Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 10D9284D14 for ; Thu, 25 May 2023 15:52:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id l5UjGt9_AzgJ for ; Thu, 25 May 2023 15:52:54 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id C968784CC9 for ; Thu, 25 May 2023 15:52:54 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 0036AFA87; Thu, 25 May 2023 15:52:54 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1685029973237970" MIME-Version: 1.0 Date: Thu, 25 May 2023 15:52:53 +0000 From: "Havard Eidnes" Subject: CVS commit: pkgsrc/devel/libgit2 To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: he@netbsd.org X-Mailer: log_accum Message-Id: <20230525155254.0036AFA87@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1685029973237970 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: he Date: Thu May 25 15:52:53 UTC 2023 Modified Files: pkgsrc/devel/libgit2: Makefile distinfo Added Files: pkgsrc/devel/libgit2/patches: patch-deps_ntlmclient_ntlm.c patch-src_libgit2_config.c patch-src_libgit2_path.c patch-src_libgit2_trailer.c patch-src_libgit2_transports_smart__pkt.c patch-src_util_date.c patch-src_util_str.c patch-src_util_util.h Log Message: libgit2: ensure proper value range for args to functions. Submitted upstream, ref. https://github.com/libgit2/libgit2/pull/6569 Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 pkgsrc/devel/libgit2/Makefile cvs rdiff -u -r1.33 -r1.34 pkgsrc/devel/libgit2/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/devel/libgit2/patches/patch-deps_ntlmclient_ntlm.c \ pkgsrc/devel/libgit2/patches/patch-src_libgit2_config.c \ pkgsrc/devel/libgit2/patches/patch-src_libgit2_path.c \ pkgsrc/devel/libgit2/patches/patch-src_libgit2_trailer.c \ pkgsrc/devel/libgit2/patches/patch-src_libgit2_transports_smart__pkt.c \ pkgsrc/devel/libgit2/patches/patch-src_util_date.c \ pkgsrc/devel/libgit2/patches/patch-src_util_str.c \ pkgsrc/devel/libgit2/patches/patch-src_util_util.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1685029973237970 Content-Disposition: inline Content-Length: 11796 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/devel/libgit2/Makefile diff -u pkgsrc/devel/libgit2/Makefile:1.67 pkgsrc/devel/libgit2/Makefile:1.68 --- pkgsrc/devel/libgit2/Makefile:1.67 Tue May 23 07:08:15 2023 +++ pkgsrc/devel/libgit2/Makefile Thu May 25 15:52:53 2023 @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.67 2023/05/23 07:08:15 tnn Exp $ +# $NetBSD: Makefile,v 1.68 2023/05/25 15:52:53 he Exp $ DISTNAME= libgit2-1.6.4 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_GITHUB:=libgit2/} GITHUB_TAG= v${PKGVERSION_NOREV} Index: pkgsrc/devel/libgit2/distinfo diff -u pkgsrc/devel/libgit2/distinfo:1.33 pkgsrc/devel/libgit2/distinfo:1.34 --- pkgsrc/devel/libgit2/distinfo:1.33 Wed Apr 26 10:42:27 2023 +++ pkgsrc/devel/libgit2/distinfo Thu May 25 15:52:53 2023 @@ -1,5 +1,13 @@ -$NetBSD: distinfo,v 1.33 2023/04/26 10:42:27 wiz Exp $ +$NetBSD: distinfo,v 1.34 2023/05/25 15:52:53 he Exp $ BLAKE2s (libgit2-1.6.4.tar.gz) = a32563f76be574895a845d91eb8c68dc7efe0798368dd1fc6922c03a2adc76b8 SHA512 (libgit2-1.6.4.tar.gz) = fd73df91710f19b0d6c3765c37c7f529233196da91cf4d58028a8d3840244f11df44abafabd74a8ed1cbe4826d1afd6ff9f01316d183ace0924c65e7cf0eb8d5 Size (libgit2-1.6.4.tar.gz) = 6666964 bytes +SHA1 (patch-deps_ntlmclient_ntlm.c) = 0f7645497b25f6895911cf32027e830ab73bdc55 +SHA1 (patch-src_libgit2_config.c) = f3c131d26bb38e86ff992eb8007ec399846a205a +SHA1 (patch-src_libgit2_path.c) = b1f5245472ec00ff1c1c6b55b4ecdc88e1f163ac +SHA1 (patch-src_libgit2_trailer.c) = d8a6e733ff963124024bfb9f7118d8e537815695 +SHA1 (patch-src_libgit2_transports_smart__pkt.c) = 9c4c6ee17512f7bb06d02343ef0a07794361c88e +SHA1 (patch-src_util_date.c) = 47c56292b8f2483065e904f99dc51832bab0de3d +SHA1 (patch-src_util_str.c) = 737f658e82b00c623533181126996263a2f1df45 +SHA1 (patch-src_util_util.h) = 54e74097b87af3c2939e7c237f1d2827101b9a72 Added files: Index: pkgsrc/devel/libgit2/patches/patch-deps_ntlmclient_ntlm.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-deps_ntlmclient_ntlm.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-deps_ntlmclient_ntlm.c Thu May 25 15:52:53 2023 @@ -0,0 +1,18 @@ +$NetBSD: patch-deps_ntlmclient_ntlm.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for arg to toupper(). + +--- deps/ntlmclient/ntlm.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ deps/ntlmclient/ntlm.c +@@ -988,9 +988,9 @@ static inline bool generate_lm_hash( + keystr2_len = (password_len > 7) ? MIN(14, password_len) - 7 : 0; + + for (i = 0; i < keystr1_len; i++) +- keystr1[i] = (unsigned char)toupper(password[i]); ++ keystr1[i] = (unsigned char)toupper((unsigned char)password[i]); + for (i = 0; i < keystr2_len; i++) +- keystr2[i] = (unsigned char)toupper(password[i+7]); ++ keystr2[i] = (unsigned char)toupper((unsigned char)password[i+7]); + + /* DES encrypt the LM constant using the password as the key */ + des_key_from_password(&key1, keystr1, keystr1_len); Index: pkgsrc/devel/libgit2/patches/patch-src_libgit2_config.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_libgit2_config.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_libgit2_config.c Thu May 25 15:52:53 2023 @@ -0,0 +1,15 @@ +$NetBSD: patch-src_libgit2_config.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for arg to isalnum(). + +--- src/libgit2/config.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/libgit2/config.c +@@ -1447,7 +1447,7 @@ static int normalize_section(char *start + for (scan = start; *scan; ++scan) { + if (end && scan >= end) + break; +- if (isalnum(*scan)) ++ if (isalnum((unsigned char)*scan)) + *scan = (char)git__tolower(*scan); + else if (*scan != '-' || scan == start) + return GIT_EINVALIDSPEC; Index: pkgsrc/devel/libgit2/patches/patch-src_libgit2_path.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_libgit2_path.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_libgit2_path.c Thu May 25 15:52:53 2023 @@ -0,0 +1,15 @@ +$NetBSD: patch-src_libgit2_path.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for tolower() argument. + +--- src/libgit2/path.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/libgit2/path.c +@@ -202,7 +202,7 @@ GIT_INLINE(size_t) common_prefix_icase(c + { + size_t count = 0; + +- while (len > 0 && tolower(*str) == tolower(*prefix)) { ++ while (len > 0 && tolower((unsigned char)*str) == tolower((unsigned char)*prefix)) { + count++; + str++; + prefix++; Index: pkgsrc/devel/libgit2/patches/patch-src_libgit2_trailer.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_libgit2_trailer.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_libgit2_trailer.c Thu May 25 15:52:53 2023 @@ -0,0 +1,48 @@ +$NetBSD: patch-src_libgit2_trailer.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for args to ctype functions. + +--- src/libgit2/trailer.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/libgit2/trailer.c +@@ -24,7 +24,7 @@ static const char *const git_generated_p + static int is_blank_line(const char *str) + { + const char *s = str; +- while (*s && *s != '\n' && isspace(*s)) ++ while (*s && *s != '\n' && isspace((unsigned char)*s)) + s++; + return !*s || *s == '\n'; + } +@@ -93,7 +93,7 @@ static bool find_separator(size_t *out, + return true; + } + +- if (!whitespace_found && (isalnum(*c) || *c == '-')) ++ if (!whitespace_found && (isalnum((unsigned char)*c) || *c == '-')) + continue; + if (c != line && (*c == ' ' || *c == '\t')) { + whitespace_found = 1; +@@ -233,12 +233,12 @@ static size_t find_trailer_start(const c + } + + find_separator(&separator_pos, bol, TRAILER_SEPARATORS); +- if (separator_pos >= 1 && !isspace(bol[0])) { ++ if (separator_pos >= 1 && !isspace((unsigned char)bol[0])) { + trailer_lines++; + possible_continuation_lines = 0; + if (recognized_prefix) + continue; +- } else if (isspace(bol[0])) ++ } else if (isspace((unsigned char)bol[0])) + possible_continuation_lines++; + else { + non_trailer_lines++; +@@ -323,7 +323,7 @@ int git_message_trailers(git_message_tra + goto ret; + } + +- if (isalnum(*ptr) || *ptr == '-') { ++ if (isalnum((unsigned char)*ptr) || *ptr == '-') { + /* legal key character */ + NEXT(S_KEY); + } Index: pkgsrc/devel/libgit2/patches/patch-src_libgit2_transports_smart__pkt.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_libgit2_transports_smart__pkt.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_libgit2_transports_smart__pkt.c Thu May 25 15:52:53 2023 @@ -0,0 +1,19 @@ +$NetBSD: patch-src_libgit2_transports_smart__pkt.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for args to ctype functions. + +--- src/libgit2/transports/smart_pkt.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/libgit2/transports/smart_pkt.c +@@ -451,10 +451,10 @@ static int parse_len(size_t *out, const + num[PKT_LEN_SIZE] = '\0'; + + for (i = 0; i < PKT_LEN_SIZE; ++i) { +- if (!isxdigit(num[i])) { ++ if (!isxdigit((unsigned char)num[i])) { + /* Make sure there are no special characters before passing to error message */ + for (k = 0; k < PKT_LEN_SIZE; ++k) { +- if(!isprint(num[k])) { ++ if(!isprint((unsigned char)num[k])) { + num[k] = '.'; + } + } Index: pkgsrc/devel/libgit2/patches/patch-src_util_date.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_util_date.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_util_date.c Thu May 25 15:52:53 2023 @@ -0,0 +1,81 @@ +$NetBSD: patch-src_util_date.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range to ctype ops (toupper, isalnum, ...). + +--- src/util/date.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/util/date.c +@@ -129,9 +129,9 @@ static size_t match_string(const char *d + for (i = 0; *date; date++, str++, i++) { + if (*date == *str) + continue; +- if (toupper(*date) == toupper(*str)) ++ if (toupper((unsigned char)*date) == toupper((unsigned char)*str)) + continue; +- if (!isalnum(*date)) ++ if (!isalnum((unsigned char)*date)) + break; + return 0; + } +@@ -143,7 +143,7 @@ static int skip_alpha(const char *date) + int i = 0; + do { + i++; +- } while (isalpha(date[i])); ++ } while (isalpha((unsigned char)date[i])); + return i; + } + +@@ -251,7 +251,7 @@ static size_t match_multi_number(unsigne + + num2 = strtol(end+1, &end, 10); + num3 = -1; +- if (*end == c && isdigit(end[1])) ++ if (*end == c && isdigit((unsigned char)end[1])) + num3 = strtol(end+1, &end, 10); + + /* Time? Date? */ +@@ -349,7 +349,7 @@ static size_t match_digit(const char *da + case '.': + case '/': + case '-': +- if (isdigit(end[1])) { ++ if (isdigit((unsigned char)end[1])) { + size_t match = match_multi_number(num, *end, date, end, tm); + if (match) + return match; +@@ -364,7 +364,7 @@ static size_t match_digit(const char *da + n = 0; + do { + n++; +- } while (isdigit(date[n])); ++ } while (isdigit((unsigned char)date[n])); + + /* Four-digit year or a timezone? */ + if (n == 4) { +@@ -518,7 +518,7 @@ static int parse_date_basic(const char * + match = match_alpha(date, &tm, offset); + else if (isdigit(c)) + match = match_digit(date, &tm, offset, &tm_gmt); +- else if ((c == '-' || c == '+') && isdigit(date[1])) ++ else if ((c == '-' || c == '+') && isdigit((unsigned char)date[1])) + match = match_tz(date, offset); + + if (!match) { +@@ -682,7 +682,7 @@ static const char *approxidate_alpha(con + const char *end = date; + int i; + +- while (isalpha(*++end)) ++ while (isalpha((unsigned char)*++end)) + /* scan to non-alpha */; + + for (i = 0; i < 12; i++) { +@@ -783,7 +783,7 @@ static const char *approxidate_digit(con + case '.': + case '/': + case '-': +- if (isdigit(end[1])) { ++ if (isdigit((unsigned char)end[1])) { + size_t match = match_multi_number(number, *end, date, end, tm); + if (match) + return date + match; Index: pkgsrc/devel/libgit2/patches/patch-src_util_str.c diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_util_str.c:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_util_str.c Thu May 25 15:52:53 2023 @@ -0,0 +1,17 @@ +$NetBSD: patch-src_util_str.c,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure proper value range for arg to isxdigit(). + +--- src/util/str.c.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/util/str.c +@@ -485,8 +485,8 @@ int git_str_decode_percent( + for (str_pos = 0; str_pos < str_len; buf->size++, str_pos++) { + if (str[str_pos] == '%' && + str_len > str_pos + 2 && +- isxdigit(str[str_pos + 1]) && +- isxdigit(str[str_pos + 2])) { ++ isxdigit((unsigned char)str[str_pos + 1]) && ++ isxdigit((unsigned char)str[str_pos + 2])) { + buf->ptr[buf->size] = (HEX_DECODE(str[str_pos + 1]) << 4) + + HEX_DECODE(str[str_pos + 2]); + str_pos += 2; Index: pkgsrc/devel/libgit2/patches/patch-src_util_util.h diff -u /dev/null pkgsrc/devel/libgit2/patches/patch-src_util_util.h:1.1 --- /dev/null Thu May 25 15:52:53 2023 +++ pkgsrc/devel/libgit2/patches/patch-src_util_util.h Thu May 25 15:52:53 2023 @@ -0,0 +1,15 @@ +$NetBSD: patch-src_util_util.h,v 1.1 2023/05/25 15:52:53 he Exp $ + +Ensure appropriate value range for arg to tolower(). + +--- src/util/util.h.orig 2023-04-12 12:05:25.000000000 +0000 ++++ src/util/util.h +@@ -89,7 +89,7 @@ GIT_INLINE(int) git__tolower(int c) + return (c >= 'A' && c <= 'Z') ? (c + 32) : c; + } + #else +-# define git__tolower(a) tolower(a) ++# define git__tolower(a) tolower((unsigned char)a) + #endif + + extern size_t git__linenlen(const char *buffer, size_t buffer_len); --_----------=_1685029973237970--