kmx git

Commit	Date	Message
d8d669f6	2022-08-07T04:47:04	pkgconf 1.9.0.
0e05308f	2022-08-07T04:35:29	pkg: add SPDX license assertion to pkgconf builtin
1389aa05	2022-08-07T04:21:22	pkg: add pkgconf_pkg_t.license field The pkgconf_pkg_t.license field maps to the new License keyword, and should be an SPDX license expression.
7edfdbff	2022-08-07T01:29:21	pkg: upgrade circular reference trace to a warning
662668d0	2022-08-07T01:09:07	pkg: add trace log when breaking a circular reference
ebe74fd2	2022-08-03T15:24:05	cache: free the cache table when it is empty and set to NULL We do the latter for the benefit of libpkgconf. This cleans up a significant number of memory leaks in the cache handling.
1cfa2d1e	2022-08-04T15:16:44	pkg: prevent circular ownership Otherwise in a case where A references B, and B references A, A and B will have mutual ownership of each other and prevent each other from being free'd.
301d8fa0	2022-08-04T12:22:49	queue: free unused dependencies when flattening
34b11020	2022-08-04T11:53:02	dependency: zero list after freeing
e71a5a33	2022-08-04T11:52:26	dependency: add debug information for dependency refcounting
49342057	2022-08-04T11:50:50	pkg: add name of pkg being refed/unrefed to debug outpu
a46ce367	2022-08-03T16:40:04	queue: when collecting dependents don't iterate private twice Currently, the private field is iterated collecting private deps and normal deps. It should only be iterated when collecting private deps.
a391f9b6	2022-08-03T16:32:35	pkg: use goto cleanup idiom
17173802	2022-08-03T16:27:42	cache: clear the cache with pkgconf_cache_remove Which results in more code re-use.
e4d1c8ff	2022-08-03T16:22:14	queue: when flattening do nothing if the flattened deps are empty
66090011	2022-08-03T16:08:00	queue: unref dependency in all cases
e275594b	2022-08-03T15:56:54	queue: ensure cleanup happens when applying
4a1119aa	2022-08-03T15:43:04	dependency: Fix reference counting of dependency_addraw We only want a reference to be added for the value inserted into the list, not the one returned. The returned one is unowned until it reaches the public dependency_add function, which returns an owned pointer instead. This makes things semantically more correct. Unfortunately, this means in a few cases we have to write some ugly code like: ```c pkgconf_dependency_t *dep = pkgcond_dependency_add("args"); pkgconf_dependency_unref(dep->owner, dep); ```
a4de6235	2022-08-03T15:29:57	cache: when removing a package from the cache unset the cached flag
96c61cba	2022-08-03T12:00:21	libpkgconf: remove trailing ; from macro definition GCC has a lovely bug (which I will report as soon as I have an account), which causes -Wmisleading-indentation to miss cases of misleading indentation after a `;;`, since the macro adds `;`, and in call cases the caller also adds `;`, we end up with a double macro and gcc fails to warn.
6c70781a	2022-07-26T18:00:22	introduce PKG_CONFIG_PKGCONF1_SYSROOT_RULES for legacy pkgconf behavior
f8aefea7	2022-07-26T17:13:15	pkg: add flags argument to pkgconf_pkg_new_from_file
297e18f2	2022-07-26T17:08:48	tuple: add flags parameter to pkgconf_tuple_parse
b0802cb3	2022-06-26T19:41:31	Revert "pkgconf_pkg_parser_value_set(): fix code-path ordering bug." This reverts commit 13fe4c8c589be99b12db62b053c38124afecf2d7.
72e429ae	2022-06-26T19:35:19	tuple: use ${pc_sysrootdir} instead of client->sysroot_dir where relevant
a61193c7	2022-06-26T19:16:00	pkg: fix sysroot_dir logic for github 213
d68a867d	2022-06-26T19:15:07	tuple: fall back to using globals rather than preferring them
fdd7d192	2022-06-26T18:38:55	queue: fix ISO C conformance for fallthrough label
a1a41511	2022-06-26T18:09:22	queue: handle pkgconf_pkg_verify_dependency failure while flattening
9bc6d80e	2022-06-26T18:06:04	queue: push new unresolved dependencies to the front of the queue, rather than the tail
fe4db3aa	2022-06-26T18:04:42	queue: skip dependency collection for root node
5a82a259	2022-06-26T15:17:08	queue: use maxdepth after flattening
a416dc1f	2022-06-26T15:16:36	queue: advance client serial when walking requires.private for flattening
197fcadd	2022-06-26T15:02:37	queue: add flattening code
5817e884	2022-06-26T07:22:56	pkg: track the number of hits a package has gotten while solving for dependencies
6ae17bd0	2022-06-26T06:05:40	pkg: split pkgconf_pkg_traverse into a serial-modifying version
ffa0805d	2022-06-26T04:38:02	cache: use pkgconf_reallocarray stub
c1579d38	2022-06-26T04:37:18	bsdstubs: add pkgconf_reallocarray
4c76f6bf	2022-06-26T04:33:47	meson: check for reallocarray it is needed for the new cache code
46467240	2022-06-26T04:30:35	cache: refactor to use a continguous table and bsearch cache functions are the hottest part of the pkgconf code when profiled, by removing the linked list for lookups, we can turn lookups into an O(k) operation
c0fa7879	2022-04-01T14:15:43	libpkgconf: zero path lists after freeing This is required to make the pointer safely re-usable after being freed, otherwise the list still says that it has nodes, but they point nowhere. This is particularly important for libpkgconf, if a caller needs to re-enter the library after freeing a path in a static path (such as the default personality)
2d201af3	2022-04-01T14:14:54	libpkgconf: Add a helper to zero `pkgconf_list_t`s
cf48b61a	2022-02-21T04:42:26	stdinc: include strings.h on POSIX
0995e499	2022-02-21T04:27:11	Merge branch 'master' into readme-meson
a45dbccc	2022-02-21T04:25:36	Merge pull request #242 from data-man/dirent_latest Update dirent.h to latest
c6cfca67	2022-02-21T04:25:26	Merge pull request #245 from dcbaker/submit/remove-const libpkgconf: remove const modifier from error_handler data pointer
c581e24a	2022-02-10T19:46:19	personality: use an unsigned to track initializations Instead of a bool. The latter will result in de-initing leaving the library unable to init again, which works out for the cli, but is problematic for other consumers (meson++ and muon). v2: - Add docs that the functions are not thread safe
f5d6bb71	2022-02-04T16:06:08	libpkgconf: remove const modifier from error_handler data pointer Currently, the data pointer is `const void *`, which means that the handler can't modify the data without casting away the constness.
b132ce83	2022-01-08T10:55:28	Update dirent.h to latest
6109e060	2021-12-11T14:49:05	docs: mention Meson instead of CMake for Win build Fixes #233
2b82a4f6	2021-10-07T00:23:35	use a serial instead of PKGCONF_PKG_PROPF_SEEN
7d8cc1e4	2021-10-06T13:13:34	dependency: add pkgconf_dependency_copy()
c547edd0	2021-10-06T11:52:18	deconst the client on pkgconf_dependency_add()
4144d506	2021-10-06T11:48:13	implement dependency refcounting
8130dd15	2021-10-06T11:29:18	dependency: add pkgconf_dependency_free_one
4b87e256	2021-08-17T15:29:55	cache: clear package cache without using the refcounts
df1b671c	2021-08-17T15:18:47	dependency: use dependency match owner with pkgconf_pkg_unref()
78bcb171	2021-07-24T20:06:55	personality: do not perform path filtering on default SYSTEM_INCLUDE_PATHS and SYSTEM_LIBRARY_PATHS This is not consistent with the way the personality files or environment variables are handled. Fixes #224.
ceece2c1	2021-07-24T19:47:33	pkg: fix up comment about issue #213 workaround
ed86f2dd	2021-06-23T14:09:05	Don't prepend sysroot_dir if pkg-config file lies outside of sysroot_dir
d688a7bd	2021-06-11T15:00:47	implement pkgconf_cross_personality_deinit
13fe4c8c	2021-06-13T18:38:18	pkgconf_pkg_parser_value_set(): fix code-path ordering bug. Prior to this commit, the code path responsible for prefix redefinition (motivated by --define-prefix or otherwise) was visited more than once, specifically since the check ignored pkg->owner->prefix_varname.
4f73f6a1	2021-03-20T11:01:14	Rework path handling on native Windows The current approach was to parse the .pc and, detect the prefix, throw everything together and at the end replace all \ with / to not produce invalid escape sequences. This has the problem that escaping in .pc files is ignored and no longer possible. Also in case the prefix path has a space in it the result would be invalid because of missing escaping. This changes the following things: * We no longer normalize values at the end. Instead we assume .pc files use "/" as a directory separator or "\\", same format as under Unix. "\" alone no longer works. This shouldn't be a problem since most build tools produce .pc files with "/" like meson, cmake, autotools. * When injecting the prefix at runtime we convert the prefix to use "/" and escape spaces so that in combination with the .pc content the result is a valid escaped path value again. This patch has been used in MSYS2 for some months now. See #212
4be39c59	2021-03-19T16:59:02	Remove usage of cygwin_conv_path() under cygwin/msys This converted Unix paths to Windows paths, but all cygwin tools work with Unix paths so this shouldn't be needed. There is one use case if you use a cygwin pkgconf with a non-cygwin toolchain, but pkgconf works reasonable well natively now so this shouldn't be needed anymore and more likely leads to problems and confusion. Both cygwin and msys have patched this out already: * https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/pkgconf.git;a=blob;f=pkgconf.cygport;h=e5d003f3f3dfc9e374b916974018022ad8d68852;hb=HEAD#l55 * https://github.com/msys2/MSYS2-packages/blob/a4bce0c2943109e7d06c8660d91b89065eb09bea/pkgconf/PKGBUILD#L26
dbb6a232	2021-03-18T06:56:55	path: don't use PATH_MAX, use PKGCONF_ITEM_SIZE * 4 for realpath buffer
fd1b8ccc	2021-03-18T06:22:11	main: if PKG_CONFIG_FDO_SYSROOT_RULES is set, or DESTDIR matches PKG_CONFIG_SYSROOT_DIRS, disable the automatic sysroot rewriting Closes #205.
008d7069	2021-03-18T06:03:32	libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows
f9531ce9	2021-03-18T05:59:54	add support for pkgconf_cross_personality_t.want_default_pure
52d19e1b	2021-03-18T05:44:45	libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.
ab404bc2	2021-02-03T06:54:52	Fix #209 This commit fixes #209 by applying the suggestion from https://github.com/pkgconf/pkgconf/issues/209#issuecomment-771609136.
13a5d9a5	2021-01-08T10:56:41	libpkgconf: path: supply buffer to realpath To avoid a crash on some platforms (like Darwin 9) provide a buffer to realpath(3). Darwin 9 (last PPC target) documents realpath needs to be given a buffer to the resolved_path argument large enough to hold PATH_MAX bytes. With NULL argument it crashes. Solaris makes no mention of resolved_path to be allowed NULL, yet recent versions accept it and malloc(3) accordingly. Because the documentation explicitly mentions PATH_MAX being the limit to what realpath(3) would write in resolved_path, switching to a static buffer here doesn't limit resolution compared to dynamically allocating a buffer by realpath(3). While this change requires a bit more space on the stack, it avoids a malloc/free sequence, and allows successful operation on (older) platforms that lack support for dynamically allocating a return buffer in realpath(3). Signed-off-by: Fabian Groffen <grobian@gentoo.org>
de8fc9e4	2020-11-28T15:19:41	meson: install headers into pkgconf/libpkgconf instead of just libpkgconf To mirror what the autotools build does
869f2a84	2020-11-28T16:01:16	pkgconf_pkg_parser_version_func: fix whitespace detection In case the version string has no whitespace then strcspn() returns strlen() of the input, so whitespace is only found if len != strlen. This fixes invalid warnings when parsing version fields.
2a8bebf2	2020-06-11T18:00:56	libpkgconf: path: rewrite DOS paths in non-cygwin case too
f818a69b	2020-06-03T21:42:25	libpkgconf: pkg: fix out ouf boundary access If a file with a matching "uninstalled" name exists but cannot be parsed, an invalid memory area is accessed. How to reproduce: $ touch poc-uninstalled.pc $ PKG_CONFIG_PATH=. pkgconf poc
ef135d81	2020-06-02T18:58:00	meson: remove some autotools cruft
354c8727	2020-05-30T19:19:48	libpkgconf: tuple: fix truncation when no overflow occurs
5eb9cae0	2020-05-31T00:25:54	libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 \| tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.
100bc605	2020-05-30T23:48:40	libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.
dc04193c	2020-05-29T19:35:42	libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.
42b35531	2020-05-30T12:39:43	fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include
fb9acedc	2020-05-26T21:42:13	libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 \| tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.
c613eb5c	2020-05-26T13:41:39	libpkgconf: pkg: use a second pointer for demunging windows paths
e70b536e	2020-05-26T11:01:46	libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.
0253fddc	2020-05-26T07:41:16	libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.
9e16d270	2020-05-24T23:13:19	libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf
dd57abfe	2020-05-24T14:44:01	pkgconf 1.7.0.
4fb7683c	2020-05-24T14:40:47	add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.
011db1bb	2020-04-26T17:28:03	Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15
382a89c1	2020-05-24T14:18:16	pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case
92745ad9	2020-05-24T21:51:14	libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 \| tr '\0' ' ' >> poc.pc $ pkgconf poc.pc
bd4ed1ca	2020-05-24T20:51:48	libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.
48dc665a	2019-10-19T00:56:17	personality: add support for WantDefaultStatic setting
2adafc27	2019-08-23T12:47:22	libpkgconf: personality: return the default personality if loading a personality file failed
19aa93e3	2019-08-04T15:54:24	prepare for pkgconf 2.0 development
c862e030	2019-07-12T06:53:37	pkgconf 1.6.3.
c10f6999	2019-07-12T06:35:48	libpkgconf: pkg: generate diagnostic for and trim malformed versions
7a395932	2019-07-12T05:45:16	drop CMake support
c816ce69	2019-07-11T03:36:03	pkgconf 1.6.2. (closes #38, #40, #41)
7e0b0fad	2019-07-11T03:38:58	libpkgconf: path: fix memory leak when deduping paths (closes #39)

d8d669f6

2022-08-07T04:47:04

pkgconf 1.9.0.

0e05308f

2022-08-07T04:35:29

pkg: add SPDX license assertion to pkgconf builtin

1389aa05

2022-08-07T04:21:22

pkg: add pkgconf_pkg_t.license field The pkgconf_pkg_t.license field maps to the new License keyword, and should be an SPDX license expression.

7edfdbff

2022-08-07T01:29:21

pkg: upgrade circular reference trace to a warning

662668d0

2022-08-07T01:09:07

pkg: add trace log when breaking a circular reference

ebe74fd2

2022-08-03T15:24:05

cache: free the cache table when it is empty and set to NULL We do the latter for the benefit of libpkgconf. This cleans up a significant number of memory leaks in the cache handling.

1cfa2d1e

2022-08-04T15:16:44

pkg: prevent circular ownership Otherwise in a case where A references B, and B references A, A and B will have mutual ownership of each other and prevent each other from being free'd.

301d8fa0

2022-08-04T12:22:49

queue: free unused dependencies when flattening

34b11020

2022-08-04T11:53:02

dependency: zero list after freeing

e71a5a33

2022-08-04T11:52:26

dependency: add debug information for dependency refcounting

49342057

2022-08-04T11:50:50

pkg: add name of pkg being refed/unrefed to debug outpu

a46ce367

2022-08-03T16:40:04

queue: when collecting dependents don't iterate private twice Currently, the private field is iterated collecting private deps and normal deps. It should only be iterated when collecting private deps.

a391f9b6

2022-08-03T16:32:35

pkg: use goto cleanup idiom

17173802

2022-08-03T16:27:42

cache: clear the cache with pkgconf_cache_remove Which results in more code re-use.

e4d1c8ff

2022-08-03T16:22:14

queue: when flattening do nothing if the flattened deps are empty

66090011

2022-08-03T16:08:00

queue: unref dependency in all cases

e275594b

2022-08-03T15:56:54

queue: ensure cleanup happens when applying

4a1119aa

2022-08-03T15:43:04

dependency: Fix reference counting of dependency_addraw We only want a reference to be added for the value inserted into the list, not the one returned. The returned one is unowned until it reaches the public dependency_add function, which returns an owned pointer instead. This makes things semantically more correct. Unfortunately, this means in a few cases we have to write some ugly code like: ```c pkgconf_dependency_t *dep = pkgcond_dependency_add("args"); pkgconf_dependency_unref(dep->owner, dep); ```

a4de6235

2022-08-03T15:29:57

cache: when removing a package from the cache unset the cached flag

96c61cba

2022-08-03T12:00:21

libpkgconf: remove trailing ; from macro definition GCC has a lovely bug (which I will report as soon as I have an account), which causes -Wmisleading-indentation to miss cases of misleading indentation after a `;;`, since the macro adds `;`, and in call cases the caller also adds `;`, we end up with a double macro and gcc fails to warn.

6c70781a

2022-07-26T18:00:22

introduce PKG_CONFIG_PKGCONF1_SYSROOT_RULES for legacy pkgconf behavior

f8aefea7

2022-07-26T17:13:15

pkg: add flags argument to pkgconf_pkg_new_from_file

297e18f2

2022-07-26T17:08:48

tuple: add flags parameter to pkgconf_tuple_parse

b0802cb3

2022-06-26T19:41:31

Revert "pkgconf_pkg_parser_value_set(): fix code-path ordering bug." This reverts commit 13fe4c8c589be99b12db62b053c38124afecf2d7.

72e429ae

2022-06-26T19:35:19

tuple: use ${pc_sysrootdir} instead of client->sysroot_dir where relevant

a61193c7

2022-06-26T19:16:00

pkg: fix sysroot_dir logic for github 213

d68a867d

2022-06-26T19:15:07

tuple: fall back to using globals rather than preferring them

fdd7d192

2022-06-26T18:38:55

queue: fix ISO C conformance for fallthrough label

a1a41511

2022-06-26T18:09:22

queue: handle pkgconf_pkg_verify_dependency failure while flattening

9bc6d80e

2022-06-26T18:06:04

queue: push new unresolved dependencies to the front of the queue, rather than the tail

fe4db3aa

2022-06-26T18:04:42

queue: skip dependency collection for root node

5a82a259

2022-06-26T15:17:08

queue: use maxdepth after flattening

a416dc1f

2022-06-26T15:16:36

queue: advance client serial when walking requires.private for flattening

197fcadd

2022-06-26T15:02:37

queue: add flattening code

5817e884

2022-06-26T07:22:56

pkg: track the number of hits a package has gotten while solving for dependencies

6ae17bd0

2022-06-26T06:05:40

pkg: split pkgconf_pkg_traverse into a serial-modifying version

ffa0805d

2022-06-26T04:38:02

cache: use pkgconf_reallocarray stub

c1579d38

2022-06-26T04:37:18

bsdstubs: add pkgconf_reallocarray

4c76f6bf

2022-06-26T04:33:47

meson: check for reallocarray it is needed for the new cache code

46467240

2022-06-26T04:30:35

cache: refactor to use a continguous table and bsearch cache functions are the hottest part of the pkgconf code when profiled, by removing the linked list for lookups, we can turn lookups into an O(k) operation

c0fa7879

2022-04-01T14:15:43

libpkgconf: zero path lists after freeing This is required to make the pointer safely re-usable after being freed, otherwise the list still says that it has nodes, but they point nowhere. This is particularly important for libpkgconf, if a caller needs to re-enter the library after freeing a path in a static path (such as the default personality)

2d201af3

2022-04-01T14:14:54

libpkgconf: Add a helper to zero `pkgconf_list_t`s

cf48b61a

2022-02-21T04:42:26

stdinc: include strings.h on POSIX

0995e499

2022-02-21T04:27:11

Merge branch 'master' into readme-meson

a45dbccc

2022-02-21T04:25:36

Merge pull request #242 from data-man/dirent_latest Update dirent.h to latest

c6cfca67

2022-02-21T04:25:26

Merge pull request #245 from dcbaker/submit/remove-const libpkgconf: remove const modifier from error_handler data pointer

c581e24a

2022-02-10T19:46:19

personality: use an unsigned to track initializations Instead of a bool. The latter will result in de-initing leaving the library unable to init again, which works out for the cli, but is problematic for other consumers (meson++ and muon). v2: - Add docs that the functions are not thread safe

f5d6bb71

2022-02-04T16:06:08

libpkgconf: remove const modifier from error_handler data pointer Currently, the data pointer is `const void *`, which means that the handler can't modify the data without casting away the constness.

b132ce83

2022-01-08T10:55:28

Update dirent.h to latest

6109e060

2021-12-11T14:49:05

docs: mention Meson instead of CMake for Win build Fixes #233

2b82a4f6

2021-10-07T00:23:35

use a serial instead of PKGCONF_PKG_PROPF_SEEN

7d8cc1e4

2021-10-06T13:13:34

dependency: add pkgconf_dependency_copy()

c547edd0

2021-10-06T11:52:18

deconst the client on pkgconf_dependency_add()

4144d506

2021-10-06T11:48:13

implement dependency refcounting

8130dd15

2021-10-06T11:29:18

dependency: add pkgconf_dependency_free_one

4b87e256

2021-08-17T15:29:55

cache: clear package cache without using the refcounts

df1b671c

2021-08-17T15:18:47

dependency: use dependency match owner with pkgconf_pkg_unref()

78bcb171

2021-07-24T20:06:55

personality: do not perform path filtering on default SYSTEM_INCLUDE_PATHS and SYSTEM_LIBRARY_PATHS This is not consistent with the way the personality files or environment variables are handled. Fixes #224.

ceece2c1

2021-07-24T19:47:33

pkg: fix up comment about issue #213 workaround

ed86f2dd

2021-06-23T14:09:05

Don't prepend sysroot_dir if pkg-config file lies outside of sysroot_dir

d688a7bd

2021-06-11T15:00:47

implement pkgconf_cross_personality_deinit

13fe4c8c

2021-06-13T18:38:18

pkgconf_pkg_parser_value_set(): fix code-path ordering bug. Prior to this commit, the code path responsible for prefix redefinition (motivated by --define-prefix or otherwise) was visited more than once, specifically since the check ignored pkg->owner->prefix_varname.

4f73f6a1

2021-03-20T11:01:14

Rework path handling on native Windows The current approach was to parse the .pc and, detect the prefix, throw everything together and at the end replace all \ with / to not produce invalid escape sequences. This has the problem that escaping in .pc files is ignored and no longer possible. Also in case the prefix path has a space in it the result would be invalid because of missing escaping. This changes the following things: * We no longer normalize values at the end. Instead we assume .pc files use "/" as a directory separator or "\\", same format as under Unix. "\" alone no longer works. This shouldn't be a problem since most build tools produce .pc files with "/" like meson, cmake, autotools. * When injecting the prefix at runtime we convert the prefix to use "/" and escape spaces so that in combination with the .pc content the result is a valid escaped path value again. This patch has been used in MSYS2 for some months now. See #212

4be39c59

2021-03-19T16:59:02

Remove usage of cygwin_conv_path() under cygwin/msys This converted Unix paths to Windows paths, but all cygwin tools work with Unix paths so this shouldn't be needed. There is one use case if you use a cygwin pkgconf with a non-cygwin toolchain, but pkgconf works reasonable well natively now so this shouldn't be needed anymore and more likely leads to problems and confusion. Both cygwin and msys have patched this out already: * https://cygwin.com/git-cygwin-packages/?p=git/cygwin-packages/pkgconf.git;a=blob;f=pkgconf.cygport;h=e5d003f3f3dfc9e374b916974018022ad8d68852;hb=HEAD#l55 * https://github.com/msys2/MSYS2-packages/blob/a4bce0c2943109e7d06c8660d91b89065eb09bea/pkgconf/PKGBUILD#L26

dbb6a232

2021-03-18T06:56:55

path: don't use PATH_MAX, use PKGCONF_ITEM_SIZE * 4 for realpath buffer

fd1b8ccc

2021-03-18T06:22:11

main: if PKG_CONFIG_FDO_SYSROOT_RULES is set, or DESTDIR matches PKG_CONFIG_SYSROOT_DIRS, disable the automatic sysroot rewriting Closes #205.

008d7069

2021-03-18T06:03:32

libpkgconf: personality: default: set want_default_static and want_default_pure to true on windows

f9531ce9

2021-03-18T05:59:54

add support for pkgconf_cross_personality_t.want_default_pure

52d19e1b

2021-03-18T05:44:45

libpkgconf: fileio: pkgconf_fgetline(): handle quoted=true when a comment introduction is encountered Fixes #215.

ab404bc2

2021-02-03T06:54:52

Fix #209 This commit fixes #209 by applying the suggestion from https://github.com/pkgconf/pkgconf/issues/209#issuecomment-771609136.

13a5d9a5

2021-01-08T10:56:41

libpkgconf: path: supply buffer to realpath To avoid a crash on some platforms (like Darwin 9) provide a buffer to realpath(3). Darwin 9 (last PPC target) documents realpath needs to be given a buffer to the resolved_path argument large enough to hold PATH_MAX bytes. With NULL argument it crashes. Solaris makes no mention of resolved_path to be allowed NULL, yet recent versions accept it and malloc(3) accordingly. Because the documentation explicitly mentions PATH_MAX being the limit to what realpath(3) would write in resolved_path, switching to a static buffer here doesn't limit resolution compared to dynamically allocating a buffer by realpath(3). While this change requires a bit more space on the stack, it avoids a malloc/free sequence, and allows successful operation on (older) platforms that lack support for dynamically allocating a return buffer in realpath(3). Signed-off-by: Fabian Groffen <grobian@gentoo.org>

de8fc9e4

2020-11-28T15:19:41

meson: install headers into pkgconf/libpkgconf instead of just libpkgconf To mirror what the autotools build does

869f2a84

2020-11-28T16:01:16

pkgconf_pkg_parser_version_func: fix whitespace detection In case the version string has no whitespace then strcspn() returns strlen() of the input, so whitespace is only found if len != strlen. This fixes invalid warnings when parsing version fields.

2a8bebf2

2020-06-11T18:00:56

libpkgconf: path: rewrite DOS paths in non-cygwin case too

f818a69b

2020-06-03T21:42:25

libpkgconf: pkg: fix out ouf boundary access If a file with a matching "uninstalled" name exists but cannot be parsed, an invalid memory area is accessed. How to reproduce: $ touch poc-uninstalled.pc $ PKG_CONFIG_PATH=. pkgconf poc

ef135d81

2020-06-02T18:58:00

meson: remove some autotools cruft

354c8727

2020-05-30T19:19:48

libpkgconf: tuple: fix truncation when no overflow occurs

5eb9cae0

2020-05-31T00:25:54

libpkgconf: tuple: fix out of boundary write This is the same issue which has been fixed in dependency code. If a line contains a variable which is longer than PKGCONF_ITEM_SIZE, then the varname buffer overflows. The code itself still does not check if a closing } exists and truncates variable names which are too long. Since these would be functional changes and this commit is about a protection against undefined behaviour on a language level, these changes are not included. Proof of concept: $ echo "Description: poc" > poc.pc $ echo "Version: 1" >> poc.pc $ echo -n 'Name: ${' $ dd if=/dev/zero bs=1 count=66535 | tr '\0' 'x' >> poc.pc $ echo >> poc.pc $ pkgconf poc.pc On my Linux system, when compiled with gcc, the varname buffer overflows directly into buf, which means that no crash can be notified. It's easiest to figure out when adding strlen() and sizeof() output as debug lines.

100bc605

2020-05-30T23:48:40

libpkgconf: fragment: fix out of boundary write fragment_quote adds quotation to fragments if needed. It allocates a buffer and grows it as needed. Unfortunately the dst pointer is not updated after a realloc, which means that dst still points into the old memory area. Further writing characters into that area leads to out of boundy writes. Proof of concept: $ cat > poc.pc << EOF Name: poc Description: poc Version: 1 CFlags: -Ia CFlags: -I%%%%%%%%%%%%%%%%%%%%b CFlags: -I%%%%%%%%%%%%%%%%%%%%c CFlags: -Id EOF $ pkgconf --cflags poc.pc Most reliable attempt is to compile pkgconf with address sanitizer, but this file should lead to an abort on a glibc system due to modified chunk pointers (tested with Linux on amd64). But since this is undefined behaviour, it depends on system details.

dc04193c

2020-05-29T19:35:42

libpkgconf: fragment: fix out of boundary read Parsing a fragment which consists only of a single dash leads to an out of boundary read. It duplicates the following entry which is not expected behaviour if another fragment follows. Proof of concept: $ cat > poc.pc << "EOF" Name: poc Description: poc Version: 1 Cflags: - -I/somewhere EOF $ PKG_CONFIG_PATH=. pkgconf --cflags poc -I/somewhere -I/somewhere If - is the last entry, it leads to an out of boundary read, which is easy to see if pkgconf is compiled with address sanitizer.

42b35531

2020-05-30T12:39:43

fix missing backslashes in paths on Windows According to https://docs.microsoft.com/fr-fr/windows/win32/fileio/naming-a-file backslashes (with slashes) are a path separator, hence must no be considered as an escape code. The first fix, in argvsplit.c, disables this. But because of fragment_quote(), the backslashes are doubled. Hence the second fix in fragment.c With this pc file : prefix=C:/Documents/msys2/opt/efl_64 libdir=${prefix}/lib includedir=${prefix}/include Name: eina Description: efl: eina Version: 1.24.99 Requires.private: iconv Libs: -L${libdir} -leina -pthread -levil Libs.private: -lpsapi -lole32 -lws2_32 -lsecur32 -luuid -lregex -lm Cflags:-I${includedir}/eina-1 -I${includedir}/efl-1 -I${includedir}/eina-1/eina -pthread pkgconf.exe --cflags eina returns : -IC:\Documents\msys2\opt\efl_64/include/eina-1 -IC:\Documents\msys2\opt\efl_64/include/efl-1 -IC:\Documents\msys2\opt\efl_64/include/eina-1/eina -pthread -DWINICONV_CONST= -IC:\Documents\msys2\opt\ewpi_64/include

fb9acedc

2020-05-26T21:42:13

libpkgconf: dependency: fix out of boundary write It is possible to trigger an out of boundary write in function pkgconf_dependency_parse_str if a dependency line contains a very long comparator. The comparator is stored in a temporary buffer which has a size of PKGCONF_ITEM_SIZE. The line which is parsed can be up to PKGCONF_BUFSIZE characters long, which is larger than PKGCONF_ITEM_SIZE (although it depends on PATH_MAX). Having a comparator which is longer than PKGCONF_ITEM_SIZE therefore leads to an out of boundary write. Although it is undefined behaviour, this can lead to an overridden compare variable, which in turn can lead to an invalid instruction pointer, i.e. most likely a crash or code execution (very unlikely). Proof of concept: $ echo "Requires: x " > poc.pc $ dd if=/dev/zero bs=1 count=65535 | tr '\0' '<' >> poc.pc $ pkgconf poc.pc Eiter compile pkgconf with address sanitizer or run pkgconf multiple times, eventually it might crash (assuming that ASLR is in place). In order to fix this, I decided to use an end pointer to avoid OOB write. Alternative would be to increase the buffer size, but I try to avoid that since this would be additional ~60 KB stack space for a very unlikely situation.

c613eb5c

2020-05-26T13:41:39

libpkgconf: pkg: use a second pointer for demunging windows paths

e70b536e

2020-05-26T11:01:46

libpkgconf: pkg: when generating a search path, use the correct path separator Before, this could result in generated paths like C:\foo\pkgconfig/bar.pc on Windows.

0253fddc

2020-05-26T07:41:16

libpkgconf: pkg: fix computation of pkgconf_pkg_t.id on Windows. Windows allows both \ and / as valid path characters. A computed path such as C:\development\libfoo\pkgconfig/foo.pc will result in a computed pkgconf_pkg_t.id of "pkgconfig/foo". Accordingly, correct the path normalization for checking for / after the \ path has been dealt with in all cases.

9e16d270

2020-05-24T23:13:19

libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf

dd57abfe

2020-05-24T14:44:01

pkgconf 1.7.0.

4fb7683c

2020-05-24T14:40:47

add support for the PKGCONF_PKG_PKGF_DONT_MERGE_SPECIAL_FRAGMENTS flag used in build2.

011db1bb

2020-04-26T17:28:03

Do not complain about malformed whitespace from \n on Version line Every version line has a newline at the end; the malformed whitespace checker should just check for trailing spaces and tabs. Resolves https://todo.sr.ht/~kaniini/pkgconf/15

382a89c1

2020-05-24T14:18:16

pkg: pkgconf_compare_version(): do not return levenshtein distance in strcmp() case

92745ad9

2020-05-24T21:51:14

libpkgconf: parser: fix out of boundary access It is possible to trigger an out of boundary access with specially crafted files. If a line consist of only a key and spaces, then op will point to '\0'-ending of the buffer. Since p is iterated by one byte right past this ending '\0', the next read access to p is effectively out of bounds. Theoretically this can also lead to out of boundary writes if spaces are encountered. Proof of concept (I recommend to compile with address sanitizer): $ echo -n a > poc.pc $ dd if=/dev/zero bs=1 count=65533 | tr '\0' ' ' >> poc.pc $ pkgconf poc.pc

bd4ed1ca

2020-05-24T20:51:48

libpkgconf: fileio: prevent buffer overflow. pkgconf_fgetline is called with a user-defined buffer, its size, and a FILE stream to read input from. If the buffer is almost completely filled and the file stream contains an escaped character, then it is possible to trigger an off-by-one buffer overflow with a '\0' character. Easiest example to trigger this: char buf[2]; pkgconf_fgetline(buf, sizeof(buf), stdin); Enter "\\" (two backslashes) and press enter. If the library and the program are compiled with address sanitizer, you will see the program crashing. Otherwise it depends on your architecture what happens. Since nobody should be using a buffer of only size 1 or 2, keep enough space for a possibly escaped character in while loop by subtracting one more byte for this situation, not just for '\0'.

48dc665a

2019-10-19T00:56:17

personality: add support for WantDefaultStatic setting

2adafc27

2019-08-23T12:47:22

libpkgconf: personality: return the default personality if loading a personality file failed

19aa93e3

2019-08-04T15:54:24

prepare for pkgconf 2.0 development

c862e030

2019-07-12T06:53:37

pkgconf 1.6.3.

c10f6999

2019-07-12T06:35:48

libpkgconf: pkg: generate diagnostic for and trim malformed versions

7a395932

2019-07-12T05:45:16

drop CMake support

c816ce69

2019-07-11T03:36:03

pkgconf 1.6.2. (closes #38, #40, #41)

7e0b0fad

2019-07-11T03:38:58

libpkgconf: path: fix memory leak when deduping paths (closes #39)

kc3-lang/pkgconf/libpkgconf

libpkgconf

Log