gentoo resync : 21.09.2018

6 files changed, 236 insertions, 1 deletions

diff --git a/sys-devel/bc/Manifest b/sys-devel/bc/Manifest
index 219ee446fe5e..a549224449c0 100644
--- a/sys-devel/bc/Manifest
+++ b/sys-devel/bc/Manifest
@@ -1,7 +1,11 @@
 AUX bc-1.06.95-mem-leak.patch 588 BLAKE2B b81094c82c02c47bc60d949f8aa50e1a9d00bb678d6759f9ac3a695d2e01d38b942a426a024f2e3023d4c67b3c7b40f1c968a9b066573da99823c0bccbcfbf6e SHA512 3a1f354b8979586b39e6e3f93f2df7d38c2f221fb00ceef7db6cb6b51712c0fc27dbbd75635a8e4e9e2f8f100c5a39cdc1d4c1cfc32bd6c406af94edef37e40d
 AUX bc-1.06.95-void_uninitialized.patch 351 BLAKE2B ad293d5efcebc2cf85a2d1a99e850f5c104e57b92cb3070739719f578d3eac38bfb92ba4b5cd5040fe8a711db5b77a4a673e080e27b233878adf1457cbc49073 SHA512 6d2803d831d8a3137c3d867606f8d40455a6f984bfe844e10e276e24cbd5d9fd1ff21b81ea91775dd7e1e55484cdde7bf859fa3e9a17887bdf548b32cdc46dae
+AUX bc-1.07.1-no-ed-its-sed.patch 441 BLAKE2B 52a6b47ea4d4847ca53e731a1ddc5ba4d5c9e41ab46e50f874247dd4e4f4ad039fd4e9631d1eab5cad03947ea570298f031f106d0474d776e80275a46ba12e54 SHA512 43c8e2e30def9f35174559bc8fa4dd3bc9ea4794e716f3405399f8d36a690303832f9d3fe762beb6d4632df66d0d8fa6153e1c10994239289af915bf493e0e75
+AUX bc-1.07.1-sandbox.patch 3669 BLAKE2B 9ea9a75dd3534b1fea0ea1053bf95f06a78e921b4cb8b08ae26133baa4e9cca766840d5896ea7ffc38d243b9f3d8327c6664d2911ddb66b020960bad4cab54d3 SHA512 6ec7d0169fbb537c2d35e1125c69caf67a061b5ca0ee394cc2d01bbee2d13ff54a29302135557b3846bb3dfcc18e1599f8ba0115350d54caea39e0344155fa5b
+AUX bc-1.07.1-use-system-bc.patch 556 BLAKE2B 822c525fa2fd90822498fad72b9cda91b2af5d0318fc33e74dd407e3bc2a29c8d12b9cc38e80ebd7f3a084f78e302efe38b44eb70c780b8a2a76895d4d7afddb SHA512 2074adf83ac9d7c2210fc62cc5b98bde3a4f6a4d4e4cb81eb95d32ad7a8432cffc21e11b63a7b3f7090f5b814d739dabfbd6c891ec6f5bf0a9d27ace9d0582d6
 DIST bc-1.06.95.tar.bz2 290069 BLAKE2B 774f07b1f85b4de7c4707baa355caed5a9fc7b3a5ee1a14f4e9fd59f47a4bbdf34bcb76dc05de4dd8c65615284c3588ad7961fa493ed559a0e8880647835bda0 SHA512 16ec13f87ef76ad4de77d378ef8d65a582adca1bf661c9d7675e78d940680c77e81a00a01817fde7c1ad1524562d6f933caa5c42a0686f3f85aadbb39393afb1
 DIST bc-1.07.1.tar.gz 419850 BLAKE2B dcedc193be5521aa0fa3a19746233ed65bc1fe8ef12e15155341706de6fbeecb6dd7ee4ab11e2d4b3aca2ae7097cce89e389b3573493bbc893e00b4ed3239594 SHA512 02126d0db6b6ed06d56cfc292d6f5475ff1e574779d7e69c7809bbb1e13f946f57ea07da2a7666baa092507a951a822044b0970075f75eefe65a5c1999b75d34
 EBUILD bc-1.06.95-r2.ebuild 1613 BLAKE2B e1d2fd5f1773de65df554e46c801c52ebc2d808e1b297c8cb04faadf95d19322b87a3407f3a7c3481025f2eb8f6c5a5f25a67f7c0c773ad97d8114a2eaf624ec SHA512 4627d647763feea0c67664f448879765fb563870ee3b174788ad0f7fb7ee3ec4ff4240655efd56fdba34d3b45c4269f0b6679200696a3a80ce2a25baf83ab647
 EBUILD bc-1.07.1-r1.ebuild 1261 BLAKE2B 40e70d8c9b164a934634cd7bf9b6da91bf996e6e20c8425ca7842a28baf13fa8734cf488b8dd403ea11984fab8dae743bfa517d34d640c3ba4da3b3e51553f07 SHA512 07c5f45dbf604a8c55c7d40da6b560f343deef9e97ca14c0749e894ba783e4952cb70a34ccbe627a6acaf9f9d96106f9105385ee8a5d3f9b948d17885deea857
-MISC metadata.xml 253 BLAKE2B 295e9d6d93aaa12af413972e1590c67087801cc09c9aa6b59d4606c0f4106d1dacf2baa9858559083b4c6d91beeef218d0729e8593a33788958da6d2897e8ce2 SHA512 54a9069aeb4165d2dff3d473c8001bc51613aac9dff3f7f5e9971a9891a737a31511ffa11cbd523febe581ac1d9de2bdf2f40410f0c4239138f2ccca3ef15555
+EBUILD bc-1.07.1-r2.ebuild 1765 BLAKE2B ea08d193aef1c5a4bcf8ab06a2abd63ade068fbe0e64f4c9148f40895771d5a92473e36c4be8396d27615c292654b009a3d0b95a6ea4bd257acdc950bf27e284 SHA512 d1830fe51c840534e559c71e8c62a5f1b3ae48b10e948a468f128e65c0d7f980254040df1eb976c099cf6011af98d94d3eb39ec731b0783ca4c5c31533393edd
+MISC metadata.xml 389 BLAKE2B 39234be070bd1ff9ad6fbb7dc76420b9f030e336ca94f64784f45de9f92fd260328a8367763151c95d429a7b5ffcae9db5cbddd692ded7cd83b9d25c24b573c5 SHA512 96b8257188ecefe1dc05cd7f2c14b0df052b14a2920fec12caf9b28e5f54dd4cce1e228d68507ee8391e85ff68c39435d7d2d9339efaf06d6b089a89347a0d18
diff --git a/sys-devel/bc/bc-1.07.1-r2.ebuild b/sys-devel/bc/bc-1.07.1-r2.ebuild
new file mode 100644
index 000000000000..99044d02af94
--- /dev/null
+++ b/sys-devel/bc/bc-1.07.1-r2.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="Handy console-based calculator utility"
+HOMEPAGE="https://www.gnu.org/software/bc/bc.html"
+SRC_URI="mirror://gnu/bc/${P}.tar.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="forced-sandbox libedit readline static"
+
+RDEPEND="
+	!readline? ( libedit? ( dev-libs/libedit:= ) )
+	readline? (
+		>=sys-libs/readline-4.1:0=
+		>=sys-libs/ncurses-5.2:=
+	)
+"
+DEPEND="
+	${RDEPEND}
+	sys-devel/flex
+	virtual/yacc
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.07.1-sandbox.patch"
+	"${FILESDIR}/${PN}-1.07.1-no-ed-its-sed.patch"
+)
+
+src_prepare() {
+	default
+
+	# Avoid bad build tool usage when cross-compiling.  #627126
+	tc-is-cross-compiler && eapply "${FILESDIR}/${PN}-1.07.1-use-system-bc.patch"
+
+	# A patch to make this into a configure option has been sent upstream,
+	# but lets avoid regenerating all the autotools just for this.
+	if use forced-sandbox ; then
+		sed -i '/dc_sandbox_enabled = 0/s:0:1:' dc/dc.c || die
+	fi
+}
+
+src_configure() {
+	local myconf=(
+		$(use_with readline)
+	)
+	if use readline ; then
+		myconf+=( --without-libedit )
+	else
+		myconf+=( $(use_with libedit) )
+	fi
+	use static && append-ldflags -static
+
+	econf "${myconf[@]}"
+
+	# Do not regen docs -- configure produces a small fragment that includes
+	# the version info which causes all pages to regen (newer file). #554774
+	touch -r doc doc/*
+}
+
+src_compile() {
+	emake AR="$(tc-getAR)"
+}
diff --git a/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch b/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch
new file mode 100644
index 000000000000..ce8e456186b7
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch
@@ -0,0 +1,23 @@
+in Gentoo, everyone has sed.  no one really has ed.  tweak this minor script
+to use sed instead of ed.  the changes are straight forward:
+* change \$ to $
+* merge last two $,$ commands into one
+* delete w/q commands
+
+--- a/bc/fix-libmath_h
++++ b/bc/fix-libmath_h
+@@ -1,9 +1,6 @@
+-ed libmath.h <<EOS-EOS
++sed -i libmath.h -e '
+ 1,1s/^/{"/
+-1,\$s/\$/",/
+-2,\$s/^/"/
+-\$,\$d
+-\$,\$s/,\$/,0}/
+-w
+-q
+-EOS-EOS
++1,$s/$/",/
++2,$s/^/"/
++$s/.*/0}/
++'
diff --git a/sys-devel/bc/files/bc-1.07.1-sandbox.patch b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
new file mode 100644
index 000000000000..ec5c406645b2
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
@@ -0,0 +1,121 @@
+this has been sent upstream, but they don't have a mailing list or project site
+to link to.  oh well.
+
+From e641584767c3c7cc1ff544805acc2562fc56cda9 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Mon, 17 Sep 2018 18:57:57 -0400
+Subject: [PATCH 1/2] dc: add a --sandbox option
+
+Other GNU projects (like sed & gawk) have a --sandbox flag whereby
+access to files and system() are disabled.  This allows people to
+run arbitrary scripts without worrying about them "escaping" and
+executing arbitrary commands on the system.
+---
+ dc/dc.c     | 9 ++++++++-
+ dc/dc.h     | 3 +++
+ dc/misc.c   | 6 ++++++
+ doc/dc.1    | 5 +++++
+ doc/dc.texi | 4 ++++
+ 5 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/dc/dc.c b/dc/dc.c
+index 6a2bb2639235..592a76be71da 100644
+--- a/dc/dc.c
++++ b/dc/dc.c
+@@ -54,6 +54,7 @@
+ #endif
+ 
+ const char *progname;	/* basename of program invocation */
++int dc_sandbox_enabled;	/* whether sandbox mode is enabled */
+ 
+ static void
+ bug_report_info DC_DECLVOID()
+@@ -80,6 +81,7 @@ usage DC_DECLARG((f))
+ Usage: %s [OPTION] [file ...]\n\
+   -e, --expression=EXPR    evaluate expression\n\
+   -f, --file=FILE          evaluate contents of file\n\
++  -S, --sandbox            disable the ! (system) command\n\
+   -h, --help               display this help and exit\n\
+   -V, --version            output version information and exit\n\
+ \n\
+@@ -252,6 +254,7 @@ main DC_DECLARG((argc, argv))
+ 	static struct option const long_opts[] = {
+ 		{"expression", required_argument, NULL, 'e'},
+ 		{"file", required_argument, NULL, 'f'},
++		{"sandbox", no_argument, NULL, 'S'},
+ 		{"help", no_argument, NULL, 'h'},
+ 		{"version", no_argument, NULL, 'V'},
+ 		{NULL, 0, NULL, 0}
+@@ -260,12 +263,13 @@ main DC_DECLARG((argc, argv))
+ 	int c;
+ 
+ 	progname = r1bindex(*argv, '/');
++	dc_sandbox_enabled = 0;
+ 	dc_math_init();
+ 	dc_string_init();
+ 	dc_register_init();
+ 	dc_array_init();
+ 
+-	while ((c = getopt_long(argc, argv, "hVe:f:", long_opts, (int *)0)) != EOF) {
++	while ((c = getopt_long(argc, argv, "hVe:f:S", long_opts, (int *)0)) != EOF) {
+ 		switch (c) {
+ 		case 'e':
+ 			{	dc_data string = dc_makestring(optarg, strlen(optarg));
+@@ -279,6 +283,9 @@ main DC_DECLARG((argc, argv))
+ 			try_file(optarg);
+ 			did_eval = 1;
+ 			break;
++		case 'S':
++			dc_sandbox_enabled = 1;
++			break;
+ 		case 'h':
+ 			usage(stdout);
+ 			return flush_okay();
+diff --git a/dc/dc.h b/dc/dc.h
+index 6a871ad612a5..a148df467a92 100644
+--- a/dc/dc.h
++++ b/dc/dc.h
+@@ -76,4 +76,7 @@ typedef struct {
+ /* This is dc's only global variable: */
+ extern const char *progname;	/* basename of program invocation */
+ 
++/* Whether to run in sandbox mode. */
++extern int dc_sandbox_enabled;
++
+ #endif /* not DC_DEFS_H */
+diff --git a/dc/misc.c b/dc/misc.c
+index cd23602fce32..115be90b03bf 100644
+--- a/dc/misc.c
++++ b/dc/misc.c
+@@ -131,6 +131,12 @@ dc_system DC_DECLARG((s))
+ 	char *tmpstr;
+ 	size_t len;
+ 
++	if (dc_sandbox_enabled) {
++		fprintf(stderr, "%s: ! command disabled in sandbox mode\n",
++				progname);
++		exit(EXIT_FAILURE);
++	}
++
+ 	p = strchr(s, '\n');
+ 	if (p != NULL) {
+ 		len = (size_t) (p - s);
+diff --git a/doc/dc.1 b/doc/dc.1
+index 1c666493e00a..7c4b6fffd616 100644
+--- a/doc/dc.1
++++ b/doc/dc.1
+@@ -84,6 +84,11 @@ to the set of commands to be run while processing the input.
+ Add the commands contained in the file
+ .I script-file
+ to the set of commands to be run while processing the input.
++.TP
++.B -S
++.TP
++.B --sandbox
++Run in sandbox mode where access to \fB!\fR for the system function.
+ .PP
+ If any command-line parameters remain after processing the above,
+ these parameters are interpreted as the names of input files to
+-- 
+2.17.1
+
diff --git a/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch b/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch
new file mode 100644
index 000000000000..03ccb68c0836
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch
@@ -0,0 +1,16 @@
+when cross-compiling, the local fbc binary won't work.  use the system
+bc instead as the demands of the .b script are simple enough.
+
+https://bugs.gentoo.org/627126
+
+--- a/bc/Makefile.in
++++ b/bc/Makefile.in
+@@ -628,7 +628,7 @@ libmath.h: libmath.b $(fbcOBJ) $(LIBBC)
+ 	echo '{0}' > libmath.h
+ 	$(MAKE) global.o
+ 	$(LINK) -o fbc $(fbcOBJ) global.o $(LIBBC) $(LIBL) $(READLINELIB) $(LIBS)
+-	./fbc -c $(srcdir)/libmath.b </dev/null >libmath.h
++	bc -c $(srcdir)/libmath.b </dev/null >libmath.h
+ 	$(srcdir)/fix-libmath_h
+ 	rm -f ./fbc ./global.o
+ sbc.o: sbc.c
diff --git a/sys-devel/bc/metadata.xml b/sys-devel/bc/metadata.xml
index 56c124413057..5bdfef6846f9 100644
--- a/sys-devel/bc/metadata.xml
+++ b/sys-devel/bc/metadata.xml
@@ -5,4 +5,7 @@
 	<email>base-system@gentoo.org</email>
 	<name>Gentoo Base System</name>
 </maintainer>
+<use>
+	<flag name="forced-sandbox">Always enable --sandbox mode for simpler/secure runtime (disables the ! command in dc)</flag>
+</use>
 </pkgmetadata>