Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package coreutils for openSUSE:Factory checked in at 2024-04-04 22:23:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/coreutils (Old) and /work/SRC/openSUSE:Factory/.coreutils.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "coreutils" Thu Apr 4 22:23:59 2024 rev:157 rq:1164165 version:9.5 Changes: -------- --- /work/SRC/openSUSE:Factory/coreutils/coreutils.changes 2024-03-03 20:18:09.475305147 +0100 +++ /work/SRC/openSUSE:Factory/.coreutils.new.1905/coreutils.changes 2024-04-04 22:24:00.774350200 +0200 @@ -1,0 +2,108 @@ +Mon Apr 1 18:07:16 UTC 2024 - Bernhard Voelker <[email protected]> + +- Update to 9.5: + Bug fixes: + * chmod -R now avoids a race where an attacker may replace a traversed file + with a symlink, causing chmod to operate on an unintended file. + [This bug was present in "the beginning".] + * cp, mv, and install no longer issue spurious diagnostics like "failed + to preserve ownership" when copying to GNU/Linux CIFS file systems. + They do this by working around some Linux CIFS bugs. + * cp --no-preserve=mode will correctly maintain set-group-ID bits + for created directories. Previously on systems that didn't support ACLs, + cp would have reset the set-group-ID bit on created directories. + [bug introduced in coreutils-8.20] + * join and uniq now support multi-byte characters better. + For example, 'join -tX' now works even if X is a multi-byte character, + and both programs now treat multi-byte characters like U+3000 + IDEOGRAPHIC SPACE as blanks if the current locale treats them so. + * numfmt options like --suffix no longer have an arbitrary 127-byte limit. + [bug introduced with numfmt in coreutils-8.21] + * mktemp with --suffix now better diagnoses templates with too few X's. + Previously it conflated the insignificant --suffix in the error. + [bug introduced in coreutils-8.1] + * sort again handles thousands grouping characters in single-byte locales + where the grouping character is greater than CHAR_MAX. For e.g. signed + character platforms with a 0xA0 (aka  ) grouping character. + [bug introduced in coreutils-9.1] + * split --line-bytes with a mixture of very long and short lines + no longer overwrites the heap (CVE-2024-0684). + [bug introduced in coreutils-9.2] + * tail no longer mishandles input from files in /proc and /sys file systems, + on systems with a page size larger than the stdio BUFSIZ. + [This bug was present in "the beginning".] + * timeout avoids a narrow race condition, where it might kill arbitrary + processes after a failed process fork. + [bug introduced with timeout in coreutils-7.0] + * timeout avoids a narrow race condition, where it might fail to + kill monitored processes immediately after forking them. + [bug introduced with timeout in coreutils-7.0] + * wc no longer fails to count unprintable characters as parts of words. + [bug introduced in textutils-2.1] + Changes in behavior: + * base32 and base64 no longer require padding when decoding. + Previously an error was given for non padded encoded data. + * base32 and base64 have improved detection of corrupted encodings. + Previously encodings with non zero padding bits were accepted. + * basenc --base16 -d now supports lower case hexadecimal characters. + Previously an error was given for lower case hex digits. + * cp --no-clobber, and mv -n no longer exit with failure status if + existing files are encountered in the destination. Instead they revert + to the behavior from before v9.2, silently skipping existing files. + * ls --dired now implies long format output without hyperlinks enabled, + and will take precedence over previously specified formats or hyperlink + mode. + * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, + and uses lowercase 'k' when outputting such units in '--to=si' mode. + * pinky no longer tries to canonicalize the user's login location by default, + rather requiring the new --lookup option to enable this often slow feature. + * wc no longer ignores encoding errors when counting words. + Instead, it treats them as non white space. + New features: + * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files + with matching current OWNER and/or GROUP, as already supported by chown(1). + * chmod adds support for -h, -H,-L,-P, and --dereference options, providing + more control over symlink handling. This supports more secure handling of + CLI arguments, and is more consistent with chown, and chmod on other + systems. + * cp now accepts the --keep-directory-symlink option (like tar), to preserve + and follow existing symlinks to directories in the destination. + * cp and mv now accept the --update=none-fail option, which is similar + to the --no-clobber option, except that existing files are diagnosed, + and the command exits with failure status if existing files. + The -n,--no-clobber option is best avoided due to platform differences. + * env now accepts the -a,--argv0 option to override the zeroth argument + of the command being executed. + * mv now accepts an --exchange option, which causes the source and + destination to be exchanged. It should be combined with + --no-target-directory (-T) if the destination is a directory. + The exchange is atomic if source and destination are on a single + file system that supports atomic exchange; --exchange is not yet + supported in other situations. + * od now supports printing IEEE half precision floating point with -t fH, + or brain 16 bit floating point with -t fB, where supported by the compiler. + * tail now supports following multiple processes, with repeated --pid options. + Improvements: + * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. + This was previously 128KiB and increasing to 256KiB was seen to increase + throughput by 10-20% when reading cached files on modern systems. + * env,kill,timeout now support unnamed signals. kill(1) for example now + supports sending such signals, and env(1) will list them appropriately. + * SELinux operations in file copy operations are now more efficient, + avoiding unneeded MCS/MLS label translation. + * sort no longer dynamically links to libcrypto unless -R is used. + This decreases startup overhead in the typical case. + * wc is now much faster in single-byte locales and somewhat faster in + multi-byte locales. +- coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. +- gnulib-readutmp-under-gdm.patch: Likewise. +- gnulib-readutmp.patch: Likewise. +- coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the + upstream version now handles those tests. + Pull in gnulib module mbchar manually, as it is a dependency of mbfile, + but dropped out of the upstream dependency chain. +- coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. +- coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip + French test if TZ='Europe/Paris' does not work. + +------------------------------------------------------------------- Old: ---- coreutils-9.4.split-CVE-2024-0684.patch coreutils-9.4.tar.xz coreutils-9.4.tar.xz.sig gnulib-readutmp-under-gdm.patch gnulib-readutmp.patch New: ---- coreutils-9.5.tar.xz coreutils-9.5.tar.xz.sig coreutils-fix-gnulib-time_r-tests.patch BETA DEBUG BEGIN: Old: multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. Old:- coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. Old:- gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the BETA DEBUG END: BETA DEBUG BEGIN: New:- coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ coreutils.spec ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:01.866390405 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:01.870390553 +0200 @@ -1,5 +1,5 @@ # -# spec file +# spec file for package coreutils # # Copyright (c) 2024 SUSE LLC # @@ -30,7 +30,7 @@ %global psuffix %{nil} %endif Name: coreutils%{?psuffix} -Version: 9.4 +Version: 9.5 Release: 0 Summary: GNU Core Utilities License: GPL-3.0-or-later @@ -50,12 +50,6 @@ Patch112: coreutils-getaddrinfo.patch # Assorted fixes Patch113: coreutils-misc.patch -# Upstream gnulib commits (squashed) to fix gnulib seg.faults -# if there is no session: -# https://debbugs.gnu.org/cgi/bugreport.cgi?bug=65617 -Patch114: gnulib-readutmp.patch -# Upstream gnulib patch to fix crash when gdm is in use. [bsc#1215361] -Patch115: gnulib-readutmp-under-gdm.patch # Skip 2 valgrind'ed sort tests on ppc/ppc64 which would fail due to # a glibc issue in mkstemp. Patch300: coreutils-skip-some-sort-tests-on-ppc.patch @@ -70,7 +64,8 @@ # tests: skip tests/rm/ext3-perf.sh temporarily as it hangs on OBS. Patch810: coreutils-skip-tests-rm-ext3-perf.patch Patch900: coreutils-tests-workaround-make-fdleak.patch -Patch920: coreutils-9.4.split-CVE-2024-0684.patch +# Upstream gnulib patch for coreutils-9.5. +Patch920: coreutils-fix-gnulib-time_r-tests.patch BuildRequires: automake BuildRequires: gmp-devel BuildRequires: hostname @@ -158,8 +153,6 @@ %endif %patch -P 112 %patch -P 113 -%patch -P 114 -p1 -%patch -P 115 -p1 %patch -P 300 @@ -174,7 +167,7 @@ %patch -P 810 %patch -P 900 -%patch -P 920 -p1 +%patch -P 920 # ================================================ %build ++++++ coreutils-9.4.tar.xz -> coreutils-9.5.tar.xz ++++++ ++++ 511291 lines of diff (skipped) ++++++ coreutils-disable_tests.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.106472877 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.110473024 +0200 @@ -6,7 +6,7 @@ =================================================================== --- gnulib-tests/gnulib.mk.orig +++ gnulib-tests/gnulib.mk -@@ -1115,10 +1115,10 @@ EXTRA_DIST += test-getloadavg.c signatur +@@ -1473,10 +1473,10 @@ EXTRA_DIST += test-getloadavg.c signatur ## begin gnulib module getlogin-tests ++++++ coreutils-fix-gnulib-time_r-tests.patch ++++++ 2 upstream gnulib commits for coreutils-9.5 to skip localtime_r tests when the timezone 'Europe/Paris' does not work. Commit 1: http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=f130f5426ecd4edd559 >From f130f5426ecd4edd5596797e0a5721b927f80126 Mon Sep 17 00:00:00 2001 From: Paul Eggert <[email protected]> Date: Sat, 30 Mar 2024 13:28:01 -0600 Subject: [PATCH 1/2] time_r-tests: skip French tests if no Europe/Paris * tests/test-localtime_r.c (main): * tests/test-localtime_r-mt.c (main): If TZ='Europe/Paris' does not work, skip these tests. Commit 2: http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=2c04db80e2c52b8f05b >From 2c04db80e2c52b8f05b4136af955510e7d370470 Mon Sep 17 00:00:00 2001 From: Bruno Haible <[email protected]> Date: Sat, 30 Mar 2024 22:50:39 +0100 Subject: [PATCH 2/2] time_r tests: Avoid misleading skip message on native Windows. * tests/test-localtime_r.c (main): Use the macro FRENCH_TZ. * tests/test-localtime_r-mt.c (main): Likewise. --- gnulib-tests/test-localtime_r-mt.c | 21 +++++++++++++++++++++ gnulib-tests/test-localtime_r.c | 21 +++++++++++++++++++++ 2 files changed, 42 insertions(+) Index: gnulib-tests/test-localtime_r-mt.c =================================================================== --- gnulib-tests/test-localtime_r-mt.c.orig +++ gnulib-tests/test-localtime_r-mt.c @@ -107,6 +107,27 @@ main (int argc, char *argv[]) { setenv ("TZ", FRENCH_TZ, 1); + /* Check that this TZ works. */ + { + time_t t = 0; /* 1970-01-01 01:00:00 */ + struct tm *result = localtime (&t); + if (! (result + && result->tm_sec == 0 + && result->tm_min == 0 + && result->tm_hour == 1 + && result->tm_mday == 1 + && result->tm_mon == 1 - 1 + && result->tm_year == 1970 - 1900 + && result->tm_wday == 4 + && result->tm_yday == 0 + && result->tm_isdst == 0)) + { + fputs ("Skipping test: TZ='" FRENCH_TZ "' is not Paris time\n", + stderr); + return 77; + } + } + /* Create the threads. */ gl_thread_create (thread1_func, NULL); gl_thread_create (thread2_func, NULL); Index: gnulib-tests/test-localtime_r.c =================================================================== --- gnulib-tests/test-localtime_r.c.orig +++ gnulib-tests/test-localtime_r.c @@ -43,6 +43,27 @@ main (void) { setenv ("TZ", FRENCH_TZ, 1); + /* Check that this TZ works. */ + { + time_t t = 0; /* 1970-01-01 01:00:00 */ + struct tm *result = localtime (&t); + if (! (result + && result->tm_sec == 0 + && result->tm_min == 0 + && result->tm_hour == 1 + && result->tm_mday == 1 + && result->tm_mon == 1 - 1 + && result->tm_year == 1970 - 1900 + && result->tm_wday == 4 + && result->tm_yday == 0 + && result->tm_isdst == 0)) + { + fputs ("Skipping test: TZ='" FRENCH_TZ "' is not Paris time\n", + stderr); + return 77; + } + } + /* Note: The result->tm_gmtoff values and the result->tm_zone values are the same (3600, "CET" or 7200, "CEST") across all tested platforms: glibc, musl, macOS, FreeBSD, NetBSD, OpenBSD, Minix, Cygwin, Android. */ ++++++ coreutils-i18n.patch ++++++ ++++ 2377 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/coreutils/coreutils-i18n.patch ++++ and /work/SRC/openSUSE:Factory/.coreutils.new.1905/coreutils-i18n.patch ++++++ coreutils-misc.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.162474939 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.162474939 +0200 @@ -1,38 +1,8 @@ --- - gnulib-tests/test-isnanl.h | 5 +++-- tests/help/help-version.sh | 1 + tests/other-fs-tmpdir | 3 +++ - 3 files changed, 7 insertions(+), 2 deletions(-) + 2 files changed, 4 insertions(+) -Index: gnulib-tests/test-isnanl.h -=================================================================== ---- gnulib-tests/test-isnanl.h.orig -+++ gnulib-tests/test-isnanl.h -@@ -47,7 +47,7 @@ main () - /* Quiet NaN. */ - ASSERT (isnanl (NaNl ())); - --#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT -+#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0 - /* A bit pattern that is different from a Quiet NaN. With a bit of luck, - it's a Signalling NaN. */ - { -@@ -98,6 +98,7 @@ main () - { LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) }; - ASSERT (isnanl (x.value)); - } -+#if 0 - /* isnanl should return something for noncanonical values. */ - { /* Pseudo-NaN. */ - static memory_long_double x = -@@ -125,6 +126,6 @@ main () - ASSERT (isnanl (x.value) || !isnanl (x.value)); - } - #endif -- -+#endif - return 0; - } Index: tests/help/help-version.sh =================================================================== --- tests/help/help-version.sh.orig ++++++ coreutils-remove_hostname_documentation.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.174475380 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.178475528 +0200 @@ -14,7 +14,7 @@ * id: (coreutils)id invocation. Print user identity. * install: (coreutils)install invocation. Copy files and set attributes. * join: (coreutils)join invocation. Join lines on a common field. -@@ -205,7 +204,7 @@ Free Documentation License''. +@@ -206,7 +205,7 @@ Free Documentation License''. * File name manipulation:: dirname basename pathchk mktemp realpath * Working context:: pwd stty printenv tty * User information:: id logname whoami groups users who @@ -23,7 +23,7 @@ * SELinux context:: chcon runcon * Modified command invocation:: chroot env nice nohup stdbuf timeout * Process control:: kill -@@ -428,7 +427,6 @@ System context +@@ -430,7 +429,6 @@ System context * date invocation:: Print or set system date and time * nproc invocation:: Print the number of processors * uname invocation:: Print system information @@ -31,7 +31,7 @@ * hostid invocation:: Print numeric host identifier * uptime invocation:: Print system uptime and load -@@ -16227,7 +16225,6 @@ information. +@@ -16421,7 +16419,6 @@ information. * arch invocation:: Print machine hardware name. * nproc invocation:: Print the number of processors. * uname invocation:: Print system information. @@ -39,7 +39,7 @@ * hostid invocation:: Print numeric host identifier. * uptime invocation:: Print system uptime and load. @end menu -@@ -17118,15 +17115,6 @@ Note this is non-portable (even across G +@@ -17329,15 +17326,6 @@ This is non-portable, even across GNU/Li Print the machine hardware name (sometimes called the hardware class or hardware type). @@ -55,7 +55,7 @@ @item -p @itemx --processor @opindex -p -@@ -17180,34 +17168,6 @@ Print the kernel version. +@@ -17391,34 +17379,6 @@ Print the kernel version. @exitstatus ++++++ coreutils-remove_kill_documentation.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.190475970 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.194476117 +0200 @@ -14,7 +14,7 @@ * link: (coreutils)link invocation. Make hard links between files. * ln: (coreutils)ln invocation. Make links between files. * logname: (coreutils)logname invocation. Print current login name. -@@ -207,7 +206,6 @@ Free Documentation License''. +@@ -208,7 +207,6 @@ Free Documentation License''. * System context:: date arch nproc uname hostid uptime * SELinux context:: chcon runcon * Modified command invocation:: chroot env nice nohup stdbuf timeout @@ -22,7 +22,7 @@ * Delaying:: sleep * Numeric operations:: factor numfmt seq * File permissions:: Access modes -@@ -455,10 +453,6 @@ Modified command invocation +@@ -457,10 +455,6 @@ Modified command invocation * stdbuf invocation:: Run a command with modified I/O buffering * timeout invocation:: Run a command with a time limit @@ -33,7 +33,7 @@ Delaying * sleep invocation:: Delay for a specified time -@@ -18628,90 +18622,6 @@ timeout -s INT 5s env --ignore-signal=IN +@@ -18848,90 +18842,6 @@ timeout -s INT 5s env --ignore-signal=IN timeout -s INT -k 3s 5s env --ignore-signal=INT sleep 20 @end example ++++++ coreutils-skip-gnulib-test-tls.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.206476559 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.210476706 +0200 @@ -21,7 +21,7 @@ =================================================================== --- gnulib-tests/gnulib.mk.orig +++ gnulib-tests/gnulib.mk -@@ -2765,9 +2765,10 @@ EXTRA_DIST += test-timespec.c macros.h +@@ -3299,9 +3299,10 @@ EXTRA_DIST += test-timespec.c macros.h ## begin gnulib module tls-tests ++++++ coreutils-tests-shorten-extreme-factor-tests.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.234477590 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.234477590 +0200 @@ -16,7 +16,7 @@ =================================================================== --- tests/local.mk.orig +++ tests/local.mk -@@ -745,14 +745,9 @@ all_tests = \ +@@ -755,14 +755,9 @@ all_tests = \ # See tests/factor/create-test.sh. tf = tests/factor factor_tests = \ ++++++ coreutils-tests-workaround-make-fdleak.patch ++++++ --- /var/tmp/diff_new_pack.fmbNZz/_old 2024-04-04 22:24:04.250478179 +0200 +++ /var/tmp/diff_new_pack.fmbNZz/_new 2024-04-04 22:24:04.254478326 +0200 @@ -6,7 +6,7 @@ =================================================================== --- tests/init.sh.orig +++ tests/init.sh -@@ -690,6 +690,16 @@ compare () +@@ -691,6 +691,16 @@ compare () } # -----------------------------------------------------------------------------
