diff --git a/backport-column-fix-buffer-overflow-when-l-specified.patch b/backport-column-fix-buffer-overflow-when-l-specified.patch new file mode 100644 index 0000000..9387b43 --- /dev/null +++ b/backport-column-fix-buffer-overflow-when-l-specified.patch @@ -0,0 +1,53 @@ +From 4aacf57da1e41643fa789d3ffe848d50029a62de Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 4 Aug 2022 10:10:19 +0200 +Subject: [PATCH] column: fix buffer overflow when -l specified +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +$ printf 'a b c\n1 2 3\n' | column -s : -t -o '-' -l2 +a b c-ġ +1 2 3- + +Signed-off-by: Karel Zak + +--- + text-utils/column.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/text-utils/column.c b/text-utils/column.c +index a4ba24dcd..3d068b08d 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -507,17 +507,23 @@ static void modify_table(struct column_control *ctl) + static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + { + wchar_t *wcdata, *sv = NULL, *wcs = wcs0; +- size_t n = 0, nchars = 0; ++ size_t n = 0, nchars = 0, len; + struct libscols_line *ln = NULL; + + if (!ctl->tab) + init_table(ctl); ++ ++ len = wcslen(wcs0); ++ + do { + char *data; + +- if (ctl->maxncols && n + 1 == ctl->maxncols) +- wcdata = wcs0 + nchars; +- else ++ if (ctl->maxncols && n + 1 == ctl->maxncols) { ++ if (nchars < len) ++ wcdata = wcs0 + nchars; ++ else ++ wcdata = NULL; ++ } else + wcdata = local_wcstok(ctl, wcs, &sv); + + if (!wcdata) +-- +2.33.0 + diff --git a/backport-column-fix-greedy-mode-on-l.patch b/backport-column-fix-greedy-mode-on-l.patch new file mode 100644 index 0000000..c91bafa --- /dev/null +++ b/backport-column-fix-greedy-mode-on-l.patch @@ -0,0 +1,74 @@ +From 8ac75e31de0ece74515e98e0b22e54cc0a9808bd Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 4 Aug 2022 10:13:49 +0200 +Subject: [PATCH] column: fix greedy mode on -l +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the 'greedy' mode strtok() skips leading white chars, but code for +-l (merge remaining data to the last column) do not count the skipped +chars. + +Old version: + +$ printf ' a b c\n1 2 3\n' | column -t -o '-' -l2 +a-a +1-2 3 + +Fixed version: + +$ printf ' a b c\n1 2 3\n' | column -t -o '-' -l2 +a-b c +1-2 3 + +Note, see leading white chars ' a b c'. + +Fexes: https://github.com/util-linux/util-linux/issues/1763 +Signed-off-by: Karel Zak +--- + text-utils/column.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 3d068b08d..0a891117c 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -507,7 +507,7 @@ static void modify_table(struct column_control *ctl) + static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + { + wchar_t *wcdata, *sv = NULL, *wcs = wcs0; +- size_t n = 0, nchars = 0, len; ++ size_t n = 0, nchars = 0, skip = 0, len; + struct libscols_line *ln = NULL; + + if (!ctl->tab) +@@ -519,13 +519,22 @@ static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + char *data; + + if (ctl->maxncols && n + 1 == ctl->maxncols) { +- if (nchars < len) +- wcdata = wcs0 + nchars; ++ if (nchars + skip < len) ++ wcdata = wcs0 + (nchars + skip); + else + wcdata = NULL; +- } else ++ } else { + wcdata = local_wcstok(ctl, wcs, &sv); + ++ /* For the default separator ('greedy' mode) it uses ++ * strtok() and it skips leading white chars. In this ++ * case we need to remember size of the ignored white ++ * chars due to wcdata calculation in maxncols case */ ++ if (wcdata && ctl->greedy ++ && n == 0 && nchars == 0 && wcdata > wcs) ++ skip = wcdata - wcs; ++ } ++ + if (!wcdata) + break; + if (scols_table_get_ncols(ctl->tab) < n + 1) { +-- +2.33.0 + diff --git a/backport-column-fix-l.patch b/backport-column-fix-l.patch new file mode 100644 index 0000000..9248d5e --- /dev/null +++ b/backport-column-fix-l.patch @@ -0,0 +1,106 @@ +From 6dd30a72e7074493152e8ef9c76759218f489985 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 2 Aug 2023 12:57:37 +0200 +Subject: [PATCH] column: fix -l +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The original implementation is complicated and broken. + +It's possible to calculate the rest of the string (for the last +column) from the current position rather than calculate it +continuously. Use the last wcstok() result also means that it will +work as expected independently on "greedy" mode (skips repeating +separators. + + # printf 'a b c d\n1 2 3 4\n' | ./column -t -o '|' -l3 + a|b|c d + 1|2|3 4 + +(see space between 'a' and 'b' on input) + +References: 8ac75e31de0ece74515e98e0b22e54cc0a9808bd +Fixes: https://github.com/util-linux/util-linux/issues/1763 +Signed-off-by: Karel Zak +--- + text-utils/column.c | 37 ++++++++++++++++--------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 88d46b9..79245cd 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -471,37 +471,33 @@ static void modify_table(struct column_control *ctl) + + static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + { +- wchar_t *wcdata, *sv = NULL, *wcs = wcs0; +- size_t n = 0, nchars = 0, skip = 0, len; ++ wchar_t *sv = NULL, *wcs = wcs0, *all = NULL; ++ size_t n = 0; + struct libscols_line *ln = NULL; + ++ + if (!ctl->tab) + init_table(ctl); + +- len = wcslen(wcs0); ++ if (ctl->maxncols) { ++ all = wcsdup(wcs0); ++ if (!all) ++ err(EXIT_FAILURE, _("failed to allocate input line")); ++ } + + do { + char *data; ++ wchar_t *wcdata = local_wcstok(ctl, wcs, &sv); ++ ++ if (!wcdata) ++ break; + + if (ctl->maxncols && n + 1 == ctl->maxncols) { +- if (nchars + skip < len) +- wcdata = wcs0 + (nchars + skip); +- else +- wcdata = NULL; +- } else { +- wcdata = local_wcstok(ctl, wcs, &sv); +- +- /* For the default separator ('greedy' mode) it uses +- * strtok() and it skips leading white chars. In this +- * case we need to remember size of the ignored white +- * chars due to wcdata calculation in maxncols case */ +- if (wcdata && ctl->greedy +- && n == 0 && nchars == 0 && wcdata > wcs) +- skip = wcdata - wcs; ++ /* Use rest of the string as column data */ ++ size_t skip = wcdata - wcs0; ++ wcdata = all + skip; + } + +- if (!wcdata) +- break; + if (scols_table_get_ncols(ctl->tab) < n + 1) { + if (scols_table_is_json(ctl->tab) && !ctl->hide_unnamed) + errx(EXIT_FAILURE, _("line %zu: for JSON the name of the " +@@ -517,8 +513,6 @@ static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + err(EXIT_FAILURE, _("failed to allocate output line")); + } + +- nchars += wcslen(wcdata) + 1; +- + data = wcs_to_mbs(wcdata); + if (!data) + err(EXIT_FAILURE, _("failed to allocate output data")); +@@ -530,6 +524,7 @@ static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + break; + } while (1); + ++ free(all); + return 0; + } + +-- +2.33.0 + diff --git a/backport-column-fix-memory-leak.patch b/backport-column-fix-memory-leak.patch new file mode 100644 index 0000000..47a40d0 --- /dev/null +++ b/backport-column-fix-memory-leak.patch @@ -0,0 +1,29 @@ +From aad8a6079a5cfcf27344a2efdba61017049a927d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Mon, 17 Jul 2023 21:07:18 +0200 +Subject: [PATCH] column: fix memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +--- + text-utils/column.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/text-utils/column.c b/text-utils/column.c +index a443ab8b1..ad3d8f3d7 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -667,6 +667,8 @@ static int read_input(struct column_control *ctl, FILE *fp) + } + } while (rc == 0); + ++ free(buf); ++ + return rc; + } + +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index d4d0008..0f997f3 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 21 +Release: 22 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -109,6 +109,10 @@ Patch6087: backport-lib-caputils-fix-integer-handling-issues-coverity-sc.pa Patch6088: backport-libblkid-jfs-avoid-undefined-shift.patch Patch6089: backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch Patch6090: backport-logger-initialize-socket-credentials-contol-union.patch +Patch6091: backport-column-fix-buffer-overflow-when-l-specified.patch +Patch6092: backport-column-fix-greedy-mode-on-l.patch +Patch6093: backport-column-fix-memory-leak.patch +Patch6094: backport-column-fix-l.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -480,6 +484,16 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Mon Sep 4 2023 zhangyao - 2.37.2-22 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + [add]backport-column-fix-buffer-overflow-when-l-specified.patch + backport-column-fix-greedy-mode-on-l.patch + backport-column-fix-memory-leak.patch + backport-column-fix-l.patch + * Thu Aug 3 2023 zhangyao - 2.37.2-21 - Type:bugfix - CVE:NA