diff options
Diffstat (limited to 'app-arch/sharutils')
| -rw-r--r-- | app-arch/sharutils/Manifest | 4 | ||||
| -rw-r--r-- | app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch | 16 | ||||
| -rw-r--r-- | app-arch/sharutils/files/sharutils-4.15.2-glibc228.patch | 95 | ||||
| -rw-r--r-- | app-arch/sharutils/sharutils-4.15.2-r1.ebuild (renamed from app-arch/sharutils/sharutils-4.15.2.ebuild) | 7 |
4 files changed, 119 insertions, 3 deletions
diff --git a/app-arch/sharutils/Manifest b/app-arch/sharutils/Manifest index 45763830ffa8..cfe203020f07 100644 --- a/app-arch/sharutils/Manifest +++ b/app-arch/sharutils/Manifest @@ -1,8 +1,10 @@ AUX sharutils-4.14-popen-rb.patch 791 BLAKE2B 3708a7b94ec238957a94ba8105a13543438d7239fe8d3aa75c970c106b5d9096f65814a53d880324f2ed4fe847dd3db9005b5e667c0a8d5d0fb596440bdb4dd9 SHA512 96b7aa7b594cf2d31b6a0d85c7d4ff0901c66776bf83328651a6717f633d9fd3f0ce1e3185b110aecfb8c59009087b0853cbef3736eaf9aa25a08a11500d4833 +AUX sharutils-4.15.2-CVE-2018-1000097.patch 500 BLAKE2B 581ee4fa93ac9b7f2eb0a5b605f0072a15af174f8462f1983833d1314eb3b7dc7763af60f32e6baa054ad00abf4ca4a10a7ae88b59415ab8ea9de3cb674ccf67 SHA512 6415da74c4f6f203bc4ad617bd05fa6ac86e1079538236148763e0b5e81ca8ea4004ea58e9e4755ba371246a7c469ef1e421576260494043d3ce3fc80e73cf69 +AUX sharutils-4.15.2-glibc228.patch 3807 BLAKE2B 644163c477f51b407211e8c9e6d3120ae38307753666fffb7aecbc758793b0b897920246b1f070e727e28728d76eb3283b80ababb881f39f909f9aa96b6e1ace SHA512 179272ae9b528719700bac5b06e4c70116d3d8a06973a69069617fc8dc0fa095227f7ab703b4c5b2beed649d5ffdc661d1d7ad7885185cb6ba6c62fce020e1cf DIST sharutils-4.14.tar.xz 1089052 BLAKE2B 2fe3edc016840b51528b9a7c41219f901ed29399051f1f6f4bcedd75ee85037ac3e3b9a67278aea34cd7b4a20d226b4143501bda481612c5b348b2fe57f71e75 SHA512 c1b87bc87915f7aebc9e02dfc1e08321f5ed2e144509c063139cde23eb8f75cb6469aa8042e4c6ec801f55d805e595f4c1c674cf5f2b4580a1e4933fcd605614 DIST sharutils-4.15.1.tar.xz 1126672 BLAKE2B b570ae35c0f516cdd24c75f59596a0cbff1c0747c92d1cfa78c0828e8d68ceb5b42f0a32113bdd557e099774ef3dbc5af1ef019ffe33469f4011090b8e27a6e6 SHA512 791e37730cfff36ef96793ff7e70af05845eef72c6f581ce05a873d7d9beb7d42504a253fb944c77938f355c5d29c1a9de78653812fbbf859574b7b72dc4d8e1 DIST sharutils-4.15.2.tar.xz 1122476 BLAKE2B e2acae027679ebdf723ecae6f243608f501f5c24685a19223dd27580ccf76bc7d38905a9d202b30cf2633e5580d727821398f1162b170233f03c17f3da683917 SHA512 80d0b804a0617e11e5c23dc0d59b218bbf93e40aaf5e9a5401a18ef9cb700390aab711e2b2e2f26c8fd5b8ef99a91d3405e01d02cadabcba7639979314e59f8d EBUILD sharutils-4.14-r1.ebuild 735 BLAKE2B 2afdd68f317d6affd432d6d291a7516906b992f5cea53c1a4cf794fb5dd4da03006759b005f6e66ba7abec0d9ef636dc56f910affe2c6dc43b6f8d337010bb56 SHA512 53c7501e69be3b24924b7178ba561d997a579ac12f45e6e36abed598debee3917ec0bafaba3207a9b266918da3ec055279daaf82544af94c6e0e5b3b2baee71e EBUILD sharutils-4.15.1.ebuild 748 BLAKE2B 7af24df5f5a521195425ca96994d285b62f58a08398751ed73c450480af9213f7dd0255d227663c3811a69baa24c911709c6155b9ac400559369ffc43465dfc1 SHA512 b0c5db15b48a7eae0f690b8693b532f070eb29905eeba07f996cf0b46799c13daa9f5192ad15d4e5c1322e38c1519e730e11347d43ba890dc302d74f43bca8fe -EBUILD sharutils-4.15.2.ebuild 947 BLAKE2B 7f3fd78c6a452250f534bf217015db13850c4c3a093044768fc26825db762aff392c10f96478d2dc8962362c939a960da4459829525377691468d30465028e67 SHA512 1fd94402f3c98991339522de39f1da7c27471b0ee1be545ecc2e560c9147e88678a4912d7a907c110a91d09e93346bb86e8dd47259a866af5016b2966af4996b +EBUILD sharutils-4.15.2-r1.ebuild 1058 BLAKE2B 0bd8866af001937293c4f76c3d62cc5550765f9b2e7e8138eea1217e02fd41a929c99e78b58201d3adc7a57cf74b220ba87f4095f4ccd262239d8d9b5ac6b00e SHA512 fd926d9aada881dc52c77c635f8355adc8390dbd733203405340389d967f75cc4338fdcf8d32be6b4b3375abc8a68c232dd066b7ed7b2c9c3d0d50cba73e3702 MISC metadata.xml 335 BLAKE2B ff8d1603a99aeb199526f9ec3c768adc461d09ae2d5dc5d73bdf2bea0d369dafc75c358b23ed68d4567e8f691b3d84d706356e8496d2b5d181e58563bdca8826 SHA512 4670be25ae746c8384beeff118f00b44d00fb9db553d4d64934bbb6f972eb21e2a4b28e2d5a6a6a708280acd51bed2b2acbb7552165c43a75eb497eb0c04dd94 diff --git a/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch new file mode 100644 index 000000000000..f61662040b6a --- /dev/null +++ b/app-arch/sharutils/files/sharutils-4.15.2-CVE-2018-1000097.patch @@ -0,0 +1,16 @@ +From: Petr Pisar +Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar +Bug-Debian: https://bugs.debian.org/893525 +X-Debian-version: 1:4.15.2-3 + +--- a/src/unshar.c ++++ b/src/unshar.c +@@ -240,7 +240,7 @@ + off_t position = ftello (file); + + /* Read next line, fail if no more and no previous process. */ +- if (!fgets (rw_buffer, BUFSIZ, file)) ++ if (!fgets (rw_buffer, rw_base_size, file)) + { + if (!start) + error (0, 0, _("Found no shell commands in %s"), name); diff --git a/app-arch/sharutils/files/sharutils-4.15.2-glibc228.patch b/app-arch/sharutils/files/sharutils-4.15.2-glibc228.patch new file mode 100644 index 000000000000..15bd682865e4 --- /dev/null +++ b/app-arch/sharutils/files/sharutils-4.15.2-glibc228.patch @@ -0,0 +1,95 @@ +From: Santiago Vila <sanvila@debian.org> +Subject: Fix FTBFS with glibc 2.28 +Bug-Debian: https://bugs.debian.org/915173 +X-Debian-version: 1:4.15.2-4 + +Based on this gnulib commit by Paul Eggert: + +https://lists.gnu.org/r/bug-gnulib/2018-03/msg00002.html + +--- a/lib/fflush.c ++++ b/lib/fflush.c +@@ -33,7 +33,7 @@ + #undef fflush + + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + + /* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */ + static void +@@ -72,7 +72,7 @@ + + #endif + +-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) ++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) + + # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT + /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ +@@ -148,7 +148,7 @@ + if (stream == NULL || ! freading (stream)) + return fflush (stream); + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + + clear_ungetc_buffer_preserving_position (stream); + +--- a/lib/fpurge.c ++++ b/lib/fpurge.c +@@ -62,7 +62,7 @@ + /* Most systems provide FILE as a struct and the necessary bitmask in + <stdio.h>, because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_IO_read_end = fp->_IO_read_ptr; + fp->_IO_write_ptr = fp->_IO_write_base; + /* Avoid memory leak when there is an active ungetc buffer. */ +--- a/lib/freading.c ++++ b/lib/freading.c +@@ -31,7 +31,7 @@ + /* Most systems provide FILE as a struct and the necessary bitmask in + <stdio.h>, because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + return ((fp->_flags & _IO_NO_WRITES) != 0 + || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0 + && fp->_IO_read_base != NULL)); +--- a/lib/fseeko.c ++++ b/lib/fseeko.c +@@ -47,7 +47,7 @@ + #endif + + /* These tests are based on fpurge.c. */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_read_end == fp->_IO_read_ptr + && fp->_IO_write_ptr == fp->_IO_write_base + && fp->_IO_save_base == NULL) +@@ -123,7 +123,7 @@ + return -1; + } + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_flags &= ~_IO_EOF_SEEN; + fp->_offset = pos; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ +--- a/lib/stdio-impl.h ++++ b/lib/stdio-impl.h +@@ -18,6 +18,12 @@ + the same implementation of stdio extension API, except that some fields + have different naming conventions, or their access requires some casts. */ + ++/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this ++ problem by defining it ourselves. FIXME: Do not rely on glibc ++ internals. */ ++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN ++# define _IO_IN_BACKUP 0x100 ++#endif + + /* BSD stdio derived implementations. */ + diff --git a/app-arch/sharutils/sharutils-4.15.2.ebuild b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild index 1edfe87ae807..ca36f985b19e 100644 --- a/app-arch/sharutils/sharutils-4.15.2.ebuild +++ b/app-arch/sharutils/sharutils-4.15.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="5" @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/${PN}/${P}.tar.xz" LICENSE="GPL-3" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 s390 ~sh sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" IUSE="nls" DEPEND="app-arch/xz-utils @@ -24,6 +24,9 @@ S=${WORKDIR}/${MY_P} src_prepare() { default + epatch "${FILESDIR}/sharutils-4.15.2-glibc228.patch" + epatch "${FILESDIR}/sharutils-4.15.2-CVE-2018-1000097.patch" + # Upstream is aware but thinks this isn't a bug/problem in sharutils itself # See http://lists.gnu.org/archive/html/bug-gnu-utils/2013-10/msg00011.html append-cflags $(test-flags-CC -Wno-error=format-security) |