[coreutils/f18] fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917)- CVE2013-0223/CVE2013-02
Ondrej Vasik
ovasik at fedoraproject.org
Thu Jan 24 16:16:34 UTC 2013
commit 8def2175102337e5c315fa9c0dbe265a76358dda
Author: Ondřej Vašík <ovasik at redhat.com>
Date: Thu Jan 24 17:16:25 2013 +0100
fix multiple segmantation faults in i18n patch (by SUSE) (#869442, #902917)- CVE2013-0223/CVE2013-0221/CVE2013-0222
coreutils-i18n.patch | 162 +++++++++++++++++++++++++++++---------------------
coreutils.spec | 6 ++-
2 files changed, 100 insertions(+), 68 deletions(-)
---
diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch
index 7ddc72c..704941f 100644
--- a/coreutils-i18n.patch
+++ b/coreutils-i18n.patch
@@ -1,6 +1,6 @@
diff -urNp coreutils-8.17-orig/lib/linebuffer.h coreutils-8.17/lib/linebuffer.h
--- coreutils-8.17-orig/lib/linebuffer.h 2012-01-06 10:14:31.000000000 +0100
-+++ coreutils-8.17/lib/linebuffer.h 2012-08-20 12:52:26.658468803 +0200
++++ coreutils-8.17/lib/linebuffer.h 2013-01-24 17:11:53.530457138 +0100
@@ -21,6 +21,11 @@
# include <stdio.h>
@@ -25,7 +25,7 @@ diff -urNp coreutils-8.17-orig/lib/linebuffer.h coreutils-8.17/lib/linebuffer.h
/* Initialize linebuffer LINEBUFFER for use. */
diff -urNp coreutils-8.17-orig/src/cut.c coreutils-8.17/src/cut.c
--- coreutils-8.17-orig/src/cut.c 2012-05-02 10:31:47.000000000 +0200
-+++ coreutils-8.17/src/cut.c 2012-08-20 12:57:52.533805458 +0200
++++ coreutils-8.17/src/cut.c 2013-01-24 17:11:53.532456847 +0100
@@ -28,6 +28,11 @@
#include <assert.h>
#include <getopt.h>
@@ -635,7 +635,7 @@ diff -urNp coreutils-8.17-orig/src/cut.c coreutils-8.17/src/cut.c
if (optind == argc)
diff -urNp coreutils-8.17-orig/src/expand.c coreutils-8.17/src/expand.c
--- coreutils-8.17-orig/src/expand.c 2012-05-01 22:55:08.000000000 +0200
-+++ coreutils-8.17/src/expand.c 2012-08-20 12:59:28.995468227 +0200
++++ coreutils-8.17/src/expand.c 2013-01-24 17:11:53.534459250 +0100
@@ -37,12 +37,29 @@
#include <stdio.h>
#include <getopt.h>
@@ -825,7 +825,7 @@ diff -urNp coreutils-8.17-orig/src/expand.c coreutils-8.17/src/expand.c
error (EXIT_FAILURE, errno, "-");
diff -urNp coreutils-8.17-orig/src/fold.c coreutils-8.17/src/fold.c
--- coreutils-8.17-orig/src/fold.c 2012-04-29 13:45:30.000000000 +0200
-+++ coreutils-8.17/src/fold.c 2012-08-20 12:52:26.662467902 +0200
++++ coreutils-8.17/src/fold.c 2013-01-24 17:11:53.535456924 +0100
@@ -22,12 +22,34 @@
#include <getopt.h>
#include <sys/types.h>
@@ -1225,7 +1225,7 @@ diff -urNp coreutils-8.17-orig/src/fold.c coreutils-8.17/src/fold.c
case 's': /* Break at word boundaries. */
diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
--- coreutils-8.17-orig/src/join.c 2012-05-02 10:31:47.000000000 +0200
-+++ coreutils-8.17/src/join.c 2012-08-20 12:52:26.664470970 +0200
++++ coreutils-8.17/src/join.c 2013-01-24 17:11:53.537387892 +0100
@@ -22,18 +22,32 @@
#include <sys/types.h>
#include <getopt.h>
@@ -1444,7 +1444,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
static void
freeline (struct line *line)
{
-@@ -313,56 +472,115 @@ keycmp (struct line const *line1, struct
+@@ -313,56 +472,130 @@ keycmp (struct line const *line1, struct
size_t jf_1, size_t jf_2)
{
/* Start of field to compare in each file. */
@@ -1458,6 +1458,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
+ size_t len[2]; /* Length of fields to compare. */
int diff;
+ int i, j;
++ int mallocd = 0;
if (jf_1 < line1->nfields)
{
@@ -1513,7 +1514,8 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
+
+ for (i = 0; i < 2; i++)
+ {
-+ copy[i] = alloca (len[i] + 1);
++ mallocd = 1;
++ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0; j < MIN (len[0], len[1]);)
+ {
@@ -1553,7 +1555,8 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
+ {
+ for (i = 0; i < 2; i++)
+ {
-+ copy[i] = alloca (len[i] + 1);
++ mallocd = 1;
++ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0; j < MIN (len[0], len[1]); j++)
+ copy[i][j] = toupper (beg[i][j]);
@@ -1572,9 +1575,21 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
}
+ if (hard_LC_COLLATE)
-+ return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
++ {
++ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
++
++ if (mallocd)
++ for (i = 0; i < 2; i++)
++ free (copy[i]);
++
++ return diff;
++ }
+ diff = memcmp (copy[0], copy[1], MIN (len[0], len[1]));
+
++ if (mallocd)
++ for (i = 0; i < 2; i++)
++ free (copy[i]);
++
+
if (diff)
return diff;
@@ -1583,7 +1598,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
}
/* Check that successive input lines PREV and CURRENT from input file
-@@ -454,6 +672,11 @@ get_line (FILE *fp, struct line **linep,
+@@ -454,6 +687,11 @@ get_line (FILE *fp, struct line **linep,
}
++line_no[which - 1];
@@ -1595,7 +1610,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
xfields (line);
if (prevline[which - 1])
-@@ -553,21 +776,28 @@ prfield (size_t n, struct line const *li
+@@ -553,21 +791,28 @@ prfield (size_t n, struct line const *li
/* Output all the fields in line, other than the join field. */
@@ -1627,7 +1642,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
prfield (i, line);
}
}
-@@ -578,7 +808,6 @@ static void
+@@ -578,7 +823,6 @@ static void
prjoin (struct line const *line1, struct line const *line2)
{
const struct outlist *outlist;
@@ -1635,7 +1650,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
size_t field;
struct line const *line;
-@@ -612,7 +841,7 @@ prjoin (struct line const *line1, struct
+@@ -612,7 +856,7 @@ prjoin (struct line const *line1, struct
o = o->next;
if (o == NULL)
break;
@@ -1644,7 +1659,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
}
putchar ('\n');
}
-@@ -1090,21 +1319,46 @@ main (int argc, char **argv)
+@@ -1090,21 +1334,46 @@ main (int argc, char **argv)
case 't':
{
@@ -1703,7 +1718,7 @@ diff -urNp coreutils-8.17-orig/src/join.c coreutils-8.17/src/join.c
case NOCHECK_ORDER_OPTION:
diff -urNp coreutils-8.17-orig/src/pr.c coreutils-8.17/src/pr.c
--- coreutils-8.17-orig/src/pr.c 2012-05-10 09:14:30.000000000 +0200
-+++ coreutils-8.17/src/pr.c 2012-08-20 12:52:26.669468730 +0200
++++ coreutils-8.17/src/pr.c 2013-01-24 17:11:53.543389383 +0100
@@ -312,6 +312,32 @@
#include <getopt.h>
@@ -2448,8 +2463,8 @@ diff -urNp coreutils-8.17-orig/src/pr.c coreutils-8.17/src/pr.c
looking for more options and printing the next batch of files.
diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
---- coreutils-8.17-orig/src/sort.c 2012-05-04 12:06:22.000000000 +0200
-+++ coreutils-8.17/src/sort.c 2012-08-20 12:52:26.675467884 +0200
+--- coreutils-8.17-orig/src/sort.c 2013-01-24 17:03:36.008333014 +0100
++++ coreutils-8.17/src/sort.c 2013-01-24 17:11:53.549332078 +0100
@@ -22,12 +22,21 @@
#include <config.h>
@@ -2508,7 +2523,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* The kind of blanks for '-b' to skip in various options. */
enum blanktype { bl_start, bl_end, bl_both };
-@@ -341,13 +372,11 @@ static bool reverse;
+@@ -344,13 +375,11 @@ static bool reverse;
they were read if all keys compare equal. */
static bool stable;
@@ -2525,7 +2540,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Flag to remove consecutive duplicate lines from the output.
Only the last of a sequence of equal lines will be output. */
-@@ -780,6 +809,46 @@ reap_all (void)
+@@ -783,6 +812,46 @@ reap_all (void)
reap (-1);
}
@@ -2572,7 +2587,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Clean up any remaining temporary files. */
static void
-@@ -1212,7 +1281,7 @@ zaptemp (char const *name)
+@@ -1215,7 +1284,7 @@ zaptemp (char const *name)
free (node);
}
@@ -2581,7 +2596,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
static int
struct_month_cmp (void const *m1, void const *m2)
-@@ -1227,7 +1296,7 @@ struct_month_cmp (void const *m1, void c
+@@ -1230,7 +1299,7 @@ struct_month_cmp (void const *m1, void c
/* Initialize the character class tables. */
static void
@@ -2590,7 +2605,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
size_t i;
-@@ -1239,7 +1308,7 @@ inittables (void)
+@@ -1242,7 +1311,7 @@ inittables (void)
fold_toupper[i] = toupper (i);
}
@@ -2599,7 +2614,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* If we're not in the "C" locale, read different names for months. */
if (hard_LC_TIME)
{
-@@ -1321,6 +1390,84 @@ specify_nmerge (int oi, char c, char con
+@@ -1324,6 +1393,84 @@ specify_nmerge (int oi, char c, char con
xstrtol_fatal (e, oi, c, long_options, s);
}
@@ -2684,7 +2699,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Specify the amount of main memory to use when sorting. */
static void
specify_sort_size (int oi, char c, char const *s)
-@@ -1549,7 +1696,7 @@ buffer_linelim (struct buffer const *buf
+@@ -1552,7 +1699,7 @@ buffer_linelim (struct buffer const *buf
by KEY in LINE. */
static char *
@@ -2693,7 +2708,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
char *ptr = line->text, *lim = ptr + line->length - 1;
size_t sword = key->sword;
-@@ -1558,10 +1705,10 @@ begfield (struct line const *line, struc
+@@ -1561,10 +1708,10 @@ begfield (struct line const *line, struc
/* The leading field separator itself is included in a field when -t
is absent. */
@@ -2706,7 +2721,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
++ptr;
if (ptr < lim)
++ptr;
-@@ -1587,11 +1734,70 @@ begfield (struct line const *line, struc
+@@ -1590,11 +1737,70 @@ begfield (struct line const *line, struc
return ptr;
}
@@ -2778,7 +2793,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
char *ptr = line->text, *lim = ptr + line->length - 1;
size_t eword = key->eword, echar = key->echar;
-@@ -1606,10 +1812,10 @@ limfield (struct line const *line, struc
+@@ -1609,10 +1815,10 @@ limfield (struct line const *line, struc
'beginning' is the first character following the delimiting TAB.
Otherwise, leave PTR pointing at the first 'blank' character after
the preceding field. */
@@ -2791,7 +2806,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
++ptr;
if (ptr < lim && (eword || echar))
++ptr;
-@@ -1655,10 +1861,10 @@ limfield (struct line const *line, struc
+@@ -1658,10 +1864,10 @@ limfield (struct line const *line, struc
*/
/* Make LIM point to the end of (one byte past) the current field. */
@@ -2804,7 +2819,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
if (newlim)
lim = newlim;
}
-@@ -1689,6 +1895,130 @@ limfield (struct line const *line, struc
+@@ -1692,6 +1898,130 @@ limfield (struct line const *line, struc
return ptr;
}
@@ -2935,7 +2950,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Fill BUF reading from FP, moving buf->left bytes from the end
of buf->buf to the beginning first. If EOF is reached and the
file wasn't terminated by a newline, supply one. Set up BUF's line
-@@ -1775,8 +2105,22 @@ fillbuf (struct buffer *buf, FILE *fp, c
+@@ -1778,8 +2108,22 @@ fillbuf (struct buffer *buf, FILE *fp, c
else
{
if (key->skipsblanks)
@@ -2960,7 +2975,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
line->keybeg = line_start;
}
}
-@@ -1897,7 +2241,7 @@ human_numcompare (char const *a, char co
+@@ -1900,7 +2244,7 @@ human_numcompare (char const *a, char co
hideously fast. */
static int
@@ -2969,7 +2984,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
while (blanks[to_uchar (*a)])
a++;
-@@ -1907,6 +2251,25 @@ numcompare (char const *a, char const *b
+@@ -1910,6 +2254,25 @@ numcompare (char const *a, char const *b
return strnumcmp (a, b, decimal_point, thousands_sep);
}
@@ -2995,7 +3010,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Work around a problem whereby the long double value returned by glibc's
strtold ("NaN", ...) contains uninitialized bits: clear all bytes of
A and B before calling strtold. FIXME: remove this function once
-@@ -1957,7 +2320,7 @@ general_numcompare (char const *sa, char
+@@ -1960,7 +2323,7 @@ general_numcompare (char const *sa, char
Return 0 if the name in S is not recognized. */
static int
@@ -3004,7 +3019,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
size_t lo = 0;
size_t hi = MONTHS_PER_YEAR;
-@@ -2232,15 +2595,14 @@ debug_key (struct line const *line, stru
+@@ -2235,15 +2598,14 @@ debug_key (struct line const *line, stru
char saved = *lim;
*lim = '\0';
@@ -3022,7 +3037,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
else if (key->general_numeric)
ignore_value (strtold (beg, &tighter_lim));
else if (key->numeric || key->human_numeric)
-@@ -2384,7 +2746,7 @@ key_warnings (struct keyfield const *gke
+@@ -2387,7 +2749,7 @@ key_warnings (struct keyfield const *gke
bool maybe_space_aligned = !hard_LC_COLLATE && default_key_compare (key)
&& !(key->schar || key->echar);
bool line_offset = key->eword == 0 && key->echar != 0; /* -k1.x,1.y */
@@ -3031,7 +3046,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
&& ((!key->skipsblanks && !(implicit_skip || maybe_space_aligned))
|| (!key->skipsblanks && key->schar)
|| (!key->skipeblanks && key->echar)))
-@@ -2442,11 +2804,83 @@ key_warnings (struct keyfield const *gke
+@@ -2445,11 +2807,87 @@ key_warnings (struct keyfield const *gke
error (0, 0, _("option '-r' only applies to last-resort comparison"));
}
@@ -3058,13 +3073,13 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
+ if (len == 0)
+ return 0;
+
-+ month = (char *) alloca (len + 1);
++ month = (char *) xmalloc (len + 1);
+
-+ tmp = (char *) alloca (len + 1);
++ tmp = (char *) xmalloc (len + 1);
+ memcpy (tmp, s, len);
+ tmp[len] = '\0';
+ pp = (const char **)&tmp;
-+ month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t));
++ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
+ memset (&state, '\0', sizeof(mbstate_t));
+
+ wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
@@ -3103,6 +3118,10 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
+ if (ea && result)
+ *ea = s + strlen (monthtab[lo].name);
+
++ free (month);
++ free (tmp);
++ free (month_wcs);
++
+ return result;
+}
+#endif
@@ -3116,7 +3135,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
{
struct keyfield *key = keylist;
-@@ -2531,7 +2965,7 @@ keycompare (struct line const *a, struct
+@@ -2534,7 +2972,7 @@ keycompare (struct line const *a, struct
else if (key->human_numeric)
diff = human_numcompare (ta, tb);
else if (key->month)
@@ -3125,7 +3144,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
else if (key->random)
diff = compare_random (ta, tlena, tb, tlenb);
else if (key->version)
-@@ -2647,6 +3081,180 @@ keycompare (struct line const *a, struct
+@@ -2650,6 +3088,181 @@ keycompare (struct line const *a, struct
return key->reverse ? -diff : diff;
}
@@ -3181,7 +3200,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
+ {
+ if (ignore || translate)
+ {
-+ char *copy_a = (char *) alloca (lena + 1 + lenb + 1);
++ char *copy_a = (char *) xmalloc (lena + 1 + lenb + 1);
+ char *copy_b = copy_a + lena + 1;
+ size_t new_len_a, new_len_b;
+ size_t i, j;
@@ -3257,6 +3276,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
+ IGNORE_CHARS (new_len_b, lenb, textb, copy_b,
+ wc_b, mblength_b, state_b);
+ diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b);
++ free(copy_a);
+ }
+ else if (lena == 0)
+ diff = - NONZERO (lenb);
@@ -3306,7 +3326,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
/* Compare two lines A and B, returning negative, zero, or positive
depending on whether A compares less than, equal to, or greater than B. */
-@@ -4107,7 +4715,7 @@ main (int argc, char **argv)
+@@ -4110,7 +4723,7 @@ main (int argc, char **argv)
initialize_exit_failure (SORT_FAILURE);
hard_LC_COLLATE = hard_locale (LC_COLLATE);
@@ -3315,7 +3335,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
hard_LC_TIME = hard_locale (LC_TIME);
#endif
-@@ -4128,6 +4736,29 @@ main (int argc, char **argv)
+@@ -4131,6 +4744,29 @@ main (int argc, char **argv)
thousands_sep = -1;
}
@@ -3345,7 +3365,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
have_read_stdin = false;
inittables ();
-@@ -4398,13 +5029,34 @@ main (int argc, char **argv)
+@@ -4401,13 +5037,34 @@ main (int argc, char **argv)
case 't':
{
@@ -3384,7 +3404,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
else
{
/* Provoke with 'sort -txx'. Complain about
-@@ -4415,9 +5067,12 @@ main (int argc, char **argv)
+@@ -4418,9 +5075,12 @@ main (int argc, char **argv)
quote (optarg));
}
}
@@ -3401,7 +3421,7 @@ diff -urNp coreutils-8.17-orig/src/sort.c coreutils-8.17/src/sort.c
diff -urNp coreutils-8.17-orig/src/unexpand.c coreutils-8.17/src/unexpand.c
--- coreutils-8.17-orig/src/unexpand.c 2012-05-01 22:55:08.000000000 +0200
-+++ coreutils-8.17/src/unexpand.c 2012-08-20 12:52:26.677470358 +0200
++++ coreutils-8.17/src/unexpand.c 2013-01-24 17:11:53.551335712 +0100
@@ -38,12 +38,29 @@
#include <stdio.h>
#include <getopt.h>
@@ -3657,7 +3677,7 @@ diff -urNp coreutils-8.17-orig/src/unexpand.c coreutils-8.17/src/unexpand.c
error (EXIT_FAILURE, errno, "-");
diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
--- coreutils-8.17-orig/src/uniq.c 2012-05-01 22:55:08.000000000 +0200
-+++ coreutils-8.17/src/uniq.c 2012-08-20 12:52:26.679468083 +0200
++++ coreutils-8.17/src/uniq.c 2013-01-24 17:11:53.552332659 +0100
@@ -21,6 +21,16 @@
#include <getopt.h>
#include <sys/types.h>
@@ -3809,7 +3829,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
if (check_chars < oldlen)
oldlen = check_chars;
if (check_chars < newlen)
-@@ -241,14 +346,92 @@ different (char *old, char *new, size_t
+@@ -241,14 +346,100 @@ different (char *old, char *new, size_t
if (ignore_case)
{
@@ -3817,14 +3837,18 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
- return oldlen != newlen || memcasecmp (old, new, oldlen);
+ size_t i;
+
-+ copy_old = alloca (oldlen + 1);
-+ copy_new = alloca (oldlen + 1);
++ copy_old = xmalloc (oldlen + 1);
++ copy_new = xmalloc (oldlen + 1);
+
+ for (i = 0; i < oldlen; i++)
+ {
+ copy_old[i] = toupper (old[i]);
+ copy_new[i] = toupper (new[i]);
+ }
++ bool rc = xmemcoll (copy_old, oldlen, copy_new, newlen);
++ free (copy_old);
++ free (copy_new);
++ return rc;
}
- else if (hard_LC_COLLATE)
- return xmemcoll (old, oldlen, new, newlen) != 0;
@@ -3836,6 +3860,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
+ }
+
+ return xmemcoll (copy_old, oldlen, copy_new, newlen);
++
+}
+
+#if HAVE_MBRTOWC
@@ -3860,7 +3885,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
+
+ for (i = 0; i < 2; i++)
+ {
-+ copy[i] = alloca (len[i] + 1);
++ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++)
+ {
@@ -3900,14 +3925,17 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
+ copy[i][j] = '\0';
+ len[i] = j;
+ }
++ int rc = xmemcoll (copy[0], len[0], copy[1], len[1]);
++ free (copy[0]);
++ free (copy[1]);
++ return rc;
+
-+ return xmemcoll (copy[0], len[0], copy[1], len[1]);
}
+#endif
/* Output the line in linebuffer LINE to standard output
provided that the switches say it should be output.
-@@ -304,15 +487,43 @@ check_file (const char *infile, const ch
+@@ -304,15 +495,43 @@ check_file (const char *infile, const ch
{
char *prevfield IF_LINT ( = NULL);
size_t prevlen IF_LINT ( = 0);
@@ -3951,7 +3979,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
if (prevline->length == 0
|| different (thisfield, prevfield, thislen, prevlen))
{
-@@ -331,17 +542,26 @@ check_file (const char *infile, const ch
+@@ -331,17 +550,26 @@ check_file (const char *infile, const ch
size_t prevlen;
uintmax_t match_count = 0;
bool first_delimiter = true;
@@ -3978,7 +4006,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
if (readlinebuffer_delim (thisline, stdin, delimiter) == 0)
{
if (ferror (stdin))
-@@ -350,6 +570,14 @@ check_file (const char *infile, const ch
+@@ -350,6 +578,14 @@ check_file (const char *infile, const ch
}
thisfield = find_field (thisline);
thislen = thisline->length - 1 - (thisfield - thisline->buffer);
@@ -3993,7 +4021,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
match = !different (thisfield, prevfield, thislen, prevlen);
match_count += match;
-@@ -382,6 +610,9 @@ check_file (const char *infile, const ch
+@@ -382,6 +618,9 @@ check_file (const char *infile, const ch
SWAP_LINES (prevline, thisline);
prevfield = thisfield;
prevlen = thislen;
@@ -4003,7 +4031,7 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
if (!match)
match_count = 0;
}
-@@ -427,6 +658,19 @@ main (int argc, char **argv)
+@@ -427,6 +666,19 @@ main (int argc, char **argv)
atexit (close_stdout);
@@ -4024,8 +4052,8 @@ diff -urNp coreutils-8.17-orig/src/uniq.c coreutils-8.17/src/uniq.c
skip_fields = 0;
check_chars = SIZE_MAX;
diff -urNp coreutils-8.17-orig/tests/Makefile.am coreutils-8.17/tests/Makefile.am
---- coreutils-8.17-orig/tests/Makefile.am 2012-08-20 12:52:07.846555240 +0200
-+++ coreutils-8.17/tests/Makefile.am 2012-08-20 12:52:26.680469779 +0200
+--- coreutils-8.17-orig/tests/Makefile.am 2013-01-24 17:03:36.144332400 +0100
++++ coreutils-8.17/tests/Makefile.am 2013-01-24 17:11:53.554331990 +0100
@@ -246,6 +246,7 @@ TESTS = \
misc/sort-debug-warn \
misc/sort-discrim \
@@ -4034,7 +4062,7 @@ diff -urNp coreutils-8.17-orig/tests/Makefile.am coreutils-8.17/tests/Makefile.a
misc/sort-float \
misc/sort-merge \
misc/sort-merge-fdlimit \
-@@ -543,6 +544,10 @@ TESTS = \
+@@ -545,6 +546,10 @@ TESTS = \
$(root_tests)
pr_data = \
@@ -4047,7 +4075,7 @@ diff -urNp coreutils-8.17-orig/tests/Makefile.am coreutils-8.17/tests/Makefile.a
pr/0FFnt \
diff -urNp coreutils-8.17-orig/tests/misc/cut coreutils-8.17/tests/misc/cut
--- coreutils-8.17-orig/tests/misc/cut 2012-02-03 10:22:06.000000000 +0100
-+++ coreutils-8.17/tests/misc/cut 2012-08-20 12:52:26.681467766 +0200
++++ coreutils-8.17/tests/misc/cut 2013-01-24 17:11:53.555332032 +0100
@@ -23,14 +23,15 @@ use strict;
# Turn off localization of executable's output.
@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
@@ -4079,7 +4107,7 @@ diff -urNp coreutils-8.17-orig/tests/misc/cut coreutils-8.17/tests/misc/cut
['inval4', '-f', '1-2,-', {IN=>''}, {OUT=>''}, {EXIT=>1},
diff -urNp coreutils-8.17-orig/tests/misc/mb1.I coreutils-8.17/tests/misc/mb1.I
--- coreutils-8.17-orig/tests/misc/mb1.I 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.17/tests/misc/mb1.I 2012-08-20 12:52:26.682468139 +0200
++++ coreutils-8.17/tests/misc/mb1.I 2013-01-24 17:11:53.555332032 +0100
@@ -0,0 +1,4 @@
+Apple@10
+Banana@5
@@ -4087,7 +4115,7 @@ diff -urNp coreutils-8.17-orig/tests/misc/mb1.I coreutils-8.17/tests/misc/mb1.I
+Cherry@30
diff -urNp coreutils-8.17-orig/tests/misc/mb1.X coreutils-8.17/tests/misc/mb1.X
--- coreutils-8.17-orig/tests/misc/mb1.X 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.17/tests/misc/mb1.X 2012-08-20 12:52:26.682468139 +0200
++++ coreutils-8.17/tests/misc/mb1.X 2013-01-24 17:11:53.556332141 +0100
@@ -0,0 +1,4 @@
+Banana@5
+Apple@10
@@ -4095,7 +4123,7 @@ diff -urNp coreutils-8.17-orig/tests/misc/mb1.X coreutils-8.17/tests/misc/mb1.X
+Cherry@30
diff -urNp coreutils-8.17-orig/tests/misc/mb2.I coreutils-8.17/tests/misc/mb2.I
--- coreutils-8.17-orig/tests/misc/mb2.I 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.17/tests/misc/mb2.I 2012-08-20 12:52:26.683472746 +0200
++++ coreutils-8.17/tests/misc/mb2.I 2013-01-24 17:11:53.556332141 +0100
@@ -0,0 +1,4 @@
+Apple@AA10@@20
+Banana@AA5@@30
@@ -4103,7 +4131,7 @@ diff -urNp coreutils-8.17-orig/tests/misc/mb2.I coreutils-8.17/tests/misc/mb2.I
+Cherry@AA30@@10
diff -urNp coreutils-8.17-orig/tests/misc/mb2.X coreutils-8.17/tests/misc/mb2.X
--- coreutils-8.17-orig/tests/misc/mb2.X 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.17/tests/misc/mb2.X 2012-08-20 12:52:26.684468471 +0200
++++ coreutils-8.17/tests/misc/mb2.X 2013-01-24 17:11:53.557333171 +0100
@@ -0,0 +1,4 @@
+Citrus@AA20@@5
+Cherry@AA30@@10
@@ -4111,7 +4139,7 @@ diff -urNp coreutils-8.17-orig/tests/misc/mb2.X coreutils-8.17/tests/misc/mb2.X
+Banana@AA5@@30
diff -urNp coreutils-8.17-orig/tests/misc/sort-mb-tests coreutils-8.17/tests/misc/sort-mb-tests
--- coreutils-8.17-orig/tests/misc/sort-mb-tests 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-8.17/tests/misc/sort-mb-tests 2012-08-20 12:52:26.684468471 +0200
++++ coreutils-8.17/tests/misc/sort-mb-tests 2013-01-24 17:11:53.557333171 +0100
@@ -0,0 +1,58 @@
+#! /bin/sh
+case $# in
diff --git a/coreutils.spec b/coreutils.spec
index 6d4f4bf..880319c 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
Summary: A set of basic GNU tools commonly used in shell scripts
Name: coreutils
Version: 8.17
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv3+
Group: System Environment/Base
Url: http://www.gnu.org/software/coreutils/
@@ -425,6 +425,10 @@ fi
%{?!norunuser:%{_sbindir}/runuser}
%changelog
+* Thu Jan 24 2013 Ondrej Vasik <ovasik at redhat.com> 8.17-8
+- fix multiple segmantation faults in i18n patch (by SUSE)
+ (#869442, #902917)- CVE2013-0223/CVE2013-0221/CVE2013-0222
+
* Tue Dec 11 2012 Ondrej Vasik <ovasik at redhat.com> 8.17-7
- fix showing duplicates in df (#709351, O.Oprala, B.Voelker)
More information about the scm-commits
mailing list