Projects
Mega:24.03
sed
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 7
View file
_service:tar_scm:sed.spec
Changed
@@ -1,6 +1,6 @@ Name: sed Version: 4.9 -Release: 3 +Release: 4 Summary: non-interactive command-line text editor License: GPLv3+ @@ -8,6 +8,7 @@ Source0: http://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz Patch1: backport-sed-c-flag.patch +Patch2: backport-sed-fix-symlink-bufsize-readlink-check.patch BuildRequires: gzip automake autoconf gcc BuildRequires: glibc-devel libselinux-devel libacl-devel perl-Getopt-Long @@ -52,6 +53,12 @@ %{_mandir}/man1/*.1.gz %changelog +* Tue Apr 30 2024 kouwenqi <kouwenqi@kylinos.cn> - 4.9-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix symlink bufsize readlink check + * Sun Apr 23 2023 zhangruifang <zhangruifang1@h-partners.com> - 4.9-3 - Type:enhancement - ID:NA
View file
_service:tar_scm:backport-sed-fix-symlink-bufsize-readlink-check.patch
Added
@@ -0,0 +1,73 @@ +From 8f600f2df293d539e9e9137f6f82faa1633b97c1 Mon Sep 17 00:00:00 2001 +From: Paul Eggert <eggert@cs.ucla.edu> +Date: Sat, 17 Dec 2022 20:56:29 -0800 +Subject: PATCH sed: fix symlink bufsize readlink check + +Problem reported by Hauke Mehrtens. +* sed/utils.c (follow_symlink): Fix typo when checking size of +second and later symlink, when that symlink is so large that it +does not fit into the buffer. Although the bug is not a buffer +overflow, it does cause sed to mishandle the symlink. +* testsuite/follow-symlinks.sh: Test for the bug. +--- + NEWS | 8 ++++++++ + sed/utils.c | 2 +- + testsuite/follow-symlinks.sh | 13 +++++++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index b3db3bc..85a8db9 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,13 @@ + GNU sed NEWS -*- outline -*- + ++* Noteworthy changes in release ?.? (????-??-??) ? ++ ++** Bug fixes ++ ++ 'sed --follow-symlinks -i' no longer mishandles an operand that is a ++ short symbolic link to a long symbolic link to a file. ++ bug introduced in sed 4.9 ++ + * Noteworthy changes in release 4.9 (2022-11-06) stable + + ** Bug fixes +diff --git a/sed/utils.c b/sed/utils.c +index 2952e8b..1ccda42 100644 +--- a/sed/utils.c ++++ b/sed/utils.c +@@ -346,7 +346,7 @@ follow_symlink (const char *fname) + while ((linklen = (buf_used < buf_size + ? readlink (fn, buf + buf_used, buf_size - buf_used) + : 0)) +- == buf_size) ++ == buf_size - buf_used) + { + buf = xpalloc (buf, &buf_size, 1, SSIZE_IDX_MAX, 1); + if (num_links) +diff --git a/testsuite/follow-symlinks.sh b/testsuite/follow-symlinks.sh +index 880a80e..c418804 100644 +--- a/testsuite/follow-symlinks.sh ++++ b/testsuite/follow-symlinks.sh +@@ -73,4 +73,17 @@ compare_ exp-la-abs out-la-abs || fail=1 + ln -s la-loop la-loop || framework_failure_ + sed --follow-symlinks -i s/a/b/ la-loop && fail=1 + ++# symlink of length 128 ++long=d/ ++for i in 2 3 4 5 6 7; do ++ long=$long$long ++done ++dir=${long%/d/} ++file=$dir/xx ++mkdir -p $dir && ++echo x >$file && ++ln -s $file yy && ++ln -s yy xx || framework_failure_ ++sed -i --follow-symlinks s/x/y/ xx || fail=1 ++ + Exit $fail +-- +2.23.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2