From d700b52311dba762adf813dc476dfebbeb05afa6 Mon Sep 17 00:00:00 2001
From: Ondřej Vašík <ovasik@redhat.com>
Date: Mar 02 2014 19:45:06 +0000
Subject: fix the date crash or infloop in TZ= parsing (#1069657, from upstream)


---

diff --git a/coreutils-8.22-datetzcrash.patch b/coreutils-8.22-datetzcrash.patch
new file mode 100644
index 0000000..44481af
--- /dev/null
+++ b/coreutils-8.22-datetzcrash.patch
@@ -0,0 +1,67 @@
+diff -urNp coreutils-8.22-orig/gnulib-tests/test-parse-datetime.c coreutils-8.22/gnulib-tests/test-parse-datetime.c
+--- coreutils-8.22-orig/gnulib-tests/test-parse-datetime.c	2013-12-04 15:53:33.000000000 +0100
++++ coreutils-8.22/gnulib-tests/test-parse-datetime.c	2014-03-02 20:33:25.691688592 +0100
+@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv)
+      starting with a high-bit-set byte would be treated like "0".  */
+   ASSERT ( ! parse_datetime (&result, "\xb0", &now));
+ 
++  /* Exercise TZ="" parsing code.  */
++  /* These two would infloop or segfault before Feb 2014.  */
++  ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now));
++  ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now));
++  /* Exercise invalid patterns.  */
++  ASSERT ( ! parse_datetime (&result, "TZ=\"", &now));
++  ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now));
++  ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now));
++  ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now));
++  /* Exercise valid patterns.  */
++  ASSERT (   parse_datetime (&result, "TZ=\"\"", &now));
++  ASSERT (   parse_datetime (&result, "TZ=\"\" ", &now));
++  ASSERT (   parse_datetime (&result, " TZ=\"\"", &now));
++  ASSERT (   parse_datetime (&result, "TZ=\"\\\\\"", &now));
++  ASSERT (   parse_datetime (&result, "TZ=\"\\\"\"", &now));
++
+   return 0;
+ }
+diff -urNp coreutils-8.22-orig/lib/parse-datetime.y coreutils-8.22/lib/parse-datetime.y
+--- coreutils-8.22-orig/lib/parse-datetime.y	2013-12-04 15:53:33.000000000 +0100
++++ coreutils-8.22/lib/parse-datetime.y	2014-03-02 20:32:23.246124920 +0100
+@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result,
+             char tz1buf[TZBUFSIZE];
+             bool large_tz = TZBUFSIZE < tzsize;
+             bool setenv_ok;
+-            /* Free tz0, in case this is the 2nd or subsequent time through. */
+-            free (tz0);
+             tz0 = get_tz (tz0buf);
+             z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
+             for (s = tzbase; *s != '"'; s++)
+@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result,
+             if (!setenv_ok)
+               goto fail;
+             tz_was_altered = true;
++
+             p = s + 1;
++            while (c = *p, c_isspace (c))
++              p++;
++
++            break;
+           }
+     }
+ 
+diff -urNp coreutils-8.22-orig/tests/misc/date.pl coreutils-8.22/tests/misc/date.pl
+--- coreutils-8.22-orig/tests/misc/date.pl	2013-12-04 15:48:30.000000000 +0100
++++ coreutils-8.22/tests/misc/date.pl	2014-03-02 20:30:43.200328295 +0100
+@@ -287,6 +287,13 @@ my @Tests =
+       {ERR => "date: invalid date '\\260'\n"},
+       {EXIT => 1},
+      ],
++
++     # From coreutils-5.3.0 to 8.22 inclusive
++     # this would either infinite loop or crash
++     ['invalid-TZ-crash', "-d 'TZ=\"\"\"'",
++      {ERR => "date: invalid date 'TZ=\"\"\"'\n"},
++      {EXIT => 1},
++     ],
+     );
+ 
+ # Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364.
diff --git a/coreutils.spec b/coreutils.spec
index 17deef4..b7feeea 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.22
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -14,6 +14,7 @@ Source106:  coreutils-colorls.csh
 
 # From upstream
 Patch1: coreutils-8.22-cp-selinux.patch
+Patch2: coreutils-8.22-datetzcrash.patch
 
 # Our patches
 #general patch to workaround koji build system issues
@@ -128,6 +129,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 
 # From upstream
 %patch1 -p1 -b .nullcontext
+%patch2 -p1 -b .tzcrash
 
 # Our patches
 %patch100 -p1 -b .configure
@@ -374,6 +376,9 @@ fi
 %{_sbindir}/chroot
 
 %changelog
+* Sun Mar 02 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-12
+- fix the date crash or infloop in TZ="" parsing (#1069657)
+
 * Mon Jan 13 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-11
 - cp/mv/install: do not crash when getfscreatecon() is
   returning a NULL context