Hello community, here is the log from the commit of package pkgconf for openSUSE:Factory checked in at 2018-08-22 14:20:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pkgconf (Old) and /work/SRC/openSUSE:Factory/.pkgconf.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pkgconf" Wed Aug 22 14:20:58 2018 rev:3 rq:630780 version:1.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/pkgconf/pkgconf.changes 2018-06-22 13:34:37.860318963 +0200 +++ /work/SRC/openSUSE:Factory/.pkgconf.new/pkgconf.changes 2018-08-22 14:21:00.322444377 +0200 @@ -1,0 +2,13 @@ +Tue Aug 21 12:27:05 UTC 2018 - Neal Gompa <ngomp...@gmail.com> + +- Update to 1.5.3 + + Fix edge cases involving dequoting zero-length tuples that can lead to a + buffer overflow under the right circumstances. Thanks to A. Wilcox for + reporting and supplying a patch. (boo#1105438 - CVE-2018-1000221) + + Ensure environment variables override values learned from personality files + or built-in defaults. + + Add pkgconf-personality(5) manpage documenting the personality file format. +- Drop BR pkgconfig and manually specified pkgconfig() Provides for + devel subpackage to avoid dependency loops. + +------------------------------------------------------------------- Old: ---- pkgconf-1.5.1.tar.xz New: ---- pkgconf-1.5.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pkgconf.spec ++++++ --- /var/tmp/diff_new_pack.v5rTRD/_old 2018-08-22 14:21:00.966445902 +0200 +++ /var/tmp/diff_new_pack.v5rTRD/_new 2018-08-22 14:21:00.966445902 +0200 @@ -37,7 +37,7 @@ %global devname lib%{name}-devel Name: pkgconf -Version: 1.5.1 +Version: 1.5.3 Release: 0 Summary: Package compiler and linker metadata toolkit License: ISC @@ -56,9 +56,6 @@ BuildRequires: automake BuildRequires: libtool -# To ensure that the pkgconfig() deps are generated -BuildRequires: pkgconfig - # pkgconf uses libpkgconf internally Requires: %{libname}%{?_isa} = %{version}-%{release} @@ -83,6 +80,8 @@ Summary: Development files for lib%{name} License: ISC Group: Development/Libraries/C and C++ +# Avoid dependency loop on itself by specifying the Provides directly +Provides: pkgconfig(libpkgconf) = %{version} Requires: %{libname}%{?_isa} = %{version}-%{release} %description -n %{devname} @@ -181,6 +180,7 @@ %{_bindir}/%{name} %{_mandir}/man1/%{name}.1* %{_mandir}/man5/pc.5* +%{_mandir}/man5/%{name}-personality.5* %files -n %{libname} %license COPYING ++++++ pkgconf-1.5.1.tar.xz -> pkgconf-1.5.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/Makefile.am new/pkgconf-1.5.3/Makefile.am --- old/pkgconf-1.5.1/Makefile.am 2018-06-16 23:34:57.000000000 +0200 +++ new/pkgconf-1.5.3/Makefile.am 2018-07-29 02:45:43.000000000 +0200 @@ -92,6 +92,7 @@ tests/lib1/requires-internal-missing.pc \ tests/lib1/requires-internal-collision.pc \ tests/lib1/tuple-quoting.pc \ + tests/lib1/empty-tuple.pc \ tests/test_env.sh \ $(test_scripts) \ doc/conf.py \ @@ -146,7 +147,8 @@ dist_man_MANS = \ man/pkgconf.1 \ man/pkg.m4.7 \ - man/pc.5 + man/pc.5 \ + man/pkgconf-personality.5 pkgconf_LDADD = libpkgconf.la pkgconf_SOURCES = \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/Makefile.in new/pkgconf-1.5.3/Makefile.in --- old/pkgconf-1.5.1/Makefile.in 2018-06-16 23:38:31.000000000 +0200 +++ new/pkgconf-1.5.3/Makefile.in 2018-07-29 02:49:23.000000000 +0200 @@ -480,6 +480,7 @@ tests/lib1/requires-internal-missing.pc \ tests/lib1/requires-internal-collision.pc \ tests/lib1/tuple-quoting.pc \ + tests/lib1/empty-tuple.pc \ tests/test_env.sh \ $(test_scripts) \ doc/conf.py \ @@ -532,7 +533,8 @@ dist_man_MANS = \ man/pkgconf.1 \ man/pkg.m4.7 \ - man/pc.5 + man/pc.5 \ + man/pkgconf-personality.5 pkgconf_LDADD = libpkgconf.la pkgconf_SOURCES = \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/NEWS new/pkgconf-1.5.3/NEWS --- old/pkgconf-1.5.1/NEWS 2018-06-16 23:37:32.000000000 +0200 +++ new/pkgconf-1.5.3/NEWS 2018-07-29 02:38:15.000000000 +0200 @@ -1,6 +1,24 @@ Changes from previous version of pkgconf ======================================== +Changes from 1.5.2 to 1.5.3: +---------------------------- + +* Security fixes: + - Fix edge cases involving dequoting zero-length tuples that can lead to a + buffer overflow under the right circumstances. Thanks to A. Wilcox for + reporting and supplying a patch. (MR 3) + +Changes from 1.5.1 to 1.5.2: +---------------------------- + +* Bug fixes: + - Ensure environment variables override values learned from personality files + or built-in defaults. + +* Documentation enhancements: + - Add pkgconf-personality(5) manpage documenting the personality file format. + Changes from 1.5.0 to 1.5.1: ---------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/configure new/pkgconf-1.5.3/configure --- old/pkgconf-1.5.1/configure 2018-06-16 23:38:32.000000000 +0200 +++ new/pkgconf-1.5.3/configure 2018-07-29 02:49:24.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pkgconf 1.5.1. +# Generated by GNU Autoconf 2.69 for pkgconf 1.5.3. # # Report bugs to <http://github.com/pkgconf/pkgconf/issues>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='pkgconf' PACKAGE_TARNAME='pkgconf' -PACKAGE_VERSION='1.5.1' -PACKAGE_STRING='pkgconf 1.5.1' +PACKAGE_VERSION='1.5.3' +PACKAGE_STRING='pkgconf 1.5.3' PACKAGE_BUGREPORT='http://github.com/pkgconf/pkgconf/issues' PACKAGE_URL='' @@ -1333,7 +1333,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pkgconf 1.5.1 to adapt to many kinds of systems. +\`configure' configures pkgconf 1.5.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1404,7 +1404,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pkgconf 1.5.1:";; + short | recursive ) echo "Configuration of pkgconf 1.5.3:";; esac cat <<\_ACEOF @@ -1523,7 +1523,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pkgconf configure 1.5.1 +pkgconf configure 1.5.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1892,7 +1892,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pkgconf $as_me 1.5.1, which was +It was created by pkgconf $as_me 1.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4268,7 +4268,7 @@ # Define the identity of the package. PACKAGE='pkgconf' - VERSION='1.5.1' + VERSION='1.5.3' cat >>confdefs.h <<_ACEOF @@ -13725,7 +13725,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pkgconf $as_me 1.5.1, which was +This file was extended by pkgconf $as_me 1.5.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13791,7 +13791,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pkgconf config.status 1.5.1 +pkgconf config.status 1.5.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/configure.ac new/pkgconf-1.5.3/configure.ac --- old/pkgconf-1.5.1/configure.ac 2018-06-16 23:36:35.000000000 +0200 +++ new/pkgconf-1.5.3/configure.ac 2018-07-29 02:47:49.000000000 +0200 @@ -12,7 +12,7 @@ dnl from the use of this software. AC_PREREQ([2.68]) -AC_INIT([pkgconf], [1.5.1], [http://github.com/pkgconf/pkgconf/issues]) +AC_INIT([pkgconf], [1.5.3], [http://github.com/pkgconf/pkgconf/issues]) AC_CONFIG_SRCDIR([cli/main.c]) AC_CONFIG_MACRO_DIRS([m4]) AX_CHECK_COMPILE_FLAG([-Wall], [CFLAGS="$CFLAGS -Wall"]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/libpkgconf/client.c new/pkgconf-1.5.3/libpkgconf/client.c --- old/pkgconf-1.5.1/libpkgconf/client.c 2018-06-16 08:43:55.000000000 +0200 +++ new/pkgconf-1.5.3/libpkgconf/client.c 2018-07-20 00:03:42.000000000 +0200 @@ -96,11 +96,15 @@ pkgconf_client_set_buildroot_dir(client, NULL); pkgconf_client_set_prefix_varname(client, NULL); - pkgconf_path_copy_list(&client->filter_libdirs, &personality->filter_libdirs); - pkgconf_path_copy_list(&client->filter_includedirs, &personality->filter_includedirs); + if(getenv("PKG_CONFIG_SYSTEM_LIBRARY_PATH") == NULL) + pkgconf_path_copy_list(&client->filter_libdirs, &personality->filter_libdirs); + else + pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_LIBRARY_PATH", NULL, &client->filter_libdirs, false); - pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_LIBRARY_PATH", NULL, &client->filter_libdirs, false); - pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_INCLUDE_PATH", NULL, &client->filter_includedirs, false); + if(getenv("PKG_CONFIG_SYSTEM_INCLUDE_PATH") == NULL) + pkgconf_path_copy_list(&client->filter_includedirs, &personality->filter_includedirs); + else + pkgconf_path_build_from_environ("PKG_CONFIG_SYSTEM_INCLUDE_PATH", NULL, &client->filter_includedirs, false); /* GCC uses these environment variables to define system include paths, so we should check them. */ #ifdef __HAIKU__ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/libpkgconf/tuple.c new/pkgconf-1.5.3/libpkgconf/tuple.c --- old/pkgconf-1.5.1/libpkgconf/tuple.c 2018-06-16 08:43:55.000000000 +0200 +++ new/pkgconf-1.5.3/libpkgconf/tuple.c 2018-07-29 02:34:56.000000000 +0200 @@ -139,7 +139,7 @@ static char * dequote(const char *value) { - char *buf = calloc(strlen(value) * 2, 1); + char *buf = calloc((strlen(value) + 1) * 2, 1); char *bptr = buf; const char *i; char quote = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/man/pkgconf-personality.5 new/pkgconf-1.5.3/man/pkgconf-personality.5 --- old/pkgconf-1.5.1/man/pkgconf-personality.5 1970-01-01 01:00:00.000000000 +0100 +++ new/pkgconf-1.5.3/man/pkgconf-personality.5 2018-07-20 00:22:06.000000000 +0200 @@ -0,0 +1,89 @@ +.\" Copyright (c) 2018 pkgconf authors (see AUTHORS). +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" This software is provided 'as is' and without any warranty, express or +.\" implied. In no event shall the authors be liable for any damages arising +.\" from the use of this software. +.Dd July 19, 2018 +.Dt PKGCONF-PERSONALITY 5 +.Os +.Sh NAME +.Nm file.personality +.Nd pkgconf cross-compile personality file format +.Sh DESCRIPTION +pkgconf cross-compile personality files provide a useful mechanism for storing +various information about system toolchains. +Information stored by +.Nm .personality +files include information about paths used by a cross-compile toolchain, such as +the sysroot directory and default include and library paths. pkgconf uses this +information to determine what information is necessary to use libraries. +.\" +.Ss FILE SYNTAX +The +.Nm .personality +file follows a format inspired by RFC822. +Comments are prefixed by a pound sign, hash sign or octothorpe (#), and variable +assignment is similar to POSIX shell. +Properties are defined using RFC822-style stanzas. +.\" +.Ss PROPERTIES +.\" +Properties are set using RFC822-style stanzas which consist of a keyword, followed +by a colon (:) and then the value the property should be set to. +Variable substitution is always performed regardless of property type. +.Pp +There are two types of property: +.\" +.Bl -tag -width indent +.\" +.It Literal +The property will be set to the text of the value. +.\" +.It Fragment List +The property will be set to a list of fragments parsed from the text. +The input text must be in a format that is suitable for passing to a POSIX +shell without any shell expansions after variable substitution has been done. +.\" +.El +.Ss PROPERTY KEYWORDS +.Bl -tag -width indent +.\" +.It Triplet +The triplet used by the cross-compile toolchain. +(mandatory; literal) +.It SysrootDir +The directory used by the system root of the cross-compile toolchain. +(mandatory; literal) +.It DefaultSearchPaths +A list of directories to look for +.Xr pc 5 +files in. +(mandatory; fragment list) +.It SystemIncludePaths +A list of directories that are included by default in the search path for +include files. +(mandatory; fragment list) +.It SystemLibraryPaths +A list of directories that are included by default in the search path for +libraries. +(mandatory; fragment list) +.\" +.Sh EXAMPLES +An example .personality file: +.Bd -literal +# This is a comment +Triplet: x86_64-pc-linux-gnu +SysrootDir: /home/kaniini/sysroot/x86_64-pc-linux-gnu +DefaultSearchPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib/pkgconfig \\ + /home/kaniini/sysroot/x86_64-pc-linux-gnu/share/pkgconfig +SystemIncludePaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/include +SystemLibraryPaths: /home/kaniini/sysroot/x86_64-pc-linux-gnu/lib +.Ed +.Sh SEE ALSO +.Xr pkgconf 1 , +.Xr pkg.m4 7 , +.Xr pc 5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/tests/lib1/empty-tuple.pc new/pkgconf-1.5.3/tests/lib1/empty-tuple.pc --- old/pkgconf-1.5.1/tests/lib1/empty-tuple.pc 1970-01-01 01:00:00.000000000 +0100 +++ new/pkgconf-1.5.3/tests/lib1/empty-tuple.pc 2018-07-29 02:39:56.000000000 +0200 @@ -0,0 +1,6 @@ +xcflags= + +Name: empty-tuple +Description: testing file +Version: 1 +CFlags: ${xcflags} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pkgconf-1.5.1/tests/regress.sh new/pkgconf-1.5.3/tests/regress.sh --- old/pkgconf-1.5.1/tests/regress.sh 2018-06-16 08:43:55.000000000 +0200 +++ new/pkgconf-1.5.3/tests/regress.sh 2018-07-29 02:45:19.000000000 +0200 @@ -28,7 +28,8 @@ fragment_collision \ malformed_1 \ malformed_quoting \ - explicit_sysroot + explicit_sysroot \ + empty_tuple case_sensitivity_body() { @@ -247,3 +248,9 @@ atf_check -o inline:"/sysroot/usr/share/test\n" \ pkgconf --with-path="${selfdir}/lib1" --variable=pkgdatadir explicit-sysroot } + +empty_tuple_body() +{ + atf_check -o inline:"\n" \ + pkgconf --with-path="${selfdir}/lib1" --cflags empty-tuple +}