diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-01-11 11:44:03 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-01-11 11:44:03 +0000 |
commit | df26c7469c1f2af2e643d43e2e32a6c9142e4885 (patch) | |
tree | 1beee9b11d06bfcc69d1d6c8ab00566f8633aec1 /sys-apps | |
parent | ad391b961414c99124b93cb86695c04bd8d57937 (diff) |
gentoo auto-resync : 11:01:2023 - 11:44:03
Diffstat (limited to 'sys-apps')
23 files changed, 448 insertions, 1117 deletions
diff --git a/sys-apps/Manifest.gz b/sys-apps/Manifest.gz Binary files differindex f7c021044165..2d7bd1d698c2 100644 --- a/sys-apps/Manifest.gz +++ b/sys-apps/Manifest.gz diff --git a/sys-apps/fix-gnustack/Manifest b/sys-apps/fix-gnustack/Manifest index 30bc784d14e7..591dfbe4b728 100644 --- a/sys-apps/fix-gnustack/Manifest +++ b/sys-apps/fix-gnustack/Manifest @@ -1,3 +1,7 @@ +AUX 0.1/0001-fix-gnustack-respect-CFLAGS-LDFLAGS-for-tests.patch 778 BLAKE2B a351284c1fc435934d2b0057234c1b288b04c6095b1ae117cc124c7ca66a8cac2ccb885ff5826d5e755293abb2a98408ee0a1778c4e551636f4d732e921c9f47 SHA512 2b697b69917ea2a0c8fac1aad4091595c61bfdc9feb3cc0f7d6607af952e71cea2c53aaad6720fa84f4ecfa47b143ec97d26de04a511c0e2517c4b4abddfa2c7 +AUX 0.1/0002-fix-gnustack-add-set-x-in-tests-for-easier-debugging.patch 680 BLAKE2B 0914a7c064030433fa9cd9ae4e4868b5ee38711a64669e3fcd4a4e947ad5e5c9df33720a9ba121c7bc786ecd3dea89f17bd683bef3f586554063af9fd7c6326f SHA512 b89278cd23c6c0cd4c9255f26afb194da06d1c16d8cd9cf7a30ea35d8f8a2ca0b26e5630c357f9c06e13ffce643823c2448d8eeb7e6b7f8176650cb6712930c5 +AUX 0.1/0003-fix-gnustack-pass-Wl-z-execstack-for-tests-with-Clan.patch 858 BLAKE2B 50035def4bdd8782953dd4764c1cb006512fc1f97b9fe7473fa0b84df50d6005ff11508e84c249da8db398e6da611de014e556d78e7ae1ab44282c4e33363891 SHA512 302e7fd419b09f0e2076f9f8d737b54fa423873f7f917d6a8530e12f547cf2a0e6bdb5a2ffab5f32053c6f82aaaef83f4ca4564584281799ca2a1c468bfcc2f9 DIST fix-gnustack-0.1.tar.bz2 105457 BLAKE2B 25825972d0a37335a6d6aec316e4dc972d6590da5d7d1145252b3fb4fbbf6276cc7818e47270065583558adf36522ea26652f8e7212a2046fc0d54c131ad5324 SHA512 df83beef5533003ceedda799bb27af15f877d2b3bc7c8213b2ac64a100270790655de3836eaa0ab8411d9eb91a6056e4902973b740b9b0791dcc5477226544a1 +EBUILD fix-gnustack-0.1-r1.ebuild 639 BLAKE2B faaa0d1361e85f616e65987a6e60825f0b50566c5d6839f29e37cbfe7f630ca14362451aba4007322308a7f3d98eefd73f729d6703150aa653dd469d712cfd4a SHA512 3749fc2405744fa89c87ed0382438e8edf06f7489f0f1724f67d039f83f9aaeaf86e4618fc6feb3261dd2829c728312cd0233b0e7c9d580115bde5ae7c1fc051 EBUILD fix-gnustack-0.1.ebuild 443 BLAKE2B 6ff06d40ef5a3aa53e19b028b738c81a8029a13a7fca90d7728010f1ddcd91347988368ec37fd828419106832c91c36cc4c0835b7d16ccdeffc2b785e5c620d4 SHA512 26693f127e2c878cfa585afb46602b742c4c1bdbadc77243c7dfa11aa8fb52ff80bc2954641c8dcd378bfdd7050aa1cd3861a034d51dc2a327577ceb2b2ba808 -MISC metadata.xml 338 BLAKE2B 73df8ab9fd015c49a1e7f9915c2e3df4959fab90d2decfb844e359b58c9300c0a2ca0926d80974574cb274b21de93dbe5c410b6fdc26d29a9a1e353b508ae5df SHA512 6be488568edeee9aaa740da57adf79d751b395ee82ab60a3d121dead2f6513d8856898fdcdbf7f6ce378abfd924d7fcacd3a3d0c02531fffa365284bab308d8f +MISC metadata.xml 465 BLAKE2B dd1c394fa274793a675b48ee9d86936ea01a0a4f9ac277bfd6df4e737da3eacc31b0140a3bd6da2b032a77fdc5499a70e91a0a02a557698e4f4dab5483963141 SHA512 31167b524a7302d8458cd1fa932fd108609eadd88844f23ce28b13f7412a762894b5801ad54dff36db86c6e089f39e0db39f135704449492087ad3762fd8ce31 diff --git a/sys-apps/fix-gnustack/files/0.1/0001-fix-gnustack-respect-CFLAGS-LDFLAGS-for-tests.patch b/sys-apps/fix-gnustack/files/0.1/0001-fix-gnustack-respect-CFLAGS-LDFLAGS-for-tests.patch new file mode 100644 index 000000000000..f0c786abf183 --- /dev/null +++ b/sys-apps/fix-gnustack/files/0.1/0001-fix-gnustack-respect-CFLAGS-LDFLAGS-for-tests.patch @@ -0,0 +1,28 @@ +From 4fb8a9cb2a5410aa565d028bd8deb53d8682da62 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 05:39:13 +0000 +Subject: [PATCH 1/3] fix-gnustack: respect CFLAGS, LDFLAGS for tests + +Needed to correctly run tests with Clang, as Clang doesn't create +executable stacks by default. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -5,11 +5,11 @@ noinst_PROGRAMS = bad-gnustack + EXTRA_DIST = gnustacktest.sh + + bad-gnustack.s: bad-gnustack.c +- $(CC) -S $< ++ $(CC) $(CPPFLAGS) $(CFLAGS) -S $< + $(SED) -i -e 's/GNU-stack,"",/GNU-stack,"x",/' $@ + + bad-gnustack$(EXEEXT): bad-gnustack.s +- $(CC) -o $@ $< ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + + check_SCRIPTS = gnustacktest + TEST = $(check_SCRIPTS) +-- +2.39.0 + diff --git a/sys-apps/fix-gnustack/files/0.1/0002-fix-gnustack-add-set-x-in-tests-for-easier-debugging.patch b/sys-apps/fix-gnustack/files/0.1/0002-fix-gnustack-add-set-x-in-tests-for-easier-debugging.patch new file mode 100644 index 000000000000..16ade32c2bd1 --- /dev/null +++ b/sys-apps/fix-gnustack/files/0.1/0002-fix-gnustack-add-set-x-in-tests-for-easier-debugging.patch @@ -0,0 +1,22 @@ +From 87ca5c5bbe63ea3c9227fdd4a01ccdc1ce723323 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 05:39:43 +0000 +Subject: [PATCH 2/3] fix-gnustack: add 'set -x' in tests for easier debugging + +It's hard to see why something failed otherwise, as we only have the +exit code. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/tests/gnustacktest.sh ++++ b/tests/gnustacktest.sh +@@ -16,6 +16,7 @@ + # You should have received a copy of the GNU General Public License + # along with this program. If not, see <http://www.gnu.org/licenses/>. + # ++set -x + + before=$(../fix-gnustack -f bad-gnustack) + before=$(echo ${before} | awk '{ print $2 }') +-- +2.39.0 + diff --git a/sys-apps/fix-gnustack/files/0.1/0003-fix-gnustack-pass-Wl-z-execstack-for-tests-with-Clan.patch b/sys-apps/fix-gnustack/files/0.1/0003-fix-gnustack-pass-Wl-z-execstack-for-tests-with-Clan.patch new file mode 100644 index 000000000000..66ffa5e5136d --- /dev/null +++ b/sys-apps/fix-gnustack/files/0.1/0003-fix-gnustack-pass-Wl-z-execstack-for-tests-with-Clan.patch @@ -0,0 +1,26 @@ +From c8a1d365ff1349cc438352917863ed98ee34a80f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Wed, 11 Jan 2023 07:09:53 +0000 +Subject: [PATCH 3/3] fix-gnustack: pass -Wl,-z,execstack for tests with Clang + +Clang doesn't create executable stacks by default, so we need to force it +for the purposes of the tests. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -8,8 +8,10 @@ bad-gnustack.s: bad-gnustack.c + $(CC) $(CPPFLAGS) $(CFLAGS) -S $< + $(SED) -i -e 's/GNU-stack,"",/GNU-stack,"x",/' $@ + ++# Clang doesn't create executable stacks by default, so ++# tests for fix-gnustack fail without this. + bad-gnustack$(EXEEXT): bad-gnustack.s +- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< ++ $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-z,execstack -o $@ $< + + check_SCRIPTS = gnustacktest + TEST = $(check_SCRIPTS) +-- +2.39.0 + diff --git a/sys-apps/fix-gnustack/fix-gnustack-0.1-r1.ebuild b/sys-apps/fix-gnustack/fix-gnustack-0.1-r1.ebuild new file mode 100644 index 000000000000..592e82c6121b --- /dev/null +++ b/sys-apps/fix-gnustack/fix-gnustack-0.1-r1.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="Utility to report and remove the executable flag from an ELF object's GNU_STACK" +HOMEPAGE="https://dev.gentoo.org/~blueness/fix-gnustack" +SRC_URI="https://dev.gentoo.org/~blueness/${PN}/${P}.tar.bz2" +S="${WORKDIR}/${PN}" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="dev-libs/elfutils" +RDEPEND="${DEPEND}" + +PATCHES=( + # Backports from master, drop on next release + "${FILESDIR}"/${PV} +) + +src_prepare() { + default + + # Drop on next release, only needed for tests patch + eautoreconf +} diff --git a/sys-apps/fix-gnustack/metadata.xml b/sys-apps/fix-gnustack/metadata.xml index 33d53cff133d..f1e4bd47573f 100644 --- a/sys-apps/fix-gnustack/metadata.xml +++ b/sys-apps/fix-gnustack/metadata.xml @@ -8,4 +8,8 @@ <email>base-system@gentoo.org</email> <name>Gentoo Base System</name> </maintainer> + <upstream> + <remote-id type="gentoo">proj/elfix</remote-id> + <remote-id type="github">gentoo/elfix</remote-id> + </upstream> </pkgmetadata> diff --git a/sys-apps/install-xattr/Manifest b/sys-apps/install-xattr/Manifest index 30dc00d7d06f..e3fd88c4b78c 100644 --- a/sys-apps/install-xattr/Manifest +++ b/sys-apps/install-xattr/Manifest @@ -1,4 +1,7 @@ +AUX 0.8/0001-install-xattr-avoid-accessing-empty-storage.patch 1493 BLAKE2B e0e2fc6beb906cae339275dfede7188bf95170f4efecfdeea8cc8aa65ecca7f353694120f123799f536fb5bb91e35f9d5c77fdd092f3768e22d8f26d1e8abdd2 SHA512 0df1f97066e3f9f5479c996d307b48039332bf555e2c8d4b64572d60fa4ac8f47d442c6be5ceb8281a11c47bba4d6f3bf204fd3434b04884cef6d43ef2193a35 +AUX 0.8/0002-install-xattr-fix-small-memory-leak.patch 2235 BLAKE2B 7149e3180ffddd658b20ba9e45593a4cee0f3610e26b28497a1e4f639b476e797f60f962cae573233fdbc1040b281301b6d4e3cc43875bec6a1ed739f6f82f42 SHA512 2ad58f650b8026dea0d32dee911d66438d5a7b13bea290b050f6e932496d35ff58189ba89a52d7b761589bba2865a58d3720eed7206d8199959b11750877ab30 DIST install-xattr-0.8.tar.bz2 16359 BLAKE2B 25c483211ea6d01f46d9739fd3f1327e543e8b986a252d97e8b012ff6169a9b6430dc0ab7c184bf04c6665182c242eb37f7059d2d23cecececea723bde74cb56 SHA512 3af95a724d95286854767fe28679b024de8d257ce2d21addecbd40906e10bf48cfd4263609c6c2f436c6a807e91d24118110fda041091fadbefd848c892af778 -EBUILD install-xattr-0.8.ebuild 1006 BLAKE2B 90eecf926ae3b82c957c6d961f37819e6a425320433ec8056e2270dc5394485940b549740e06bc935760417994a504052e0e1ebba016081abff8087a1b5401a9 SHA512 28aad2eb15ac7d13ef468e3feb0e456fec5caeedac2b758d5670e854cd2269ae6da88c1d8ddfed9826b37fa979e88b71a2cd539d6870520778e1c1b22c9007ea -EBUILD install-xattr-9999.ebuild 1007 BLAKE2B ad60a837a7388bb01f7c0e7af39ff536973143c9f75281952e45629345e11690d63cd1649032ce1f55448e6dbe56ba506ddb489175f1265cbf41fca55eeba589 SHA512 ce4545fee470b395c9d7b6df65f9bfdccff526e1de3a64976f45717713b6053c5bcf93fd9661642ac6ca294dcc49ba5d2a82e41b731f9faf93949964e2c57025 +EBUILD install-xattr-0.8-r1.ebuild 1018 BLAKE2B 7c3d247e86156a8f3fcf50556070d45e254632093be8d7dbe0f8c95b9b80ecde112dfd3d0dfc7beec6171ab8e23675fd27eba8e5f6e988e95cb993f9bbd1d7e8 SHA512 c483f8eb22102de8c875e58d3a7bb7e1e533ef4e1bfd382278597eb1aa649d5c5d45678203393077db3cfe30f0eef8f2ffe494f959ec71255a8d7c8c975b2a15 +EBUILD install-xattr-0.8.ebuild 1006 BLAKE2B ed568765285654f323b5d38b324c0da6c2cabf2c450c2fc7d9a31dec5a876adcb0275de1448c80bbce4619d259f6dd95e4aad376f196d2a41a97072ac345275e SHA512 0819e998357e972c89dfcb7257e155348df4aa854cbcfc4dfea01f4411ca8c1a607c0f14a1e8c55a676210d0b639935b6eaeca2c9ae0e0edb5d069614acf9506 +EBUILD install-xattr-9999.ebuild 971 BLAKE2B e9725d58e099850e6ca3b151e23a258c7dc680d115a7ec9be86edbac32cf3d5e4875713383da9438e7d3ce15a25d80560042c2c816ed9503dcd7004ebe34bc4c SHA512 94a6020f4baa8a123f2d97393fc5c2d55226211427f2d7f220f77cb1d713ad6c9d1aa7413cd137542bbc7308909d8686aa95a9e2b91ae294475078d815257b68 MISC metadata.xml 331 BLAKE2B e3b7ee18d397a8cf60b49d5c4eca33441306f8fcc993db82f5448ff157e0a2fbaf2c68aad458ee7fedec0bc88d0227ef179303b413e016f99b37da250e065226 SHA512 cf38b01cf7b8c471b1983a1906a95bbf1f492f4a94e4d8beb7802b72f9ad3ee365efd4971f16301acc0bb5ca8786ed5346cb218300ed12ddf4d1b98cbb77cadf diff --git a/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch b/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch new file mode 100644 index 000000000000..b77f74635e48 --- /dev/null +++ b/sys-apps/install-xattr/files/0.8/0001-install-xattr-avoid-accessing-empty-storage.patch @@ -0,0 +1,46 @@ +https://github.com/gentoo/elfix/pull/3 + +From 2a0dffbf0080dc74f82910a74f051d835cfd653f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 03:06:50 +0000 +Subject: [PATCH 1/2] install-xattr: avoid accessing empty storage + +UBSAN reports: +``` +install-xattr.c:124:16: runtime error: load of address 0x55555556d440 with insufficient space for an object of type 'char' +0x55555556d440: note: pointer points here + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 00 00 + ^ + #0 0x555555557a27 in copyxattr /home/sam/git/elfix//install-xattr.c:124 + #1 0x555555556a4d in main /home/sam/git/elfix//install-xattr.c:410 + #2 0x7ffff77c864f (/usr/lib64/libc.so.6+0x2364f) + #3 0x7ffff77c8708 in __libc_start_main (/usr/lib64/libc.so.6+0x23708) + #4 0x555555557114 in _start (/home/sam/git/elfix//install-xattr+0x3114) +``` + +Triggered with: +``` +mkdir /tmp/a +touch /tmp/foo +./install-xattr -c /tmp/foo /tmp/foo2 /tmp/a +``` + +I don't see this with Clang or < GCC 12, but I do with GCC 13 (13.0.0_pre20230101 p5); +I suspect it's because of object-size improvements. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/install-xattr.c ++++ b/install-xattr.c +@@ -119,6 +119,10 @@ copyxattr(const char *source, const char *target) + lxattr = xmalloc(lsize); + xlistxattr(source, lxattr, lsize); + ++ /* There's no xattrs at all. */ ++ if (lsize == 0) ++ return; ++ + i = 0; + while (1) { + while (lxattr[i++] == 0) +-- +2.39.0 diff --git a/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch b/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch new file mode 100644 index 000000000000..91c9d8885b9e --- /dev/null +++ b/sys-apps/install-xattr/files/0.8/0002-install-xattr-fix-small-memory-leak.patch @@ -0,0 +1,50 @@ +https://github.com/gentoo/elfix/pull/3 + +From 776afeae92d2afd3340cd753abc58ccd8daba48f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 06:39:30 +0000 +Subject: [PATCH 2/2] install-xattr: fix small memory leak + +There's another with strdup/malloc but it gets a bit messier +to fix so let's leave that for now (this is mostly about correctness +anyway, as the runtime of install-xattr is very small): +``` +Direct leak of 4097 byte(s) in 1 object(s) allocated from: + #0 0x7f4a2c22e257 in __interceptor_malloc /usr/src/debug/sys-devel/gcc-13.0.0_pre20230101/gcc-13-20230101/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7f4a2c1d2b40 in __interceptor_realpath /usr/src/debug/sys-devel/gcc-13.0.0_pre20230101/gcc-13-20230101/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:3904 + #2 0x55da3adf5629 in realpath /usr/include/bits/stdlib.h:42 + #3 0x55da3adf5629 in main /home/sam/git/elfix/install-xattr.c:252 +``` + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/install-xattr.c ++++ b/install-xattr.c +@@ -248,7 +248,6 @@ main(int argc, char* argv[]) + char *target = NULL; /* the target file or directory */ + char *path; /* path to the target file */ + +- char *mypath = realpath("/proc/self/exe", NULL); /* path to argv[0] */ + char *install; /* path to the system install */ + + struct stat s; /* test if a file is a regular file or a directory */ +@@ -353,7 +352,9 @@ main(int argc, char* argv[]) + case -1: + err(1, "fork() failed"); + +- case 0: ++ case 0: { ++ char *mypath = realpath("/proc/self/exe", NULL); /* path to argv[0] */ ++ + /* find system install avoiding mypath and portage_helper_path! */ + if (portage_helper_path) + portage_helper_canpath = realpath(portage_helper_path, NULL); +@@ -363,6 +364,7 @@ main(int argc, char* argv[]) + argv[0] = install; /* so coreutils' lib/program.c behaves */ + execv(install, argv); /* The kernel will free(install). */ + err(1, "execv() failed"); ++ } + + default: + wait(&status); +-- +2.39.0 diff --git a/sys-apps/install-xattr/install-xattr-0.8-r1.ebuild b/sys-apps/install-xattr/install-xattr-0.8-r1.ebuild new file mode 100644 index 000000000000..057386422bd1 --- /dev/null +++ b/sys-apps/install-xattr/install-xattr-0.8-r1.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Wrapper to coreutils install to preserve Filesystem Extended Attributes" +HOMEPAGE="https://dev.gentoo.org/~blueness/install-xattr/" + +inherit flag-o-matic toolchain-funcs + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/elfix.git" + inherit git-r3 +else + SRC_URI="https://dev.gentoo.org/~blueness/install-xattr/${P}.tar.bz2" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + S="${WORKDIR}"/${PN} +fi + +LICENSE="GPL-3" +SLOT="0" + +PATCHES=( + # Backports from master, drop on next release + "${FILESDIR}"/${PV} +) + +src_prepare() { + default + + tc-export CC + append-lfs-flags +} + +src_compile() { + if [[ ${PV} == "9999" ]] ; then + cd "${WORKDIR}/${P}/misc/${PN}" || die + fi + default +} + +src_install() { + if [[ ${PV} == "9999" ]] ; then + cd "${WORKDIR}/${P}/misc/${PN}" || die + fi + + emake DESTDIR="${ED}" install +} diff --git a/sys-apps/install-xattr/install-xattr-0.8.ebuild b/sys-apps/install-xattr/install-xattr-0.8.ebuild index 734046b5f3d7..d1df396b8af3 100644 --- a/sys-apps/install-xattr/install-xattr-0.8.ebuild +++ b/sys-apps/install-xattr/install-xattr-0.8.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 diff --git a/sys-apps/install-xattr/install-xattr-9999.ebuild b/sys-apps/install-xattr/install-xattr-9999.ebuild index 44b01b811bb3..bef83b301b9f 100644 --- a/sys-apps/install-xattr/install-xattr-9999.ebuild +++ b/sys-apps/install-xattr/install-xattr-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -DESCRIPTION="Wrapper to coreutil's install to preserve Filesystem Extended Attributes" +DESCRIPTION="Wrapper to coreutils install to preserve Filesystem Extended Attributes" HOMEPAGE="https://dev.gentoo.org/~blueness/install-xattr/" inherit flag-o-matic toolchain-funcs @@ -13,17 +13,22 @@ if [[ ${PV} == "9999" ]] ; then inherit git-r3 else SRC_URI="https://dev.gentoo.org/~blueness/install-xattr/${P}.tar.bz2" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" - S=${WORKDIR}/${PN} + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + S="${WORKDIR}"/${PN} fi LICENSE="GPL-3" SLOT="0" +PATCHES=( + "${FILESDIR}"/${PV} +) + src_prepare() { default + tc-export CC - append-cppflags "-D_FILE_OFFSET_BITS=64" + append-lfs-flags } src_compile() { @@ -37,10 +42,6 @@ src_install() { if [[ ${PV} == "9999" ]] ; then cd "${WORKDIR}/${P}/misc/${PN}" || die fi - DESTDIR=${ED} emake install -} -# We need to fix how tests are done -src_test() { - true + emake DESTDIR="${ED}" install } diff --git a/sys-apps/systemd-utils/Manifest b/sys-apps/systemd-utils/Manifest index 63bb89a25b0c..f3e67a7c1d34 100644 --- a/sys-apps/systemd-utils/Manifest +++ b/sys-apps/systemd-utils/Manifest @@ -1,17 +1,14 @@ AUX 251-gpt-auto-no-cryptsetup.patch 958 BLAKE2B 7067224e613433fcb139c38597552e080e07d33b207965a9c9a2b3d4e353c43dae38e6800d6ce28cadcba5f914b1b49e80fa48929df2c4bb96248bfeb6bf6aa5 SHA512 6a78bbdde3aae9a2ad4c4f824eb5281ca9ab24770516ad7c9a9e3daf7f39475bf9b4dd868c857a9833dd408db801393f949b8fae1700b2ad04ea822dc84e3429 -AUX 251-meson-0.64.patch 919 BLAKE2B e9eb5f82235f60f18658e4a6a3bc262525cb3152f8b6953b38683c51d439ebebe215dc4b71935e4059e17d82a07bc9e0ffd1354453d5c6977c927d0ba8f52646 SHA512 2d331194071c6cd0c1e8cf3c50de71b3a06b65ec7cf03f0ced15f2d060dd1b0b252efd59604bc871a8b3bb60794cdafecd9ab01ca17f73d854fce77528cf3f4a AUX 251-revert-fortify-source-3-fix.patch 2059 BLAKE2B 5b34062821f2097fc622ffc66d83029267173b2b4131b29d9339644577b7e80c513c83f62d07ba3e030c2a861efe7d399bd871cc35803b39940f7ec0e7bacfec SHA512 14c5ac8d0343a4cb50de6c56124e515b159cf5f9bf358404ba41ec7a9c439206673e0d44888164ff3872236c7b8c74f5ea9544ea7a981a3b5930585dabcd4782 +AUX 251-tmpfiles-ub.patch 2892 BLAKE2B 0c65c90c0a631a48b7f3b8194350fb90e6915e0e7f32b0de87cfb83ca170f68576017efbe8a531fdeb01485ac6840a4c75628d1a384e750fc5094dff68dddcab SHA512 5c4fac1933a0b8443b80cff7069f21904773d486f30be24337f2b68234c708568ccd0f1ab216968ce71f760e4e27f85912971cdb9dd3ee724d7e6a2d8bc917d7 AUX 40-gentoo.rules 167 BLAKE2B 07116c6e5aab7de9fa8a88c6cdd9ad76a09d797d6f7bc3d0535c93ccf83486bbdae8f68d682714576b072a174df070505cce9c6f4b729e91a6f61ed89da72e8e SHA512 92e2be610839432f46cefab4d128825199dc9f2c5ef33119f9ff84dfe635ef56a4f7aaed64ba52ea2798868b00c3a1b7955caa33219aa298c6a2b8290181f94b AUX systemd-tmpfiles-clean 58 BLAKE2B 6a33f92a136218f3a27ea31e5cdd519706b15a3bba368f6f900d1d540f50493905a2cdab35ee3d216c9cb45e821251bfacc4965ad5a2ca7b1e1ae5627f4a3680 SHA512 3084eb1623b56cb09e4c9bd3e314a3e1d6d88f002149bea75b1c506a30b6345c51c7a90a1330baa5eec86ae6b90116f9970d8ff5add91929167df84bef6e82fe AUX systemd-tmpfiles-setup 329 BLAKE2B 7b4d801ec7c29a3d6073c47af8fa1c9fa670b3762c5358d0008ecf372e675e3f65cba3ea453d374c5e23453cfe32252421b69dff23aaeea636c611b960eb7b11 SHA512 cd7f7c69d1b1861cb4eac90d44579361e365ee77906376b6124ff79ba1c0d414b8891ffca19e715585d7400bddc5e9ad973f191125039a4a2c37acb95a111c37 AUX systemd-tmpfiles-setup-dev 342 BLAKE2B 95956e57d4f2aa10a09f23c08045ceed6fac3c569ee604a83707310f074740a41832d2e3fa3b528a3816202132e18be50ce40dbcded9430031ed9a2a172d3187 SHA512 3c5e29fc5bc2829984458149de1186075eec48775983376a8b47da162cbf4892754f19a3b277170f8b759a862bb5d910789da1db2bbf8447d6dacccb411be222 DIST systemd-musl-patches-251.2.tar.gz 28512 BLAKE2B 4ac6a5220dab8409962a3954af2fb2484af718d0f282129957236ce241fbe8538a90d507a96c7c3d86f4f408ab784a6888b37486405d3276e7734a1bd5aa9680 SHA512 6e56b62234ac54929faea5a7cad699d0b932f869b48e3ba4e1f349a88653b7c787efec24a09b00290c3dc566614e3c1dc2f3c04f04e943f513108a91eca1be82 DIST systemd-stable-251.10.tar.gz 11461671 BLAKE2B a351b6dd9fc307e4bdcf0323b16e7f58c714392cfa466180a81196309c289b54767bfe5d03037eb1bd6b273d7eb8f6f42b927aabaa1310be04266675d1a3dd06 SHA512 49e33dbbc1b2ebe123b2f722070c87524b3126d1e605fb3e24a3f9f328ab67de506dc4588a92caf157428c21b9c73c3884726c4a5b1f67bb997d4a68bb871e5b -DIST systemd-stable-251.7.tar.gz 11448429 BLAKE2B 959ac7944d778c8e6d7a3c67ea6adc89e5e7ac1cc3b163e2af2a582211b91316da5ffba37b854978b7b2a5b3f9aae3651701a23e4391da6676e078747df1a37b SHA512 a4c06b2d25c47af58abb1e1dc85737b2fb0eb394f09d2bb7c6b7b716cb4b1383a145885bbc8e5ffcdc26611fd44d362fba2152c4dd0ead6a03a93965b82bb9a4 DIST systemd-stable-251.8.tar.gz 11457551 BLAKE2B d4ca799a5b22164362fa8948bbec95215d6ebc04380f13f755916c4bfd4e1cc43a82177c21d2c56aa9d8440b44872b773f21682fc127c7f6d2b3542661c27d80 SHA512 c337fad3cf2beef11401850ddd6418efef035d4ec6405049084302738042f77ac1f8bfd7eb3611668a13038878389c9617e63278ec0b37782b3e0242e69c4843 -DIST systemd-stable-251.9.tar.gz 11461131 BLAKE2B ba8fa2d70cc992ded3d1aa354e36d9815c6ae87a6f438f8879771e9e5ae9f7d10591956cf8c617ba0c5c13fdc229bc23a7ea173aa9849bfdf6476cc0721d62be SHA512 27df2076445a826911274101286a3555528ebd0894a5c32f2dea71a075b5fcde3931f4d04f5726c5b39d482357939d2fbd2b52ac9a894b6853f48833984f4c17 +EBUILD systemd-utils-251.10-r1.ebuild 12423 BLAKE2B 26170b02154980fc7f13728279b20a658c2aeaf4c2f8547aa2ad3646934ec23eba0b9c86ddce39f02f5e64e7020f107b52dcdac043773bc593a2e14b164f7edf SHA512 0d1ef8059508fefaf676420282b43e777ef15c3a95e8c334f44538c19a6b0f5741ffb739344a4e7814323b3ae3bf7794295c29e827d9efb22961324f2d136e5f EBUILD systemd-utils-251.10.ebuild 11958 BLAKE2B 8d0b1810a80db25f5f8010e1960a5d332f899dacd8d2b3cf194c586188a46e4ddbcae441aefa2cf520bd220cf65c57ccc53859a82f1d931087d0ddde7d844936 SHA512 22f2b1ea22dc193340f64c9908c3341e810c87ce81dc94bb701e3fc9bf2090444d36e1471ff6ed07fae1e8daa11c4d3e5297bc02b95d6c288b9f742e41ae00f7 -EBUILD systemd-utils-251.7.ebuild 12136 BLAKE2B 2f408ed102c3665bfa2f29272dc95a138f7ac34d8f28be72c6fbafea60da14ebb0a2331adb0a1405fe4792582800dfb80c5e296a4894e0a141a17d1503084e04 SHA512 148ab4d8aa2d22fc1e16ce46d09a3f00cc88a3db245fee4fda57634e20cf3bcd4d97167fcef6f2381171ccb0be8de70580c06495ee95df2ff6c746fb08ba1e94 EBUILD systemd-utils-251.8-r1.ebuild 11946 BLAKE2B 9c1d6cd8394a63cfd56bb2f12c9f3db971d023939281cef9af458e3ea98122f82d447699a0ca4b535bd75ebc5b29e461dfa266bd25f05cd10fea06e306db1317 SHA512 ddf219d94c48781c00639abc73ace2177bdff9ec4d32ffa3926fb5d4b4ed23d0a2d2beebadd9eba0e5a9da067eb40e3ec637ebb277b67670a52034e9e9b5449f -EBUILD systemd-utils-251.9.ebuild 11954 BLAKE2B 81aa07ef9fadf86b368d447f4f71e03f9aa481e9b5a8ef11458a39ad558338742b7350c6eacbe4521b02352192dd351ba7b44cd6192939cb834439fce59143eb SHA512 7e9f86f068521089966b7b91f11e2028cd107d0349b7f579839bd6be7abe920f7cbb00ef55bd97a67d5c7b676e5cbc39200fdd860ec34d654b33e75ca8f6c404 MISC metadata.xml 713 BLAKE2B 1dcb5d9949600c9a8c8ac0c005ffa03b2ca91293a932fa96092a24c094e9fb29f2cf063af041432c12daec4aa4e60d11ea77ed0a423e188095f995c68e75b91a SHA512 46d167a6d898abfc56130e373d232c18fb3ef8865755379fa7678c049515458e7354b7a8cab3bf3faa7326932cccceb0b0745b4695ab9bea492bc2344abf9da4 diff --git a/sys-apps/systemd-utils/files/251-meson-0.64.patch b/sys-apps/systemd-utils/files/251-meson-0.64.patch deleted file mode 100644 index 6cc200bbd87d..000000000000 --- a/sys-apps/systemd-utils/files/251-meson-0.64.patch +++ /dev/null @@ -1,26 +0,0 @@ -From cddbc850270415a818aadabd71fe12dc0dddd508 Mon Sep 17 00:00:00 2001 -From: Jan Janssen <medhefgo@web.de> -Date: Sun, 9 Oct 2022 17:16:12 +0200 -Subject: [PATCH] meson: Fix build with --optimization=plain - -Note that -O0 is deliberately filtered out as we have to compile with at -least -O1 due to #24202. - -Fixes: #24323 ---- - src/boot/efi/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build -index e0cd4ebad993..395386d3eda7 100644 ---- a/src/boot/efi/meson.build -+++ b/src/boot/efi/meson.build -@@ -223,7 +223,7 @@ endif - if get_option('debug') and get_option('mode') == 'developer' - efi_cflags += ['-ggdb', '-DEFI_DEBUG'] - endif --if get_option('optimization') != '0' -+if get_option('optimization') in ['1', '2', '3', 's', 'g'] - efi_cflags += ['-O' + get_option('optimization')] - endif - if get_option('b_ndebug') == 'true' or ( diff --git a/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch b/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch new file mode 100644 index 000000000000..df190d500e34 --- /dev/null +++ b/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch @@ -0,0 +1,71 @@ +https://github.com/systemd/systemd/pull/25957 +https://github.com/systemd/systemd/pull/25959 +https://github.com/systemd/systemd/commit/9f804ab04d566ff745849e1c4ced680a0447cf76 +https://github.com/systemd/systemd/commit/34680637e838415204850f77c93ca6ca219abaf1 + +From 9f804ab04d566ff745849e1c4ced680a0447cf76 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 10:58:32 +0000 +Subject: [PATCH] tmpfiles: avoid null free() for acl attributes + +When built with ACL support, we might be processing a tmpfiles +entry where there's no cause for us to call parse_acls_from_arg, +then we get to the end of parse_line without having ever populated +i.{acl_access, acl_default}. + +Then we pass a null pointer into acl_free(). + +From UBSAN w/ GCC 13.0.0_pre20230101: +``` +$ systemd-tmpfiles --clean +/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer + #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 + #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 + #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 + #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 + #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 + #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 + #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 + #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) + #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) + #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) +``` +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2852,8 +2852,11 @@ static void item_free_contents(Item *i) { + strv_free(i->xattrs); + + #if HAVE_ACL +- acl_free(i->acl_access); +- acl_free(i->acl_default); ++ if (i->acl_access) ++ acl_free(i->acl_access); ++ ++ if (i->acl_default) ++ acl_free(i->acl_default); + #endif + } + + +From 34680637e838415204850f77c93ca6ca219abaf1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 6 Jan 2023 12:30:36 +0100 +Subject: [PATCH] nspawn: guard acl_free() with a NULL check + +Inspired by #25957 there's one other place where we don't guard +acl_free() calls with a NULL check. + +Fix that. +--- a/src/nspawn/nspawn-patch-uid.c ++++ b/src/nspawn/nspawn-patch-uid.c +@@ -181,7 +181,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi + + if (S_ISDIR(st->st_mode)) { + acl_free(acl); +- acl_free(shifted); ++ ++ if (shifted) ++ acl_free(shifted); + + acl = shifted = NULL; + diff --git a/sys-apps/systemd-utils/systemd-utils-251.9.ebuild b/sys-apps/systemd-utils/systemd-utils-251.10-r1.ebuild index e3565a14d72b..4eddaff04164 100644 --- a/sys-apps/systemd-utils/systemd-utils-251.9.ebuild +++ b/sys-apps/systemd-utils/systemd-utils-251.10-r1.ebuild @@ -1,9 +1,18 @@ -# Copyright 2022 Gentoo Authors +# Copyright 2022-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 PYTHON_COMPAT=( python3_{8..11} ) +if [[ ${PV} != 25[12].* ]] ; then + # The F_S=3 issues should be fixed in 253. + # - https://github.com/systemd/systemd/issues/22801 + # - https://github.com/systemd/systemd/pull/25967 + # - https://github.com/systemd/systemd/commit/7929e180aa47a2692ad4f053afac2857d7198758 + # - https://github.com/systemd/systemd/commit/4f79f545b3c46c358666c9f5f2b384fe50aac4b4 + die "Please remove the FORTIFY_SOURCE hacks in src_configure." +fi + QA_PKGCONFIG_VERSION=$(ver_cut 1) inherit bash-completion-r1 flag-o-matic meson-multilib python-any-r1 toolchain-funcs udev usr-ldscript @@ -106,6 +115,7 @@ QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" src_prepare() { local PATCHES=( "${FILESDIR}/251-gpt-auto-no-cryptsetup.patch" + "${FILESDIR}/251-tmpfiles-ub.patch" ) if use elibc_musl; then diff --git a/sys-apps/systemd-utils/systemd-utils-251.7.ebuild b/sys-apps/systemd-utils/systemd-utils-251.7.ebuild deleted file mode 100644 index 71637af6ed33..000000000000 --- a/sys-apps/systemd-utils/systemd-utils-251.7.ebuild +++ /dev/null @@ -1,527 +0,0 @@ -# Copyright 2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -PYTHON_COMPAT=( python3_{8..11} ) - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -inherit bash-completion-r1 flag-o-matic meson-multilib python-any-r1 toolchain-funcs udev usr-ldscript - -DESCRIPTION="Utilities split out from systemd for OpenRC users" -HOMEPAGE="https://systemd.io/" - -if [[ ${PV} == *.* ]]; then - MY_P="systemd-stable-${PV}" - S="${WORKDIR}/${MY_P}" - SRC_URI="https://github.com/systemd/systemd-stable/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" -else - MY_P="systemd-${PV}" - S="${WORKDIR}/${MY_P}" - SRC_URI="https://github.com/systemd/systemd/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" -fi - -MUSL_PATCHSET="systemd-musl-patches-251.2" -SRC_URI+=" elibc_musl? ( https://dev.gentoo.org/~floppym/dist/${MUSL_PATCHSET}.tar.gz )" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+acl boot +kmod selinux split-usr sysusers +tmpfiles test +udev" -REQUIRED_USE="|| ( boot tmpfiles sysusers udev )" -RESTRICT="!test? ( test )" - -COMMON_DEPEND=" - elibc_musl? ( >=sys-libs/musl-1.2.3 ) - selinux? ( sys-libs/libselinux:0= ) - tmpfiles? ( - acl? ( sys-apps/acl:0= ) - ) - udev? ( - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - kmod? ( >=sys-apps/kmod-15:0= ) - ) - !udev? ( - >=sys-apps/util-linux-2.30:0= - sys-libs/libcap:0= - virtual/libcrypt:= - ) -" -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-3.11 - boot? ( >=sys-boot/gnu-efi-3.0.2 ) -" -RDEPEND="${COMMON_DEPEND} - boot? ( !<sys-boot/systemd-boot-250 ) - tmpfiles? ( !<sys-apps/systemd-tmpfiles-250 ) - udev? ( - acct-group/audio - acct-group/cdrom - acct-group/dialout - acct-group/disk - acct-group/input - acct-group/kmem - acct-group/kvm - acct-group/lp - acct-group/render - acct-group/sgx - acct-group/tape - acct-group/tty - acct-group/video - !sys-apps/gentoo-systemd-integration - !sys-apps/hwids[udev] - !<sys-fs/udev-250 - !sys-fs/eudev - ) - !sys-apps/systemd -" -PDEPEND=" - udev? ( >=sys-fs/udev-init-scripts-34 ) -" -BDEPEND=" - $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt - dev-util/gperf - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig -" - -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -python_check_deps() { - python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" -} - -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" - -src_prepare() { - local PATCHES=( - # Breaks Clang. Revert the commit for now and force off F_S=3. - "${FILESDIR}/251-revert-fortify-source-3-fix.patch" - "${FILESDIR}/251-gpt-auto-no-cryptsetup.patch" - "${FILESDIR}/251-meson-0.64.patch" - ) - - if use elibc_musl; then - PATCHES+=( "${WORKDIR}/${MUSL_PATCHSET}" ) - # Applied upstream in 251.3 - rm "${WORKDIR}/${MUSL_PATCHSET}/0001-Add-sys-file.h-for-LOCK_.patch" || die - fi - default - - # Remove install_rpath; we link statically - local rpath_pattern="install_rpath : rootlibexecdir," - grep -q -e "${rpath_pattern}" meson.build || die - sed -i -e "/${rpath_pattern}/d" meson.build || die -} - -src_configure() { - # Broken with FORTIFY_SOURCE=3 without a patch. And the patch - # wasn't backported to 250.x, but it turns out to break Clang - # anyway: bug #841770. - # - # Our toolchain sets F_S=2 by default w/ >= -O2, so we need - # to unset F_S first, then explicitly set 2, to negate any default - # and anything set by the user if they're choosing 3 (or if they've - # modified GCC to set 3). - # - if is-flagq '-O[23]' || is-flagq '-Ofast' ; then - # We can't unconditionally do this b/c we fortify needs - # some level of optimisation. - filter-flags -D_FORTIFY_SOURCE=3 - append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 - fi - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local emesonargs=( - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - -Dsysvinit-path= - $(meson_native_use_bool boot efi) - $(meson_native_use_bool boot gnu-efi) - $(meson_native_use_bool boot kernel-install) - $(meson_native_use_bool selinux) - $(meson_native_use_bool sysusers) - $(meson_use test tests) - $(meson_native_use_bool tmpfiles) - $(meson_use udev hwdb) - - -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - - # Link staticly with libsystemd-shared - -Dlink-boot-shared=false - -Dlink-udev-shared=false - - # systemd-tmpfiles has a separate "systemd-tmpfiles.standalone" target - -Dstandalone-binaries=true - - # Disable all optional features - -Dadm-group=false - -Danalyze=false - -Dapparmor=false - -Daudit=false - -Dbacklight=false - -Dbinfmt=false - -Dbpf-framework=false - -Dbzip2=false - -Dcoredump=false - -Ddbus=false - -Delfutils=false - -Denvironment-d=false - -Dfdisk=false - -Dgcrypt=false - -Dglib=false - -Dgshadow=false - -Dgnutls=false - -Dhibernate=false - -Dhostnamed=false - -Didn=false - -Dima=false - -Dinitrd=false - -Dfirstboot=false - -Dldconfig=false - -Dlibcryptsetup=false - -Dlibcurl=false - -Dlibfido2=false - -Dlibidn=false - -Dlibidn2=false - -Dlibiptc=false - -Dlocaled=false - -Dlogind=false - -Dlz4=false - -Dmachined=false - -Dmicrohttpd=false - -Dnetworkd=false - -Dnscd=false - -Dnss-myhostname=false - -Dnss-resolve=false - -Dnss-systemd=false - -Doomd=false - -Dopenssl=false - -Dp11kit=false - -Dpam=false - -Dpcre2=false - -Dpolkit=false - -Dportabled=false - -Dpstore=false - -Dpwquality=false - -Drandomseed=false - -Dresolve=false - -Drfkill=false - -Dseccomp=false - -Dsmack=false - -Dsysext=false - -Dtimedated=false - -Dtimesyncd=false - -Dtpm=false - -Dqrencode=false - -Dquotacheck=false - -Duserdb=false - -Dutmp=false - -Dvconsole=false - -Dwheel-group=false - -Dxdg-autostart=false - -Dxkbcommon=false - -Dxz=false - -Dzlib=false - -Dzstd=false - ) - - if use tmpfiles || use udev; then - emesonargs+=( $(meson_native_use_bool acl) ) - else - emesonargs+=( -Dacl=false ) - fi - - if use udev; then - emesonargs+=( $(meson_native_use_bool kmod) ) - else - emesonargs+=( -Dkmod=false ) - fi - - if use elibc_musl; then - # Avoid redefinition of struct ethhdr. - append-cppflags -D__UAPI_DEF_ETHHDR=0 - fi - - if multilib_is_native_abi || use udev; then - meson_src_configure - fi -} - -efi_arch() { - case "$(tc-arch)" in - amd64) echo x64 ;; - arm) echo arm ;; - arm64) echo aa64 ;; - x86) echo x86 ;; - esac -} - -multilib_src_compile() { - local targets=() - if multilib_is_native_abi; then - if use boot; then - targets+=( - bootctl - kernel-install - man/bootctl.1 - man/kernel-install.8 - src/boot/efi/linux$(efi_arch).{efi,elf}.stub - src/boot/efi/systemd-boot$(efi_arch).efi - ) - fi - if use sysusers; then - targets+=( - systemd-sysusers.standalone - man/sysusers.d.5 - man/systemd-sysusers.8 - ) - if use test; then - targets+=( - systemd-runtest.env - ) - fi - fi - if use tmpfiles; then - targets+=( - systemd-tmpfiles.standalone - man/tmpfiles.d.5 - man/systemd-tmpfiles.8 - ) - if use test; then - targets+=( test-tmpfiles ) - fi - fi - if use udev; then - targets+=( - udevadm - systemd-hwdb - src/udev/ata_id - src/udev/cdrom_id - src/udev/fido_id - src/udev/mtd_probe - src/udev/scsi_id - src/udev/udev.pc - src/udev/v4l_id - man/udev.conf.5 - man/systemd.link.5 - man/hwdb.7 - man/udev.7 - man/systemd-hwdb.8 - man/systemd-udevd.service.8 - man/udevadm.8 - hwdb.d/60-autosuspend-chromiumos.hwdb - rules.d/50-udev-default.rules - rules.d/64-btrfs.rules - ) - if use test; then - targets+=( - # Used by udev-test.pl - systemd-detect-virt - test/sys - test-udev - - test-fido-id-desc - test-udev-builtin - test-udev-event - test-udev-netlink - test-udev-node - test-udev-util - ) - fi - fi - fi - if use udev; then - targets+=( - udev:shared_library - src/libudev/libudev.pc - ) - if use test; then - targets+=( - test-libudev - test-libudev-sym - test-udev-device-thread - ) - fi - fi - if multilib_is_native_abi || use udev; then - meson_src_compile "${targets[@]}" - fi -} - -multilib_src_test() { - local tests=() - if multilib_is_native_abi; then - if use sysusers; then - tests+=( - test-sysusers.standalone - ) - fi - if use tmpfiles; then - tests+=( - test-systemd-tmpfiles.standalone - test-tmpfiles - ) - fi - if use udev; then - tests+=( - rule-syntax-check - test-fido-id-desc - test-udev-builtin - test-udev-event - test-udev-netlink - test-udev-node - test-udev-util - ) - if [[ -w /dev ]]; then - tests+=( udev-test ) - else - ewarn "Skipping udev-test (needs write access to /dev)" - fi - fi - fi - if use udev; then - tests+=( - test-libudev - test-libudev-sym - test-udev-device-thread - ) - fi - if [[ ${#tests[@]} -ne 0 ]]; then - meson_src_test "${tests[@]}" - fi -} - -src_install() { - local rootprefix="$(usex split-usr '' /usr)" - meson-multilib_src_install -} - -multilib_src_install() { - if multilib_is_native_abi; then - if use boot; then - into /usr - dobin bootctl kernel-install - doman man/{bootctl.1,kernel-install.8} - insinto usr/lib/systemd/boot/efi - doins src/boot/efi/{linux$(efi_arch).{efi,elf}.stub,systemd-boot$(efi_arch).efi} - fi - if use sysusers; then - into "${rootprefix:-/}" - newbin systemd-sysusers{.standalone,} - doman man/{systemd-sysusers.8,sysusers.d.5} - fi - if use tmpfiles; then - into "${rootprefix:-/}" - newbin systemd-tmpfiles{.standalone,} - doman man/{systemd-tmpfiles.8,tmpfiles.d.5} - fi - if use udev; then - into "${rootprefix:-/}" - dobin udevadm systemd-hwdb - dosym ../../bin/udevadm "${rootprefix}"/lib/systemd/systemd-udevd - - exeinto "${rootprefix}"/lib/udev - doexe src/udev/{ata_id,cdrom_id,fido_id,mtd_probe,scsi_id,v4l_id} - - insinto "${rootprefix}"/lib/udev/rules.d - doins rules.d/*.rules - - insinto "${rootprefix}"/lib/udev/hwdb.d - doins hwdb.d/*.hwdb - - insinto /usr/share/pkgconfig - doins src/udev/udev.pc - - doman man/{udev.conf.5,systemd.link.5,hwdb.7,systemd-hwdb.8,udev.7,udevadm.8} - newman man/systemd-udevd.service.8 systemd-udevd.8 - fi - fi - if use udev; then - meson_install --no-rebuild --tags libudev - gen_usr_ldscript -a udev - insinto "/usr/$(get_libdir)/pkgconfig" - doins src/libudev/libudev.pc - fi -} - -multilib_src_install_all() { - einstalldocs - if use boot; then - into /usr - exeinto usr/lib/kernel/install.d - doexe src/kernel-install/*.install - dobashcomp shell-completion/bash/bootctl - insinto /usr/share/zsh/site-functions - doins shell-completion/zsh/{_bootctl,_kernel-install} - fi - if use tmpfiles; then - doinitd "${FILESDIR}"/systemd-tmpfiles-setup - doinitd "${FILESDIR}"/systemd-tmpfiles-setup-dev - insinto /usr/share/zsh/site-functions - doins shell-completion/zsh/_systemd-tmpfiles - fi - if use udev; then - doheader src/libudev/libudev.h - - insinto /etc/udev - doins src/udev/udev.conf - keepdir /etc/udev/{hwdb.d,rules.d} - - insinto "${rootprefix}"/lib/systemd/network - doins network/99-default.link - - # Remove to avoid conflict with elogind - # https://bugs.gentoo.org/856433 - rm rules.d/70-power-switch.rules || die - insinto "${rootprefix}"/lib/udev/rules.d - doins rules.d/*.rules - doins "${FILESDIR}"/40-gentoo.rules - - insinto "${rootprefix}"/lib/udev/hwdb.d - doins hwdb.d/*.hwdb - - dobashcomp shell-completion/bash/udevadm - - insinto /usr/share/zsh/site-functions - doins shell-completion/zsh/_udevadm - fi -} - -add_service() { - local initd=$1 - local runlevel=$2 - - ebegin "Adding '${initd}' service to the '${runlevel}' runlevel" - mkdir -p "${EROOT}/etc/runlevels/${runlevel}" && - ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}" - eend $? -} - -pkg_postinst() { - if [[ -z ${REPLACING_VERSIONS} ]]; then - add_service systemd-tmpfiles-setup-dev sysinit - add_service systemd-tmpfiles-setup boot - fi - if use udev; then - ebegin "Updating hwdb" - systemd-hwdb --root="${ROOT}" update - eend $? - udev_reload - fi -} diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index 37d0ad427ccf..1dff251a0c90 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -1,4 +1,5 @@ AUX 251-gpt-auto-no-cryptsetup.patch 958 BLAKE2B 7067224e613433fcb139c38597552e080e07d33b207965a9c9a2b3d4e353c43dae38e6800d6ce28cadcba5f914b1b49e80fa48929df2c4bb96248bfeb6bf6aa5 SHA512 6a78bbdde3aae9a2ad4c4f824eb5281ca9ab24770516ad7c9a9e3daf7f39475bf9b4dd868c857a9833dd408db801393f949b8fae1700b2ad04ea822dc84e3429 +AUX 252-tmpfiles-ub.patch 2892 BLAKE2B 0c65c90c0a631a48b7f3b8194350fb90e6915e0e7f32b0de87cfb83ca170f68576017efbe8a531fdeb01485ac6840a4c75628d1a384e750fc5094dff68dddcab SHA512 5c4fac1933a0b8443b80cff7069f21904773d486f30be24337f2b68234c708568ccd0f1ab216968ce71f760e4e27f85912971cdb9dd3ee724d7e6a2d8bc917d7 AUX gentoo-generator-path-r2.patch 994 BLAKE2B 2bfb42623221291030fa9f7310e9bf747351a26f6ffd842628298787b74d4ec562bacaa9fc5365f7e854f695dab5f74bc06883fefc1f210dce4fd415926817ac SHA512 98054222ea232e120625573b6a532c312eccc02fe657152610b7d056b964bb2165fffae9d17fd986cf547af885d44c26b117fe68df5b24e2607d37f3729d0ada AUX gentoo-journald-audit.patch 1485 BLAKE2B 9cba28ce907330bbc1eafcf04a837987ed68272fcfa9cc34a309ff5d4cc2230f71a6f7fed42c79afb1c96605df141e8e40b2d8290d12ad3c18038269814f2df8 SHA512 d77d4dae9f8a7819c6d4855476f3163ee19f52b20f66a93e25818f0747404462c47e3cafbd82ba85ce1b3d2fdbabdd96a0398b71149b318c540d82403f8ad0ad AUX gentoo-systemctl-disable-sysv-sync-r1.patch 821 BLAKE2B f5ef796725e023bb1ed83b34a3e4d45bb008de9a134892a5321b37b56809c7a44530d18e33c7877177e8b64b2d89dfc2de844bed433db6d5e57831d20fbfb456 SHA512 8d697dbd305f6b95a4ddc47cf9d99a0e954f54e161bd59164917b62a78ff5c23fa2d5be2614569c0a2297595dae59e1ee71bb04da72cbe0c0807e1abd7da974d @@ -6,13 +7,10 @@ AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f1 AUX systemd-user.pam 122 BLAKE2B cccc07cab47dfc0481438e503c34fa1a0b2c6b1f8ab282197719a523421d2a526f19230bb459e0347cbeb2046e35a407c78178a3fb5b79619e987cbc4ac7d5e4 SHA512 c5437677ff00fbb45798fe594e8d61b1c2bfc2d103105d7bd82e476240452477ac263700800f5d0ba91ddc895eb85f4517d5cb15c80611ec1680a686d47cd781 DIST systemd-stable-251.10.tar.gz 11461671 BLAKE2B a351b6dd9fc307e4bdcf0323b16e7f58c714392cfa466180a81196309c289b54767bfe5d03037eb1bd6b273d7eb8f6f42b927aabaa1310be04266675d1a3dd06 SHA512 49e33dbbc1b2ebe123b2f722070c87524b3126d1e605fb3e24a3f9f328ab67de506dc4588a92caf157428c21b9c73c3884726c4a5b1f67bb997d4a68bb871e5b DIST systemd-stable-251.8.tar.gz 11457551 BLAKE2B d4ca799a5b22164362fa8948bbec95215d6ebc04380f13f755916c4bfd4e1cc43a82177c21d2c56aa9d8440b44872b773f21682fc127c7f6d2b3542661c27d80 SHA512 c337fad3cf2beef11401850ddd6418efef035d4ec6405049084302738042f77ac1f8bfd7eb3611668a13038878389c9617e63278ec0b37782b3e0242e69c4843 -DIST systemd-stable-251.9.tar.gz 11461131 BLAKE2B ba8fa2d70cc992ded3d1aa354e36d9815c6ae87a6f438f8879771e9e5ae9f7d10591956cf8c617ba0c5c13fdc229bc23a7ea173aa9849bfdf6476cc0721d62be SHA512 27df2076445a826911274101286a3555528ebd0894a5c32f2dea71a075b5fcde3931f4d04f5726c5b39d482357939d2fbd2b52ac9a894b6853f48833984f4c17 -DIST systemd-stable-252.3.tar.gz 11750469 BLAKE2B 855ca884d8e843605f8b467e8453ccdadf0c17e45f4511f2ba25decd5a46429ca5d765346bd5a2ec345cb62d425c8961306cc91f179566f2ff64d043ada3fdfb SHA512 fd7594f0cb232996fda33f14a09565b4c315db8969579512f39a3f96734fc0841a1c6a83c3668103b70d108f73ffc11e7465bf5867d1ff313d0e428d4a6e2134 DIST systemd-stable-252.4.tar.gz 11753300 BLAKE2B 8819ca6d3a64c110e5a245ae0369dc431079556e200d13d8edfc64fc35b2b04f1cdc215b81d9bf126245f315be3662ebd2c094167f88d2465f0dce25aa1fd196 SHA512 d4e99a67c59091dae78f654433a6c5e114ae66256b72d9d43292c43a986ee6a58e2d06f12866cbd7ec821b61580ec003af1725f60fd4b038b4a981b3ca839ee2 EBUILD systemd-251.10.ebuild 15120 BLAKE2B a404f680f9b7eff301418a907f68a7f22d0034577bbf05b809253fa61a442ada0fcd448d5ecb94c2da55a7e9d7b18d85919786ef04536ebc028cd9e0eb6b641a SHA512 c68a4dbaa013ff91196115cbb668e9cd4079ed029ee002511f7da04154ea930a56aa7bc280f144b4b601e9f9dd75588b5c9c63cd76d6a875e7ba5debd99aefb6 EBUILD systemd-251.8.ebuild 15112 BLAKE2B 635842b3738399e3396f468f264464b3429b0893c5e20d56738c616423b6c5d3e958738a6b6ae27c99753983e06f6e13156cb80b7152ba3756760bd4aa4c5bc2 SHA512 41608cc213cc0f2ffb781274c45750389c2f034ce1c83f714b157904d4630638bd804ab302abe9266e48d5145b4895c8c385f6ec706ed0b23a1c3136ec2bb9c5 -EBUILD systemd-251.9.ebuild 15120 BLAKE2B a404f680f9b7eff301418a907f68a7f22d0034577bbf05b809253fa61a442ada0fcd448d5ecb94c2da55a7e9d7b18d85919786ef04536ebc028cd9e0eb6b641a SHA512 c68a4dbaa013ff91196115cbb668e9cd4079ed029ee002511f7da04154ea930a56aa7bc280f144b4b601e9f9dd75588b5c9c63cd76d6a875e7ba5debd99aefb6 -EBUILD systemd-252.3.ebuild 15071 BLAKE2B 44c5a6bc034d0ae2c155ebdf2bf0b9d9ebe8f18d9d622a4e674a0b5c0c6151a2652d81b5edc17c00910f1e74dbf598f8691854f617c314311d01f90d46644abb SHA512 a072edd9753935be12099565db628e79fde0ed6a33830ce4e31e4ba7e827f824368e1dc50a90895e9a6d436fa72910a54f3b8787c3bee2d7e8a42092f7132bac +EBUILD systemd-252.4-r1.ebuild 15532 BLAKE2B 95c5122732ffb567a5654c3d68b7496b47c4fd3e89783f48ea33b9066716f76bdadd66f2013d5c50034de2bafc4950d6d85fda200c94d69fb8fd2a143d3df54e SHA512 3be67bee749405cf24de4554b9829cfe7a8960da090201821d885b8f8e9ffef24ed2987bcba1e0d56c572eca5f88bee57bb9fbb7682a98ad42d3610e7b1bbcde EBUILD systemd-252.4.ebuild 15070 BLAKE2B ebb45f827727fbc92cb384ce54e769cb75dd1ef3a35cb19b8a130d92663e7ec78eb33ea81d08f25ba0089feb46e9e5b748dc8bee353e7e0b251e9eff50c090d4 SHA512 b7bb0d28ef1c5a61474c866c50b532a0f36bc7e43f1269039cb3d52afdfbd21be30371521350d90e520362c3de1099add551a6dcc22462b77c113aff0fb7e2e1 -EBUILD systemd-9999.ebuild 15071 BLAKE2B 44c5a6bc034d0ae2c155ebdf2bf0b9d9ebe8f18d9d622a4e674a0b5c0c6151a2652d81b5edc17c00910f1e74dbf598f8691854f617c314311d01f90d46644abb SHA512 a072edd9753935be12099565db628e79fde0ed6a33830ce4e31e4ba7e827f824368e1dc50a90895e9a6d436fa72910a54f3b8787c3bee2d7e8a42092f7132bac +EBUILD systemd-9999.ebuild 14545 BLAKE2B 8d5c7e0453c9ce3835c3aabaa6cdf5baeee7dab3436fac1a6f7a6fb29735bc99b2a0f2fdbd72e0e15dd77ca5e64400aef90e991624ebc495496a5eade16c322d SHA512 40f720382d91759b11c7a9301fe78c38f57ef284dd582bb5530b9bca77dacd18fd1079b716675b1dd396b5c7e56ecb1af4b10abf8b6c86446c8813571120c4d7 MISC metadata.xml 2545 BLAKE2B fc424b7f9e471860cba69b6f11ea2094c70f125cd55c42ea77e4549a399680c4444119c79424c266828a284b0214001421f760477b1341844dddd2d474d70c33 SHA512 f0b8c4614e3c88d123916bb3399d6025ab30ff839849b136a29e1960bf0c50699b3f09b5307f40b77cc8c5566c20b11de2364a08311adceb15507df3e4bb0565 diff --git a/sys-apps/systemd/files/252-tmpfiles-ub.patch b/sys-apps/systemd/files/252-tmpfiles-ub.patch new file mode 100644 index 000000000000..df190d500e34 --- /dev/null +++ b/sys-apps/systemd/files/252-tmpfiles-ub.patch @@ -0,0 +1,71 @@ +https://github.com/systemd/systemd/pull/25957 +https://github.com/systemd/systemd/pull/25959 +https://github.com/systemd/systemd/commit/9f804ab04d566ff745849e1c4ced680a0447cf76 +https://github.com/systemd/systemd/commit/34680637e838415204850f77c93ca6ca219abaf1 + +From 9f804ab04d566ff745849e1c4ced680a0447cf76 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 6 Jan 2023 10:58:32 +0000 +Subject: [PATCH] tmpfiles: avoid null free() for acl attributes + +When built with ACL support, we might be processing a tmpfiles +entry where there's no cause for us to call parse_acls_from_arg, +then we get to the end of parse_line without having ever populated +i.{acl_access, acl_default}. + +Then we pass a null pointer into acl_free(). + +From UBSAN w/ GCC 13.0.0_pre20230101: +``` +$ systemd-tmpfiles --clean +/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer + #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 + #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 + #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 + #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 + #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 + #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 + #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 + #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) + #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) + #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) +``` +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2852,8 +2852,11 @@ static void item_free_contents(Item *i) { + strv_free(i->xattrs); + + #if HAVE_ACL +- acl_free(i->acl_access); +- acl_free(i->acl_default); ++ if (i->acl_access) ++ acl_free(i->acl_access); ++ ++ if (i->acl_default) ++ acl_free(i->acl_default); + #endif + } + + +From 34680637e838415204850f77c93ca6ca219abaf1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 6 Jan 2023 12:30:36 +0100 +Subject: [PATCH] nspawn: guard acl_free() with a NULL check + +Inspired by #25957 there's one other place where we don't guard +acl_free() calls with a NULL check. + +Fix that. +--- a/src/nspawn/nspawn-patch-uid.c ++++ b/src/nspawn/nspawn-patch-uid.c +@@ -181,7 +181,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi + + if (S_ISDIR(st->st_mode)) { + acl_free(acl); +- acl_free(shifted); ++ ++ if (shifted) ++ acl_free(shifted); + + acl = shifted = NULL; + diff --git a/sys-apps/systemd/systemd-251.9.ebuild b/sys-apps/systemd/systemd-251.9.ebuild deleted file mode 100644 index f529ba8b84df..000000000000 --- a/sys-apps/systemd/systemd-251.9.ebuild +++ /dev/null @@ -1,521 +0,0 @@ -# Copyright 2011-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -PYTHON_COMPAT=( python3_{8..11} ) - -# Avoid QA warnings -TMPFILES_OPTIONAL=1 -UDEV_OPTIONAL=1 - -QA_PKGCONFIG_VERSION=$(ver_cut 1) - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://github.com/systemd/systemd.git" - inherit git-r3 -else - if [[ ${PV} == *.* ]]; then - MY_PN=systemd-stable - else - MY_PN=systemd - fi - MY_PV=${PV/_/-} - MY_P=${MY_PN}-${MY_PV} - S=${WORKDIR}/${MY_P} - SRC_URI="https://github.com/systemd/${MY_PN}/archive/v${MY_PV}/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -fi - -inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam -inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript - -DESCRIPTION="System and service manager for Linux" -HOMEPAGE="http://systemd.io/" - -LICENSE="GPL-2 LGPL-2.1 MIT public-domain" -SLOT="0/2" -IUSE=" - acl apparmor audit cgroup-hybrid cryptsetup curl +dns-over-tls elfutils - fido2 +gcrypt gnuefi gnutls homed http idn importd iptables +kmod - +lz4 lzma +openssl pam pcre pkcs11 policykit pwquality qrcode - +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd -" -REQUIRED_USE=" - dns-over-tls? ( || ( gnutls openssl ) ) - homed? ( cryptsetup pam openssl ) - importd? ( curl lzma || ( gcrypt openssl ) ) - pwquality? ( homed ) -" -RESTRICT="!test? ( test )" - -MINKV="4.15" - -COMMON_DEPEND=" - >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] - sys-libs/libcap:0=[${MULTILIB_USEDEP}] - virtual/libcrypt:=[${MULTILIB_USEDEP}] - acl? ( sys-apps/acl:0= ) - apparmor? ( sys-libs/libapparmor:0= ) - audit? ( >=sys-process/audit-2:0= ) - cryptsetup? ( >=sys-fs/cryptsetup-2.0.1:0= ) - curl? ( net-misc/curl:0= ) - elfutils? ( >=dev-libs/elfutils-0.158:0= ) - fido2? ( dev-libs/libfido2:0= ) - gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) - gnutls? ( >=net-libs/gnutls-3.6.0:0= ) - http? ( >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] ) - idn? ( net-dns/libidn2:= ) - importd? ( - app-arch/bzip2:0= - sys-libs/zlib:0= - ) - kmod? ( >=sys-apps/kmod-15:0= ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) - iptables? ( net-firewall/iptables:0= ) - openssl? ( >=dev-libs/openssl-1.1.0:0= ) - pam? ( sys-libs/pam:=[${MULTILIB_USEDEP}] ) - pkcs11? ( app-crypt/p11-kit:0= ) - pcre? ( dev-libs/libpcre2 ) - pwquality? ( dev-libs/libpwquality:0= ) - qrcode? ( media-gfx/qrencode:0= ) - seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) - selinux? ( sys-libs/libselinux:0= ) - tpm? ( app-crypt/tpm2-tss:0= ) - xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= ) - zstd? ( >=app-arch/zstd-1.4.0:0=[${MULTILIB_USEDEP}] ) -" - -# Newer linux-headers needed by ia64, bug #480218 -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-${MINKV} - gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) -" - -# baselayout-2.2 has /run -RDEPEND="${COMMON_DEPEND} - >=acct-group/adm-0-r1 - >=acct-group/wheel-0-r1 - >=acct-group/kmem-0-r1 - >=acct-group/tty-0-r1 - >=acct-group/utmp-0-r1 - >=acct-group/audio-0-r1 - >=acct-group/cdrom-0-r1 - >=acct-group/dialout-0-r1 - >=acct-group/disk-0-r1 - >=acct-group/input-0-r1 - >=acct-group/kvm-0-r1 - >=acct-group/lp-0-r1 - >=acct-group/render-0-r1 - acct-group/sgx - >=acct-group/tape-0-r1 - acct-group/users - >=acct-group/video-0-r1 - >=acct-group/systemd-journal-0-r1 - >=acct-user/root-0-r1 - acct-user/nobody - >=acct-user/systemd-journal-remote-0-r1 - >=acct-user/systemd-coredump-0-r1 - >=acct-user/systemd-network-0-r1 - acct-user/systemd-oom - >=acct-user/systemd-resolve-0-r1 - >=acct-user/systemd-timesync-0-r1 - >=sys-apps/baselayout-2.2 - selinux? ( - sec-policy/selinux-base-policy[systemd] - sec-policy/selinux-ntp - ) - sysv-utils? ( - !sys-apps/openrc[sysv-utils(-)] - !sys-apps/sysvinit - ) - !sysv-utils? ( sys-apps/sysvinit ) - resolvconf? ( !net-dns/openresolv ) - !sys-apps/hwids[udev] - !sys-auth/nss-myhostname - !sys-fs/eudev - !sys-fs/udev -" - -# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) -PDEPEND=">=sys-apps/dbus-1.9.8[systemd] - >=sys-fs/udev-init-scripts-34 - policykit? ( sys-auth/polkit ) - !vanilla? ( sys-apps/gentoo-systemd-integration )" - -BDEPEND=" - app-arch/xz-utils:0 - dev-util/gperf - >=dev-util/meson-0.46 - >=sys-apps/coreutils-8.16 - sys-devel/gettext - virtual/pkgconfig - test? ( - app-text/tree - dev-lang/perl - sys-apps/dbus - ) - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') - $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') -" - -python_check_deps() { - python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" && - python_has_version "dev-python/lxml[${PYTHON_USEDEP}]" -} - -QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" -QA_EXECSTACK="usr/lib/systemd/boot/efi/*" - -pkg_pretend() { - if [[ ${MERGE_TYPE} != buildonly ]]; then - if use test && has pid-sandbox ${FEATURES}; then - ewarn "Tests are known to fail with PID sandboxing enabled." - ewarn "See https://bugs.gentoo.org/674458." - fi - - local CONFIG_CHECK=" ~BINFMT_MISC ~BLK_DEV_BSG ~CGROUPS - ~CGROUP_BPF ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE - ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS - ~TIMERFD ~TMPFS_XATTR ~UNIX ~USER_NS - ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH - ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED - ~!SYSFS_DEPRECATED_V2" - - use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" - use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" - - if kernel_is -ge 5 10 20; then - CONFIG_CHECK+=" ~KCMP" - else - CONFIG_CHECK+=" ~CHECKPOINT_RESTORE" - fi - - if kernel_is -ge 4 18; then - CONFIG_CHECK+=" ~AUTOFS_FS" - else - CONFIG_CHECK+=" ~AUTOFS4_FS" - fi - - if linux_config_exists; then - local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) - if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then - ewarn "It's recommended to set an empty value to the following kernel config option:" - ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" - fi - if linux_chkconfig_present X86; then - CONFIG_CHECK+=" ~DMIID" - fi - fi - - if kernel_is -lt ${MINKV//./ }; then - ewarn "Kernel version at least ${MINKV} required" - fi - - check_extra_config - fi -} - -pkg_setup() { - : -} - -src_unpack() { - default - [[ ${PV} != 9999 ]] || git-r3_src_unpack -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}/251-gpt-auto-no-cryptsetup.patch" - ) - - if ! use vanilla; then - PATCHES+=( - "${FILESDIR}/gentoo-generator-path-r2.patch" - "${FILESDIR}/gentoo-systemctl-disable-sysv-sync-r1.patch" - "${FILESDIR}/gentoo-journald-audit.patch" - ) - fi - - # Fails with split-usr. - sed -i -e '2i exit 77' test/test-rpm-macros.sh || die - - default -} - -src_configure() { - # Prevent conflicts with i686 cross toolchain, bug 559726 - tc-export AR CC NM OBJCOPY RANLIB - - # Broken with FORTIFY_SOURCE=3: bug #841770. - # - # Our toolchain sets F_S=2 by default w/ >= -O2, so we need - # to unset F_S first, then explicitly set 2, to negate any default - # and anything set by the user if they're choosing 3 (or if they've - # modified GCC to set 3). - # - if is-flagq '-O[23]' || is-flagq '-Ofast' ; then - # We can't unconditionally do this b/c we fortify needs - # some level of optimisation. - filter-flags -D_FORTIFY_SOURCE=3 - append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 - fi - - python_setup - - multilib-minimal_src_configure -} - -multilib_src_configure() { - local myconf=( - --localstatedir="${EPREFIX}/var" - -Dsupport-url="https://gentoo.org/support/" - -Dpamlibdir="$(getpam_mod_dir)" - # avoid bash-completion dep - -Dbashcompletiondir="$(get_bashcompdir)" - $(meson_use split-usr) - $(meson_use split-usr split-bin) - -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" - -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" - # Avoid infinite exec recursion, bug 642724 - -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" - # no deps - -Dima=true - -Ddefault-hierarchy=$(usex cgroup-hybrid hybrid unified) - # Optional components/dependencies - $(meson_native_use_bool acl) - $(meson_native_use_bool apparmor) - $(meson_native_use_bool audit) - $(meson_native_use_bool cryptsetup libcryptsetup) - $(meson_native_use_bool curl libcurl) - $(meson_native_use_bool dns-over-tls dns-over-tls) - $(meson_native_use_bool elfutils) - $(meson_native_use_bool fido2 libfido2) - $(meson_use gcrypt) - $(meson_native_use_bool gnuefi gnu-efi) - $(meson_native_use_bool gnutls) - -Defi-includedir="${ESYSROOT}/usr/include/efi" - -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" - $(meson_native_use_bool homed) - $(meson_native_use_bool http microhttpd) - $(meson_native_use_bool idn) - $(meson_native_use_bool importd) - $(meson_native_use_bool importd bzip2) - $(meson_native_use_bool importd zlib) - $(meson_native_use_bool kmod) - $(meson_use lz4) - $(meson_use lzma xz) - $(meson_use zstd) - $(meson_native_use_bool iptables libiptc) - $(meson_native_use_bool openssl) - $(meson_use pam) - $(meson_native_use_bool pkcs11 p11kit) - $(meson_native_use_bool pcre pcre2) - $(meson_native_use_bool policykit polkit) - $(meson_native_use_bool pwquality) - $(meson_native_use_bool qrcode qrencode) - $(meson_native_use_bool seccomp) - $(meson_native_use_bool selinux) - $(meson_native_use_bool tpm tpm2) - $(meson_native_use_bool test dbus) - $(meson_native_use_bool xkb xkbcommon) - -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" - # Breaks screen, tmux, etc. - -Ddefault-kill-user-processes=false - -Dcreate-log-dirs=false - - # multilib options - $(meson_native_true backlight) - $(meson_native_true binfmt) - $(meson_native_true coredump) - $(meson_native_true environment-d) - $(meson_native_true firstboot) - $(meson_native_true hibernate) - $(meson_native_true hostnamed) - $(meson_native_true ldconfig) - $(meson_native_true localed) - $(meson_native_true man) - $(meson_native_true networkd) - $(meson_native_true quotacheck) - $(meson_native_true randomseed) - $(meson_native_true rfkill) - $(meson_native_true sysusers) - $(meson_native_true timedated) - $(meson_native_true timesyncd) - $(meson_native_true tmpfiles) - $(meson_native_true vconsole) - ) - - meson_src_configure "${myconf[@]}" -} - -multilib_src_test() { - unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - meson_src_test -} - -multilib_src_install_all() { - local rootprefix=$(usex split-usr '' /usr) - local sbin=$(usex split-usr sbin bin) - - # meson doesn't know about docdir - mv "${ED}"/usr/share/doc/{systemd,${PF}} || die - - einstalldocs - dodoc "${FILESDIR}"/nsswitch.conf - - if ! use resolvconf; then - rm -f "${ED}${rootprefix}/${sbin}"/resolvconf || die - fi - - rm "${ED}"/etc/init.d/README || die - rm "${ED}${rootprefix}"/lib/systemd/system-generators/systemd-sysv-generator || die - - if ! use sysv-utils; then - rm "${ED}${rootprefix}/${sbin}"/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die - rm "${ED}"/usr/share/man/man1/init.1 || die - rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die - fi - - if ! use resolvconf && ! use sysv-utils && use split-usr; then - rmdir "${ED}${rootprefix}"/sbin || die - fi - - # https://bugs.gentoo.org/761763 - rm -r "${ED}"/usr/lib/sysusers.d || die - - # Preserve empty dirs in /etc & /var, bug #437008 - keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} - keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,system,user} - keepdir /etc/udev/rules.d - - keepdir /etc/udev/hwdb.d - - keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} - keepdir /usr/lib/{binfmt.d,modules-load.d} - keepdir /usr/lib/systemd/user-generators - keepdir /var/lib/systemd - keepdir /var/log/journal - - # Symlink /etc/sysctl.conf for easy migration. - dosym ../../../etc/sysctl.conf /usr/lib/sysctl.d/99-sysctl.conf - - if use pam; then - newpamd "${FILESDIR}"/systemd-user.pam systemd-user - fi - - if use split-usr; then - # Avoid breaking boot/reboot - dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd - dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown - fi - - gen_usr_ldscript -a systemd udev -} - -migrate_locale() { - local envd_locale_def="${EROOT}/etc/env.d/02locale" - local envd_locale=( "${EROOT}"/etc/env.d/??locale ) - local locale_conf="${EROOT}/etc/locale.conf" - - if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then - # If locale.conf does not exist... - if [[ -e ${envd_locale} ]]; then - # ...either copy env.d/??locale if there's one - ebegin "Moving ${envd_locale} to ${locale_conf}" - mv "${envd_locale}" "${locale_conf}" - eend ${?} || FAIL=1 - else - # ...or create a dummy default - ebegin "Creating ${locale_conf}" - cat > "${locale_conf}" <<-EOF - # This file has been created by the sys-apps/systemd ebuild. - # See locale.conf(5) and localectl(1). - - # LANG=${LANG} - EOF - eend ${?} || FAIL=1 - fi - fi - - if [[ ! -L ${envd_locale} ]]; then - # now, if env.d/??locale is not a symlink (to locale.conf)... - if [[ -e ${envd_locale} ]]; then - # ...warn the user that he has duplicate locale settings - ewarn - ewarn "To ensure consistent behavior, you should replace ${envd_locale}" - ewarn "with a symlink to ${locale_conf}. Please migrate your settings" - ewarn "and create the symlink with the following command:" - ewarn "ln -s -n -f ../locale.conf ${envd_locale}" - ewarn - else - # ...or just create the symlink if there's nothing here - ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" - ln -n -s ../locale.conf "${envd_locale_def}" - eend ${?} || FAIL=1 - fi - fi -} - -pkg_preinst() { - if ! use split-usr; then - local dir - for dir in bin sbin lib usr/sbin; do - if [[ ! -L ${EROOT}/${dir} ]]; then - eerror "'${EROOT}/${dir}' is not a symbolic link." - FAIL=1 - fi - done - if [[ ${FAIL} ]]; then - eerror "Migration to system layout with merged directories must be performed before" - eerror "installing ${CATEGORY}/${PN} with USE=\"-split-usr\" to avoid run-time breakage." - die "System layout with split directories still used" - fi - fi -} - -pkg_postinst() { - systemd_update_catalog - - # Keep this here in case the database format changes so it gets updated - # when required. - systemd-hwdb --root="${ROOT}" update - - udev_reload || FAIL=1 - - # Bug 465468, make sure locales are respected, and ensure consistency - # between OpenRC & systemd - migrate_locale - - if [[ -z ${REPLACING_VERSIONS} ]]; then - if type systemctl &>/dev/null; then - systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 - fi - elog "To enable a useful set of services, run the following:" - elog " systemctl preset-all --preset-mode=enable-only" - fi - - if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then - rm "${EROOT}/var/lib/systemd/timesync" - fi - - if [[ ${FAIL} ]]; then - eerror "One of the postinst commands failed. Please check the postinst output" - eerror "for errors. You may need to clean up your system and/or try installing" - eerror "systemd again." - eerror - fi -} - -pkg_prerm() { - # If removing systemd completely, remove the catalog database. - if [[ ! ${REPLACED_BY_VERSION} ]]; then - rm -f -v "${EROOT}"/var/lib/systemd/catalog/database - fi -} diff --git a/sys-apps/systemd/systemd-252.3.ebuild b/sys-apps/systemd/systemd-252.4-r1.ebuild index 6a423f8c5593..6391f42dbf34 100644 --- a/sys-apps/systemd/systemd-252.3.ebuild +++ b/sys-apps/systemd/systemd-252.4-r1.ebuild @@ -1,9 +1,18 @@ -# Copyright 2011-2022 Gentoo Authors +# Copyright 2011-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 PYTHON_COMPAT=( python3_{8..11} ) +if [[ ${PV} != 252.* ]] ; then + # The F_S=3 issues should be fixed in 253. + # - https://github.com/systemd/systemd/issues/22801 + # - https://github.com/systemd/systemd/pull/25967 + # - https://github.com/systemd/systemd/commit/7929e180aa47a2692ad4f053afac2857d7198758 + # - https://github.com/systemd/systemd/commit/4f79f545b3c46c358666c9f5f2b384fe50aac4b4 + die "Please remove the FORTIFY_SOURCE hacks in src_configure." +fi + # Avoid QA warnings TMPFILES_OPTIONAL=1 UDEV_OPTIONAL=1 @@ -231,6 +240,7 @@ src_unpack() { src_prepare() { local PATCHES=( + "${FILESDIR}/252-tmpfiles-ub.patch" ) if ! use vanilla; then diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 6a423f8c5593..9e93b8d36e1b 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 2011-2022 Gentoo Authors +# Copyright 2011-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -26,7 +26,7 @@ else KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi -inherit bash-completion-r1 flag-o-matic linux-info meson-multilib pam +inherit bash-completion-r1 linux-info meson-multilib pam inherit python-any-r1 systemd toolchain-funcs udev usr-ldscript DESCRIPTION="System and service manager for Linux" @@ -251,20 +251,6 @@ src_configure() { # Prevent conflicts with i686 cross toolchain, bug 559726 tc-export AR CC NM OBJCOPY RANLIB - # Broken with FORTIFY_SOURCE=3: bug #841770. - # - # Our toolchain sets F_S=2 by default w/ >= -O2, so we need - # to unset F_S first, then explicitly set 2, to negate any default - # and anything set by the user if they're choosing 3 (or if they've - # modified GCC to set 3). - # - if is-flagq '-O[23]' || is-flagq '-Ofast' ; then - # We can't unconditionally do this b/c we fortify needs - # some level of optimisation. - filter-flags -D_FORTIFY_SOURCE=3 - append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 - fi - python_setup multilib-minimal_src_configure |