for passing to a POSIX
+shell without any shell expansions after variable substitution has been done.
+.\"
+.El
+.Ss PROPERTY KEYWORDS
+.Bl -tag -width indent
+.\"
+.It Triplet
+The triplet used by the cross-compile toolchain.
+(mandatory; literal)
+.It SysrootDir
+The directory used by the system root of the cross-compile toolchain.
+(mandatory; literal)
+.It DefaultSearchPaths
+A list of directories to look for
+.Xr pc 5
+files in.
+(mandatory; fragment list)
+.It SystemIncludePaths
+A list of directories that are included by default in the search path for
+include files.
+(mandatory; fragment list)
+.It SystemLibraryPaths
+A list of directories that are included by default in the search path for
+libraries.
+(mandatory; fragment list)
+.\"
+.Sh EXAMPLES
+An example .personality file:
+.Bd -literal
+# This is a comment
+Triplet: x86_64-pc-linux-gnu
+SysrootDir: /home/kaniini/sysroot/x86_64-pc-linux-gnu
+DefaultSearchPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib/pkgconfig \\
+ /home/kaniini/sysroot/x86_64-pc-linux-gnu/share/pkgconfig
+SystemIncludePaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/include
+SystemLibraryPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib
+.Ed
+.Sh SEE ALSO
+.Xr pkgconf 1 ,
+.Xr pkg.m4 7 ,
+.Xr pc 5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/tests/lib1/empty-tuple.pc
new/pkgconf-1.5.3/tests/lib1/empty-tuple.pc
--- old/pkgconf-1.5.1/tests/lib1/empty-tuple.pc 1970-01-01 01:00:00.000000000
+0100
+++ new/pkgconf-1.5.3/tests/lib1/empty-tuple.pc 2018-07-29 02:39:56.000000000
+0200
@@ -0,0 +1,6 @@
+xcflags=
+
+Name: empty-tuple
+Description: testing file
+Version: 1
+CFlags: ${xcflags}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pkgconf-1.5.1/tests/regress.sh
new/pkgconf-1.5.3/tests/regress.sh
--- old/pkgconf-1.5.1/tests/regress.sh 2018-06-16 08:43:55.000000000 +0200
+++ new/pkgconf-1.5.3/tests/regress.sh 2018-07-29 02:45:19.000000000 +0200
@@ -28,7 +28,8 @@
fragment_collision \
malformed_1 \
malformed_quoting \
- explicit_sysroot
+ explicit_sysroot \
+ empty_tuple
case_sensitivity_body()
{
@@ -247,3 +248,9 @@
atf_check -o inline:"/sysroot/usr/share/test\n" \
pkgconf --with-path="${selfdir}/lib1" --variable=pkgdatadir
explicit-sysroot
}
+
+empty_tuple_body()
+{
+ atf_check -o inline:"\n" \
+ pkgconf --with-path="${selfdir}/lib1" --cflags empty-tuple
+}
