gentoo auto-resync : 30:01:2024 - 23:49:25

3 files changed, 306 insertions, 0 deletions

diff --git a/sys-apps/coreutils/Manifest b/sys-apps/coreutils/Manifest
index 85bee0891040..27d4616e7f63 100644
--- a/sys-apps/coreutils/Manifest
+++ b/sys-apps/coreutils/Manifest
@@ -3,6 +3,7 @@ AUX coreutils-8.32-sandbox-env-test.patch 1958 BLAKE2B 570f62115f0853abb35290174
 AUX coreutils-9.1-fix-rename-simple-backups.patch 1343 BLAKE2B b284b2b7d33fe7650a4ac8723ca5566e819cd4f4740394cc549562a03fe7ed95d29cfb688a9e5513edcea1f9d5f7b72f1a530f9bf5093ad4dc6534a494e9f91c SHA512 900128c08b096c39302193855fdbb980c54597acf3349b9014ced500e344b7f47438722342e3a7d68f8c4588632769a11165c5c06796993d3b9aca019de8468a
 AUX coreutils-9.3-cp-parents-preserve-permissions.patch 3436 BLAKE2B de9fa1038b34ec2134c39758840e5a619ed5b3e60ebd9ad280e3e1a117f76143ccec852f74ac8da3f29604e8bdc92dcc134a19da756b759fb15d5bc632dda74c SHA512 e19afd35150c188a4ad14844463181f391ab6fbc9b4b812677df693f6181045f3dc63c42f2755e19f03bc2a608d041f3e0943537bc9d783b03819ce9928a962b
 AUX coreutils-9.3-old-kernel-copy_file_range.patch 3009 BLAKE2B 29be489f9544a1434708c73bc886605002e34fe430cbda062396cebb7fcb12bfb6062e1c032bb7ca2e49e2306b35150ca14e49a0a84d9b3a40ce0603dfa14c09 SHA512 5106a85a00aa7781514102e64ea2528221399009e9bfe842b0717bc1746cf9e4875aa00f9a3e56326ce2edc65a4cfc19c140a50a6528cd9131a7e41b4c785514
+AUX coreutils-9.4-CVE-2024-0684.patch 1168 BLAKE2B 0ac00f2b0b9c69680fbd0583d7534549971c384eae1d9da3b77ce46b31a58cb37126f9175b3273d2244e596cd511d7af60e89f95c485e3a8c0a7ca5d2e86fe81 SHA512 cc341446c31f5f46750034ab7a996830409d33813e5375264370d00811518ab964570573a92d8cd5495afac415d34fcb9c365cdc64804ea5e905a99e7f6011f0
 AUX coreutils-9.4-gnulib-openssl-1.1.patch 6061 BLAKE2B af816c12ba6867d25d7ffb1d6213ac01e3107f0ae894c0f6452d348bf6d56cf57059fd967ab0ead7c290f7a2cb45494c5add7edace7d75ad9b89eb438b9f1d41 SHA512 9ef9ee4a987fa169dddc358fd51f37011173c9f82d81021d36faaf1dbd425d3e7f718724ad76ac61febdae76d5442a8b9e14a5638bdb52c2d256b104924ea2d0
 DIST coreutils-8.30-patches-01.tar.xz 5788 BLAKE2B a41511ce39ac570cb14b7f12d125eebef92217469a9490808719fa0665f5e5c0adb96fbd02c4bac4d280d1502295669575790a81dbc01afe2ca3a9d384cbefb0 SHA512 b1e1933637de4581d5f8c6ede4e80a012435d13f0cf5550a76ab5bbe9441e3c15ce19ef3f78a7ea3b8368d5e9a3bb17c1207c471d26171b59786f38adeba0454
 DIST coreutils-8.32.tar.xz 5547836 BLAKE2B 0ad99c176c19ec214fcfd0845523e5362f0151827707c759bd46c0fe8d2501c6ad1c29c5b71266f6525857bc0d56c472db0d7fe29953b6c65e2e6c76bdf3c515 SHA512 1c8f3584efd61b4b02e7ac5db8e103b63cfb2063432caaf1e64cb2dcc56d8c657d1133bbf10bd41468d6a1f31142e6caa81d16ae68fa3e6e84075c253613a145
@@ -18,6 +19,7 @@ EBUILD coreutils-8.32-r1.ebuild 5947 BLAKE2B 19f30ddaa57e16326db783e2396ce653c17
 EBUILD coreutils-9.1-r2.ebuild 7089 BLAKE2B 46d3b096e6bf83a84d375a7e587c65bd2fb06055ba185148535b344821cc3cc9ff6594ad20b1a3d6ad44d4bc5bb91e81f0d17a95f3b10b3759a06ce21ac4ff69 SHA512 a204c023de8587f67a3e3f4c5fea48781c4821f2857bad4b059f175841acaedc0bac313c64d1304bae59366c96d9928257b45b2deef48c7c7433b3c94a15bbb7
 EBUILD coreutils-9.3-r2.ebuild 7765 BLAKE2B df59156cceb02733100f4e2657da41c86f294000b2b7de8c305bf289e1255347cf9859a4d8485ac2444ce281fed5d4d32d1a03f6106b4182a43c7cd7d0a72359 SHA512 735a7c58b4fe9f699968f769006047c567b5f37704e6fdfa9e486610454c192332a443c2ed933ea9660e2b5fb43d7d3c9afefca883aa510256e39f6ce13bc6ba
 EBUILD coreutils-9.3-r3.ebuild 7902 BLAKE2B a902516e5e1a8df5882f2393a64ae37bd58eed3dc2d2758bccc99a7b235a25b29199a0343de5caa6acdc845954acc0ea8af7abb00deab62bdfd7c8b0dcfe56b5 SHA512 76745ef766f49262712e577d3b69900a331a32fc4e14d1ee4b1152e0dd0e742b4ce12140dc07c6fc6bf9dedad7781047ae43fe5ce76906aec8a3131dd84bfe5c
+EBUILD coreutils-9.4-r1.ebuild 7887 BLAKE2B 5490b50fc0704173199bb12f34704e6cf43bbc8348ea9eb0dff9e526f3e68d1941920272143b643edcad86903f8adf2004be7844a464720699e7cdb2c2c0888b SHA512 834e88b8e5879f344f45d0720a6e840714e939f2a4cea3dde8e1a4be11da24bbb438df26754e5f7a453fa9bb56aa45d2df2f1d648255b757b0489035f9622934
 EBUILD coreutils-9.4.ebuild 7838 BLAKE2B 2745958376d99d53379e7e203451c7f295906dcc05489235b8991863741dfaf79296f04a8dcfa9d99ce7729cdee39037acfdaae2d2ed8fefb38f0c16cbbe228f SHA512 f798b7be323d8be4170c559e0d1bba7f75cb6f5da8573301c4805958d2b5b82217794bb7feef1dbaf6a1cef1fc81f98eca29786b14d6160c6324f767eb055bfc
 EBUILD coreutils-9999.ebuild 7800 BLAKE2B a0b4403e1a58f18a8dc7456eb062fae2e9bd1ee86e9eef64a919b1e581d578f83d910c57ce4fc7a4da78a49ae20eb9544b1d3c5fa8a7496ff2d9a15cddef033f SHA512 97e1d4ed72554c5e2421e58087657a324ad662296efecc8725523a71c22b9c1858af74cc35a869afc43ef01d39fae323fe4db582446049a9f9c3d24dbce8efa3
 MISC metadata.xml 1093 BLAKE2B 68a653fe54fc668c7f2c7c01904cfca5a071192de4370dcbba427e673f8e9ec33b5104a868a5493117ef24e277446181383140c621b105689797aec4e077b86e SHA512 bf8f2653a1a81edb6e4090b127c5660e0c5ab41a33c985dea1b5cb05c6656b04f42084ce4e561f4550c3e54630893314d3084011c673e7d5aded022be1c065d1
diff --git a/sys-apps/coreutils/coreutils-9.4-r1.ebuild b/sys-apps/coreutils/coreutils-9.4-r1.ebuild
new file mode 100644
index 000000000000..35ebf58c3f8e
--- /dev/null
+++ b/sys-apps/coreutils/coreutils-9.4-r1.ebuild
@@ -0,0 +1,273 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Try to keep an eye on Fedora's packaging: https://src.fedoraproject.org/rpms/coreutils
+# The upstream coreutils maintainers also maintain the package in Fedora and may
+# backport fixes which we want to pick up.
+#
+# Also recommend subscribing to the coreutils and bug-coreutils MLs.
+
+PYTHON_COMPAT=( python3_{10..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/coreutils.asc
+inherit flag-o-matic python-any-r1 toolchain-funcs verify-sig
+
+MY_PATCH="${PN}-9.4-patches"
+DESCRIPTION="Standard GNU utilities (chmod, cp, dd, ls, sort, tr, head, wc, who,...)"
+HOMEPAGE="https://www.gnu.org/software/coreutils/"
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/coreutils.git"
+	inherit git-r3
+elif [[ ${PV} == *_p* ]] ; then
+	# Note: could put this in devspace, but if it's gone, we don't want
+	# it in tree anyway. It's just for testing.
+	MY_SNAPSHOT="$(ver_cut 1-2).156-b3afb"
+	SRC_URI="https://www.pixelbeat.org/cu/coreutils-${MY_SNAPSHOT}.tar.xz -> ${P}.tar.xz"
+	SRC_URI+=" verify-sig? ( https://www.pixelbeat.org/cu/coreutils-${MY_SNAPSHOT}.tar.xz.sig -> ${P}.tar.xz.sig )"
+	S="${WORKDIR}"/${PN}-${MY_SNAPSHOT}
+else
+	SRC_URI="
+		mirror://gnu/${PN}/${P}.tar.xz
+		verify-sig? ( mirror://gnu/${PN}/${P}.tar.xz.sig )
+	"
+
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+fi
+
+SRC_URI+=" !vanilla? ( https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${MY_PATCH}.tar.xz )"
+
+LICENSE="GPL-3+"
+SLOT="0"
+IUSE="acl caps gmp hostname kill multicall nls +openssl selinux +split-usr static test vanilla xattr"
+RESTRICT="!test? ( test )"
+
+LIB_DEPEND="
+	acl? ( sys-apps/acl[static-libs] )
+	caps? ( sys-libs/libcap )
+	gmp? ( dev-libs/gmp:=[static-libs] )
+	openssl? ( dev-libs/openssl:=[static-libs] )
+	xattr? ( sys-apps/attr[static-libs] )
+"
+RDEPEND="
+	!static? ( ${LIB_DEPEND//\[static-libs]} )
+	selinux? ( sys-libs/libselinux )
+	nls? ( virtual/libintl )
+"
+DEPEND="
+	${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+"
+BDEPEND="
+	app-arch/xz-utils
+	dev-lang/perl
+	test? (
+		dev-debug/strace
+		dev-lang/perl
+		dev-perl/Expect
+		${PYTHON_DEPS}
+	)
+	verify-sig? ( sec-keys/openpgp-keys-coreutils )
+"
+RDEPEND+="
+	hostname? ( !sys-apps/net-tools[hostname] )
+	kill? (
+		!sys-apps/util-linux[kill]
+		!sys-process/procps[kill]
+	)
+	!<sys-apps/util-linux-2.13
+	!<sys-apps/sandbox-2.10-r4
+	!sys-apps/stat
+	!net-mail/base64
+	!sys-apps/mktemp
+	!<app-forensics/tct-1.18-r1
+	!<net-fs/netatalk-2.0.3-r4"
+
+pkg_setup() {
+	if use test ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+
+		cd "${S}" || die
+		./bootstrap || die
+
+		sed -i -e "s:submodule-checks ?= no-submodule-changes public-submodule-commit:submodule-checks ?= no-submodule-changes:" gnulib/top/maint.mk || die
+	elif use verify-sig ; then
+		# Needed for downloaded patch (which is unsigned, which is fine)
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.xz{,.sig}
+	fi
+
+	default
+}
+
+src_prepare() {
+	# TODO: past 2025, we may need to add our own hack for bug #907474.
+	local PATCHES=(
+		# Upstream patches
+		"${FILESDIR}"/${P}-gnulib-openssl-1.1.patch
+		"${FILESDIR}"/${P}-CVE-2024-0684.patch
+	)
+
+	if ! use vanilla && [[ -d "${WORKDIR}"/${MY_PATCH} ]] ; then
+		PATCHES+=( "${WORKDIR}"/${MY_PATCH} )
+	fi
+
+	default
+
+	# Since we've patched many .c files, the make process will try to
+	# re-build the manpages by running `./bin --help`.  When doing a
+	# cross-compile, we can't do that since 'bin' isn't a native bin.
+	#
+	# Also, it's not like we changed the usage on any of these things,
+	# so let's just update the timestamps and skip the help2man step.
+	set -- man/*.x
+	touch ${@/%x/1} || die
+
+	# Avoid perl dep for compiled in dircolors default (bug #348642)
+	if ! has_version dev-lang/perl ; then
+		touch src/dircolors.h || die
+		touch ${@/%x/1} || die
+	fi
+}
+
+src_configure() {
+	# TODO: in future (>9.4?), we may want to wire up USE=systemd:
+	# still experimental at the moment, but:
+	# https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=85edb4afbd119fb69a0d53e1beb71f46c9525dd0
+	local myconf=(
+		--with-packager="Gentoo"
+		--with-packager-version="${PVR} (p${PATCH_VER:-0})"
+		--with-packager-bug-reports="https://bugs.gentoo.org/"
+		# kill/uptime - procps
+		# groups/su   - shadow
+		# hostname    - net-tools
+		--enable-install-program="arch,$(usev hostname),$(usev kill)"
+		--enable-no-install-program="groups,$(usev !hostname),$(usev !kill),su,uptime"
+		$(usev !caps --disable-libcap)
+		$(use_enable nls)
+		$(use_enable acl)
+		$(use_enable multicall single-binary)
+		$(use_enable xattr)
+		$(use_with gmp libgmp)
+		$(use_with openssl)
+	)
+
+	if use gmp ; then
+		myconf+=( --with-libgmp-prefix="${ESYSROOT}"/usr )
+	fi
+
+	if tc-is-cross-compiler && [[ ${CHOST} == *linux* ]] ; then
+		# bug #311569
+		export fu_cv_sys_stat_statfs2_bsize=yes
+		# bug #416629
+		export gl_cv_func_realpath_works=yes
+	fi
+
+	# bug #409919
+	export gl_cv_func_mknod_works=yes
+
+	if use static ; then
+		append-ldflags -static
+		# bug #321821
+		sed -i '/elf_sys=yes/s:yes:no:' configure || die
+	fi
+
+	if ! use selinux ; then
+		# bug #301782
+		export ac_cv_{header_selinux_{context,flash,selinux}_h,search_setfilecon}=no
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_test() {
+	# Known to fail with FEATURES=usersandbox (bug #439574):
+	#   -  tests/du/long-from-unreadable.sh} (bug #413621)
+	#   -  tests/rm/deep-2.sh (bug #413621)
+	#   -  tests/dd/no-allocate.sh (bug #629660)
+	if has usersandbox ${FEATURES} ; then
+		ewarn "You are emerging ${P} with 'usersandbox' enabled." \
+			"Expect some test failures or emerge with 'FEATURES=-usersandbox'!"
+	fi
+
+	# Non-root tests will fail if the full path isn't
+	# accessible to non-root users
+	chmod -R go-w "${WORKDIR}" || die
+	chmod a+rx "${WORKDIR}" || die
+
+	# coreutils tests like to do `mount` and such with temp dirs,
+	# so make sure:
+	# - /etc/mtab is writable (bug #265725)
+	# - /dev/loop* can be mounted (bug #269758)
+	mkdir -p "${T}"/mount-wrappers || die
+	mkwrap() {
+		local w ww
+		for w in "${@}" ; do
+			ww="${T}/mount-wrappers/${w}"
+			cat <<-EOF > "${ww}"
+				#!${EPREFIX}/bin/sh
+				exec env SANDBOX_WRITE="\${SANDBOX_WRITE}:/etc/mtab:/dev/loop" $(type -P ${w}) "\$@"
+			EOF
+			chmod a+rx "${ww}" || die
+		done
+	}
+	mkwrap mount umount
+
+	addwrite /dev/full
+	#export RUN_EXPENSIVE_TESTS="yes"
+	#export COREUTILS_GROUPS="portage wheel"
+	env PATH="${T}/mount-wrappers:${PATH}" gl_public_submodule_commit= \
+		emake -k check VERBOSE=yes
+}
+
+src_install() {
+	default
+
+	insinto /etc
+	newins src/dircolors.hin DIR_COLORS
+
+	if use split-usr ; then
+		cd "${ED}"/usr/bin || die
+		dodir /bin
+
+		# Move critical binaries into /bin (required by FHS)
+		local fhs="cat chgrp chmod chown cp date dd df echo false ln ls
+		           mkdir mknod mv pwd rm rmdir stty sync true uname"
+		mv ${fhs} ../../bin/ || die "Could not move FHS bins!"
+
+		if use hostname ; then
+			mv hostname ../../bin/ || die
+		fi
+
+		if use kill ; then
+			mv kill ../../bin/ || die
+		fi
+
+		# Move critical binaries into /bin (common scripts)
+		# (Why are these required for booting?)
+		local com="basename chroot cut dir dirname du env expr head mkfifo
+		           mktemp readlink seq sleep sort tail touch tr tty vdir wc yes"
+		mv ${com} ../../bin/ || die "Could not move common bins!"
+
+		# Create a symlink for uname in /usr/bin/ since autotools require it.
+		# (Other than uname, we need to figure out why we are
+		# creating symlinks for these in /usr/bin instead of leaving
+		# the files there in the first place...)
+		local x
+		for x in ${com} uname ; do
+			dosym ../../bin/${x} /usr/bin/${x}
+		done
+	fi
+}
+
+pkg_postinst() {
+	ewarn "Make sure you run 'hash -r' in your active shells."
+	ewarn "You should also re-source your shell settings for LS_COLORS"
+	ewarn "  changes, such as: source /etc/profile"
+}
diff --git a/sys-apps/coreutils/files/coreutils-9.4-CVE-2024-0684.patch b/sys-apps/coreutils/files/coreutils-9.4-CVE-2024-0684.patch
new file mode 100644
index 000000000000..293919a006fe
--- /dev/null
+++ b/sys-apps/coreutils/files/coreutils-9.4-CVE-2024-0684.patch
@@ -0,0 +1,31 @@
+https://bugs.gentoo.org/922474
+https://www.openwall.com/lists/oss-security/2024/01/18/2
+https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=c4c5ed8f4e9cd55a12966d4f520e3a13101637d9
+
+From c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Tue, 16 Jan 2024 13:48:32 -0800
+Subject: split: do not shrink hold buffer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+* src/split.c (line_bytes_split): Do not shrink hold buffer.
+If it’s large for this batch it’s likely to be large for the next
+batch, and for ‘split’ it’s not worth the complexity/CPU hassle to
+shrink it.  Do not assume hold_size can be bufsize.
+--- a/src/split.c
++++ b/src/split.c
+@@ -809,10 +809,7 @@ line_bytes_split (intmax_t n_bytes, char *buf, idx_t bufsize)
+             {
+               cwrite (n_out == 0, hold, n_hold);
+               n_out += n_hold;
+-              if (n_hold > bufsize)
+-                hold = xirealloc (hold, bufsize);
+               n_hold = 0;
+-              hold_size = bufsize;
+             }
+ 
+           /* Output to eol if present.  */
+-- 
+cgit v1.1