diff --git a/SOURCES/which-2.21-coverity.patch b/SOURCES/which-2.21-coverity.patch new file mode 100644 index 0000000..4a0a650 --- /dev/null +++ b/SOURCES/which-2.21-coverity.patch @@ -0,0 +1,62 @@ +diff -up which-2.21/tilde/tilde.c.coverity2 which-2.21/tilde/tilde.c +--- which-2.21/tilde/tilde.c.coverity2 2021-03-21 21:04:34.691775991 +0100 ++++ which-2.21/tilde/tilde.c 2021-03-21 21:13:36.853129481 +0100 +@@ -193,9 +193,8 @@ tilde_expand (string) + const char *string; + { + char *result; +- int result_size, result_index; ++ int result_size = 0, result_index = 0; + +- result_index = result_size = 0; + result = strchr (string, '~'); + if (result) + result = (char *)xmalloc (result_size = (strlen (string) + 16)); +@@ -271,7 +270,7 @@ isolate_tilde_prefix (fname, lenp) + char *ret; + int i; + +- ret = (char *)xmalloc (strlen (fname)); ++ ret = (char *)xmalloc (strlen (fname) + 1); + #if defined (__MSDOS__) + for (i = 1; fname[i] && fname[i] != '/' && fname[i] != '\\'; i++) + #else +diff -up which-2.21/which.c.coverity2 which-2.21/which.c +--- which-2.21/which.c.coverity2 2021-03-21 21:04:34.691775991 +0100 ++++ which-2.21/which.c 2021-03-21 21:04:34.692775983 +0100 +@@ -76,8 +76,9 @@ static int skip_functions = 0, read_func + + static char *find_command_in_path(const char *name, const char *path_list, int *path_index) + { +- char *found = NULL, *full_path; ++ char *found = NULL, *full_path = NULL; + int status, name_len; ++ char *p; + + name_len = strlen(name); + +@@ -85,7 +86,6 @@ static char *find_command_in_path(const + absolute_path_given = 0; + else + { +- char *p; + absolute_path_given = 1; + + if (abs_path) +@@ -159,6 +159,7 @@ static char *find_command_in_path(const + free(full_path); + } + ++ name = NULL; p = NULL; path_list = NULL; + return (found); + } + +@@ -540,7 +541,7 @@ int main(int argc, char *argv[]) + int function_start_type = 0; + if (read_alias || read_functions) + { +- char buf[1024]; ++ char buf[1024] = {}; + int processing_aliases = read_alias; + + if (isatty(0)) diff --git a/SOURCES/which2.sh b/SOURCES/which2.sh index 25dd0de..8fc0284 100644 --- a/SOURCES/which2.sh +++ b/SOURCES/which2.sh @@ -1,7 +1,17 @@ -# Initialization script for bash and sh +# shellcheck shell=sh +# Initialization script for bash, sh, mksh and ksh -if [ "$0" = "ksh" ] || [ "$0" = "-ksh" ] ; then - alias which='(alias; typeset -f) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot' -else - alias which='(alias; declare -f) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot' +_declare="declare -f" +_opt="-f" + +if [ "$0" = "ksh" ] || [ "$0" = "-ksh" ] || [ "$0" = "mksh" ] || [ "$0" = "-mksh" ] ; then + _declare="typeset -f" + _opt="" fi + +which () +{ +(alias; eval ${_declare}) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot "$@" +} + +export ${_opt} which diff --git a/SPECS/which.spec b/SPECS/which.spec index 8f7f303..2838787 100644 --- a/SPECS/which.spec +++ b/SPECS/which.spec @@ -1,12 +1,13 @@ Summary: Displays where a particular program in your path is located Name: which Version: 2.21 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv3 Source0: http://ftp.gnu.org/gnu/which/%{name}-%{version}.tar.gz Source1: which2.sh Source2: which2.csh Patch0: which-2.21-coverity-fixes.patch +Patch1: which-2.21-coverity.patch Url: https://savannah.gnu.org/projects/which/ BuildRequires: gcc BuildRequires: readline-devel @@ -18,6 +19,7 @@ the specified program is in your PATH. %prep %setup -q %patch0 -p1 -b .coverity +%patch1 -p1 -b .coverity2 %build %configure @@ -39,6 +41,10 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir %{_mandir}/man1/which.1* %changelog +* Fri Mar 19 2021 Than Ngo - 2.21-13 +- Resolves: #1940468, fixed syntax error caused by testcase: a=b which ls + Coverity issue + * Tue Nov 19 2019 Than Ngo - 2.21-12 - Fixed coverity issue