Mirror of https://https.git.savannah.gnu.org/git/coreutils.git/ https://git.shady.money/coreutils/atom?h=master 2026-03-04T22:17:39Z 2026-03-04T22:17:39Z Pádraig Brady P@draigBrady.com 2026-02-28T11:09:26Z urn:sha1:b3fe24213ee350835097cefa8d0154f78ffd9d67 cksum --check is often the first interaction users have with possibly untrusted downloads, so we should try to be as defensive as possible when processing it. Specifically we currently only escape \n characters in file names presented in checksum files being parsed with cksum --check. This gives some possibilty of dumping arbitrary data to the terminal when checking downloads from an untrusted source. This change gives these advantages: 1. Avoids dumping arbitrary data to vulnerable terminals 2. Avoids visual deception with ansi codes hiding checksum failures 3. More secure if users copy and paste file names from --check output 4. Simplifies programmatic parsing Note this changes programmatic parsing, but given the original format was so awkward to parse, I expect that's extremely rare. I was not able to find example in the wild at least. To parse the new format from from shell, you can do something like: cksum -c checksums | while IFS= read -r line; do case $line in *': FAILED') filename=$(eval "printf '%s' ${line%: FAILED}") cp -v "$filename" /quarantine ;; esac done This change also slightly reduces the size of the sum(1) utility. This change also apples to md5sum, sha*sum, and b2sum. * src/cksum.c (digest_check): Call quotef() instead of cksum(1) specific quoting. * tests/cksum/md5sum-bsd.sh: Adjust accordingly. * doc/coreutils.texi (cksum general options): Describe the shell quoting used for problematic file names. * NEWS: Mention the change in behavior. Reported by: Aaron Rainbolt 2026-01-18T16:58:38Z Pádraig Brady P@draigBrady.com 2026-01-18T16:56:24Z urn:sha1:4d03a1e408dddfc52c805acee58c0cf3c968b79e * tests/cksum/cksum-c.sh: Add 'splice' to the injection set. * tests/misc/read-errors.sh: Likewise. From https://github.com/coreutils/coreutils/pull/167 2026-01-17T22:26:26Z Collin Funk collin.funk1@gmail.com 2026-01-17T22:26:26Z urn:sha1:c1d13a499a5de898af8a21dc9e8a975018478830 * init.cfg (uses_strace_): New function. (require_strace_): Use it. tests/cksum/cksum-c.sh: Likewise. tests/misc/read-errors.sh: Likewise. 2026-01-12T15:13:57Z Dmitry V. Levin ldv@altlinux.org 2026-01-12T15:11:22Z urn:sha1:2739fab817f2a71550052a8d6995a7ad14fac8e9 * tests/cksum/cksum-c.sh: Match "read" with a regex to match any of the read syscall variants. 2026-01-11T18:16:18Z oech3 79379754+oech3@users.noreply.github.com 2026-01-11T18:14:44Z urn:sha1:3a9777bdb018ef09f65cf88e1e193911dc3afccf * tests/cksum/cksum-c.sh: Use strace to inject EIO upon read(), and verify it's handled appropriately. From https://github.com/coreutils/coreutils/pull/167 2026-01-08T16:14:57Z Pádraig Brady P@draigBrady.com 2026-01-08T14:07:32Z urn:sha1:9200747f65e3523f7b48184a331eec5a1225b435 We disallow `cksum --tag --check` which is fine, but the error should be consistent with md5sum, and less confusing, as it currently mentions "--binary" and "--text" which weren't specified. We disallow `cksum --tag --text` which is fine, but we should also disallow `cksum --text --tag`. We should honor an explicit --binary (output *) with this combination of options: cksum --binary --tag --untagged -a md5 /dev/null Note this also makes both of `cksum -a md5` and `cksum --tag -a md5` consistently use binary mode when reading from a tty on systems like MinGW where O_BINARY is set. * src/cksum.c (main): Adjust --text,--binary and --tag,--untagged option processing. * tests/cksum/cksum-a.sh: Add test cases. * tests/cksum/cksum-c.sh: Likewise. * NEWS: Mention the improvement. Fixes https://github.com/coreutils/coreutils/issues/163 2026-01-01T18:56:16Z Collin Funk collin.funk1@gmail.com 2026-01-01T18:56:16Z urn:sha1:73d3a49f45770c45808e4fdab35ae4fe248a3cd9 2025-10-07T14:58:36Z Pádraig Brady P@draigBrady.com 2025-10-07T14:24:12Z urn:sha1:51f27a15b0e2a0c12f211dcd957bbb39738ff4c4 * tests/cksum/cksum-c.sh: Add a test case where the file name contains tagged format delimiter characters. 2025-10-07T14:58:36Z Pádraig Brady P@draigBrady.com 2025-10-06T18:41:24Z urn:sha1:463925761048ec9ccb5742479ef7963f378b7f05 * src/digest.c (split_3): Fallback to untagged matching in the case where -a is specified and we have matched a TAG in the possibly base64 data. This might happen in 1 in every 64K files. Note we remove the modification of string S (and redundant streq) in the tag matching, as that was not needed since v8.32-223-g217cd278e. * tests/cksum/cksum-c.sh: Add a test case. * NEWS: Mention the bug fix. 2025-10-07T14:58:36Z Pádraig Brady P@draigBrady.com 2025-10-06T15:32:26Z urn:sha1:e661c7a52568710a3cedf8fbb3a683805f1caff2 * src/digest.c (sha2_sum_stream): Change from unreachable() to affirm() so that we have defined behavior unless we configure with --disable-assert. (sha3_sum_stream): Likewise. (split_3): Validate SHA2-lengths before passing on. * tests/cksum/cksum-c.sh: Add a test case. * NEWS: Mention the bug fix.