gentoo christmass resync : 25.12.2020

4 files changed, 212 insertions, 2 deletions

diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest
index 26f4c5d9020c..f512524261cf 100644
--- a/sys-apps/man-db/Manifest
+++ b/sys-apps/man-db/Manifest
@@ -1,6 +1,8 @@
+AUX man-db-2.9.3-clock_gettime64.patch 1493 BLAKE2B 5c080767d380c26ee97983cb82ad58d186157e3c976f1db492cca5135e38fbab1f854b592d517148fea0041d48e794e2108419b458727a8ff6d2f48f81ecf350 SHA512 37a1dc37452e3722bf53c23503317cf17082f7e73715f974ff7798e624ca2b711f2f604bb58741550d3fad7a970e711fd2c8b67148e217dc29963f35f93b0d38
 AUX man-db-2.9.3-sandbox-env-tests.patch 315 BLAKE2B d6f4835e9e32f8afffe6ab1a70ee664192db05fbe74013724fcdbe112ead2d4288f90be032777a58ee41515c23d5561ab9cde495a92aa9f74ee353479ef884e3 SHA512 d8840d45c3b115f51bb9b3fc11ece2fecadfe284cd7db29cd012ed32faed990b12a9920cf11282358e5dd27df4bcf3c1a0316116ecae58917ef3c65efb1eb22b
 AUX man-db.cron-r1 252 BLAKE2B 1d48851bd11ddf65ee24cae65a8bdb43b2c0df515a790661680775598fae21ef0776f04736425d511d48e97873d44b36a04d6ff41a53fceda0d8254482a4b53a SHA512 c2c7c05bcf241bb066c3ef98e33fb8c3b06abf92c20709f97c1e1e048d47aa4cf5ea412231a490008b3f1d87b284e381e611bb3275e8413ad031dac113112054
 DIST man-db-2.9.3.tar.xz 1885840 BLAKE2B 6163660af60a2900220d7b1de74caa9cb9e5764cc5da20469a8fb08e19ee1948937916664fdc493b89da8fd829aa512877892245fabc00fb586c7754c0da3d53 SHA512 ca1c1214753483f6e22efe69a9df9852e0de01a9ad3b9950dcbbc9f38e6060100b98a84333256f8c734002e66e2fd6256bc017a31bd9acfc42002dca2c0f879b
+EBUILD man-db-2.9.3-r1.ebuild 4135 BLAKE2B 362fb7932b2cbc39126bc2f065cead96b69a6c8cf3149d5ced48c81ba770bc2ee263a64315a9f527ef8e9b2e5bdd99f0aff0fa7b35b96ba29b520cda644ae80a SHA512 b992f202fed69ae1c45bdf2df168734219ba9b60a3d32d1a70c68e8f726d4db2343b7296fbeab9d689e13a6fe0d8817b192a0c15e116d8de5eb9636fa3e45b66
 EBUILD man-db-2.9.3.ebuild 4077 BLAKE2B 19274e434d5fc98ce1df87ffaa49a884c633311d9d5a93c777bb54c074309d5e65c84bec754bf1381a41ee9c060aebf6fafcbad8ae2107fa7feb99f694147ae0 SHA512 a37207b489c41d6db34c31d7e5e6f7aaf269482d16bd9d3a276bdbb5efa30c62949acfd4b31cd990cd3b938b1baba57f9a5efd32f4a0f4175cbdd2bddad990c1
-EBUILD man-db-9999.ebuild 4086 BLAKE2B 94f5ae2c9873bc08e8262bdd049b48363d2c34be2336afbaafc245363b00a317df10770b062c4b011fffed0e2ed54ee666ecfd59feff6cf936608928ec174b04 SHA512 a674880552c2c18f41a0bcfc3a88a4bc94facb61b1e7eca746c3bb3fc5e30c1c0e350fa3ce622d0e362cdefd6f6d46258ff466975ede2f5a75420edb3cf7315b
+EBUILD man-db-9999.ebuild 4088 BLAKE2B 87925a8bd8a382f2cdff2fe3e05b734ef8e41086ad5fe3c7619b9209eacd6ee1da37e5ec68c73ef648d1eea7c323c42e4b273e10abfe1bbcb183329f9ea11c05 SHA512 706759d5da2b2704ebdc4537405613bef5095bd750a02128a5825f38548f9ad6fa3ae1be3cc09b83b90f436e39f25810cef9d6bfdb32da6d38c5a164ff33a558
 MISC metadata.xml 342 BLAKE2B ac0d63182d2d7a73dc256fd0ae1f9994218da535ed39bd756e7db950899fda9a019f9107e8f0d9e4dab1987ba2650ae1fb8cddc9901240cba829c780db69e9b5 SHA512 553cf56ab0b3b6c9403612a7ccd1db073f557b432c68d60adb4716169250a9986b4c112023f6ae200a6fbc2df31cdafd9ab08e04d92ca35cffb81f690bd43d79
diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
new file mode 100644
index 000000000000..0da1b2c5b2b7
--- /dev/null
+++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
@@ -0,0 +1,44 @@
+From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001
+From: "S. Gilles" <sgilles@umd.edu>
+Date: Wed, 12 Aug 2020 16:40:07 -0400
+Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks
+
+libcs such as musl expect ENOSYS to be returned (not EPERM) in their
+fallback code, so change the seccomp filter to be more agreeable to
+them.
+
+At the same time, clock_gettime is permitted in the filter, so permit
+clock_gettime64 as well -- it will be needed by 2038 in any case.
+
+* lib/sandbox.c (make_seccomp_filter): Set default action to
+SCMP_ACT_ERRNO (ENOSYS).  Allow clock_gettime64.
+* NEWS: Document this.
+---
+ NEWS          | 9 +++++++++
+ lib/sandbox.c | 3 ++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/lib/sandbox.c b/lib/sandbox.c
+index 21ec28aa..d934a0f9 100644
+--- a/lib/sandbox.c
++++ b/lib/sandbox.c
+@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
+ 		;
+ 
+ 	debug ("initialising seccomp filter (permissive: %d)\n", permissive);
+-	ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM));
++	ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));
+ 	if (!ctx)
+ 		error (FATAL, errno, "can't initialise seccomp filter");
+ 
+@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
+ 	/* systemd: SystemCallFilter=@default */
+ 	SC_ALLOW ("clock_getres");
+ 	SC_ALLOW ("clock_gettime");
++	SC_ALLOW ("clock_gettime64");
+ 	SC_ALLOW ("clock_nanosleep");
+ 	SC_ALLOW ("execve");
+ 	SC_ALLOW ("exit");
+-- 
+cgit v1.2.1
+
diff --git a/sys-apps/man-db/man-db-2.9.3-r1.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
new file mode 100644
index 000000000000..45f44b6b739b
--- /dev/null
+++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd
+
+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="http://www.nongnu.org/man-db/"
+if [[ "${PV}" = 9999* ]] ; then
+	inherit autotools git-r3
+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git"
+else
+	SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib"
+
+CDEPEND="
+	!sys-apps/man
+	>=dev-libs/libpipeline-1.5.0
+	sys-apps/groff
+	gdbm? ( sys-libs/gdbm:= )
+	!gdbm? ( berkdb? ( sys-libs/db:= ) )
+	!berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )
+	seccomp? ( sys-libs/libseccomp )
+	zlib? ( sys-libs/zlib )
+"
+DEPEND="${CDEPEND}"
+BDEPEND="
+	app-arch/xz-utils
+	virtual/pkgconfig
+	nls? (
+		>=app-text/po4a-0.45
+		sys-devel/gettext
+	)
+"
+RDEPEND="
+	${CDEPEND}
+	acct-group/man
+	acct-user/man
+	selinux? ( sec-policy/selinux-mandb )
+"
+PDEPEND="manpager? ( app-text/manpager )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch
+	"${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch
+)
+
+pkg_setup() {
+	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
+		ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"
+	fi
+}
+
+src_unpack() {
+	if [[ "${PV}" == *9999 ]] ; then
+		git-r3_src_unpack
+
+		# We need to mess with gnulib :-/
+		EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \
+		EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \
+		git-r3_src_unpack
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	default
+	if [[ "${PV}" == *9999 ]] ; then
+		local bootstrap_opts=(
+			--gnulib-srcdir=../gnulib
+			--no-bootstrap-sync
+			--copy
+			--no-git
+		)
+		AUTORECONF="/bin/true" \
+		LIBTOOLIZE="/bin/true" \
+		sh ./bootstrap "${bootstrap_opts[@]}" || die
+
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	export ac_cv_lib_z_gzopen=$(usex zlib)
+	local myeconfargs=(
+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		--disable-setuid #662438
+		--enable-cache-owner=man
+		--with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x"
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		$(use_with seccomp libseccomp)
+		--with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
+	)
+	econf "${myeconfargs[@]}"
+
+	# Disable color output from groff so that the manpager can add it. #184604
+	sed -i \
+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+		src/man_db.conf || die
+
+	cat > 15man-db <<-EOF || die
+	SANDBOX_PREDICT="/var/cache/man"
+	EOF
+}
+
+src_install() {
+	default
+	dodoc docs/{HACKING,TODO}
+	find "${ED}" -type f -name "*.la" -delete || die
+
+	exeinto /etc/cron.daily
+	newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884
+
+	insinto /etc/sandbox.d
+	doins 15man-db
+}
+
+pkg_preinst() {
+	local cachedir="${EROOT}/var/cache/man"
+	# If the system was already exploited, and the attacker is hiding in the
+	# cachedir of the old man-db, let's wipe them out.
+	# see bug  #602588 comment 18
+	local _replacing_version=
+	local _setgid_vuln=0
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		if ver_test '2.7.6.1-r2' -le "${_replacing_version}"; then
+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
+		else
+			_setgid_vuln=1
+			debug-print "Applying cleanup for security bug #602588"
+		fi
+	done
+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+	# Fall back to recreating the cachedir
+	if [[ ! -d ${cachedir} ]] ; then
+		mkdir -p "${cachedir}" || die
+		chown man:man "${cachedir}" || die
+	fi
+
+	# Update the whatis cache
+	if [[ -f ${cachedir}/whatis ]] ; then
+		einfo "Cleaning ${cachedir} from sys-apps/man"
+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
+	fi
+}
+
+pkg_postinst() {
+	if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then
+		einfo "Rebuilding man-db from scratch with new database format!"
+		su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
+	fi
+}
diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild
index 25d02ea5f572..cf3711365b0a 100644
--- a/sys-apps/man-db/man-db-9999.ebuild
+++ b/sys-apps/man-db/man-db-9999.ebuild
@@ -46,7 +46,9 @@ RDEPEND="
 "
 PDEPEND="manpager? ( app-text/manpager )"
 
-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )
+PATCHES=(
+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
+)
 
 pkg_setup() {
 	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150