* src/head.c (head): Optimize for -n-HUGE, where HUGE exceeds
2**64 - 2.
(string_to_integer): Return UINTMAX_MAX for too-large numbers,
instead of failing.
(main): Omit no-lnger-necessary test for byte count overflow.
Problem reported by Daniel Carpenter <https://bugs.gnu.org/72445>.
* gl/lib/randread.c (randread_new): Fill the ISAAC buffer
instead of storing at most BYTES_BOUND bytes into it.
* src/stat.c (human_fstype): Rename "FUSEBLK" to "FUSE" to sync with
kernel adjustments. Add "bcachefs", and "pidfs". Both are local,
with the latter being similar to "proc" which is also local.
* NEWS: Mention the change in behavior, and the improvement.
Similarly to commit v9.4-143-gfcfba90d0,
and enabled for AVX by commit v9.5-25-g0e4450103.
This was seen to improve AVX performance by about 10%
on an AMD 7800X3D (Ryzen 7 (2023)) CPU,
while having neutral AVX performance,
on an Intel i7-5600U (Broadwell-U (2015)) CPU.
With avx not enabled, this gives about a 3% performance boost,
on an Intel i7-5600U.
* src/wc.c: Use the centrally configured optimum buffer size.
* src/wc_avx2.c: Likewise.
* NEWS: Mention the change in performance.
* src/cp.c: Add the entries for the --update=none-fail option.
* tests/mv/update.sh: Add a test case.
* NEWS: Mention the bug fix.
Fixes https://bugs.gnu.org/70727
Problem reported by Ionut Nicula in:
https://bugs.gnu.org/70477
* src/tail.c (tail_bytes): Do not loop forever on commands
like 'tail -c 4096 /dev/zero'.
* tests/tail/tail-c.sh: Test this fix.
This issue was introduced in commit v8.19-145-g24ebca6
* src/copy.c (copy_internal): On systems that don't support ACLs,
the fallback default chmod done on directories should maintain
the set-group-ID, as that's generally auto-set by the system.
* NEWS: Mention the fix.
Reported by Bruno Haible on Alpine (with tests/cp/preserve-mode.sh)
Using the shell's exec -a feature can be awkward
so add support for setting overriding argv[0].
This gives env full control over the arguments it passes.
* src/env.c: Accept -a,--argv0 and set argv[0] appropriately.
* tests/env/env.sh: Add test cases.
* doc/coreutils.texi (env invocation): Describe -a,--argv0.
* NEWS: Mention the new feature.
* src/copy.h (struct cp_options): New member 'exchange'.
* src/copy.c (copy_internal): Support the new member.
* src/mv.c (EXCHANGE_OPTION): New constant.
(long_options): Add --exchange.
(usage): Document --exchange.
(main): Support --exchange.
* tests/mv/mv-exchange.sh: New test case.
* tests/local.mk (all_tests): Add it.
This is an issue with -[H]R mode, where an attacker
may replace a traversed file with a symlink
between where we stat() the file and chmod() the file.
* src/chmod.c (process_file): Remove the first !S_ISLNK guard
as that's now just an optimization, and instead consistently
apply fchmodat() to files/symlinks. Ensure AT_SYMLINK_NOFOLLOW
is set when traversing in default (-H) mode.
* NEWS: Mention the bug fix.
Fixes https://bugs.gnu.org/11108
There have been various requests to add -h to avoid following symlinks
for security reasons. This wasn't provided previously as chmod(1)
already ignored symlinks unless specified on the command line.
Note chmod defaults to -H mode rather than the chown default of -P,
as usually chown can work directly on symlinks and so defaults
to not traversing those specified on the command line.
Note FreeBSD chmod does default to -P mode, but we retain the -H mode
default also for compatibility with existing chmod behavior.
Adding -HLP will allow chmod to disable traversing CLI symlinks to dirs.
Adding -h will allow to disable following CLI symlinks to files/dirs,
also operating on all symlinks on systems that support that.
Adding --dereference will be significant with -H (the default). I.e.
symlinks to dirs not recursed, but symlinks are dereferenced.
Adding these options will also be consistent with chown(1), chgrp(1),
and chmod(1) on other systems.
Note since chmod(1) currently ignores symlinks by default,
and -h is primarily a mechanism to avoid following symlinks, rather than
for operating on the symlink itself, we make -h try to chmod a symlink,
but ignore ENOTSUP. In that way we're consistent with chown(1)
where it also ignores ENOTSUP for symlinks, and we don't fail when
trying to be extra secure with command line params.
* doc/coreutils.texi (chmod invocation): Reference the -H,-L,-P
descriptions, and adjust the corresponding macros to say
the default is -H or -P as appropriate.
Add --dereference and -h,--no-dereference descriptions.
* man/chmod.x: Adjust discussion of symlink handling.
* src/chmod.c (main): Accept new options and set
fts flags appropriately.
(process_file): Process / dereference symlinks as necessary.
* src/system.h (emit_symlink_recurse_options): A new function
refactored from chown.c and chmod.c usage().
* tests/chmod/symlinks.sh: New test for the new options.
* tests/local.mk: Reference the new test.
* NEWS: Mention the new feature.
Behave like who(1) in requiring --lookup to enable this
often slow feature. pinky(1) is supposed to be lightweight after all.
* doc/coreutils.texi (who invocation): Adjust the description to no
longer reference dialup, and be more general about the still significant
delays.
(pinky invocation): Reference the same --lookup description.
* src/pinky.c (main): Accept --lookup to enable DNS lookups.
* NEWS: Mention the change in behavior.
Fixes https://bugs.debian.org/628815
Some signals with values less that the max signal number for the system
do not have defined names. For example, currently on amd64 Linux,
signals 32 and 33 do not have defined names, and Android has a wider
gap of undefined names where it reserves some realtime signals.
Previously the signal listing in env ended up reusing the name
of the last printed valid signal (the repeated HUP below):
$ env --list-signal-handling true
HUP ( 1): IGNORE
HUP (32): BLOCK
HUP (38): IGNORE
..and the corresponding signal numbers were rejected as operands for the
env, kill, and timeout commands.
This patch removes the requirement that sig2str returns 0 for a signal
number associated with an operand. This allows unnamed signals to be in
the sets `env' attempts to manipulate when a --*-signal option is used
with no argument, and kill(1) and timeout(1) to send such unnamed
signals.
* src/operand2sig.c (operand2sig): Drop signame argument, accept all
signal numbers <= SIGNUM_BOUND. All callers updated.
* src/env.c (parse_signal_action_params, reset_signal_handlers)
(parse_block_signal_params, set_signal_proc_mask)
(list_signal_handling): Accept all signal numbers <= SIGNUM_BOUND,
use SIG%d for printing if necessary.
* src/kill.c (list_signals, main): Likewise.
(send_signals): Check errno from kill(3) for bad signo.
* src/timeout.c (main): Update operand2sig call.
* tests/misc/kill.sh: Test listing all signal numbers.
* NEWS: Mention the improvement.
* src/timeout.c (main): Block cleanup signals earlier so that cleanup()
is not runnable until monitored_pid is in a deterministic state.
This ensures we always send a termination signal to the child
once it's forked.
* NEWS: Mention the bug fix.
Reported at https://github.com/coreutils/coreutils/issues/82
* src/timeout.c (cleanup): Handle the case where monitored_pid
might be -1, which could happen if a signal was received
immediately after a failed fork() call. In that case it would
send the termination signal to all processes that the timeout
process has permission to send signals too.
* NEWS: Mention the bug fix.
Since this functionality is recently available
in the exch(1) utility from util-linux,
it was thought best not to complicate mv with it.
This reverts commit 6cd2d5e533
renameat2() syscall allows atomically swapping 2 paths on one
file system. Expose this ability to the user with --swap.
* doc/coreutils.texi: Describe mv --swap option.
* src/mv.c (main): Support --swap.
* tests/mv/mv-swap.sh: Add test for mv -x.
* tests/local.mk: Reference new test.
* NEWS: Mention the new option.
* src/ioblksize.h: Add updated test results and
increase value from 128KiB to 256KiB, which was last
updated 10 years ago.
* NEWS: Mention the improvement.
* src/mktemp.c (main): When --suffix is specified, TEMPLATE
points to the meraged buffer DEST_NAME. As X's in the suffix are
not significant to the generated random characters, the diagnostic
for too few X's should only refer to the template portion.
* tests/misc/mktemp.pl: Adjust accordingly.
* NEWS: Mention the bug fix.
* src/cp.c (main): Add support for --update=none-fail to provide the
functionality of diagnosing files in the destination,
and exiting with failure status.
(usage): Mark -n as deprecated.
* src/mv.c: Likewise.
* src/copy.h: Add UPDATE_NONE_FAIL definition.
* src/system.h (emit_update_parameters_note): Add --update=none-fail
description.
* doc/coreutils.texi (cp invocation): Likewise.
Also mention why -n is deprecated.
* tests/mv/update.sh: Add a test case, including precedence
with -n and other --update options.
* tests/cp/cp-i.sh: Verify that --backup and --update=none{,-fail}
are mutually exclusive.
* tests/mv/mv-n.sh: Likewise.
* NEWS: Mention the new feature.
Addresses https://bugs.gnu.org/62572
When recursively copying files into OS trees, it often happens that
some subdirectory of the source directory is a symlink in the target
directory. Currently, cp will fail in that scenario with the error:
"cannot overwrite non-directory %s with directory %s"
However, we'd like cp in this scenario to follow the destination
directory symlink and copy the files into the symlinked directory
instead. Let's support this by adding a new option
--keep-directory-symlink that makes cp follow destination directory
symlinks.
We name the option --keep-directory-symlink to keep consistent with
tar which has the same option with the same effect.
* doc/coreutils.texi (cp invocation): Describe the new option.
* src/copy.h: Add the new setting.
* src/copy.h: Adjust to follow symlinks if setting enabled.
* src/cp.c (usage): Describe the new option.
(main): Accept the new option.
* tests/cp/keep-directory-symlink.sh: A new test.
* tests/local.mk: Reference the new test.
* NEWS: Mention the new feature.
This was introduced in coreutils 9.2 through commit v9.1-184-g40bf1591b,
and was fixed in coreutils 9.5 through commit v9.4-111-gc4c5ed8f4.
This issue has been assigned CVE-2024-0684.
* NEWS: Mention the bug fix.
* tests/split/line-bytes.sh: Add a test case.
Reported by Valentin Metz.
Update to latest gnulib with new copyright year.
Run "make update-copyright" and then...
* gnulib: Update included in this commit as copyright years
are the only change from the previous gnulib commit.
* tests/init.sh: Sync with gnulib to pick up copyright year.
* bootstrap: Manually update copyright year,
until we fully sync with gnulib at a later stage.
* tests/sample-test: Adjust to use the single most recent year.
* gl/lib/strnumcmp-in.h (numcompare): After commit v9.0-8-g6cafb122f,
we need to treat characters as signed to avoid invalid comparisons
between negative integers and unsigned characters.
* NEWS: Mention the bug fix.
Do not perform SELinux context translation for operations not involving
user input or output. Context translation converts MCS/MLS labels into
human readable form, which is useful for user facing applications like
ls(1) or the --context=CTX argument of cp(1).
* src/copy.c (set_process_security_ctx): Use raw selinux variants.
* src/install.c (need_copy): Likewise.
(setdefaultfilecon): Likewise.
* src/selinux.c (computecon): Likewise.
(defaultcon): Likewise.
* tests/cp/no-ctx.sh: Add raw variants to preload lib.
* NEWS: Mention the improvement.
* doc/coreutils.texi (chown invocation): Convert --from option
description to a macro and call from ...
(chgrp description): ... here.
* src/chown-core.h (emit_from_option_description): A new function
refactored from ...
* src/chown.c (usage): ... here, and called from ...
* src/chgrp.c (usage): ... here.
(main): Accept the --from option as chown(1) does.
* po/POTFILES.in: Add chown-core.h as now translated.
* tests/chown/basic.sh: Decouple the root user from id 0.
* tests/chgrp/from.sh: A new test largely based on chown/basic.sh.
* tests/local.mk: Reference the new test.
* NEWS: Mention the new feature.
Suggested by Ed Neville.
* src/tail.c (file_lines): Ensure we use a buffer size >= PAGE_SIZE when
searching backwards to avoid seeking within a file,
which on sysfs files is accepted but also returns no data.
* tests/tail/tail-sysfs.sh: Add a new test.
* tests/local.mk: Reference the new test.
* NEWS: Mention the bug fix.
Fixes https://bugs.gnu.org/67490
For consistency with the "SI" standard, and with other coreutils
which output a lowercase 'k' in "SI" mode.
* src/numfmt.c (suffix_power): Treat 'k' like 'K' on input.
(double_to_human): Output lowercase 'k' in SI mode.
(usage): Adjust accordingly.
* doc/coreutils.texi: Mention 'k' accepted, and printed in SI mode.
* tests/misc/numfmt.pl: Adjust accordingly.
* NEWS: Mention the change in behavior.
Fixes https://bugs.gnu.org/47103
* NEWS: Mention this.
* bootstrap.conf (gnulib_modules): Remove cu-ctype, as this module
is now more trouble than it’s worth. All uses removed.
Add skipchars.
* gl/lib/cu-ctype.c, gl/lib/cu-ctype.h, gl/modules/cu-ctype:
Remove.
* gl/lib/skipchars.c, gl/lib/skipchars.h, gl/modules/skipchars:
* tests/misc/join-utf8.sh:
New files.
* src/join.c: Include skipchars.h and mcel.h instead of cu-ctype.h.
(tab): Now mcel_t, not int. All uses changed.
(output_separator, output_seplen): New static vars.
(eq_tab, newline_or_blank, comma_or_blank): New functions.
(xfields, prfields, prjoin, add_field_list, main):
Support multi-byte characters.
* src/numfmt.c: Include ctype.h, skipchars.h.
Do not include cu-ctype.h.
(newline_or_blank): New function.
(next_field): Support multi-byte characters.
* src/sort.c: Include ctype.h instead of cu-ctype.h.
(inittables): Open-code field_sep since it no longer exists.
‘sort’ is not multi-byte safe yet, but when it is this code
will need revamping anyway.
* src/uniq.c: Include mcel.h and skipchars.h instead of cu-ctype.h.
(newline_or_blank): New function.
(find_field): Support multi-byte characters.
* tests/local.mk (all_tests): Add tests/misc/join-utf8.sh
This will make decoding more resilient to corruption
whether due to transmission errors or nefarious adjustment.
See https://eprint.iacr.org/2022/361.pdf
* gnulib: Update to commit 3f463202bd enforcing canonical encoding.
* tests/basenc/base64.pl: Add test cases, and adjust existing cases.
* NEWS: Mention the change in behavior.
* src/basenc.c (base16_decode_ctx): Convert to uppercase
before converting from hex.
* tests/basenc/basenc.pl: Add a test case.
* NEWS: Mention the change in behavior.
Addresses https://bugs.gnu.org/66698
Padding of encoded data is useful in cases where
base64 encoded data is concatenated / streamed.
I.e. where there are padding chars _within_ the stream.
In other cases padding is optional and can be inferred.
Note we continue to treat partial padding as invalid,
as that would be indicative of truncation.
* src/basenc.c (do_decode): Auto pad the end of the input.
* NEWS: Mention the change in behavior.
* tests/misc/base64.pl: Adjust to not fail for missing padding.
Addresses https://bugs.gnu.org/66265
The 3× speedup was measured by invoking 'wc $(find * -type f)'
on the coreutils sources etc. on an Ubuntu 23.04 x86-64.
These changes also speed up wc 20% in UTF-8 locales.
* src/wc.c (wc_isprint, wc_isspace): New static vars.
(wc): Use them for speed.
(main): Initialize them if needed.
(isnbspace): Remove; no longer used.
* bootstrap.conf (gnulib_modules): Remove c32isprint.
* src/wc.c (wc): Consider all non-white-space characters
to be word constituents, even if they are not printable.
POSIX requires this, and it is what BSD does.
Partly do this by simplifying the check for a word,
by counting word starts rather than word ends.
* tests/wc/wc.pl: Test for the bug.
tail can watch multiple files, but currently only a single writer. It
can be useful to watch files from multiple writers, or even processes
not directly related to the files (e.g. watch log files written by a
server process, for the duration of a test driven by a separate
client).
* src/tail.c (writers_are_dead): New function.
(tail_forever): Use it to wait for writers.
(tail_forever_inotify): As above.
(parse_options): Manage --pid options in an array.
* doc/coreutils.texi: Update documentation.
* tests/tail/pid.sh: Add a variant with two PIDs.
* News: Mention the new feature.
Currently --dired is silently ignored
with conflicting output formats
* src/ls.c (decode_switches): Set default format and hyperlink mode
when the --dired option is specified.
* tests/ls/dired.sh: Check that formats are implied / overridden.
* NEWS: Mention the change in behavior.
* doc/coreutils.texi (ls invocation): Adjust --dired description.
This bug occurs only when temporarily setting the mode to the
intersection of old and new modes when changing ownership.
* src/copy.c (owner_failure_ok): Treat EACCES like EPERM.
