Resolves: #1259942 - fix memory leak in sort/I18N

Patches written by Pádraig.

Note that the corresponding i18n/sort-month test was not included
because it breaks unless sort is compiled -Dlint and we do not want
to decrease performance of the resulting RPMs (and valgrind is not
installed in production buildroots anyway).

STAGE1-coreutils

@@ -0,0 +1,7 @@
+srpm coreutils
+mcd $BUILDDIR/$1
+(cd $SRC/${1}-*/ ; autoreconf -vif)
+$SRC/${1}-*/configure $TCONFIGARGS --disable-pam
+notparallel
+make $J man1_MANS= V=1
+make $J man1_MANS= install DESTDIR=${ROOTFS}

coreutils-DIR_COLORS

@@ -84,11 +84,11 @@ EIGHTBIT 1
 # 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white
 #NORMAL 00	# no color code at all
 #FILE 00	# normal file, use no color at all
-RESET 0 # reset to "normal" color
+RESET 0		# reset to "normal" color
 DIR 01;34	# directory
 LINK 01;36	# symbolic link (If you set this to 'target' instead of a
 		# numerical value, the color is as for the file pointed to.)
-MULTIHARDLINK 00	# regular file with more than one link
+MULTIHARDLINK 00 # regular file with more than one link
 FIFO 40;33	# pipe
 SOCK 01;35	# socket
 DOOR 01;35	# door
@@ -209,8 +209,6 @@ EXEC 01;32
 .emf 01;35
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axv 01;35
-.anx 01;35
 .ogv 01;35
 .ogx 01;35
 
@@ -218,6 +216,7 @@ EXEC 01;32
 .aac 01;36
 .au 01;36
 .flac 01;36
+.m4a 01;36
 .mid 01;36
 .midi 01;36
 .mka 01;36
@@ -228,8 +227,8 @@ EXEC 01;32
 .wav 01;36
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axa 01;36
 .oga 01;36
+.opus 01;36
 .spx 01;36
 .xspf 01;36
 

coreutils-DIR_COLORS.256color

@@ -55,17 +55,17 @@ EIGHTBIT 1
 #NORMAL 00	# global default, no color code at all
 #FILE 00	# normal file, use no color at all
 RESET 0 # reset to "normal" color
-DIR 38;5;27	# directory
+DIR 38;5;33	# directory
 LINK 38;5;51	# symbolic link (If you set this to 'target' instead of a
 		# numerical value, the color is as for the file pointed to.)
-MULTIHARDLINK 44;38;5;15 # regular file with more than one link
+MULTIHARDLINK 00 # regular file with more than one link
 FIFO 40;38;5;11	# pipe
 SOCK 38;5;13	# socket
 DOOR 38;5;5	# door
 BLK 48;5;232;38;5;11	# block device driver
 CHR 48;5;232;38;5;3	# character device driver
 ORPHAN 48;5;232;38;5;9  # symlink to nonexistent file, or non-stat'able file
-MISSING 05;48;5;232;38;5;15 # ... and the files they point to
+MISSING 01;05;37;41	# ... and the files they point to
 SETUID 48;5;196;38;5;15	# file that is setuid (u+s)
 SETGID 48;5;11;38;5;16	# file that is setgid (g+s)
 CAPABILITY 48;5;196;38;5;226	# file with capability
@@ -74,7 +74,7 @@ OTHER_WRITABLE 48;5;10;38;5;21 # dir that is other-writable (o+w) and not sticky
 STICKY 48;5;21;38;5;15	# dir with the sticky bit set (+t) and not other-writable
 
 # This is for files with execute permission:
-EXEC 38;5;34
+EXEC 38;5;40
 
 # List any file extensions like '.gz' or '.tar' that you would like ls
 # to colorize below. Put the extension, a space, and the color init string.
@@ -179,8 +179,6 @@ EXEC 38;5;34
 .emf 38;5;13
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axv 38;5;13
-.anx 38;5;13
 .ogv 38;5;13
 .ogx 38;5;13
 
@@ -188,6 +186,7 @@ EXEC 38;5;34
 .aac 38;5;45
 .au 38;5;45
 .flac 38;5;45
+.m4a 38;5;45
 .mid 38;5;45
 .midi 38;5;45
 .mka 38;5;45
@@ -198,8 +197,8 @@ EXEC 38;5;34
 .wav 38;5;45
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axa 38;5;45
 .oga 38;5;45
+.opus 38;5;45
 .spx 38;5;45
 .xspf 38;5;45
 

coreutils-DIR_COLORS.lightbgcolor

@@ -1,4 +1,4 @@
-# Configuration file for the color ls utility - modified for gray backgrounds
+# Configuration file for the color ls utility - modified for lighter backgrounds
 # Synchronized with coreutils 8.5 dircolors
 # This file goes in the /etc directory, and must be world readable.
 # You can copy this file to .dir_colors in your $HOME directory to override
@@ -16,8 +16,9 @@ COLOR tty
 OPTIONS -F -T 0
 
 # Below, there should be one TERM entry for each termtype that is colorizable
-TERM linux
-TERM console
+TERM Eterm
+TERM ansi
+TERM color-xterm
 TERM con132x25
 TERM con132x30
 TERM con132x43
@@ -29,20 +30,46 @@ TERM con80x43
 TERM con80x50
 TERM con80x60
 TERM cons25
-TERM xterm
-TERM xterm-16color
-TERM xterm-88color
-TERM xterm-256color
+TERM console
+TERM cygwin
+TERM dtterm
+TERM eterm-color
+TERM gnome
+TERM gnome-256color
+TERM jfbterm
+TERM konsole
+TERM kterm
+TERM linux
+TERM linux-c
+TERM mach-color
+TERM mlterm
+TERM putty
+TERM putty-256color
 TERM rxvt
 TERM rxvt-256color
+TERM rxvt-cygwin
+TERM rxvt-cygwin-native
 TERM rxvt-unicode
 TERM rxvt-unicode-256color
 TERM rxvt-unicode256
-TERM xterm-color
-TERM color-xterm
+TERM screen
+TERM screen-256color
+TERM screen-256color-bce
+TERM screen-bce
+TERM screen-w
+TERM screen.Eterm
+TERM screen.rxvt
+TERM screen.linux
+TERM st
+TERM st-256color
+TERM terminator
 TERM vt100
-TERM dtterm
-TERM color_xterm
+TERM xterm
+TERM xterm-16color
+TERM xterm-256color
+TERM xterm-88color
+TERM xterm-color
+TERM xterm-debian
 
 # EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output)
 EIGHTBIT 1
@@ -57,7 +84,7 @@ EIGHTBIT 1
 # 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white
 #NORMAL 00	# no color code at all
 #FILE 00	# normal file, use no color at all
-RESET 0
+RESET 0		# reset to "normal" color
 DIR 00;34	# directory
 LINK 00;36	# symbolic link (If you set this to 'target' instead of a
 		# numerical value, the color is as for the file pointed to.)
@@ -76,7 +103,6 @@ STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w)
 OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky
 STICKY 37;44	# dir with the sticky bit set (+t) and not other-writable
 
-
 # This is for files with execute permission:
 EXEC 00;32
 
@@ -182,8 +208,6 @@ EXEC 00;32
 .emf 00;35
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axv 00;35
-.anx 00;35
 .ogv 00;35
 .ogx 00;35
 
@@ -191,6 +215,7 @@ EXEC 00;32
 .aac 00;36
 .au 00;36
 .flac 00;36
+.m4a 00;36
 .mid 00;36
 .midi 00;36
 .mka 00;36
@@ -201,8 +226,8 @@ EXEC 00;32
 .wav 00;36
 
 # http://wiki.xiph.org/index.php/MIME_Types_and_File_Extensions
-.axa 00;36
 .oga 00;36
+.opus 00;36
 .spx 00;36
 .xspf 00;36
 

coreutils-colorls.csh

@@ -16,7 +16,7 @@ set COLORS=/etc/DIR_COLORS
 
 if ($?TERM) then
   if ( -e "/etc/DIR_COLORS.256color" ) then
-    if ( "`tput colors`" == "256" ) then
+    if ( "`/usr/bin/tput colors`" == "256" ) then
        set COLORS=/etc/DIR_COLORS.256color
     endif
   endif
@@ -30,29 +30,29 @@ if ($?TERM) then
   if ( -f ~/.dircolors."$TERM" ) set COLORS=~/.dircolors."$TERM"
   if ( -f ~/.dir_colors."$TERM" ) set COLORS=~/.dir_colors."$TERM"
 endif
-set INCLUDE="`cat "$COLORS" | grep '^INCLUDE' | cut -d ' ' -f2-`"
+set INCLUDE="`/usr/bin/cat "$COLORS" | /usr/bin/grep '^INCLUDE' | /usr/bin/cut -d ' ' -f2-`"
 
 if ( ! -e "$COLORS" ) exit
 
-set _tmp="`mktemp .colorlsXXX -q --tmpdir=/tmp`"
+set _tmp="`/usr/bin/mktemp .colorlsXXX -q --tmpdir=/tmp`"
 #if mktemp fails, exit when include was active, otherwise use $COLORS file
 if ( "$_tmp" == '' ) then
   if ( "$INCLUDE" == '' ) then
-    eval "`dircolors -c $COLORS`"
+    eval "`/usr/bin/dircolors -c $COLORS`"
   endif
   goto cleanup
 endif
 
-if ( "$INCLUDE" != '' ) cat "$INCLUDE" >> $_tmp
-grep -v '^INCLUDE' "$COLORS" >> $_tmp
+if ( "$INCLUDE" != '' ) /usr/bin/cat "$INCLUDE" >> $_tmp
+/usr/bin/grep -v '^INCLUDE' "$COLORS" >> $_tmp
 
-eval "`dircolors -c $_tmp`"
+eval "`/usr/bin/dircolors -c $_tmp`"
 
-rm -f $_tmp
+/usr/bin/rm -f $_tmp
 
 if ( "$LS_COLORS" == '' ) exit
 cleanup:
-set color_none=`sed -n '/^COLOR.*none/Ip' < $COLORS`
+set color_none=`/usr/bin/sed -n '/^COLOR.*none/Ip' < $COLORS`
 if ( "$color_none" != '' ) then
    unset color_none
    exit

coreutils-colorls.sh

@@ -15,7 +15,7 @@ if [ -z "$USER_LS_COLORS" ]; then
   for colors in "$HOME/.dir_colors.$TERM" "$HOME/.dircolors.$TERM" \
       "$HOME/.dir_colors" "$HOME/.dircolors"; do
     [ -e "$colors" ] && COLORS="$colors" && \
-    INCLUDE="`cat "$COLORS" | grep '^INCLUDE' | cut -d ' ' -f2-`" && \
+    INCLUDE="`/usr/bin/cat "$COLORS" | /usr/bin/grep '^INCLUDE' | /usr/bin/cut -d ' ' -f2-`" && \
     break
   done
 
@@ -23,7 +23,7 @@ if [ -z "$USER_LS_COLORS" ]; then
   COLORS="/etc/DIR_COLORS.$TERM"
 
   [ -z "$COLORS" ] && [ -e "/etc/DIR_COLORS.256color" ] && \
-  [ "x`tty -s && tput colors 2>/dev/null`" = "x256" ] && \
+  [ "x`/usr/bin/tty -s && /usr/bin/tput colors 2>/dev/null`" = "x256" ] && \
   COLORS="/etc/DIR_COLORS.256color"
 
   [ -z "$COLORS" ] && [ -e "/etc/DIR_COLORS" ] && \
@@ -34,20 +34,20 @@ if [ -z "$USER_LS_COLORS" ]; then
 
   if [ -e "$INCLUDE" ];
   then
-    TMP="`mktemp .colorlsXXX -q --tmpdir=/tmp`"
+    TMP="`/usr/bin/mktemp .colorlsXXX -q --tmpdir=/tmp`"
     [ -z "$TMP" ] && return
 
-    cat "$INCLUDE" >> $TMP
-    grep -v '^INCLUDE' "$COLORS" >> $TMP
+    /usr/bin/cat "$INCLUDE" >> $TMP
+    /usr/bin/grep -v '^INCLUDE' "$COLORS" >> $TMP
 
-    eval "`dircolors --sh $TMP 2>/dev/null`"
-    rm -f $TMP
+    eval "`/usr/bin/dircolors --sh $TMP 2>/dev/null`"
+    /usr/bin/rm -f $TMP
   else
-    eval "`dircolors --sh $COLORS 2>/dev/null`"
+    eval "`/usr/bin/dircolors --sh $COLORS 2>/dev/null`"
   fi
 
   [ -z "$LS_COLORS" ] && return
-  grep -qi "^COLOR.*none" $COLORS >/dev/null 2>/dev/null && return
+  /usr/bin/grep -qi "^COLOR.*none" $COLORS >/dev/null 2>/dev/null && return
 fi
 
 unset TMP COLORS INCLUDE

coreutils-i18n.patch

@@ -3047,8 +3047,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
 +  register int lo = 0, hi = MONTHS_PER_YEAR, result;
 +  char *tmp;
 +  size_t wclength, mblength;
-+  const char **pp;
-+  const wchar_t **wpp;
++  const char *pp;
++  const wchar_t *wpp;
 +  wchar_t *month_wcs;
 +  mbstate_t state;
 +
@@ -3061,17 +3061,19 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
 +  if (len == 0)
 +    return 0;
 +
-+  month = (char *) xmalloc (len + 1);
++  if (SIZE_MAX - len < 1)
++    xalloc_die ();
 +
-+  tmp = (char *) xmalloc (len + 1);
++  month = (char *) xnmalloc (len + 1, MB_CUR_MAX);
++
++  pp = tmp = (char *) xnmalloc (len + 1, MB_CUR_MAX);
 +  memcpy (tmp, s, len);
 +  tmp[len] = '\0';
-+  pp = (const char **)&tmp;
-+  month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
-+  memset (&state, '\0', sizeof(mbstate_t));
++  wpp = month_wcs = (wchar_t *) xnmalloc (len + 1, sizeof (wchar_t));
++  memset (&state, '\0', sizeof (mbstate_t));
 +
-+  wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
-+  if (wclength == (size_t)-1 || *pp != NULL)
++  wclength = mbsrtowcs (month_wcs, &pp, len + 1, &state);
++  if (wclength == (size_t)-1 || pp != NULL)
 +    error (SORT_FAILURE, 0, _("Invalid multibyte input %s."), quote(s));
 +
 +  for (i = 0; i < wclength; i++)
@@ -3084,10 +3086,8 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
 +        }
 +    }
 +
-+  wpp = (const wchar_t **)&month_wcs;
-+
-+  mblength = wcsrtombs (month, wpp, len + 1, &state);
-+  assert (mblength != (-1) && *wpp == NULL);
++  mblength = wcsrtombs (month, &wpp, (len + 1) * MB_CUR_MAX, &state);
++  assert (mblength != (-1) && wpp == NULL);
 +
 +  do
 +    {
@@ -3132,7 +3132,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
            else if (key->random)
              diff = compare_random (ta, tlena, tb, tlenb);
            else if (key->version)
-@@ -2695,6 +3135,209 @@ keycompare (struct line const *a, struct
+@@ -2695,6 +3135,211 @@ keycompare (struct line const *a, struct line const *b)
    return key->reverse ? -diff : diff;
  }
  
@@ -3245,8 +3245,10 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
 +
 +      if (ignore || translate)
 +        {
-+          char *copy_a = (char *) xmalloc (lena + 1 + lenb + 1);
-+          char *copy_b = copy_a + lena + 1;
++          if (SIZE_MAX - lenb - 2 < lena)
++            xalloc_die ();
++          char *copy_a = (char *) xnmalloc (lena + lenb + 2, MB_CUR_MAX);
++          char *copy_b = copy_a + lena * MB_CUR_MAX + 1;
 +          size_t new_len_a, new_len_b;
 +          size_t i, j;
 +
@@ -3342,7 +3344,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
  /* Compare two lines A and B, returning negative, zero, or positive
     depending on whether A compares less than, equal to, or greater than B. */
  
-@@ -2722,7 +3347,7 @@ compare (struct line const *a, struct li
+@@ -2722,7 +3367,7 @@ compare (struct line const *a, struct line const *b)
      diff = - NONZERO (blen);
    else if (blen == 0)
      diff = 1;
@@ -3351,7 +3353,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
      {
        /* Note xmemcoll0 is a performance enhancement as
           it will not unconditionally write '\0' after the
-@@ -4121,6 +4746,7 @@ set_ordering (char const *s, struct keyf
+@@ -4121,6 +4766,7 @@ set_ordering (char const *s, struct keyfield *key, enum blanktype blanktype)
            break;
          case 'f':
            key->translate = fold_toupper;
@@ -3359,7 +3361,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
            break;
          case 'g':
            key->general_numeric = true;
-@@ -4198,7 +4824,7 @@ main (int argc, char **argv)
+@@ -4198,7 +4844,7 @@ main (int argc, char **argv)
    initialize_exit_failure (SORT_FAILURE);
  
    hard_LC_COLLATE = hard_locale (LC_COLLATE);
@@ -3368,7 +3370,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
    hard_LC_TIME = hard_locale (LC_TIME);
  #endif
  
-@@ -4219,6 +4845,29 @@ main (int argc, char **argv)
+@@ -4219,6 +4865,29 @@ main (int argc, char **argv)
        thousands_sep = -1;
    }
  
@@ -3398,7 +3400,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
    have_read_stdin = false;
    inittables ();
  
-@@ -4493,13 +5142,34 @@ main (int argc, char **argv)
+@@ -4493,13 +5162,34 @@ main (int argc, char **argv)
  
          case 't':
            {
@@ -3437,7 +3439,7 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
                  else
                    {
                      /* Provoke with 'sort -txx'.  Complain about
-@@ -4510,9 +5180,12 @@ main (int argc, char **argv)
+@@ -4510,9 +5200,12 @@ main (int argc, char **argv)
                             quote (optarg));
                    }
                }
@@ -3452,6 +3454,66 @@ diff -urNp coreutils-8.23-orig/src/sort.c coreutils-8.23/src/sort.c
            }
            break;
  
+@@ -4682,10 +5375,10 @@ main (int argc, char **argv)
+ 
+   if (nfiles == 0)
+     {
+-      static char *minus = (char *) "-";
+       nfiles = 1;
+       free (files);
+-      files = &minus;
++      files = xmalloc (sizeof *files);
++      *files = (char *) "-";
+     }
+ 
+   /* Need to re-check that we meet the minimum requirement for memory
+@@ -4743,6 +5436,13 @@ main (int argc, char **argv)
+       sort (files, nfiles, outfile, nthreads);
+     }
+ 
++#ifdef lint
++  if (files_from)
++    readtokens0_free (&tok);
++  else
++    free (files);
++#endif
++
+   if (have_read_stdin && fclose (stdin) == EOF)
+     die (_("close failed"), "-");
+ 
+diff -urNp coreutils-8.23-orig/tests/i18n/sort.sh coreutils-8.23/tests/i18n/sort.sh
+--- coreutils-8.23-orig/tests/i18n/sort.sh	1970-01-01 01:00:00.000000000 +0100
++++ coreutils-8.23/tests/i18n/sort.sh	2014-07-22 13:45:52.733652016 +0200
+@@ -0,0 +1,29 @@
++#!/bin/sh
++# Verify sort's multi-byte support.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++
++export LC_ALL=en_US.UTF-8
++locale -k LC_CTYPE | grep -q "charmap.*UTF-8" \
++  || skip_ "No UTF-8 locale available"
++
++# Enable heap consistency checkng on older systems
++export MALLOC_CHECK_=2
++
++
++# check buffer overflow issue due to
++# expanding multi-byte representation due to case conversion
++# https://bugzilla.suse.com/show_bug.cgi?id=928749
++cat <<EOF > exp
++.
++ɑ
++EOF
++cat <<EOF | sort -f > out || fail=1
++.
++ɑ
++EOF
++compare exp out || { fail=1; cat out; }
++
++
++Exit $fail
 diff -urNp coreutils-8.23-orig/src/unexpand.c coreutils-8.23/src/unexpand.c
 --- coreutils-8.23-orig/src/unexpand.c	2014-07-11 13:00:07.000000000 +0200
 +++ coreutils-8.23/src/unexpand.c	2014-07-22 13:45:52.721651968 +0200
@@ -4099,11 +4161,12 @@ diff -urNp coreutils-8.23-orig/src/uniq.c coreutils-8.23/src/uniq.c
 diff -urNp coreutils-8.23-orig/tests/local.mk coreutils-8.23/tests/local.mk
 --- coreutils-8.23-orig/tests/local.mk	2014-07-22 13:45:10.494422571 +0200
 +++ coreutils-8.23/tests/local.mk	2014-07-22 13:45:52.726651988 +0200
-@@ -331,6 +331,7 @@ all_tests =					\
+@@ -331,6 +331,8 @@ all_tests =					\
    tests/misc/sort-discrim.sh			\
    tests/misc/sort-files0-from.pl		\
    tests/misc/sort-float.sh			\
 +  tests/misc/sort-mb-tests.sh			\
++  tests/i18n/sort.sh				\
    tests/misc/sort-merge.pl			\
    tests/misc/sort-merge-fdlimit.sh		\
    tests/misc/sort-month.sh			\

coreutils.spec

@@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.23
-Release: 8%{?dist}
+Release: 11%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -373,6 +373,18 @@ fi
 %{_sbindir}/chroot
 
 %changelog
+* Wed Sep 16 2015 Kamil Dudka <kdudka@redhat.com> - 8.23-11
+- fix memory leak in sort/I18N (patches written by Pádraig, #1259942)
+- use newer version of sort/I18N fix for CVE-2015-4041 and CVE-2015-4042
+- call utilities in colorls.* scripts with full path (#1222140)
+
+* Wed May 13 2015 Ondrej Oprala <ooprala@redhat.com> - 8.23-10
+- sort - fix buffer overflow in some case conversions
+  - patch by Pádraig Brady
+
+* Mon Apr 20 2015 Pádraig Brady <pbrady@redhat.com> - 8.23-9
+- Adjust LS_COLORS in 256 color mode; brighten some, remove hardlink colors (#1196642)
+
 * Sun Mar 22 2015 Peter Robinson <pbrobinson@fedoraproject.org> 8.23-8
 - Drop large ancient docs