kmx git

Commit	Date	Message
458101e7	2021-03-18T07:03:28	pkgconf 1.7.4.
dbb6a232	2021-03-18T06:56:55	path: don't use PATH_MAX, use PKGCONF_ITEM_SIZE * 4 for realpath buffer
a4e8cf87	2021-03-18T06:52:55	remove sourcehut CI config
9f6b2ced	2021-03-18T06:52:31	README: use github CI badge
37b596cc	2021-03-18T06:49:16	CI: fix alpine autotools CI
caaf4861	2021-03-18T06:48:07	CI: fix alpine CI
00cc9a8c	2021-03-18T06:46:09	CI: add alpine CI alongside debian CI
599dfcb2	2021-03-18T06:42:57	main: extend copyright notice to 2021
402fd9fe	2021-03-18T06:38:24	add funding.yml
fd1b8ccc	2021-03-18T06:22:11	main: if PKG_CONFIG_FDO_SYSROOT_RULES is set, or DESTDIR matches PKG_CONFIG_SYSROOT_DIRS, disable the automatic sysroot rewriting Closes #205.
b6c8f6fb	2021-03-18T06:05:48	NEWS: document --static --pure default on Windows (closes #207)
008d7069	2021-03-18T06:03:32	libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows
f9531ce9	2021-03-18T05:59:54	add support for pkgconf_cross_personality_t.want_default_pure
52d19e1b	2021-03-18T05:44:45	libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.
347281eb	2021-03-18T05:38:47	tests: add fragment-comment testcase (ref #215)
dcf529b8	2021-02-06T10:57:20	cli: add environment variable PKG_CONFIG_DONT_DEFINE_PREFIX On Windows, pkgconf redefines the prefix by default. This gives the user the option to disable this behavior via an environment variable. The benefit of an environment variable is the user can change this behavior when using a build system such as cmake or meson, which may not expose this parameter to the user.
ab404bc2	2021-02-03T06:54:52	Fix #209 This commit fixes #209 by applying the suggestion from https://github.com/pkgconf/pkgconf/issues/209#issuecomment-771609136.
13a5d9a5	2021-01-08T10:56:41	libpkgconf: path: supply buffer to realpath To avoid a crash on some platforms (like Darwin 9) provide a buffer to realpath(3). Darwin 9 (last PPC target) documents realpath needs to be given a buffer to the resolved_path argument large enough to hold PATH_MAX bytes. With NULL argument it crashes. Solaris makes no mention of resolved_path to be allowed NULL, yet recent versions accept it and malloc(3) accordingly. Because the documentation explicitly mentions PATH_MAX being the limit to what realpath(3) would write in resolved_path, switching to a static buffer here doesn't limit resolution compared to dynamically allocating a buffer by realpath(3). While this change requires a bit more space on the stack, it avoids a malloc/free sequence, and allows successful operation on (older) platforms that lack support for dynamically allocating a return buffer in realpath(3). Signed-off-by: Fabian Groffen <grobian@gentoo.org>
78a77dd4	2020-11-28T15:22:28	meson: install README.md/AUTHORS to share/doc/pkgconf To mirror what the autotools build does.
0526364b	2020-11-28T15:21:02	meson: allow building a static version of libpkgconf when using library() instead of shared_library() the user can decide to build a shared or static version, or both. The default is still shared as before. This mirrors what the autotools based build sysstem can do.
a69bdfa2	2020-11-28T15:20:25	meson: generate a .pc file for libpkgconf
de8fc9e4	2020-11-28T15:19:41	meson: install headers into pkgconf/libpkgconf instead of just libpkgconf To mirror what the autotools build does
869f2a84	2020-11-28T16:01:16	pkgconf_pkg_parser_version_func: fix whitespace detection In case the version string has no whitespace then strcspn() returns strlen() of the input, so whitespace is only found if len != strlen. This fixes invalid warnings when parsing version fields.
b218cae5	2020-11-23T17:45:16	Add CI for debian+meson/autotools Builds and runs tests. Using Debian testing since the test framework is only in testing right now.
24589cdd	2020-11-22T19:59:19	Add basic CI for mingw-w64 32/64 bit This only builds things with meson and no tests are run.
f418b997	2020-11-21T09:59:58	configure: shift issue tracking back to github
bd960e9d	2020-08-09T19:00:52	man: Silence pkgconf-personality.5 warning. man: ./pkgconf-personality.5:97:2: WARNING: unusual Xr order: pc(5) after pkg.m4(7)
1eeb4ee5	2020-06-11T18:03:42	start NEWS for 1.7.4
2a8bebf2	2020-06-11T18:00:56	libpkgconf: path: rewrite DOS paths in non-cygwin case too
262a0c96	2020-06-03T21:50:27	man: pkgconf: fixed typo Fixed typo in it's vs its.
f818a69b	2020-06-03T21:42:25	libpkgconf: pkg: fix out ouf boundary access If a file with a matching "uninstalled" name exists but cannot be parsed, an invalid memory area is accessed. How to reproduce: $ touch poc-uninstalled.pc $ PKG_CONFIG_PATH=. pkgconf poc
ef135d81	2020-06-02T18:58:00	meson: remove some autotools cruft
aca06748	2020-05-30T19:17:12	pkgconf 1.7.3.
40726b14	2020-05-30T19:09:59	update NEWS
354c8727	2020-05-30T19:19:48	libpkgconf: tuple: fix truncation when no overflow occurs
5eb9cae0	2020-05-31T00:25:54	libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 \| tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.
100bc605	2020-05-30T23:48:40	libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.
7bd08a51	2020-05-30T12:41:47	update NEWS
dc04193c	2020-05-29T19:35:42	libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.
42b35531	2020-05-30T12:39:43	fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include
e3e89926	2020-05-26T14:04:34	start NEWS for 1.7.3
fb9acedc	2020-05-26T21:42:13	libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 \| tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.
c6b93941	2020-05-26T13:46:20	pkgconf 1.7.2.
c613eb5c	2020-05-26T13:41:39	libpkgconf: pkg: use a second pointer for demunging windows paths
92b09aef	2020-05-26T11:06:35	pkgconf 1.7.1.
e70b536e	2020-05-26T11:01:46	libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.
47466470	2020-05-26T10:57:51	main: extend copyright statement to 2020 in --about
ee1fe1a7	2020-05-26T07:49:15	update NEWS for 1.7.1 changes so far
0253fddc	2020-05-26T07:41:16	libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.
be6b382d	2020-05-25T07:56:05	Makefile.am: Add remaining Meson files to be included in dist tarballs The tarballs produced by 'make distcheck' did not include all files required for using Meson because they were not all enumerated in EXTRA_DIST. This change adds the remaining Meson files to the tarball.
9e16d270	2020-05-24T23:13:19	libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf
dd57abfe	2020-05-24T14:44:01	pkgconf 1.7.0.
82d57184	2020-05-24T14:53:37	meson: fix detection of strndup() on windows
4fb7683c	2020-05-24T14:40:47	add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.
fb9c2258	2020-05-24T14:37:13	update NEWS for previous patch
011db1bb	2020-04-26T17:28:03	Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15
fce1199b	2020-05-24T14:34:17	cli: add support for PKG_CONFIG_MSVC_SYNTAX env variable Patch from Dan Kegel.
cdc2bf88	2020-05-24T14:29:19	use correct autoconf macro name AC_CONFIG_MACRO_DIR without trailing S is known by autoconf since 2.58. AC_CONFIG_MACRO_DIR with trailing S is known by autoconf newer than 2.69. This fixes libtool after 'autoreconf -fi'. Fixes commit a8a65c7f6c6b6463bbdee119c0ff71536925e455 Related to issue #145 Signed-off-by: Olaf Hering <olaf@aepfle.de>
80508f71	2020-05-24T14:27:52	NEWS: start NEWS for 1.7.0 was hoping to go straight into 2.0 but we need a new maintenance branch :(
382a89c1	2020-05-24T14:18:16	pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case
92745ad9	2020-05-24T21:51:14	libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 \| tr '\0' ' ' >> poc.pc $ pkgconf poc.pc
bd4ed1ca	2020-05-24T20:51:48	libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.
62bbd3b6	2020-01-21T10:32:36	cli: remove --version to --modversion remapping This has been a source of frequent complaints, so we drop it. Resolves: https://todo.sr.ht/~kaniini/pkgconf/6
48dc665a	2019-10-19T00:56:17	personality: add support for WantDefaultStatic setting
40fe4835	2019-10-19T00:45:49	cli: main: add --shared option
f1ce3936	2019-09-30T05:22:21	fix pkgconf-personality man page
2adafc27	2019-08-23T12:47:22	libpkgconf: personality: return the default personality if loading a personality file failed
19aa93e3	2019-08-04T15:54:24	prepare for pkgconf 2.0 development
1d8c6b71	2019-07-12T16:50:51	Fix troff markup in pkgconf-personality(5) A list was started with .Bl but not ended (with .El)
db3ba0ef	2019-07-12T16:50:50	Fix spelling in pkg.m4(7)
af1fbf98	2019-07-12T08:54:24	builds: add fedora meson build
3f178f71	2019-07-12T08:42:11	builds: add fedora rawhide build
f3e1073f	2019-07-12T08:31:21	build: include meson build files in generated tarballs
d351e6ae	2019-07-12T08:23:36	Revert "tests: remove some no longer relevant bitrot in the test environment file" This reverts commit 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250. Breaks autoconf.
061627f0	2019-07-12T08:20:05	meson: bump required version to 0.47 for copy directive
107ad34f	2019-07-12T08:19:19	tests: remove some no longer relevant bitrot in the test environment file
c862e030	2019-07-12T06:53:37	pkgconf 1.6.3.
5f3aa3a8	2019-07-12T06:53:25	cli: bump copyright notice to 2019
286e3547	2019-07-12T06:46:29	update NEWS for 1.6.3.
3740bfb6	2019-07-12T06:42:08	tests: add test for malformed versions generating a diagnostic with --validate
a91e0bf2	2019-07-12T06:37:46	tests: explicitly test --print-provides with malformed versions
c10f6999	2019-07-12T06:35:48	libpkgconf: pkg: generate diagnostic for and trim malformed versions
312b4e51	2019-07-12T06:22:41	tests: add test for malformed version handling
3783d657	2019-07-12T06:15:35	tests: add malformed-version fixture
6c3356a0	2019-07-12T05:56:35	update README [ci skip]
833294f5	2019-07-12T05:52:37	builds: add freebsd CI build
cab8eddc	2019-07-12T05:48:22	build: remove no longer included CMakeLists files
7a395932	2019-07-12T05:45:16	drop CMake support
c816ce69	2019-07-11T03:36:03	pkgconf 1.6.2. (closes #38, #40, #41)
0a247fa1	2019-07-11T03:42:37	man: pkgconf: add --modversion description (closes #34)
7e0b0fad	2019-07-11T03:38:58	libpkgconf: path: fix memory leak when deduping paths (closes #39)
03e5d0fd	2019-07-11T03:30:56	update AUTHORS using `git shortlog -e`
c7c3ddbf	2019-07-11T03:24:50	add mailmap
984dc984	2019-06-16T05:59:03	Merge branch 'lfs-fix' of a_tsoy/pkgconf into master
db9c1e96	2019-06-07T19:19:28	fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548
ebfcaf50	2019-05-25T15:59:55	normalize include guards. closes #33
7460d287	2019-05-18T00:52:09	Merge branch 'fix-msvc-build' of seungha.yang/pkgconf into master
5436558e	2019-05-11T01:15:24	main: Fix build with MSVC Use pkgconf_strndup() since strndup() might be unavailable
0ba98da2	2019-05-06T15:22:11	lite: remove --simulate
2d0c1f5c	2019-05-06T15:15:41	lite: disable debug logging

458101e7

2021-03-18T07:03:28

pkgconf 1.7.4.

dbb6a232

2021-03-18T06:56:55

path: don't use PATH_MAX, use PKGCONF_ITEM_SIZE * 4 for realpath buffer

a4e8cf87

2021-03-18T06:52:55

remove sourcehut CI config

9f6b2ced

2021-03-18T06:52:31

README: use github CI badge

37b596cc

2021-03-18T06:49:16

CI: fix alpine autotools CI

caaf4861

2021-03-18T06:48:07

CI: fix alpine CI

00cc9a8c

2021-03-18T06:46:09

CI: add alpine CI alongside debian CI

599dfcb2

2021-03-18T06:42:57

main: extend copyright notice to 2021

402fd9fe

2021-03-18T06:38:24

add funding.yml

fd1b8ccc

2021-03-18T06:22:11

main: if PKG_CONFIG_FDO_SYSROOT_RULES is set, or DESTDIR matches PKG_CONFIG_SYSROOT_DIRS, disable the automatic sysroot rewriting Closes #205.

b6c8f6fb

2021-03-18T06:05:48

NEWS: document --static --pure default on Windows (closes #207)

008d7069

2021-03-18T06:03:32

libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows

f9531ce9

2021-03-18T05:59:54

add support for pkgconf_cross_personality_t.want_default_pure

52d19e1b

2021-03-18T05:44:45

libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.

347281eb

2021-03-18T05:38:47

tests: add fragment-comment testcase (ref #215)

dcf529b8

2021-02-06T10:57:20

cli: add environment variable PKG_CONFIG_DONT_DEFINE_PREFIX On Windows, pkgconf redefines the prefix by default. This gives the user the option to disable this behavior via an environment variable. The benefit of an environment variable is the user can change this behavior when using a build system such as cmake or meson, which may not expose this parameter to the user.

ab404bc2

2021-02-03T06:54:52

Fix #209 This commit fixes #209 by applying the suggestion from https://github.com/pkgconf/pkgconf/issues/209#issuecomment-771609136.

13a5d9a5

2021-01-08T10:56:41

libpkgconf: path: supply buffer to realpath To avoid a crash on some platforms (like Darwin 9) provide a buffer to realpath(3). Darwin 9 (last PPC target) documents realpath needs to be given a buffer to the resolved_path argument large enough to hold PATH_MAX bytes. With NULL argument it crashes. Solaris makes no mention of resolved_path to be allowed NULL, yet recent versions accept it and malloc(3) accordingly. Because the documentation explicitly mentions PATH_MAX being the limit to what realpath(3) would write in resolved_path, switching to a static buffer here doesn't limit resolution compared to dynamically allocating a buffer by realpath(3). While this change requires a bit more space on the stack, it avoids a malloc/free sequence, and allows successful operation on (older) platforms that lack support for dynamically allocating a return buffer in realpath(3). Signed-off-by: Fabian Groffen <grobian@gentoo.org>

78a77dd4

2020-11-28T15:22:28

meson: install README.md/AUTHORS to share/doc/pkgconf To mirror what the autotools build does.

0526364b

2020-11-28T15:21:02

meson: allow building a static version of libpkgconf when using library() instead of shared_library() the user can decide to build a shared or static version, or both. The default is still shared as before. This mirrors what the autotools based build sysstem can do.

a69bdfa2

2020-11-28T15:20:25

meson: generate a .pc file for libpkgconf

de8fc9e4

2020-11-28T15:19:41

meson: install headers into pkgconf/libpkgconf instead of just libpkgconf To mirror what the autotools build does

869f2a84

2020-11-28T16:01:16

pkgconf_pkg_parser_version_func: fix whitespace detection In case the version string has no whitespace then strcspn() returns strlen() of the input, so whitespace is only found if len != strlen. This fixes invalid warnings when parsing version fields.

b218cae5

2020-11-23T17:45:16

Add CI for debian+meson/autotools Builds and runs tests. Using Debian testing since the test framework is only in testing right now.

24589cdd

2020-11-22T19:59:19

Add basic CI for mingw-w64 32/64 bit This only builds things with meson and no tests are run.

f418b997

2020-11-21T09:59:58

configure: shift issue tracking back to github

bd960e9d

2020-08-09T19:00:52

man: Silence pkgconf-personality.5 warning. man: ./pkgconf-personality.5:97:2: WARNING: unusual Xr order: pc(5) after pkg.m4(7)

1eeb4ee5

2020-06-11T18:03:42

start NEWS for 1.7.4

2a8bebf2

2020-06-11T18:00:56

libpkgconf: path: rewrite DOS paths in non-cygwin case too

262a0c96

2020-06-03T21:50:27

man: pkgconf: fixed typo Fixed typo in it's vs its.

f818a69b

2020-06-03T21:42:25

libpkgconf: pkg: fix out ouf boundary access If a file with a matching "uninstalled" name exists but cannot be parsed, an invalid memory area is accessed. How to reproduce: $ touch poc-uninstalled.pc $ PKG_CONFIG_PATH=. pkgconf poc

ef135d81

2020-06-02T18:58:00

meson: remove some autotools cruft

aca06748

2020-05-30T19:17:12

pkgconf 1.7.3.

40726b14

2020-05-30T19:09:59

update NEWS

354c8727

2020-05-30T19:19:48

libpkgconf: tuple: fix truncation when no overflow occurs

5eb9cae0

2020-05-31T00:25:54

libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 | tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.

100bc605

2020-05-30T23:48:40

libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.

7bd08a51

2020-05-30T12:41:47

update NEWS

dc04193c

2020-05-29T19:35:42

libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.

42b35531

2020-05-30T12:39:43

fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include

e3e89926

2020-05-26T14:04:34

start NEWS for 1.7.3

fb9acedc

2020-05-26T21:42:13

libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.

c6b93941

2020-05-26T13:46:20

pkgconf 1.7.2.

c613eb5c

2020-05-26T13:41:39

libpkgconf: pkg: use a second pointer for demunging windows paths

92b09aef

2020-05-26T11:06:35

pkgconf 1.7.1.

e70b536e

2020-05-26T11:01:46

libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.

47466470

2020-05-26T10:57:51

main: extend copyright statement to 2020 in --about

ee1fe1a7

2020-05-26T07:49:15

update NEWS for 1.7.1 changes so far

0253fddc

2020-05-26T07:41:16

libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.

be6b382d

2020-05-25T07:56:05

Makefile.am: Add remaining Meson files to be included in dist tarballs The tarballs produced by 'make distcheck' did not include all files required for using Meson because they were not all enumerated in EXTRA_DIST. This change adds the remaining Meson files to the tarball.

9e16d270

2020-05-24T23:13:19

libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf

dd57abfe

2020-05-24T14:44:01

pkgconf 1.7.0.

82d57184

2020-05-24T14:53:37

meson: fix detection of strndup() on windows

4fb7683c

2020-05-24T14:40:47

add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.

fb9c2258

2020-05-24T14:37:13

update NEWS for previous patch

011db1bb

2020-04-26T17:28:03

Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15

fce1199b

2020-05-24T14:34:17

cli: add support for PKG_CONFIG_MSVC_SYNTAX env variable Patch from Dan Kegel.

cdc2bf88

2020-05-24T14:29:19

use correct autoconf macro name AC_CONFIG_MACRO_DIR without trailing S is known by autoconf since 2.58. AC_CONFIG_MACRO_DIR with trailing S is known by autoconf newer than 2.69. This fixes libtool after 'autoreconf -fi'. Fixes commit a8a65c7f6c6b6463bbdee119c0ff71536925e455 Related to issue #145 Signed-off-by: Olaf Hering <olaf@aepfle.de>

80508f71

2020-05-24T14:27:52

NEWS: start NEWS for 1.7.0 was hoping to go straight into 2.0 but we need a new maintenance branch :(

382a89c1

2020-05-24T14:18:16

pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case

92745ad9

2020-05-24T21:51:14

libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc

bd4ed1ca

2020-05-24T20:51:48

libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.

62bbd3b6

2020-01-21T10:32:36

cli: remove --version to --modversion remapping This has been a source of frequent complaints, so we drop it. Resolves: https://todo.sr.ht/~kaniini/pkgconf/6

48dc665a

2019-10-19T00:56:17

personality: add support for WantDefaultStatic setting

40fe4835

2019-10-19T00:45:49

cli: main: add --shared option

f1ce3936

2019-09-30T05:22:21

fix pkgconf-personality man page

2adafc27

2019-08-23T12:47:22

libpkgconf: personality: return the default personality if loading a personality file failed

19aa93e3

2019-08-04T15:54:24

prepare for pkgconf 2.0 development

1d8c6b71

2019-07-12T16:50:51

Fix troff markup in pkgconf-personality(5) A list was started with .Bl but not ended (with .El)

db3ba0ef

2019-07-12T16:50:50

Fix spelling in pkg.m4(7)

af1fbf98

2019-07-12T08:54:24

builds: add fedora meson build

3f178f71

2019-07-12T08:42:11

builds: add fedora rawhide build

f3e1073f

2019-07-12T08:31:21

build: include meson build files in generated tarballs

d351e6ae

2019-07-12T08:23:36

Revert "tests: remove some no longer relevant bitrot in the test environment file" This reverts commit 107ad34f8fdae7af0f38afaa51e0ca8fdbee8250. Breaks autoconf.

061627f0

2019-07-12T08:20:05

meson: bump required version to 0.47 for copy directive

107ad34f

2019-07-12T08:19:19

tests: remove some no longer relevant bitrot in the test environment file

c862e030

2019-07-12T06:53:37

pkgconf 1.6.3.

5f3aa3a8

2019-07-12T06:53:25

286e3547

2019-07-12T06:46:29

update NEWS for 1.6.3.

3740bfb6

2019-07-12T06:42:08

tests: add test for malformed versions generating a diagnostic with --validate

a91e0bf2

2019-07-12T06:37:46

tests: explicitly test --print-provides with malformed versions

c10f6999

2019-07-12T06:35:48

libpkgconf: pkg: generate diagnostic for and trim malformed versions

312b4e51

2019-07-12T06:22:41

tests: add test for malformed version handling

3783d657

2019-07-12T06:15:35

tests: add malformed-version fixture

6c3356a0

2019-07-12T05:56:35

update README [ci skip]

833294f5

2019-07-12T05:52:37

builds: add freebsd CI build

cab8eddc

2019-07-12T05:48:22

build: remove no longer included CMakeLists files

7a395932

2019-07-12T05:45:16

drop CMake support

c816ce69

2019-07-11T03:36:03

pkgconf 1.6.2. (closes #38, #40, #41)

0a247fa1

2019-07-11T03:42:37

man: pkgconf: add --modversion description (closes #34)

7e0b0fad

2019-07-11T03:38:58

libpkgconf: path: fix memory leak when deduping paths (closes #39)

03e5d0fd

2019-07-11T03:30:56

update AUTHORS using `git shortlog -e`

c7c3ddbf

2019-07-11T03:24:50

add mailmap

984dc984

2019-06-16T05:59:03

Merge branch 'lfs-fix' of a_tsoy/pkgconf into master

db9c1e96

2019-06-07T19:19:28

fix the order of header includes config.h should be included before stdinc.h, otherwise large file support is not enabled. Downstream bug: https://bugs.gentoo.org/687548

ebfcaf50

2019-05-25T15:59:55

normalize include guards. closes #33

7460d287

2019-05-18T00:52:09

Merge branch 'fix-msvc-build' of seungha.yang/pkgconf into master

5436558e

2019-05-11T01:15:24

main: Fix build with MSVC Use pkgconf_strndup() since strndup() might be unavailable

0ba98da2

2019-05-06T15:22:11

lite: remove --simulate

2d0c1f5c

2019-05-06T15:15:41

lite: disable debug logging

kc3-lang/pkgconf

Log