diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-04-04 08:14:38 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-04-04 08:14:38 +0100 |
commit | f4e04dc11a0252f8c6c535b7538703974cd06ea0 (patch) | |
tree | 6ba3be4a2ac2e0f44768521ed50444220fcfec85 /sys-apps/util-linux | |
parent | ba32ac7204934e0c69e1cc7529edce6efdbeb265 (diff) |
gentoo auto-resync : 04:04:2024 - 08:14:38
Diffstat (limited to 'sys-apps/util-linux')
-rw-r--r-- | sys-apps/util-linux/Manifest | 2 | ||||
-rw-r--r-- | sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch | 52 | ||||
-rw-r--r-- | sys-apps/util-linux/util-linux-2.39.3-r7.ebuild | 416 |
3 files changed, 470 insertions, 0 deletions
diff --git a/sys-apps/util-linux/Manifest b/sys-apps/util-linux/Manifest index 82fed100a91b..8e2bdcef40f9 100644 --- a/sys-apps/util-linux/Manifest +++ b/sys-apps/util-linux/Manifest @@ -5,6 +5,7 @@ AUX util-linux-2.39.2-backport-1d4456d.patch 993 BLAKE2B c65d13ece5de1486044b857 AUX util-linux-2.39.2-backport-pr2251.patch 6779 BLAKE2B bb8d4be48a55931e7f45a95953c1dd6e7ff59f7559b27ad254c2c3643cf0e6410fcd49da3a7d21af70ea1066a883e9db7c75e425baa983ed3a2918ec517fce82 SHA512 8c949125525a4e13086c63595da6c7423a747165ecf3357f2fbcf95cd5cf7840c7c33e992cf66151598a52d5d6e1fe04f5d6059efe044b41882002b808ff937c AUX util-linux-2.39.2-fincore-test.patch 848 BLAKE2B 8320b3ddc561907f6c34e6cf916202c30ab1671cd3e4f7a41187ecbe4efab7fd172d48271073d3d8aadc5c3ae2ee06c5a73b54af0165e5a885e1c5690db40eff SHA512 0562d2102fe1dea0579afcf1353844c8b84c61c6ed1ccfce3a2f010889000623f931fd2d2a0046f570ef5e8ffa0df98b19ce046903090043b292a0529b1db4b9 AUX util-linux-2.39.3-CVE-2024-28085.patch 840 BLAKE2B 220232e6330b201b2a524a1ff75340e899f277590ee988cba6dd9c1450d99a86269a6aefadda3847657fbb150a422bf180d308f13f3399a5c8d4195d1ce7fdc1 SHA512 445cced246202ef174b96f3280ad380eb44e69a0759f1217e70a290444d5e5363d1df7f6d8757afb1e289486e838a97fa7d6b2602845f04a8fdf37b239859095 +AUX util-linux-2.39.3-fix-use-after-free.patch 1598 BLAKE2B 414448281c0f5b13755fde20b19540ba9e9dc66b3d3d67992516c0b818d8e4824aa4f7170aa1e82e8e96b1c687ee2746639b63fd3feec08deb10d3eefbbce459 SHA512 0068b7549a57d4dd561ca917258ee00062791b96ead8f1bb3d54acb52af09c9394c54c23e47b6d01a4ae8aed04926f8c0e1289f568113d167a1911a0ee7b7ea1 AUX util-linux-2.39.3-libblkid-luks.patch 1499 BLAKE2B d08f33f3be0709abb3969a89809a953da06dad98be44d804e1327fc57872331a1cd84d4c9cd4762529df53b3a3a3010ddc7fdcfc8d35e7e6be0447aa1bff055d SHA512 4dd4222a23262a6bfaa472bbfcf17faa0ecd6cbdf85da6459c4ed146f0bdcb0c7e249b6f5286faa4e97d811ebe13285523fb800b280a8eb053224a15bda47bf8 AUX util-linux-2.39.3-libmount-Fix-export-of-mnt_context_is_lazy-and-mnt_c.patch 1710 BLAKE2B 04a3b4db45447556edbf66bdb9bf9c895cdf47a801b41743603b14420bcffe9618c17c8153b6800b872dbc28d1e5c33a55667f2a31e9ff63f7f026c1beb9f524 SHA512 da91fb5f9443907558f6245d4eee3f578e0f0549866a6e9f39bd82d6123868180c1d2aa357e5ef47f163b7ddf67d1c24f6a4768837f21577b2887555a956afe9 AUX util-linux-2.39.3-musl-1.2.5-basename.patch 1814 BLAKE2B 29463f6aedec98cbd7edaa68e3ef0b6c7a4932e6f1b02948237689e75cb720d406970a6521564dd97c68c922b087f23683c219550c5092755057e734f94bc338 SHA512 74f6ccd530766fdbaac55a20becc8e2ce8dc8aeb65aaba3d22430a7c72e19e9483031b508b4448507d245d42e6d730d0d17ec6bc8edb63eaf0cb8ce0365be4d7 @@ -13,5 +14,6 @@ DIST util-linux-2.39.3.tar.xz 8526168 BLAKE2B cd7b2b3c820e920d4a6ecd46fd807e018f EBUILD util-linux-2.39.3-r2.ebuild 10816 BLAKE2B 675a18c3b90136b7f9dcdf80f32af95e762c34499fafb8955a4e65e8aafd275e1c1fd26ff42602c43e5448e45e657de00bf1e073d28b7a27724353fdc9384356 SHA512 549a47fb5864403951a9b4829d920e7856770d35758fb4fd00b6294dfe5926bbc538dbe70d62781f6de600650a14480f15a859c9d051c6cc74037ce360741efc EBUILD util-linux-2.39.3-r5.ebuild 11077 BLAKE2B 3ff11508741aa47716f028ed5518bb03075411d9e320274e152da5bfd35e100b2772ddb74ad7e642a758addcba02449c1f246917095592972fc0600e03ab4635 SHA512 a92a9865263b60de4e4e2ead1849f2683486dfa8e43c3bcb195be6cf9a559fa72cdbfef61942901e86803e273fe75f2b7099e5a3bb02ef35eccfb2d3f6e42115 EBUILD util-linux-2.39.3-r6.ebuild 11130 BLAKE2B 0bc7dd8134172de2a660ca6bdd49ca63c8e4647c76ba19607bea18947e3e63a78d92ba4f74d8086d533bbd667f8fe80b604b20d9c5677e15d73122b973cc2220 SHA512 232c7fc42850b5143af4c822e6d94039918c5c40372de6166834418cc0546dab6468ae35fa673266633aca5b5133a3037ad352b82ace0e1c8f50ba3947878689 +EBUILD util-linux-2.39.3-r7.ebuild 11183 BLAKE2B 29b476a367bb001adec05c40913f6ee38821944d7840de4061e0bdf9bdfbb23fd9f44a520e7c010e0a46d5ec68050d0d56e3604324af0469afd193f28b978eda SHA512 3fad2c2bc069f1cbe3ef8754a8ca87202674eb0c3427242b8cd1169bbcf3f6aa4874790f9772630393bc302e90e86c5e5bcf9db65b37b08d433fde047fa716f3 EBUILD util-linux-9999.ebuild 10539 BLAKE2B cc0cf0445812fa59abfae68308c8c85052031859aa2fbb5e5da9dbd1de7886d71a784f8a6431596e27a08a87c8d0995b383f90d5ae583385e5a7ad60b70be8eb SHA512 7628e3d91ba9827138bccaebe1a9111695f24b006c535437e258e926b32e2d4722dbb09c863339d72cbc956d3fc46eaa93fbc485a606bb59e6afcd2deb11971f MISC metadata.xml 1553 BLAKE2B 1c4a18f6d91be4c90bf2505745cae42f6d249a1295c6a46fc1b8ea08297842b4d3a2aa232e679a167af9fef26730ed71f651b2f71b58cbfe66bd7a5cd3743c3b SHA512 e01d390c983ac47b9a6684f70b11cc796cde1355ae7d4c12406b3d6fc5b0897a9471720844e74fceee1648f4c7d685e6b12f157adc1ad951506acefb7441635c diff --git a/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch b/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch new file mode 100644 index 000000000000..6ebbd0a430f7 --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch @@ -0,0 +1,52 @@ +https://bugs.gentoo.org/928396 +https://github.com/util-linux/util-linux/commit/4b2e6f5071a4c5beebbd9668d24dc05defc096d7 + +From 4b2e6f5071a4c5beebbd9668d24dc05defc096d7 Mon Sep 17 00:00:00 2001 +From: Tanish Yadav <devtany@gmail.com> +Date: Tue, 5 Mar 2024 00:51:41 +0530 +Subject: [PATCH] su: fix use after free in run_shell + +Do not free tmp for non login branch as basename may return a pointer to +some part of it. + +[kzak@redhat.com: - improve coding style of the function] + +Signed-off-by: Tanish Yadav <devtany@gmail.com> +Signed-off-by: Karel Zak <kzak@redhat.com> +--- + login-utils/su-common.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 242b6ce4ea..9bc0231961 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -835,13 +835,14 @@ static void run_shell( + size_t n_args = 1 + su->fast_startup + 2 * ! !command + n_additional_args + 1; + const char **args = xcalloc(n_args, sizeof *args); + size_t argno = 1; ++ char *tmp; + + DBG(MISC, ul_debug("starting shell [shell=%s, command=\"%s\"%s%s]", + shell, command, + su->simulate_login ? " login" : "", + su->fast_startup ? " fast-start" : "")); ++ tmp = xstrdup(shell); + +- char* tmp = xstrdup(shell); + if (su->simulate_login) { + char *arg0; + char *shell_basename; +@@ -851,10 +852,8 @@ static void run_shell( + arg0[0] = '-'; + strcpy(arg0 + 1, shell_basename); + args[0] = arg0; +- } else { +- args[0] = basename(tmp); +- } +- free(tmp); ++ } else ++ args[0] = basename(tmp); + + if (su->fast_startup) + args[argno++] = "-f"; diff --git a/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild b/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild new file mode 100644 index 000000000000..7892f3ad5d47 --- /dev/null +++ b/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild @@ -0,0 +1,416 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \ + pam python-r1 multilib-minimal multiprocessing systemd + +MY_PV="${PV/_/-}" +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="Various useful Linux utilities" +HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git" + inherit autotools git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/karelzak.asc + inherit verify-sig + + if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos" + fi + + SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz" + SRC_URI+=" verify-sig? ( https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.sign )" +fi + +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain" +SLOT="0" +IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode" + +# Most lib deps here are related to programs rather than our libs, +# so we rarely need to specify ${MULTILIB_USEDEP}. +RDEPEND=" + virtual/libcrypt:= + audit? ( >=sys-process/audit-2.6:= ) + caps? ( sys-libs/libcap-ng ) + cramfs? ( sys-libs/zlib:= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.1.0 ) + hardlink? ( dev-libs/libpcre2:= ) + ncurses? ( + sys-libs/ncurses:=[unicode(+)?] + magic? ( sys-apps/file:0= ) + ) + nls? ( virtual/libintl[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + rtas? ( sys-libs/librtas ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + slang? ( sys-libs/slang ) + !build? ( + systemd? ( sys-apps/systemd ) + udev? ( virtual/libudev:= ) + ) +" +BDEPEND=" + virtual/pkgconfig + nls? ( + app-text/po4a + sys-devel/gettext + ) + test? ( app-alternatives/bc ) +" +DEPEND=" + ${RDEPEND} + virtual/os-headers + acct-group/root +" +RDEPEND+=" + hardlink? ( !app-arch/hardlink ) + logger? ( !>=app-admin/sysklogd-2.0[logger] ) + kill? ( + !sys-apps/coreutils[kill] + !sys-process/procps[kill] + ) + su? ( + !<sys-apps/shadow-4.7-r2 + !>=sys-apps/shadow-4.7-r2[su] + ) + !net-wireless/rfkill +" + +if [[ ${PV} == 9999 ]] ; then + # Required for man-page generation + BDEPEND+=" dev-ruby/asciidoctor" +else + BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-karelzak-20230517 )" +fi + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )" +RESTRICT="!test? ( test )" + +PATCHES=( + "${FILESDIR}"/${PN}-2.39.2-fincore-test.patch + "${FILESDIR}"/${PN}-2.39.2-backport-pr2251.patch + "${FILESDIR}"/${PN}-2.39.2-backport-1d4456d.patch + "${FILESDIR}"/${PN}-2.39.3-libblkid-luks.patch + "${FILESDIR}"/${PN}-2.39.3-musl-1.2.5-basename.patch + "${FILESDIR}"/${PN}-2.39.3-libmount-Fix-export-of-mnt_context_is_lazy-and-mnt_c.patch + "${FILESDIR}"/${PN}-2.39.3-CVE-2024-28085.patch + "${FILESDIR}"/${PN}-2.39.3-fix-use-after-free.patch +) + +pkg_pretend() { + if use su && ! use suid ; then + elog "su will be installed as suid despite USE=-suid (bug #832092)" + elog "To use su without suid, see e.g. Portage's suidctl feature." + fi +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + return + fi + + if use verify-sig ; then + mkdir "${T}"/verify-sig || die + pushd "${T}"/verify-sig &>/dev/null || die + + # Upstream sign the decompressed .tar + # Let's do it separately in ${T} then cleanup to avoid external + # effects on normal unpack. + cp "${DISTDIR}"/${MY_P}.tar.xz . || die + xz -d ${MY_P}.tar.xz || die + verify-sig_verify_detached ${MY_P}.tar "${DISTDIR}"/${MY_P}.tar.sign + + popd &>/dev/null || die + rm -r "${T}"/verify-sig || die + fi + + default +} + +src_prepare() { + default + + if use test ; then + # Known-failing tests + # TODO: investigate these + local known_failing_tests=( + # Subtest 'options-maximum-size-8192' fails + hardlink/options + + # Fails in sandbox + lsns/ioctl_ns + + lsfd/mkfds-symlink + lsfd/mkfds-rw-character-device + # Fails with network-sandbox at least in nspawn + lsfd/option-inet + utmp/last-ipv6 + ) + + local known_failing_test + for known_failing_test in "${known_failing_tests[@]}" ; do + einfo "Removing known-failing test: ${known_failing_test}" + rm tests/ts/${known_failing_test} || die + done + fi + + if [[ ${PV} == 9999 ]] ; then + po/update-potfiles + eautoreconf + else + elibtoolize + fi +} + +python_configure() { + local myeconfargs=( + "${commonargs[@]}" + --disable-all-programs + --disable-bash-completion + --without-systemdsystemunitdir + --with-python + --enable-libblkid + --enable-libmount + --enable-pylibmount + ) + + mkdir "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + popd >/dev/null || die +} + +multilib_src_configure() { + # The scanf test in a run-time test which fails while cross-compiling. + # Blindly assume a POSIX setup since we require libmount, and libmount + # itself fails when the scanf test fails. bug #531856 + tc-is-cross-compiler && export scanf_cv_alloc_modifier=ms + + # bug #485486 + export ac_cv_header_security_pam_misc_h=$(multilib_native_usex pam) + # bug #545042 + export ac_cv_header_security_pam_appl_h=$(multilib_native_usex pam) + + # Undo bad ncurses handling by upstream. Fall back to pkg-config. + # bug #601530 + export NCURSES6_CONFIG=false NCURSES5_CONFIG=false + export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false + + # Avoid automagic dependency on ppc* + export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas) + + # configure args shared by python and non-python builds + local commonargs=( + --localstatedir="${EPREFIX}/var" + --runstatedir="${EPREFIX}/run" + --enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin" + + # Temporary workaround until ~2.39.2. 2.39.x introduced a big rewrite. + # https://github.com/util-linux/util-linux/issues/2287#issuecomment-1576640373 + --disable-libmount-mountfd-support + ) + + local myeconfargs=( + "${commonargs[@]}" + --with-bashcompletiondir="$(get_bashcompdir)" + --without-python + $(multilib_native_use_enable suid makeinstall-chown) + $(multilib_native_use_enable suid makeinstall-setuid) + $(multilib_native_use_with readline) + $(multilib_native_use_with slang) + $(multilib_native_usex ncurses "$(use_with magic libmagic)" '--without-libmagic') + $(multilib_native_usex ncurses "$(use_with unicode ncursesw)" '--without-ncursesw') + $(multilib_native_usex ncurses "$(use_with !unicode ncurses)" '--without-ncurses') + $(multilib_native_use_with audit) + $(tc-has-tls || echo --disable-tls) + $(use_enable nls) + $(use_enable nls poman) + $(use_enable unicode widechar) + $(use_enable static-libs static) + $(use_with ncurses tinfo) + $(use_with selinux) + ) + + if use build ; then + myeconfargs+=( + --without-systemd + --without-udev + ) + else + myeconfargs+=( + $(multilib_native_use_with systemd) + $(multilib_native_use_with udev) + ) + fi + + if multilib_is_native_abi ; then + myeconfargs+=( + --disable-chfn-chsh + --disable-login + --disable-newgrp + --disable-nologin + --disable-pylibmount + --disable-raw + --disable-vipw + --enable-agetty + --enable-bash-completion + --enable-line + --enable-partx + --enable-rename + --enable-rfkill + --enable-schedutils + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_enable caps setpriv) + $(use_enable cramfs) + $(use_enable fdformat) + $(use_enable hardlink) + $(use_enable kill) + $(use_enable logger) + $(use_enable ncurses pg) + $(use_enable su) + $(use_enable tty-helpers mesg) + $(use_enable tty-helpers wall) + $(use_enable tty-helpers write) + $(use_with cryptsetup) + ) + if [[ ${PV} == *9999 ]] ; then + myeconfargs+=( --enable-asciidoc ) + else + # Upstream is shipping pre-generated man-pages for releases + myeconfargs+=( --disable-asciidoc ) + fi + else + myeconfargs+=( + --disable-all-programs + --disable-asciidoc + --disable-bash-completion + --without-systemdsystemunitdir + --disable-poman + + # build libraries + --enable-libuuid + --enable-libblkid + --enable-libsmartcols + --enable-libfdisk + --enable-libmount + ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_configure + fi +} + +src_configure() { + append-lfs-flags + multilib-minimal_src_configure +} + +python_compile() { + pushd "${BUILD_DIR}" >/dev/null || die + emake all + popd >/dev/null || die +} + +multilib_src_compile() { + emake all + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_compile + fi +} + +python_test() { + pushd "${BUILD_DIR}" >/dev/null || die + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + popd >/dev/null || die +} + +multilib_src_test() { + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + if multilib_is_native_abi && use python ; then + python_foreach_impl python_test + fi +} + +python_install() { + pushd "${BUILD_DIR}" >/dev/null || die + emake DESTDIR="${D}" install + python_optimize + popd >/dev/null || die +} + +multilib_src_install() { + if multilib_is_native_abi && use python ; then + python_foreach_impl python_install + fi + + # This needs to be called AFTER python_install call, bug #689190 + emake DESTDIR="${D}" install +} + +multilib_src_install_all() { + dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*} + + dosym hexdump /usr/bin/hd + newman - hd.1 <<< '.so man1/hexdump.1' + + # e2fsprogs-libs didn't install .la files, and .pc work fine + find "${ED}" -name "*.la" -delete || die + + if use pam ; then + # See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt + newpamd "${FILESDIR}/runuser.pamd" runuser + newpamd "${FILESDIR}/runuser-l.pamd" runuser-l + + newpamd "${FILESDIR}/su-l.pamd" su-l + fi + + if use su && ! use suid ; then + # Always force suid su, even when USE=-suid, as su is useless + # for the overwhelming-majority case without suid. + # Users who wish to truly have a no-suid su can strip it out + # via e.g. Portage's suidctl or some other hook. + # See bug #832092 + fperms u+s /bin/su + fi + + # Note: + # Bash completion for "runuser" command is provided by same file which + # would also provide bash completion for "su" command. However, we don't + # use "su" command from this package. + # This triggers a known QA warning which we ignore for now to magically + # keep bash completion for "su" command which shadow package does not + # provide. + + local ver=$(tools/git-version-gen .tarballversion) + local major=$(ver_cut 1 ${ver}) + local minor=$(ver_cut 2 ${ver}) + local release=$(ver_cut 3 ${ver}) + export QA_PKGCONFIG_VERSION="${major}.${minor}.${release:-0}" +} + +pkg_postinst() { + if ! use tty-helpers ; then + elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers." + fi + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "The agetty util now clears the terminal by default. You" + elog "might want to add --noclear to your /etc/inittab lines." + fi +} |