[gentoo-commits] repo/gentoo:master commit in: sys-apps/diffutils/files/, sys-apps/diffutils/

["Lars Wendler" <polynomial-c@gentoo.org>]

commit:     0ac0d1883b2fbb34f8b85995cf2ce651af4ef006
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 15 19:55:04 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Aug 15 19:55:18 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ac0d188

sys-apps/diffutils: Revbump to fix use-after-free bug in diff3 (bug #591044).

Package-Manager: portage-2.3.0
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 sys-apps/diffutils/diffutils-3.4-r1.ebuild         |  50 +++++++++
 .../files/diffutils-3.4-diff3_fix_leaks.patch      | 123 +++++++++++++++++++++
 .../files/diffutils-3.4-diff3_use_after_free.patch |  26 +++++
 .../diffutils-3.4-no_color_on_dumb_terms.patch     |  49 ++++++++
 4 files changed, 248 insertions(+)

diff --git a/sys-apps/diffutils/diffutils-3.4-r1.ebuild b/sys-apps/diffutils/diffutils-3.4-r1.ebuild
new file mode 100644
index 0000000..43a9069
--- /dev/null
+++ b/sys-apps/diffutils/diffutils-3.4-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit flag-o-matic
+
+DESCRIPTION="Tools to make diffs and compare files"
+HOMEPAGE="https://www.gnu.org/software/diffutils/"
+SRC_URI="mirror://gnu-alpha/diffutils/${P}.tar.xz
+	mirror://gnu/diffutils/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="nls static"
+
+DEPEND="app-arch/xz-utils
+	nls? ( sys-devel/gettext )"
+
+DOCS=( AUTHORS ChangeLog NEWS README THANKS TODO )
+
+PATCHES=(
+	"${FILESDIR}/${P}-no_color_on_dumb_terms.patch"
+	"${FILESDIR}/${P}-diff3_use_after_free.patch"
+	"${FILESDIR}/${P}-diff3_fix_leaks.patch"
+)
+
+src_prepare() {
+	epatch "${PATCHES[@]}"
+}
+
+src_configure() {
+	use static && append-ldflags -static
+
+	# Disable automagic dependency over libsigsegv; see bug #312351.
+	export ac_cv_libsigsegv=no
+
+	econf \
+		--with-packager="Gentoo" \
+		--with-packager-version="${PVR}" \
+		--with-packager-bug-reports="https://bugs.gentoo.org/" \
+		$(use_enable nls)
+}
+
+src_test() {
+	# explicitly allow parallel testing
+	emake check
+}

diff --git a/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch b/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch
new file mode 100644
index 0000000..fda8319
--- /dev/null
+++ b/sys-apps/diffutils/files/diffutils-3.4-diff3_fix_leaks.patch
@@ -0,0 +1,123 @@
+From edd942ca27d570a33d612b12eecaa33a76640e46 Mon Sep 17 00:00:00 2001
+From: Jim Meyering <meyering@fb.com>
+Date: Fri, 12 Aug 2016 21:40:29 -0700
+Subject: diff3: fix leaks, for real
+
+* src/diff3.c (struct diff_block)[lint]: Add member, n2.
+(free_diff_block, next_to_n2): New functions.
+---
+
+diff --git a/src/diff3.c b/src/diff3.c
+index 0eb643e..b80aeb3 100644
+--- a/src/diff3.c
++++ b/src/diff3.c
+@@ -78,6 +78,9 @@ struct diff_block {
+   char **lines[2];		/* The actual lines (may contain nulls) */
+   size_t *lengths[2];		/* Line lengths (including newlines, if any) */
+   struct diff_block *next;
++#ifdef lint
++  struct diff_block *n2;	/* Used only when freeing.  */
++#endif
+ };
+ 
+ /* Three way diff */
+@@ -176,7 +179,7 @@ static struct diff3_block *create_diff3_block (lin, lin, lin, lin, lin, lin);
+ static struct diff3_block *make_3way_diff (struct diff_block *, struct diff_block *);
+ static struct diff3_block *reverse_diff3_blocklist (struct diff3_block *);
+ static struct diff3_block *using_to_diff3_block (struct diff_block *[2], struct diff_block *[2], int, int, struct diff3_block const *);
+-static struct diff_block *process_diff (char const *, char const *, struct diff_block **);
++static struct diff_block *process_diff (char const *, char const *, struct diff_block **, char **);
+ static void check_stdout (void);
+ static void fatal (char const *) __attribute__((noreturn));
+ static void output_diff3 (FILE *, struct diff3_block *, int const[3], int const[3]);
+@@ -212,6 +215,38 @@ static struct option const longopts[] =
+   {0, 0, 0, 0}
+ };
+ 
++static void
++free_diff_block (struct diff_block *p)
++{
++#ifndef lint
++  (void)p;
++#else
++  while (p)
++    {
++      free (p->lines[0]);
++      free (p->lines[1]);
++      free (p->lengths[0]);
++      free (p->lengths[1]);
++      struct diff_block *next = p->n2;
++      free (p);
++      p = next;
++    }
++#endif
++}
++
++/* Copy each next pointer to n2, since make_3way_diff would clobber the former,
++   yet we will still need something to free these buffers.  */
++static void
++next_to_n2 (struct diff_block *p)
++{
++#ifndef lint
++  (void)p;
++#else
++  while (p)
++    p = p->n2 = p->next;
++#endif
++}
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -377,10 +412,19 @@ main (int argc, char **argv)
+   /* Invoke diff twice on two pairs of input files, combine the two
+      diffs, and output them.  */
+ 
++  char *b0, *b1;
+   commonname = file[rev_mapping[FILEC]];
+-  thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block);
+-  thread0 = process_diff (file[rev_mapping[FILE0]], commonname, &last_block);
++  thread1 = process_diff (file[rev_mapping[FILE1]], commonname, &last_block, &b1);
++  thread0 = process_diff (file[rev_mapping[FILE0]], commonname, &last_block, &b0);
++
++  next_to_n2 (thread0);
++  next_to_n2 (thread1);
++
+   diff3 = make_3way_diff (thread0, thread1);
++
++  free_diff_block (thread0);
++  free_diff_block (thread1);
++
+   if (edscript)
+     conflicts_found
+       = output_diff3_edscript (stdout, diff3, mapping, rev_mapping,
+@@ -400,6 +444,8 @@ main (int argc, char **argv)
+       conflicts_found = false;
+     }
+ 
++  free (b0);
++  free (b1);
+   check_stdout ();
+   exit (conflicts_found);
+ }
+@@ -938,7 +984,8 @@ compare_line_list (char * const list1[], size_t const lengths1[],
+ static struct diff_block *
+ process_diff (char const *filea,
+ 	      char const *fileb,
+-	      struct diff_block **last_block)
++	      struct diff_block **last_block,
++	      char **buf_to_free)
+ {
+   char *diff_contents;
+   char *diff_limit;
+@@ -953,6 +1000,7 @@ process_diff (char const *filea,
+ 				  sizeof *bptr->lengths[1]));
+ 
+   diff_limit = read_diff (filea, fileb, &diff_contents);
++  *buf_to_free = diff_contents;
+   scan_diff = diff_contents;
+ 
+   while (scan_diff < diff_limit)
+-- 
+cgit v1.0
+

diff --git a/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch b/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch
new file mode 100644
index 0000000..41a4b27
--- /dev/null
+++ b/sys-apps/diffutils/files/diffutils-3.4-diff3_use_after_free.patch
@@ -0,0 +1,26 @@
+From 1a0df4396ebe3b9a58b882bb976cfce3f50d3cac Mon Sep 17 00:00:00 2001
+From: Bastian Beischer <bastian.beischer@rwth-aachen.de>
+Date: Sat, 13 Aug 2016 18:53:36 -0700
+Subject: diff3: fix heap use-after-free; add minimal diff3 test coverage
+
+Commit v3.3-42-g3b74a90, "FIXME: src/diff3: plug a leak" added an
+invalid use of free, leading to use-after-free in nearly any invocation
+of diff3.  Revert that commit.
+Reported by Bastian Beischer in http://bugs.gnu.org/24210
+---
+
+diff --git a/src/diff3.c b/src/diff3.c
+index 6ef90f4..0eb643e 100644
+--- a/src/diff3.c
++++ b/src/diff3.c
+@@ -1039,7 +1039,6 @@ process_diff (char const *filea,
+ 
+   *block_list_end = NULL;
+   *last_block = bptr;
+-  free (diff_contents);
+   return block_list;
+ }
+ 
+--
+cgit v1.0
+

diff --git a/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch b/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch
new file mode 100644
index 0000000..33f81e4
--- /dev/null
+++ b/sys-apps/diffutils/files/diffutils-3.4-no_color_on_dumb_terms.patch
@@ -0,0 +1,49 @@
+From 697c1f4fa93ac971c487725e9e53fc211cd3c670 Mon Sep 17 00:00:00 2001
+From: Jim Meyering <meyering@fb.com>
+Date: Mon, 8 Aug 2016 18:50:15 -0700
+Subject: diff: disable colorization for TERM=dumb
+
+* src/diff.c (main): With --color or --color=auto, when TERM is
+"dumb", disable colorization.  Suggested by Daniel Colascione.
+* NEWS (Bug fixes): Mention it.
+* tests/colors: Add a test that would fail without this change,
+yet passes with it.
+---
+
+diff --git a/src/diff.c b/src/diff.c
+index 9bc1d96..686945e 100644
+--- a/src/diff.c
++++ b/src/diff.c
+@@ -656,6 +656,13 @@ main (int argc, char **argv)
+       prev = c;
+     }
+ 
++  if (colors_style == AUTO)
++    {
++      char const *t = getenv ("TERM");
++      if (t && STREQ (t, "dumb"))
++        colors_style = NEVER;
++    }
++
+   if (output_style == OUTPUT_UNSPECIFIED)
+     {
+       if (show_c_function)
+diff --git a/tests/colors b/tests/colors
+index 3ad2206..8651a5b 100755
+--- a/tests/colors
++++ b/tests/colors
+@@ -86,6 +86,11 @@ test $? = 1 || fail=1
+ gen_exp_default > exp || framework_failure_
+ compare exp out || fail=1
+ 
++TERM=dumb diff ---presume-output-tty --color=auto a b > out
++test $? = 1 || fail=1
++gen_exp_default > exp || framework_failure_
++compare exp out || fail=1
++
+ diff --color=never a b > out
+ test $? = 1 || fail=1
+ gen_exp_default > exp || framework_failure_
+-- 
+cgit v1.0
+