kmx git

Commit	Date	Message
aca06748	2020-05-30T19:17:12	pkgconf 1.7.3.
40726b14	2020-05-30T19:09:59	update NEWS
354c8727	2020-05-30T19:19:48	libpkgconf: tuple: fix truncation when no overflow occurs
5eb9cae0	2020-05-31T00:25:54	libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 \| tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.
100bc605	2020-05-30T23:48:40	libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.
7bd08a51	2020-05-30T12:41:47	update NEWS
dc04193c	2020-05-29T19:35:42	libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.
42b35531	2020-05-30T12:39:43	fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include
e3e89926	2020-05-26T14:04:34	start NEWS for 1.7.3
fb9acedc	2020-05-26T21:42:13	libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 \| tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.
c6b93941	2020-05-26T13:46:20	pkgconf 1.7.2.
c613eb5c	2020-05-26T13:41:39	libpkgconf: pkg: use a second pointer for demunging windows paths
92b09aef	2020-05-26T11:06:35	pkgconf 1.7.1.
e70b536e	2020-05-26T11:01:46	libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.
47466470	2020-05-26T10:57:51	main: extend copyright statement to 2020 in --about
ee1fe1a7	2020-05-26T07:49:15	update NEWS for 1.7.1 changes so far
0253fddc	2020-05-26T07:41:16	libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.
be6b382d	2020-05-25T07:56:05	Makefile.am: Add remaining Meson files to be included in dist tarballs The tarballs produced by 'make distcheck' did not include all files required for using Meson because they were not all enumerated in EXTRA_DIST. This change adds the remaining Meson files to the tarball.
9e16d270	2020-05-24T23:13:19	libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf
dd57abfe	2020-05-24T14:44:01	pkgconf 1.7.0.
82d57184	2020-05-24T14:53:37	meson: fix detection of strndup() on windows
4fb7683c	2020-05-24T14:40:47	add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.
fb9c2258	2020-05-24T14:37:13	update NEWS for previous patch
011db1bb	2020-04-26T17:28:03	Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15
fce1199b	2020-05-24T14:34:17	cli: add support for PKG_CONFIG_MSVC_SYNTAX env variable Patch from Dan Kegel.
cdc2bf88	2020-05-24T14:29:19	use correct autoconf macro name AC_CONFIG_MACRO_DIR without trailing S is known by autoconf since 2.58. AC_CONFIG_MACRO_DIR with trailing S is known by autoconf newer than 2.69. This fixes libtool after 'autoreconf -fi'. Fixes commit a8a65c7f6c6b6463bbdee119c0ff71536925e455 Related to issue #145 Signed-off-by: Olaf Hering <olaf@aepfle.de>
80508f71	2020-05-24T14:27:52	NEWS: start NEWS for 1.7.0 was hoping to go straight into 2.0 but we need a new maintenance branch :(
382a89c1	2020-05-24T14:18:16	pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case
92745ad9	2020-05-24T21:51:14	libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 \| tr '\0' ' ' >> poc.pc $ pkgconf poc.pc
bd4ed1ca	2020-05-24T20:51:48	libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.
62bbd3b6	2020-01-21T10:32:36	cli: remove --version to --modversion remapping This has been a source of frequent complaints, so we drop it. Resolves: https://todo.sr.ht/~kaniini/pkgconf/6
48dc665a	2019-10-19T00:56:17	personality: add support for WantDefaultStatic setting
40fe4835	2019-10-19T00:45:49	cli: main: add --shared option
f1ce3936	2019-09-30T05:22:21	fix pkgconf-personality man page
2adafc27	2019-08-23T12:47:22	libpkgconf: personality: return the default personality if loading a personality file failed
19aa93e3	2019-08-04T15:54:24	prepare for pkgconf 2.0 development
1d8c6b71	2019-07-12T16:50:51	Fix troff markup in pkgconf-personality(5) A list was started with .Bl but not ended (with .El)
db3ba0ef	2019-07-12T16:50:50	Fix spelling in pkg.m4(7)
af1fbf98	2019-07-12T08:54:24	builds: add fedora meson build
3f178f71	2019-07-12T08:42:11	builds: add fedora rawhide build
f3e1073f	2019-07-12T08:31:21	build: include meson build files in generated tarballs
d351e6ae	2019-07-12T08:23:36	Revert "tests: remove some no longer relevant bitrot in the test environment file" This reverts commit 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250. Breaks autoconf.
061627f0	2019-07-12T08:20:05	meson: bump required version to 0.47 for copy directive
107ad34f	2019-07-12T08:19:19	tests: remove some no longer relevant bitrot in the test environment file
c862e030	2019-07-12T06:53:37	pkgconf 1.6.3.
5f3aa3a8	2019-07-12T06:53:25	cli: bump copyright notice to 2019
286e3547	2019-07-12T06:46:29	update NEWS for 1.6.3.
3740bfb6	2019-07-12T06:42:08	tests: add test for malformed versions generating a diagnostic with --validate
a91e0bf2	2019-07-12T06:37:46	tests: explicitly test --print-provides with malformed versions
c10f6999	2019-07-12T06:35:48	libpkgconf: pkg: generate diagnostic for and trim malformed versions
312b4e51	2019-07-12T06:22:41	tests: add test for malformed version handling
3783d657	2019-07-12T06:15:35	tests: add malformed-version fixture
6c3356a0	2019-07-12T05:56:35	update README [ci skip]
833294f5	2019-07-12T05:52:37	builds: add freebsd CI build
cab8eddc	2019-07-12T05:48:22	build: remove no longer included CMakeLists files
7a395932	2019-07-12T05:45:16	drop CMake support
c816ce69	2019-07-11T03:36:03	pkgconf 1.6.2. (closes #38, #40, #41)
0a247fa1	2019-07-11T03:42:37	man: pkgconf: add --modversion description (closes #34)
7e0b0fad	2019-07-11T03:38:58	libpkgconf: path: fix memory leak when deduping paths (closes #39)
03e5d0fd	2019-07-11T03:30:56	update AUTHORS using `git shortlog -e`
c7c3ddbf	2019-07-11T03:24:50	add mailmap
984dc984	2019-06-16T05:59:03	Merge branch 'lfs-fix' of a_tsoy/pkgconf into master
db9c1e96	2019-06-07T19:19:28	fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548
ebfcaf50	2019-05-25T15:59:55	normalize include guards. closes #33
7460d287	2019-05-18T00:52:09	Merge branch 'fix-msvc-build' of seungha.yang/pkgconf into master
5436558e	2019-05-11T01:15:24	main: Fix build with MSVC Use pkgconf_strndup() since strndup() might be unavailable
0ba98da2	2019-05-06T15:22:11	lite: remove --simulate
2d0c1f5c	2019-05-06T15:15:41	lite: disable debug logging
43ca536b	2019-05-06T15:13:17	lite: disable some bloat
fb98f5a8	2019-05-06T14:41:52	lite: add build system for pkgconf-lite mode
bd6f90a8	2019-05-04T03:01:11	ci: add freebsd test build
7a8f96a9	2019-05-04T02:54:52	add cmake test build
8d322b89	2019-05-04T02:50:27	add meson test build
bf1c18a1	2019-05-04T02:47:28	add test sr.ht autoconf alpine edge build
be601122	2019-03-23T22:38:50	pkgconf 1.6.1.
662957ca	2019-03-23T22:33:55	libpkgconf: tuple: tighten quoting logic a bit closes #12
3afd14c4	2019-03-23T22:27:05	libpkgconf: path: use realpath(3) to deduplicate the search path closes #24
ba1f48e4	2019-03-23T22:17:04	libpkgconf: client: ensure PKG_CONFIG_LIBDIR being empty overrides the default search paths closes #25
45eae203	2019-03-23T21:56:13	start NEWS for 1.6.1.
3e8103c7	2019-03-07T00:01:39	Merge branch 'master' of esmil/pkgconf into master
d926e75b	2019-03-06T16:03:32	main: fix personalities when argv[0] contains path
e2fdd6f4	2019-01-14T14:12:32	pkgconf 1.6.0.
9315ee9e	2019-01-14T14:07:19	tests: add orphaned-requires-private test
737e326a	2019-01-14T14:04:50	tests: add orphaned requires.private testcase
183e68df	2019-01-14T13:52:04	libpkgconf: add LIBPKGCONF_VERSION macro
5c7c9127	2019-01-14T13:49:41	doc: update fragment API docs
6854265f	2019-01-14T13:48:23	libpkgconf: pkg: use pkgconf_fragment_copy_list() to clean up cflags gathering logic (closes #20)
36a5b7ac	2019-01-14T13:48:02	libpkgconf: fragment: add pkgconf_fragment_copy_list()
0ae52182	2019-01-14T13:11:59	libpkgconf: pkg: clean up pkgconf_parser interactions (closes #13)
059b2f61	2018-10-22T15:12:44	add a code of conduct
74133eda	2018-10-15T10:23:35	pkgconf 1.5.4.
ccd2440c	2018-09-27T02:07:31	Merge branch 'fix-slashes' of nacho/pkgconf into master
2c059710	2018-09-17T15:20:28	Canonicalize paths before using them This fixes a problem where on Windows the prefix would not match if the prefix is generated with backslashes and the rest of the variables use normal slashes
9f17da92	2018-09-17T15:20:00	On Windows the path prefix should be checked caseless
c9dffb85	2018-09-17T15:19:18	Fix build on windows with meson
101b99b5	2018-07-28T19:47:53	pkgconf 1.5.3.
47284486	2018-07-28T19:45:57	regress: add test for empty tuple buffer overflow issue
3b5626a0	2018-07-29T00:18:09	Merge branch 'master' of awilfox/pkgconf into master
9b7affe0	2018-07-28T19:06:33	tuple: Ensure buf length is always >= 1 in dequote If a key is defined with no value, dequote will allocate a buffer with a length of 0. Since the buffer's length is 0, any manipulation of its content is UB. Example .pc file: prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include xcflags= xlibs= -lSM -lICE -lX11 Name: Obt Description: Openbox Toolkit Library Version: 3.6 Requires: glib-2.0 libxml-2.0 Libs: -L${libdir} -lobt ${xlibs} Cflags: -I${includedir}/openbox/3.6 ${xcflags} Output using pkgconf 1.5.2 on x86_64 Linux/musl: % pkgconf --cflags obt-3.5 -I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2
4735e172	2018-07-19T17:30:33	pkgconf 1.5.2.

aca06748

2020-05-30T19:17:12

pkgconf 1.7.3.

40726b14

2020-05-30T19:09:59

update NEWS

354c8727

2020-05-30T19:19:48

libpkgconf: tuple: fix truncation when no overflow occurs

5eb9cae0

2020-05-31T00:25:54

libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 | tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.

100bc605

2020-05-30T23:48:40

libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.

7bd08a51

2020-05-30T12:41:47

update NEWS

dc04193c

2020-05-29T19:35:42

libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.

42b35531

2020-05-30T12:39:43

fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include

e3e89926

2020-05-26T14:04:34

start NEWS for 1.7.3

fb9acedc

2020-05-26T21:42:13

libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.

c6b93941

2020-05-26T13:46:20

pkgconf 1.7.2.

c613eb5c

2020-05-26T13:41:39

libpkgconf: pkg: use a second pointer for demunging windows paths

92b09aef

2020-05-26T11:06:35

pkgconf 1.7.1.

e70b536e

2020-05-26T11:01:46

libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.

47466470

2020-05-26T10:57:51

main: extend copyright statement to 2020 in --about

ee1fe1a7

2020-05-26T07:49:15

update NEWS for 1.7.1 changes so far

0253fddc

2020-05-26T07:41:16

libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.

be6b382d

2020-05-25T07:56:05

Makefile.am: Add remaining Meson files to be included in dist tarballs The tarballs produced by 'make distcheck' did not include all files required for using Meson because they were not all enumerated in EXTRA_DIST. This change adds the remaining Meson files to the tarball.

9e16d270

2020-05-24T23:13:19

libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf

dd57abfe

2020-05-24T14:44:01

pkgconf 1.7.0.

82d57184

2020-05-24T14:53:37

meson: fix detection of strndup() on windows

4fb7683c

2020-05-24T14:40:47

add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.

fb9c2258

2020-05-24T14:37:13

update NEWS for previous patch

011db1bb

2020-04-26T17:28:03

Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15

fce1199b

2020-05-24T14:34:17

cli: add support for PKG_CONFIG_MSVC_SYNTAX env variable Patch from Dan Kegel.

cdc2bf88

2020-05-24T14:29:19

use correct autoconf macro name AC_CONFIG_MACRO_DIR without trailing S is known by autoconf since 2.58. AC_CONFIG_MACRO_DIR with trailing S is known by autoconf newer than 2.69. This fixes libtool after 'autoreconf -fi'. Fixes commit a8a65c7f6c6b6463bbdee119c0ff71536925e455 Related to issue #145 Signed-off-by: Olaf Hering <olaf@aepfle.de>

80508f71

2020-05-24T14:27:52

NEWS: start NEWS for 1.7.0 was hoping to go straight into 2.0 but we need a new maintenance branch :(

382a89c1

2020-05-24T14:18:16

pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case

92745ad9

2020-05-24T21:51:14

libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc

bd4ed1ca

2020-05-24T20:51:48

libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.

62bbd3b6

2020-01-21T10:32:36

cli: remove --version to --modversion remapping This has been a source of frequent complaints, so we drop it. Resolves: https://todo.sr.ht/~kaniini/pkgconf/6

48dc665a

2019-10-19T00:56:17

personality: add support for WantDefaultStatic setting

40fe4835

2019-10-19T00:45:49

cli: main: add --shared option

f1ce3936

2019-09-30T05:22:21

fix pkgconf-personality man page

2adafc27

2019-08-23T12:47:22

libpkgconf: personality: return the default personality if loading a personality file failed

19aa93e3

2019-08-04T15:54:24

prepare for pkgconf 2.0 development

1d8c6b71

2019-07-12T16:50:51

Fix troff markup in pkgconf-personality(5) A list was started with .Bl but not ended (with .El)

db3ba0ef

2019-07-12T16:50:50

Fix spelling in pkg.m4(7)

af1fbf98

2019-07-12T08:54:24

builds: add fedora meson build

3f178f71

2019-07-12T08:42:11

builds: add fedora rawhide build

f3e1073f

2019-07-12T08:31:21

build: include meson build files in generated tarballs

d351e6ae

2019-07-12T08:23:36

Revert "tests: remove some no longer relevant bitrot in the test environment file" This reverts commit 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250. Breaks autoconf.

061627f0

2019-07-12T08:20:05

meson: bump required version to 0.47 for copy directive

107ad34f

2019-07-12T08:19:19

tests: remove some no longer relevant bitrot in the test environment file

c862e030

2019-07-12T06:53:37

pkgconf 1.6.3.

5f3aa3a8

2019-07-12T06:53:25

cli: bump copyright notice to 2019

286e3547

2019-07-12T06:46:29

update NEWS for 1.6.3.

3740bfb6

2019-07-12T06:42:08

tests: add test for malformed versions generating a diagnostic with --validate

a91e0bf2

2019-07-12T06:37:46

tests: explicitly test --print-provides with malformed versions

c10f6999

2019-07-12T06:35:48

libpkgconf: pkg: generate diagnostic for and trim malformed versions

312b4e51

2019-07-12T06:22:41

tests: add test for malformed version handling

3783d657

2019-07-12T06:15:35

tests: add malformed-version fixture

6c3356a0

2019-07-12T05:56:35

update README [ci skip]

833294f5

2019-07-12T05:52:37

builds: add freebsd CI build

cab8eddc

2019-07-12T05:48:22

build: remove no longer included CMakeLists files

7a395932

2019-07-12T05:45:16

drop CMake support

c816ce69

2019-07-11T03:36:03

pkgconf 1.6.2. (closes #38, #40, #41)

0a247fa1

2019-07-11T03:42:37

man: pkgconf: add --modversion description (closes #34)

7e0b0fad

2019-07-11T03:38:58

libpkgconf: path: fix memory leak when deduping paths (closes #39)

03e5d0fd

2019-07-11T03:30:56

update AUTHORS using `git shortlog -e`

c7c3ddbf

2019-07-11T03:24:50

add mailmap

984dc984

2019-06-16T05:59:03

Merge branch 'lfs-fix' of a_tsoy/pkgconf into master

db9c1e96

2019-06-07T19:19:28

fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548

ebfcaf50

2019-05-25T15:59:55

normalize include guards. closes #33

7460d287

2019-05-18T00:52:09

Merge branch 'fix-msvc-build' of seungha.yang/pkgconf into master

5436558e

2019-05-11T01:15:24

main: Fix build with MSVC Use pkgconf_strndup() since strndup() might be unavailable

0ba98da2

2019-05-06T15:22:11

lite: remove --simulate

2d0c1f5c

2019-05-06T15:15:41

lite: disable debug logging

43ca536b

2019-05-06T15:13:17

lite: disable some bloat

fb98f5a8

2019-05-06T14:41:52

lite: add build system for pkgconf-lite mode

bd6f90a8

2019-05-04T03:01:11

ci: add freebsd test build

7a8f96a9

2019-05-04T02:54:52

add cmake test build

8d322b89

2019-05-04T02:50:27

add meson test build

bf1c18a1

2019-05-04T02:47:28

add test sr.ht autoconf alpine edge build

be601122

2019-03-23T22:38:50

pkgconf 1.6.1.

662957ca

2019-03-23T22:33:55

libpkgconf: tuple: tighten quoting logic a bit closes #12

3afd14c4

2019-03-23T22:27:05

libpkgconf: path: use realpath(3) to deduplicate the search path closes #24

ba1f48e4

2019-03-23T22:17:04

libpkgconf: client: ensure PKG_CONFIG_LIBDIR being empty overrides the default search paths closes #25

45eae203

2019-03-23T21:56:13

start NEWS for 1.6.1.

3e8103c7

2019-03-07T00:01:39

Merge branch 'master' of esmil/pkgconf into master

d926e75b

2019-03-06T16:03:32

main: fix personalities when argv[0] contains path

e2fdd6f4

2019-01-14T14:12:32

pkgconf 1.6.0.

9315ee9e

2019-01-14T14:07:19

tests: add orphaned-requires-private test

737e326a

2019-01-14T14:04:50

tests: add orphaned requires.private testcase

183e68df

2019-01-14T13:52:04

libpkgconf: add LIBPKGCONF_VERSION macro

5c7c9127

2019-01-14T13:49:41

doc: update fragment API docs

6854265f

2019-01-14T13:48:23

libpkgconf: pkg: use pkgconf_fragment_copy_list() to clean up cflags gathering logic (closes #20)

36a5b7ac

2019-01-14T13:48:02

libpkgconf: fragment: add pkgconf_fragment_copy_list()

0ae52182

2019-01-14T13:11:59

libpkgconf: pkg: clean up pkgconf_parser interactions (closes #13)

059b2f61

2018-10-22T15:12:44

add a code of conduct

74133eda

2018-10-15T10:23:35

pkgconf 1.5.4.

ccd2440c

2018-09-27T02:07:31

Merge branch 'fix-slashes' of nacho/pkgconf into master

2c059710

2018-09-17T15:20:28

Canonicalize paths before using them This fixes a problem where on Windows the prefix would not match if the prefix is generated with backslashes and the rest of the variables use normal slashes

9f17da92

2018-09-17T15:20:00

On Windows the path prefix should be checked caseless

c9dffb85

2018-09-17T15:19:18

Fix build on windows with meson

101b99b5

2018-07-28T19:47:53

pkgconf 1.5.3.

47284486

2018-07-28T19:45:57

regress: add test for empty tuple buffer overflow issue

3b5626a0

2018-07-29T00:18:09

Merge branch 'master' of awilfox/pkgconf into master

9b7affe0

2018-07-28T19:06:33

tuple: Ensure buf length is always >= 1 in dequote If a key is defined with no value, dequote will allocate a buffer with a length of 0. Since the buffer's length is 0, any manipulation of its content is UB. Example .pc file: prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include xcflags= xlibs= -lSM -lICE -lX11 Name: Obt Description: Openbox Toolkit Library Version: 3.6 Requires: glib-2.0 libxml-2.0 Libs: -L${libdir} -lobt ${xlibs} Cflags: -I${includedir}/openbox/3.6 ${xcflags} Output using pkgconf 1.5.2 on x86_64 Linux/musl: % pkgconf --cflags obt-3.5 -I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2

4735e172

2018-07-19T17:30:33

pkgconf 1.5.2.

kc3-lang/pkgconf

Log