From 0ac0d1883b2fbb34f8b85995cf2ce651af4ef006 Mon Sep 17 00:00:00 2001 From: Lars Wendler Date: Mon, 15 Aug 2016 21:55:04 +0200 Subject: sys-apps/diffutils: Revbump to fix use-after-free bug in diff3 (bug #591044). Package-Manager: portage-2.3.0 Signed-off-by: Lars Wendler --- sys-apps/diffutils/diffutils-3.4-r1.ebuild | 50 +++++++++ .../files/diffutils-3.4-diff3_fix_leaks.patch | 123 +++++++++++++++++++++ .../files/diffutils-3.4-diff3_use_after_free.patch | 26 +++++ .../diffutils-3.4-no_color_on_dumb_terms.patch | 49 ++++++++ 4 files changed, 248 insertions(+) create mode 100644 sys-apps/diffutils/diffutils-3.4-r1.ebuild create mode 100644 sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch create mode 100644 sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch create mode 100644 sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch (limited to 'sys-apps') diff --git a/sys-apps/diffutils/diffutils-3.4-r1.ebuild b/sys-apps/diffutils/diffutils-3.4-r1.ebuild new file mode 100644 index 000000000000..43a90695a1c0 --- /dev/null +++ b/sys-apps/diffutils/diffutils-3.4-r1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit flag-o-matic + +DESCRIPTION="Tools to make diffs and compare files" +HOMEPAGE="https://www.gnu.org/software/diffutils/" +SRC_URI="mirror://gnu-alpha/diffutils/${P}.tar.xz + mirror://gnu/diffutils/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="nls static" + +DEPEND="app-arch/xz-utils + nls? ( sys-devel/gettext )" + +DOCS=( AUTHORS ChangeLog NEWS README THANKS TODO ) + +PATCHES=( + "${FILESDIR}/${P}-no_color_on_dumb_terms.patch" + "${FILESDIR}/${P}-diff3_use_after_free.patch" + "${FILESDIR}/${P}-diff3_fix_leaks.patch" +) + +src_prepare() { + epatch "${PATCHES[@]}" +} + +src_configure() { + use static && append-ldflags -static + + # Disable automagic dependency over libsigsegv; see bug #312351. + export ac_cv_libsigsegv=no + + econf \ + --with-packager="Gentoo" \ + --with-packager-version="${PVR}" \ + --with-packager-bug-reports="https://bugs.gentoo.org/" \ + $(use_enable nls) +} + +src_test() { + # explicitly allow parallel testing + emake check +} diff --git a/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch b/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch new file mode 100644 index 000000000000..fda8319c73c0 --- /dev/null +++ b/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch @@ -0,0 +1,123 @@ +From edd942ca27d570a33d612b12eecaa33a76640e46 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Fri, 12 Aug 2016 21:40:29 -0700 +Subject: diff3: fix leaks, for real + +* src/diff3.c (struct diff_block)[lint]: Add member, n2. +(free_diff_block, next_to_n2): New functions. +--- + +diff --git a/src/diff3.c b/src/diff3.c +index 0eb643e..b80aeb3 100644 +--- a/src/diff3.c ++++ b/src/diff3.c +@@ -78,6 +78,9 @@ struct diff_block { + char **lines[2]; /* The actual lines (may contain nulls) */ + size_t *lengths[2]; /* Line lengths (including newlines, if any) */ + struct diff_block *next; ++#ifdef lint ++ struct diff_block *n2; /* Used only when freeing. */ ++#endif + }; + + /* Three way diff */ +@@ -176,7 +179,7 @@ static struct diff3_block *create_diff3_block (lin, lin, lin, lin, lin, lin); + static struct diff3_block *make_3way_diff (struct diff_block *, struct diff_block *); + static struct diff3_block *reverse_diff3_blocklist (struct diff3_block *); + static struct diff3_block *using_to_diff3_block (struct diff_block *[2], struct diff_block *[2], int, int, struct diff3_block const *); +-static struct diff_block *process_diff (char const *, char const *, struct diff_block **); ++static struct diff_block *process_diff (char const *, char const *, struct diff_block **, char **); + static void check_stdout (void); + static void fatal (char const *) __attribute__((noreturn)); + static void output_diff3 (FILE *, struct diff3_block *, int const[3], int const[3]); +@@ -212,6 +215,38 @@ static struct option const longopts[] = + {0, 0, 0, 0} + }; + ++static void ++free_diff_block (struct diff_block *p) ++{ ++#ifndef lint ++ (void)p; ++#else ++ while (p) ++ { ++ free (p->lines[0]); ++ free (p->lines[1]); ++ free (p->lengths[0]); ++ free (p->lengths[1]); ++ struct diff_block *next = p->n2; ++ free (p); ++ p = next; ++ } ++#endif ++} ++ ++/* Copy each next pointer to n2, since make_3way_diff would clobber the former, ++ yet we will still need something to free these buffers. */ ++static void ++next_to_n2 (struct diff_block *p) ++{ ++#ifndef lint ++ (void)p; ++#else ++ while (p) ++ p = p->n2 = p->next; ++#endif ++} ++ + int + main (int argc, char **argv) + { +@@ -377,10 +412,19 @@ main (int argc, char **argv) + /* Invoke diff twice on two pairs of input files, combine the two + diffs, and output them. */ + ++ char *b0, *b1; + commonname = file[rev_mapping[FILEC]]; +- thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block); +- thread0 = process_diff (file[rev_mapping[FILE0]], commonname, &last_block); ++ thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block, &b1); ++ thread0 = process_diff (file[rev_mapping[FILE0]], commonname, &last_block, &b0); ++ ++ next_to_n2 (thread0); ++ next_to_n2 (thread1); ++ + diff3 = make_3way_diff (thread0, thread1); ++ ++ free_diff_block (thread0); ++ free_diff_block (thread1); ++ + if (edscript) + conflicts_found + = output_diff3_edscript (stdout, diff3, mapping, rev_mapping, +@@ -400,6 +444,8 @@ main (int argc, char **argv) + conflicts_found = false; + } + ++ free (b0); ++ free (b1); + check_stdout (); + exit (conflicts_found); + } +@@ -938,7 +984,8 @@ compare_line_list (char * const list1[], size_t const lengths1[], + static struct diff_block * + process_diff (char const *filea, + char const *fileb, +- struct diff_block **last_block) ++ struct diff_block **last_block, ++ char **buf_to_free) + { + char *diff_contents; + char *diff_limit; +@@ -953,6 +1000,7 @@ process_diff (char const *filea, + sizeof *bptr->lengths[1])); + + diff_limit = read_diff (filea, fileb, &diff_contents); ++ *buf_to_free = diff_contents; + scan_diff = diff_contents; + + while (scan_diff < diff_limit) +-- +cgit v1.0 + diff --git a/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch b/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch new file mode 100644 index 000000000000..41a4b278d08b --- /dev/null +++ b/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch @@ -0,0 +1,26 @@ +From 1a0df4396ebe3b9a58b882bb976cfce3f50d3cac Mon Sep 17 00:00:00 2001 +From: Bastian Beischer +Date: Sat, 13 Aug 2016 18:53:36 -0700 +Subject: diff3: fix heap use-after-free; add minimal diff3 test coverage + +Commit v3.3-42-g3b74a90, "FIXME: src/diff3: plug a leak" added an +invalid use of free, leading to use-after-free in nearly any invocation +of diff3. Revert that commit. +Reported by Bastian Beischer in http://bugs.gnu.org/24210 +--- + +diff --git a/src/diff3.c b/src/diff3.c +index 6ef90f4..0eb643e 100644 +--- a/src/diff3.c ++++ b/src/diff3.c +@@ -1039,7 +1039,6 @@ process_diff (char const *filea, + + *block_list_end = NULL; + *last_block = bptr; +- free (diff_contents); + return block_list; + } + +-- +cgit v1.0 + diff --git a/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch b/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch new file mode 100644 index 000000000000..33f81e4fa2aa --- /dev/null +++ b/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch @@ -0,0 +1,49 @@ +From 697c1f4fa93ac971c487725e9e53fc211cd3c670 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 8 Aug 2016 18:50:15 -0700 +Subject: diff: disable colorization for TERM=dumb + +* src/diff.c (main): With --color or --color=auto, when TERM is +"dumb", disable colorization. Suggested by Daniel Colascione. +* NEWS (Bug fixes): Mention it. +* tests/colors: Add a test that would fail without this change, +yet passes with it. +--- + +diff --git a/src/diff.c b/src/diff.c +index 9bc1d96..686945e 100644 +--- a/src/diff.c ++++ b/src/diff.c +@@ -656,6 +656,13 @@ main (int argc, char **argv) + prev = c; + } + ++ if (colors_style == AUTO) ++ { ++ char const *t = getenv ("TERM"); ++ if (t && STREQ (t, "dumb")) ++ colors_style = NEVER; ++ } ++ + if (output_style == OUTPUT_UNSPECIFIED) + { + if (show_c_function) +diff --git a/tests/colors b/tests/colors +index 3ad2206..8651a5b 100755 +--- a/tests/colors ++++ b/tests/colors +@@ -86,6 +86,11 @@ test $? = 1 || fail=1 + gen_exp_default > exp || framework_failure_ + compare exp out || fail=1 + ++TERM=dumb diff ---presume-output-tty --color=auto a b > out ++test $? = 1 || fail=1 ++gen_exp_default > exp || framework_failure_ ++compare exp out || fail=1 ++ + diff --color=never a b > out + test $? = 1 || fail=1 + gen_exp_default > exp || framework_failure_ +-- +cgit v1.0 + -- cgit v1.2.3-65-gdbad