gentoo resync : 05.04.2019

6 files changed, 279 insertions, 0 deletions

diff --git a/sys-devel/patch/Manifest b/sys-devel/patch/Manifest
index ceaee11c8e5e..9dd4cac54b0d 100644
--- a/sys-devel/patch/Manifest
+++ b/sys-devel/patch/Manifest
@@ -1,5 +1,10 @@
+AUX patch-2.7.6-CVE-2018-1000156.patch 4525 BLAKE2B bc0a12de74f2089fc3141618ef2bf3242d5b1c47d8900c645f2612b84b75dc625260528bb64070b9514b5e55852aa2dd93204fdbc6dacf1df6a0f6d72b53f980 SHA512 82873743ea469c614c9250b78ddfe4e3e754692caede2eb79ac9d5ab991df3329fc6485643fc0d38410b1d5c163485058a2ea8d4ecc0992d0dc0727cc3c3425f
+AUX patch-2.7.6-CVE-2018-6951.patch 981 BLAKE2B 585015980a4eecc28c427caf4f827a172f02165b291a8bbe87baea289bee25228d59ccbf7aec9938dfdc3c46865fd238c5c0e272796f59062ef73794e96851db SHA512 db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0
+AUX patch-2.7.6-CVE-2018-6952.patch 851 BLAKE2B a7c73ed10a1f71557bf28a5ee9d9800a01d7a3dc61e78428779b93e3e01766289e427f8fef39027d7e65e0153cb4464c92a9a58af7ecbe5f2c7ca3a0ea8aaff3 SHA512 99df964d826d400f87e9b82bf2600d8663c59bb8f9bf4aec082adc8cf6261744f37d416e15492d6e883202ade521d4436cb41c91f516085c3e6ce8e01a8956fb
+AUX patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch 860 BLAKE2B 3514ecd15b9c379efcb3cfcb0b1bcb389b63a5d6a108f889812498581c62f86655bb0acacc2a1e495a97613140770796030e82d050d12e502f0d3caadcf54097 SHA512 ced7714cba5f038affb29311aa42f112cea99882e38abc41106bed550ad9996fbc3df314fae5168ca305aaa39429f9d81dbf83469f93f7fe3736a044d41cecd9
 AUX patch-2.7.6-fix-error-handling-with-git-style-patches.patch 3582 BLAKE2B c443abb5112283aeb20db4ccf57c0d1241bfa586ad8d54d0ff2e1ae9026174f560df37dda1fedfc39db8178db05f77a4f94827ede80982311f475f460e4ae57f SHA512 1c05cf05b7348b86c878bd464a3f2f978b3e97655bf4f9aa83732af8bfd1e82046b88db39b7ce70e33ffc00c7f09c28ba777fba3fbd9538fd76767bfc396f382
 AUX patch-2.7.6-fix-test-suite.patch 2610 BLAKE2B e750283b85f0cb9d52324f28b8a03087980e8a61b16c3465914eeca65a3b800d8946a10c4dd0ab08b18c1cbc37810e55fb5c35314082a8c11e383b7d50d1bd3f SHA512 7ced1f9b937bf62131654d8a25c8d2a3f3cfe5fa8961e2e000542cce68061b10895bc0001ded898b9a43608af1f9c07903dc5c2f0a41662470d97188ed682115
 DIST patch-2.7.6.tar.xz 783756 BLAKE2B e3dd2d155a94c39cb60eafc26677e84de14c3a6d5814dff69de091ded52f21862490970254297795f2c42a0c3203f7e88a8f65bb66968f8dfd6e066bf53f2dfb SHA512 fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd
 EBUILD patch-2.7.6-r2.ebuild 1064 BLAKE2B 75ecf02fb251c8e1947458e1b1f437a2a07d554be979bb97a587e75e8daba71cdd2781cfd596aa40d969450f8039b4c537fc71af2cf5bca866be8136aa576b77 SHA512 5cc7ee806c59197c0c86b7414232c731f7927d43ad995845daee701c629ce56aaf4f514bd7c60c0dd53f3573736e99e7ee37cb9c7dd49add60835e0526ac90e3
+EBUILD patch-2.7.6-r3.ebuild 1304 BLAKE2B 055b0664e91e922c3149f3b85c94d91c887e1a9bbbac5d1a33b29c3f22c08189786997509dec862b66763685147ccc7f9fe60249138fb607565f2c4028ea529f SHA512 3057d893fd5a48cca79224d535318f6c2a39fa7abcea48ec63723a9e99d0b24ed4609d6d13db2062ba2478391ee2503d6b4048a20998894d6330bca05c2136cc
 MISC metadata.xml 253 BLAKE2B 295e9d6d93aaa12af413972e1590c67087801cc09c9aa6b59d4606c0f4106d1dacf2baa9858559083b4c6d91beeef218d0729e8593a33788958da6d2897e8ce2 SHA512 54a9069aeb4165d2dff3d473c8001bc51613aac9dff3f7f5e9971a9891a737a31511ffa11cbd523febe581ac1d9de2bdf2f40410f0c4239138f2ccca3ef15555
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch
new file mode 100644
index 000000000000..c0324d082fcd
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156.patch
@@ -0,0 +1,150 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+
+
+Without test to avoid automake due to @system package.
+---
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++	/* Write ed script to a temporary file.  This causes ed to abort on
++	   invalid commands such as when line numbers or ranges exceed the
++	   number of available lines.  When ed reads from a pipe, it rejects
++	   invalid commands and treats the next line as a new command, which
++	   can lead to arbitrary command execution.  */
++
++	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	if (tmpfd == -1)
++	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	tmpfp = fdopen (tmpfd, "w+b");
++	if (! tmpfp)
++	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	    if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	    if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		    if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		    if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+ 	    break;
+ 	}
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-	|| fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++	|| fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++	*outname_needs_removal = true;
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
++	sprintf (buf, "%s %s%s", editor_program,
++		 verbosity == VERBOSE ? "" : "- ",
++		 outname);
++	fflush (stdout);
++
++	pid = fork();
++	if (pid == -1)
++	  pfatal ("Can't fork");
++	else if (pid == 0)
++	  {
++	    dup2 (tmpfd, 0);
++	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    _exit (2);
++	  }
++	else
++	  {
++	    int wstatus;
++	    if (waitpid (pid, &wstatus, 0) == -1
++	        || ! WIFEXITED (wstatus)
++		|| WEXITSTATUS (wstatus) != 0)
++	      fatal ("%s FAILED", editor_program);
++	  }
++    }
++
++    fclose (tmpfp);
++    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {
+-- 
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch
new file mode 100644
index 000000000000..002d8ffd9d3a
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6951.patch
@@ -0,0 +1,29 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+-- 
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch
new file mode 100644
index 000000000000..d9ad374a2ae7
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-6952.patch
@@ -0,0 +1,30 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;
+-- 
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
new file mode 100644
index 000000000000..2d2863c0ccf6
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
@@ -0,0 +1,25 @@
+b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
+
+Allow input files to be missing for ed-style patches
+* src/pch.c (do_ed_script): Allow input files to be missing so that new
+files will be created as with non-ed-style patches.
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+ 
+     if (! dry_run && ! skip_rest_of_patch) {
+ 	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
+ 	sprintf (buf, "%s %s%s", editor_program,
+ 		 verbosity == VERBOSE ? "" : "- ",
+ 		 outname);
diff --git a/sys-devel/patch/patch-2.7.6-r3.ebuild b/sys-devel/patch/patch-2.7.6-r3.ebuild
new file mode 100644
index 000000000000..0cc81c919810
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r3.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit flag-o-matic
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+	test? ( sys-apps/ed )"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-fix-test-suite.patch
+	"${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+	"${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch
+	"${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+	"${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch
+	"${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch
+)
+
+src_configure() {
+	use static && append-ldflags -static
+
+	local myeconfargs=(
+		$(use_enable xattr)
+		--program-prefix="$(use userland_BSD && echo g)"
+	)
+	# Do not let $ED mess up the search for `ed` 470210.
+	ac_cv_path_ED=$(type -P ed) \
+	econf "${myeconfargs[@]}"
+}