diff options
author | Eric Blake <eblake@redhat.com> | 2013-01-26 13:41:31 -0700 |
---|---|---|
committer | Eric Blake <eblake@redhat.com> | 2013-02-01 09:24:00 -0700 |
commit | d09949e29386c38443c82a2231240cc1e3954a5d (patch) | |
tree | 5d3f52dc41ffe65aaf12dbf47b0e73490dd64498 /bootstrap | |
parent | 52b1fd2582aaf579cbd2c880ac61ed93823a5c2c (diff) | |
download | libvirt-d09949e29386c38443c82a2231240cc1e3954a5d.tar.gz |
maint: update to latest gnulib
CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
that runs a regex search on user input while in a multibyte locale.
I'm not sure how hard it would be to trigger such a setup for
libvirtd, but rather than risk things, we can avoid the issue:
gnulib has worked around the problem, and by updating to the latest
gnulib, we can avoid the bug even on platforms where glibc has yet
to be patched.
* .gnulib: Update to latest, for various fixes, including regex.
* bootstrap: Resync from upstream.
Diffstat (limited to 'bootstrap')
-rwxr-xr-x | bootstrap | 44 |
1 files changed, 22 insertions, 22 deletions
@@ -1,6 +1,6 @@ #! /bin/sh # Print a version string. -scriptversion=2012-12-28.10; # UTC +scriptversion=2013-01-20.16; # UTC # Bootstrap this package from checked-out sources. @@ -306,34 +306,34 @@ if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then die "Bootstrapping from a non-checked-out distribution is risky." fi -# Ensure that lines starting with ! sort last, per gitignore conventions -# for whitelisting exceptions after a more generic blacklist pattern. -sort_patterns() { - sort -u "$@" | sed '/^!/ { - H - d - } - $ { - P - x - s/^\n// - }' | sed '/^$/d' +# Strip blank and comment lines to leave significant entries. +gitignore_entries() { + sed '/^#/d; /^$/d' "$@" } -# If $STR is not already on a line by itself in $FILE, insert it, -# sorting the new contents of the file and replacing $FILE with the result. -insert_sorted_if_absent() { +# If $STR is not already on a line by itself in $FILE, insert it at the start. +# Entries are inserted at the start of the ignore list to ensure existing +# entries starting with ! are not overridden. Such entries support +# whitelisting exceptions after a more generic blacklist pattern. +insert_if_absent() { file=$1 str=$2 test -f $file || touch $file - echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \ - || { echo "$str" | sort_patterns - $file > $file.bak \ - && mv $file.bak $file; } \ - || die "insert_sorted_if_absent $file $str: failed" + test -r $file || die "Error: failed to read ignore file: $file" + duplicate_entries=$(gitignore_entries $file | sort | uniq -d) + if [ "$duplicate_entries" ] ; then + die "Error: Duplicate entries in $file: " $duplicate_entries + fi + linesold=$(gitignore_entries $file | wc -l) + linesnew=$(echo "$str" | gitignore_entries - $file | sort -u | wc -l) + if [ $linesold != $linesnew ] ; then + { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \ + || die "insert_if_absent $file $str: failed" + fi } # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with -# insert_sorted_if_absent. +# insert_if_absent. insert_vc_ignore() { vc_ignore_file="$1" pattern="$2" @@ -344,7 +344,7 @@ insert_vc_ignore() { # .gitignore entry. pattern=$(echo "$pattern" | sed s,^,/,);; esac - insert_sorted_if_absent "$vc_ignore_file" "$pattern" + insert_if_absent "$vc_ignore_file" "$pattern" } # Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac. |