The symlink handling in commit v8.21-172-g33660b4 was incomplete
in the case where there were symlinks in the mount list itself.
For example, in the case where /dev/mapper/fedora-home was in the
mount list and that in turn was a symlink to /dev/dm-2, we have:
before> df --out=source /dev/mapper/fedora-home
devtmpfs
after > df --out=source /dev/mapper/fedora-home
/dev/mapper/fedora-home
* src/df.c (get_disk): Compare canonicalized device names from
the mount list. Note we still display the non canonicalized name,
even if longer, as we assume that is the most representative.
* tests/df/df-symlink.sh: This could theoretically fail on some systems
depending on the content of the mount list, but adjust to fail on any
system where symlinks are present in the mount list for the current dir.
* src/df.c (filter_mountlist): Remove the constraint that
a '/' needs to be in the device name for a mount entry to
be considered for deduplication. Virtual file systems also
have storage associated with them (like tmpfs for example),
and thus need to be deduplicated since they will be shown
in the default df output and subject to --total processing also.
* test/df/skip-duplicates.sh: Add a test to ensure we deduplicate
all entries, even for virtual file systems. Also avoid possible
length operations on many remote file systems in the initial
check of df operation. Also avoid the assumption that "/root"
is on the same file system as "/".
* NEWS: Mention the change in behavior.
* src/shred.c (main): With the preceding change, shred -s-2 FILE
would write 64KB blocks forever -- or until disk full. This change
makes shred reject a negative size.
* tests/misc/shred-negative.sh: New file.
* tests/local.mk (all_tests): Add it.
* src/shred.c (main): Limit -n (number of passes) value to
ULONG_MAX, not to UINT32_MAX, since the vars are unsigned long.
Limit the -s (file size) value to OFF_T_MAX.
Problem reported by Don Baggett in <http:/bugs.gnu.org/17422>.
* NEWS:
* doc/coreutils.texi (dd invocation): Document this.
* src/dd.c (conversions): conv=ascii implies conv=unblock.
conv=ebcdic and conv=ibm imply conv=block.
(ascii_to_ebcdic, ebcdic_to_ascii): Correct to match
POSIX 1003.1-2013.
* tests/dd/ascii.sh: New file.
* tests/local.mk (all_tests): Add it.
* src/copy.c (copy_internal): Include the copy_attr() call for symlinks.
This should not dereference symlinks, since llistxattr() is used
in attr_copy_file() in libattr, and so should copy all but the filtered
extended attributes. Note we don't just move the copy_attr() call
before the set_owner() call, as that would break capabilities
for non symlinks.
* tests/cp/cp-mv-enotsup-xattr.sh: Add a test case.
* NEWS: Mention the bug fix.
Fixes http://bugs.gnu.org/16131
The devmsg() calls that took quote_n() arguments,
didn't normally output anything, but still incurred
the overhead of those quote_n() calls.
* src/numfmt.c (devmsg): Move the inline function
with _internal_ enablement check to...
* src/system.h: ...here as a variadic macro, with
the enablement check at the outer level.
* src/factor.c: As per numfmt.c but there is no
performance change in this case.
* NEWS: Mention the significant performance improvement.
* src/numfmt.c (setup_padding_buffer): Simplify the code by not
explicitly dealing with heap exhaustion.
(parse_format_string): Likewise. Handle multiple grouping
modifiers as does the standard printf. Handle the new leading
zero --format modifier.
(double_to_human): Use more defensive coding against overwriting
stack buffers. Honor the leading zeros width.
(usage): Mention the leading zero --format modifier.
(main): Allow --padding in combo with a --format (width),
as the number of leading zeros are useful independent of
the main field width.
* doc/coreutils.texi (numfmt invocation): Likewise.
* tests/misc/numfmt.pl: Add new test cases.
* NEWS: Mention the improvement.
* doc/coreutils.texi (pr invocation): Clarify that -w or -W
will be rounded down so that each column has the same width.
Adjust the wording for -W, to avoid the implication that the
width of -S is insignificant to the page width.
* src/pr.c (usage): Add a period to avoid ambiguity in
the man page output.
This issue was identified by running the test suite with
http://code.google.com/p/address-sanitizer/
which is included in GCC 4.8 and enabled with -fsanitize=address
This was checked on Fedora 20 with GCC 4.8 as follows:
$ yum install libasan # http://bugzilla.redhat.com/991003
$ rm -f src/ptx.o
$ make check AM_CFLAGS='-fsanitize=address' SUBDIRS=. VERBOSE=yes
$ failure identified in tests/test-suite.log
To see this particular failure triggered with multiple files:
$ src/ptx <(echo a) <(echo a) 2>&1 | asan_symbolize.py -d
=================================================================
==32178==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000e74f at pc 0x435442 bp 0x7fffe8a1b290 sp 0x7fffe8a1b288
READ of size 1 at 0x60200000e74f thread T0
#0 0x435441 in define_all_fields coreutils/src/ptx.c:1425
#1 0x7fa206d31d64 in __libc_start_main ??:?
#2 0x42f77c in _start ??:?
0x60200000e74f is located 1 bytes to the left of 3-byte region
[0x60200000e750,0x60200000e753) allocated by thread T0 here:
#0 0x421809 in realloc ??:?
#1 0x439b4e in fread_file coreutils/lib/read-file.c:97
Shadow bytes around the buggy address:
0x0c047fff9c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9ca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff9cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
=>0x0c047fff9ce0: fa fa 03 fa fa fa fd fd fa[fa]03 fa fa fa 00 00
0x0c047fff9cf0: fa fa 04 fa fa fa 04 fa fa fa fd fa fa fa fd fa
0x0c047fff9d00: fa fa 00 fa fa fa fd fa fa fa 00 fa fa fa 00 fa
0x0c047fff9d10: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff9d20: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c047fff9d30: fa fa fd fa fa fa 00 fa fa fa 00 fa fa fa 00 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==32178==ABORTING
The initial report and high level analysis were from Jim Meyering...
"The underlying problem is that swallow_file_in_memory()
is setting the contents of the global text_buffer for the first file,
then updating it (clobbering old value) for the second file.
Yet, some pointers to the initial buffer have been squirreled away
and later, one of them (keyafter) is presumed to point into
the new "text_buffer", which it does not. The subsequent
SKIP_WHITE_BACKWARDS use backs up "cursor" and goes out of bounds."
* src/ptx.c (text_buffers): Maintain references for the limits of each
buffer corresponding to each file, rather than just the last processed.
(struct OCCURS): Add a member to map back to the corresponding file.
Note normally this could be computed from the "reference" member
rather than needing the extra storage, however this is not possible
when in --references mode.
(find_occurs_in_text): Reference the array rather than a single entry.
(define_all_fields): Likewise. Also avoid computing the file index
since this is now stored directly.
(main): Update text_buffers[] array rather than a single text_buffer.
* tests/misc/ptx-overrun.sh: Even though this issue is already triggered
with AddressSanitizer, add a new case to demonstrate the whitespace
trimming issue, and to trigger without AddressSanitizer.
Fixes https://bugs.gnu.org/16171
mach-color was replaced by mach-gnu-color in Hurd in 2012.
mach-color is left for compatibility and corresponding
definitions for mach-color are still found in ncurses.
* src/dircolors.hin: Add hurd and mach-gnu-color.
--colors controls whether to output colors depending on
whether we're connected to a terminal or not, while this
change gives control over which terminals we output colors to.
* NEWS: Mention the change in behavior.
* src/ls.c (known_term_type): A new function to search the static
list from dircolors.h
(parse_ls_colors): Honor the TERM when both LS_COLORS and COLORTERM
are non empty.
* tests/ls/color-term.sh: A new test.
* tests/local.mk: Reference the new test.
Fixes http://bugs.gnu.org/15992
* src/remove.c (prompt): Explain where the difficulty with translating
these two strings resides, and suggest an alternative: the one that
Paul Eggert first proposed back in 2002, which seems fully resistant.
* src/ln.c (do_link): It's not obvious that record_file() is a noop
in the symlink case (in that case dest_set is NULL and so ignored).
So to make it obvious, and to avoid false positives seen in coverity,
add the explicit condition here.
* doc/coreutils.texi (shred invocation): Mention some reasons
why clearing slack space might be useful.
* src/shred.c (do_wipefd): Add initial writes for each pass
for small regular files in case the storage for those is
in the inode, and thus a larger write up to a block size would
bypass that. Move the direct I/O control to...
(dopass): ... here so we can avoid enabling it for these small
initial writes. It's better to retry direct I/O for each pass
anyway to handle the case where direct I/O is disabled for only
the last portion of a file when the size is not a multiple of
the block size. Note we don't avoid the sync for the initial
write as it will be small but more importantly could be on a
different part of the disk and so worth doing independently
to ensure the write is not discarded.
* tests/misc/shred-exact.sh: Check some more direct I/O cases.
* NEWS: Mention the improvements.
The inode storage issue was mentioned by Paul Eggert.
* src/shred.c (do_wipefd): Don't increase the size written
for an empty file up to a full block. Also increase the size
to OFF_T_MAX in the edge case where we do overflow.
* NEWS: Mention the shred improvements from recent changes.
* tests/misc/shred-passes.sh: Adjust as we no longer
write a BLKSIZE of data for empty files.
* src/copy.c (copy_internal): Replace dev_t arg DEVICE with struct
stat pointer arg PARENT. All callers changed. This removes an
unwarranted assumption that dev_t values of 0 cannot occur in file
systems. See: http://bugs.gnu.org/17179
See: http://bugs.gnu.org/17149
* src/shred.c [__linux__]: Include <sys/mtio.h>.
(dorewind): New function, which works around the lseek problem with
tape drives on GNU/Linux, the same way that dd does.
(dopass): Use it. New arg ST, needed for dorewind. All uses changed.
(do_wipefd): Don't rely on undefined behavior on integer overflow
of file sizes. Use INT_ADD_OVERFLOW instead.
This removes an unportable assumption that if lseek succeeds, the
file is capable of seeking. See: http://bugs.gnu.org/17145
* src/head.c (elseek): New function, for consistency in reporting
lseek failures.
(elide_tail_bytes_file, elide_tail_lines_seekable)
(elide_tail_lines_file, head_lines, head): Use it.
(elide_tail_bytes_file, elide_tail_lines_file):
New args CURRENT_POS and SIZE. All uses changed. Don't bother
invoking lseek, since we know the file's pos and size now.
(elide_tail_bytes_file): Change a local from uintmax_t to off_t,
since it fits.
(head): Use lseek only on regular files, since its behavior on
unseekable devices is implementation-defined.
* NEWS: Document this.
* src/copy.c (overwrite_ok): Fix the gettext calls so
that the second string is tagged for translation.
Display the correct "replace ..." prompt when in move_mode.
* tests/mv/i-3.sh: Display the output on failure to ease debugging.
* src/ptx.c (main): Add a 'break' after the --format handling case.
Otherwise it would fall through into the usage case.
* tests/misc/ptx.pl: Add test cases for --format=tex and --format=roff.
* NEWS (Bug fixes): Mention the fix.
Bug introduced in 1999-04-04 commit, SH-UTILS-1_16f-269-gd815c15.
Spotted by coverity (MISSING_BREAK).
* src/copy.c (overwrite_ok): Rename from overwrite_prompt. Invoke
yesno instead of having the caller do it; that's cleaner. Return
bool, not void. All callers changed.
* src/copy.c (overwrite_prompt): New arg X. All callers changed.
Use X to improve the quality of the prompt (Bug#17087).
* tests/mv/i-2.sh, tests/mv/i-3.sh: Change test to match new prompt.
Input buffering is best avoided because it introduces
delayed processing of output for intermittent input,
especially when the output size is less than that of
the input buffer. This is significant when output
is being further processed which could happen if split
is writing to precreated fifos, or through --filter.
If input is arriving quickly from a pipe then this will
already be buffered before we read it, so fast arriving
input shouldn't be a performance issue.
* src/split.c (lines_split, lines_bytes_split, bytes_split,
lines_chunk_split, bytes_chunk_extract): s/full_read/safe_read/.
* THANKS.in: Mention the reporter.
* NEWS: Mention the improvement.
* src/chroot.c (setgroups): Change this replacement to
fail when called so that platforms like Interix without support for
supplemental groups don't silently ignore a --groups option.
For files with "special" bits set, we would stat the relative
file name in the wrong directory, giving an erroneous ENOENT diagnostic.
This issue was introduced with commit v5.92-653-gc1994c1
which changed fts to not change directory on traversal.
* src/chmod.c (mode_changed): Use fts->fts_cwd_fd with fstatat rather
than stat. All callers changed.
* tests/chmod/c-option.sh: Add a test case.
* NEWS: Mention the fix.
Fixes http://bugs.gnu.org/17035
Problem reported by Rich Burridge.
* src/stat.c [HAVE_GETATTRAT]: Include <attr.h>, <sys/nvpair.h>.
(print_statfs, print_stat, print_it):
Pass fd, too, for the benefit of get_birthtime.
All uses changed.
(get_birthtime): New function, for porting to Solaris 11.
(print_stat): Use it.
* configure.ac (getattrat, LIB_NVPAIR): New checks.
* src/local.mk (src_stat_LDADD): Add $(LIB_NVPAIR).
Prior to this change, "ln -sr '' F" would segfault, attempting
to read path2[1] in relpath.c's path_common_prefix function.
This problem arises whenever canonicalize_filename_mode returns
NULL.
* src/ln.c (convert_abs_rel): Call relpath only when
both canonicalize_filename_mode calls return non-NULL.
* tests/ln/relative.sh: Add a test to trigger this failure.
* THANKS.in: List reporter's name/address.
* NEWS (Bug fixes): Mention it.
Reported by Erik Bernstein in 739752@bugs.debian.org.
Fixes http://bugs.gnu.org/17010.
- Support arbitrary numbers in --groups, consistent with
what is already done for --userspec
- Avoid look-ups entirely for --groups items with a leading '+'
- Support names that are actually numbers in --groups
- Ignore an empty --groups="" option for consistency with --userspec
- Look up both inside and outside the chroot with inside taking
precedence. The look-up outside may load required libraries
to complete the look-up inside the chroot. This can happen for
example with a 32 bit chroot on a 64 bit system, where the
32 bit NSS plugins within the chroot fail to load.
* src/chroot.c (parse_additional_groups): A new function refactored
from set_addition_groups(), to just do the parsing. The actual
setgroups() call is separated out for calling from the chroot later.
(main): Call parse_user_spec() and parse_additional_groups()
both outside and inside the chroot for the reasons outlined above.
* tests/misc/chroot-credentials.sh: Ensure arbitrary numeric IDs
can be specified without causing look-up errors.
* NEWS: Mention the improvements.
* THANKS.in: Add Norihiro Kamae who initially reported the issue
with a proposed patch.
Also thanks to Dmitry V. Levin for his diagnosis and sample patch.
* src/df.c (usage): Adjust the --human and --si descriptions
to not depend on each other. Also include an example that is
illustrative of the rounding, suffix, width, and localized fractions.
* src/system.h (emit_size_note). Adjust so that it's obvious the
description is pertaining to the input SIZE argument, and not
to any sizes that might be output by df for example.
Fixes http://bugs.gnu.org/16922
* src/shuf.c (main): s/No/no/, introduced by commit v8.22-25-g9f60f37.
* NEWS: Also adjust the NEWS for that recent commit to make it
clear this was new bug rather than a regression.
Prompted by the syntax-check rule sc_error_message_uppercase
Problem reported by valiant xiao in <http://bugs.gnu.org/16855>.
* NEWS: Document this.
* src/shuf.c (main): With -r, report an error if the input is empty.
* tests/misc/shuf.sh: Test for the bug.
* src/copy.c (copy_reg): If linkat() is available it doesn't
matter about the gnulib emulation provided, and thus the
LINK_FOLLOWS_SYMLINKS should not have significance here.
This was noticed on FreeBSD and the consequence is that
cp --link will create hardlinks to symlinks there, rather
than emulating with symlinks to symlinks.
* tests/cp/link-deref.sh: Adjust the checks to cater
for all cases where hardlinks to symlinks are supported.
If we can't output more data, we should immediately
diagnose the issue and exit rather than consuming all
of input (in some cases).
* src/tail.c (xwrite_stdout): Also diagnose the case where
only some data is written. Also clearerr() to avoid the
redundant less specific error from atexit (close_stdout);
* src/head.c (xwrite_stdout): Copy this new function from tail,
and use it to write all output.
* tests/misc/head-write-error.sh: A new test to ensure we
exit immediately on write error.
* tests/local.mk: Reference the new test.
* src/head.c (elide_tail_lines_pipe): Just output all input in
this case to avoid the issue and also avoid redundant '\n' processing.
(elide_tail_lines_seekable): Likewise.
* tests/misc/head-elide-tail.pl: Add tests for no '\n' at EOF.
* NEWS: Mention the fix.
Fixes http://bugs.gnu.org/16329
* src/od.c (main): Handle the new --endian option,
taking "little" and "big" as parameters.
(usage): Describe the new option.
(PRINT_FIELDS): Adjust to swap bytes if required.
* tests/misc/od-endian.sh: A new test to verify
the byte swapping operations for hex (ints) and floats
for all sizes between 1 and 16 inclusive.
* test/local.mk: Reference the new test.
* doc/coreutils.texi (od invocation): Describe the new option.
* NEWS: Mention the new feature.
* src/ls.c: Remove all mention of SELinux since ls
should treat all security context labels equally.
* doc/coreutils.texi (ls invocation): Likewise.
(id invocation): Clarify that -Z outputs the context
inherited by the process, rather than one specific to a user.
Note for SMACK this can be set instead by the SMACK64EXEC label,
in the unusual case where this is set on the id executable.
* src/id.c (usage): Likewise.
* src/mkdir.c (usage): Clarify that -Z is specific to SELinux,
while --context=CTX is also supported for SMACK.
* src/mkfifo.c (usage): Likewise.
* src/mknod.c (usage): Likewise.
* src/ln.c (errno_nonexisting): A new function to determine if
the errno implies that a file doesn't or can't (currently) exist.
(target_directory_operand): Use the new function to expand the
set of errors we handle.
* tests/ln/sf-1.sh: Add test cases for the newly handled errors.
* THANKS.in: Mention the reporter.
* NEWS: Mention the bug fix.
* src/selinux.c (restorecon_private): On ArchLinux the
`fakeroot cp -a file1 file2` command segfaulted due
to getfscreatecon() returning a NULL context.
So map this to the sometimes ignored ENODATA error,
rather than crashing.
* tests/cp/no-ctx.sh: Add a new test case.
* tests/local.mk: Reference the new test.
* NEWS: Mention the fix.
Fixes http://bugs.gnu.org/16335
Pádraig Brady
Jim Meyering
Paul Eggert
Assaf Gordon
David Michael
Guilherme de Almeida Suckevicz
Benno Schulenberg
Bernhard Voelker
Dylan Simon
Алексей Шилин
John
Niels Möller
Chengwei Yang
Nicolas Iooss