From 06bb974d894b86598af155dc76a6fbd76c4fa30c Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Fri, 13 Jan 2023 17:49:19 +0000
Subject: gentoo auto-resync : 13:01:2023 - 17:49:18

---
 app-arch/upx/Manifest                             |  3 ++
 app-arch/upx/files/upx-4.0.1-CVE-2023-23456.patch | 61 +++++++++++++++++++++++
 app-arch/upx/files/upx-4.0.1-CVE-2023-23457.patch | 45 +++++++++++++++++
 app-arch/upx/upx-4.0.1-r1.ebuild                  | 35 +++++++++++++
 4 files changed, 144 insertions(+)
 create mode 100644 app-arch/upx/files/upx-4.0.1-CVE-2023-23456.patch
 create mode 100644 app-arch/upx/files/upx-4.0.1-CVE-2023-23457.patch
 create mode 100644 app-arch/upx/upx-4.0.1-r1.ebuild

(limited to 'app-arch/upx')

diff --git a/app-arch/upx/Manifest b/app-arch/upx/Manifest
index bf74f3b944c6..16102b59b5fe 100644
--- a/app-arch/upx/Manifest
+++ b/app-arch/upx/Manifest
@@ -1,5 +1,8 @@
+AUX upx-4.0.1-CVE-2023-23456.patch 2336 BLAKE2B 5ab0455eecf634ce7806079931f06b6b62136a03682f76794f60bf50d120ab9fb28ed35997191c8b47b8473f9b563bfca67bee6d75366625d29b28c2a1544c2b SHA512 7dd4ab0c5fbf66ff2b57457c6d1afb2f99f1c2f8fa61ef8f8fb560832c8455af03875a6a56d6a5dc29893be06d6dab689c7f9d2a0fe0ace6e1b01101e666f979
+AUX upx-4.0.1-CVE-2023-23457.patch 2119 BLAKE2B eed7ea0ff6de7ebca9ac0bceaa74e4c6d975a22228c23523ffeb79f6852df7ff0d451fd1e01cbf11a40cf62a5e8395f621429d0c7f9aa9da432f1d80d68c20bc SHA512 2d32f36abcab77f7aeb6adc269d2feffdfeae15460591f3c2b60a732c0b919354f020b88d4ea0e43c7559d02be248ac4949c44a357bef7b19f3277deaa692b91
 DIST upx-4.0.0-src.tar.xz 1159308 BLAKE2B d2626a63b626f9b4e913b822e699fa93b7080d322b19555d44d7cf4ce17b37f0d50ec1381d07d0e4f8827e8edcd29d525d497fa79acd18d520ac58e176fb2b72 SHA512 fe3e8c594e845a91338b1e11fe3cb6371430af40a567187d63835e27da8b2abf993a104b0693063f4db984234bada7b2bd16ad79e3ad90861a1f495d99de7de6
 DIST upx-4.0.1-src.tar.xz 1154032 BLAKE2B 0da23cedf73506e06e5dcf19ab0d194d8e578188bb4d75e760fe3f7dc7f24a9d42ff4b75fd9514162f48ae7cfad347b5bd65789805071354a74129960807843b SHA512 f2e42c83fd4a0d273a20c8b0f0d1eb201edcd1f10c779d2a6e8ac0812741c3af0c887382e54894190ecc4c7002a910524b2ed79ae7a7b595b8392598ad2e1235
 EBUILD upx-4.0.0.ebuild 651 BLAKE2B 79aca51cc6fa40e8a39fecd5d512cd191d9981c3e584ab18629c52253d036fd52802476f24060c40117273853d7862c6359c47d8da69732402c89cf2e7c07398 SHA512 168ee21480b5b065f0ec20b3a6916a479db25a358b4a7894d7bdccad4a2505fe12d975ee363b8a687fe0f395e5a07f12d3fc44eb0eacae5bbbe087cfbc4e259c
+EBUILD upx-4.0.1-r1.ebuild 845 BLAKE2B 02bd9f1f9afe52d583b04b6216ccc70e5a06ba29c5ff6ebc7e0f133027add7e01835bb3ae624b910bd07c37b2792ce46f4f9320e52e93dfa761828c0d2e49a8c SHA512 893e4cde35c443806f9e4a16f465cfe9b094e7309c797b317c0bf5f22ac5281c9b2a2a2ec050786e696165b2e5474743e36af4e723ea5671f43dcfaf48e9ec62
 EBUILD upx-4.0.1.ebuild 748 BLAKE2B e4562c894bd26240bb21dc4e579aa56c9c6bf27ef1fd00b6c30da6739cea4458a9de9154a7b1bcf5efa4f5fbd01fe595126f48f593ea2c8b336cc1cec84b3343 SHA512 93e947ff8f3794c0e61637e2587dc9acba3ce6f27024c8f1e9729fa4f915eec7467a62a70694c3d23fb2dbc10e9f5f115cbe9831899df2b77ecc8d4fffec15a6
 MISC metadata.xml 479 BLAKE2B fafbeeb827ba16ec14c3682982e7cbb1ef9264b637086d58aca32a632b1f273f1cc7ede069d61439a498f04e09368e4095829de7dd95b17afafc80f7ceb15695 SHA512 956e31235fec93e773f9bdbe62de739e3994d92b3a56ea97f65db5b20f182f4fbeed62370a28bf98447fddfa89efec4b8b4d63daf9020210810bd8bb201534e4
diff --git a/app-arch/upx/files/upx-4.0.1-CVE-2023-23456.patch b/app-arch/upx/files/upx-4.0.1-CVE-2023-23456.patch
new file mode 100644
index 000000000000..779800a08e40
--- /dev/null
+++ b/app-arch/upx/files/upx-4.0.1-CVE-2023-23456.patch
@@ -0,0 +1,61 @@
+From 1d291ff0db8a056600ebdebb9c3c62d700eaa842 Mon Sep 17 00:00:00 2001
+From: John Reiser <jreiser@BitWagon.com>
+Date: Thu, 24 Nov 2022 10:28:03 -0800
+Subject: [PATCH] p_tmt: more sanity of input, cleanup MemBuffer usage
+
+https://github.com/upx/upx/issues/632
+	modified:   src/p_tmt.cpp
+---
+ src/p_tmt.cpp | 23 +++++++++++------------
+ 1 file changed, 11 insertions(+), 12 deletions(-)
+
+diff --git a/src/p_tmt.cpp b/src/p_tmt.cpp
+index 7dc72888..592809a9 100644
+--- a/src/p_tmt.cpp
++++ b/src/p_tmt.cpp
+@@ -173,15 +173,13 @@ int PackTmt::readFileHeader()
+     fi->seek(adam_offset,SEEK_SET);
+     fi->readx(&ih,sizeof(ih));
+     // FIXME: should add more checks for the values in 'ih'
+-    unsigned const imagesize = get_le32(&ih.imagesize);
+-    unsigned const entry     = get_le32(&ih.entry);
+-    unsigned const relocsize = get_le32(&ih.relocsize);
+-    if (!imagesize
+-    ||  file_size <= imagesize
+-    ||  file_size <= entry
+-    ||  file_size <= relocsize) {
+-        printWarn(getName(), "bad header; imagesize=%#x  entry=%#x  relocsize=%#x",
+-            imagesize, entry, relocsize);
++    unsigned const imagesize = ih.imagesize;
++    unsigned const entry = ih.entry;
++    unsigned const relocsize = ih.relocsize;
++    if (imagesize < sizeof(ih) || entry < sizeof(ih) || file_size <= imagesize ||
++        file_size <= entry || file_size <= relocsize) {
++        printWarn(getName(), "bad header; imagesize=%#x  entry=%#x  relocsize=%#x", imagesize,
++                  entry, relocsize);
+         return 0;
+     }
+ 
+@@ -215,15 +213,16 @@ void PackTmt::pack(OutputFile *fo)
+     ibuf.alloc(usize+rsize+128);
+     obuf.allocForCompression(usize+rsize+128);
+ 
+-    MemBuffer wrkmem;
+-    wrkmem.alloc(rsize+EXTRA_INFO); // relocations
++    MemBuffer mb_wrkmem;
++    mb_wrkmem.alloc(rsize + EXTRA_INFO + 4); // relocations + original entry point + relocsize
++    SPAN_S_VAR(upx_byte, wrkmem, mb_wrkmem);
+ 
+     fi->seek(adam_offset+sizeof(ih),SEEK_SET);
+     fi->readx(ibuf,usize);
+     fi->readx(wrkmem+4,rsize);
+     const unsigned overlay = file_size - fi->tell();
+ 
+-    if (find_le32(ibuf,128,get_le32("UPX ")) >= 0)
++    if (find_le32(ibuf, UPX_MIN(128u, usize), get_le32("UPX ")) >= 0)
+         throwAlreadyPacked();
+     if (rsize == 0)
+         throwCantPack("file is already compressed with another packer");
+-- 
+2.38.2
+
diff --git a/app-arch/upx/files/upx-4.0.1-CVE-2023-23457.patch b/app-arch/upx/files/upx-4.0.1-CVE-2023-23457.patch
new file mode 100644
index 000000000000..8cb8455b4eab
--- /dev/null
+++ b/app-arch/upx/files/upx-4.0.1-CVE-2023-23457.patch
@@ -0,0 +1,45 @@
+From 779b648c5f6aa9b33f4728f79dd4d0efec0bf860 Mon Sep 17 00:00:00 2001
+From: John Reiser <jreiser@BitWagon.com>
+Date: Wed, 23 Nov 2022 19:49:28 -0800
+Subject: [PATCH] invert_pt_dynamic: fix thinko; PackLinuxElf64help1 insist on
+ ELF
+
+https://github.com/upx/upx/issues/631
+	modified:   src/p_lx_elf.cpp
+---
+ src/p_lx_elf.cpp | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp
+index fa55470f7..b698ee0a2 100644
+--- a/src/p_lx_elf.cpp
++++ b/src/p_lx_elf.cpp
+@@ -256,7 +256,8 @@ PackLinuxElf32::PackLinuxElf32help1(InputFile *f)
+     e_phnum = get_te16(&ehdri.e_phnum);
+     e_shnum = get_te16(&ehdri.e_shnum);
+     unsigned const e_phentsize = get_te16(&ehdri.e_phentsize);
+-    if (ehdri.e_ident[Elf32_Ehdr::EI_CLASS]!=Elf32_Ehdr::ELFCLASS32
++    if (memcmp((char const *)&ehdri, "\x7f\x45\x4c\x46", 4)  // "\177ELF"
++    || ehdri.e_ident[Elf32_Ehdr::EI_CLASS]!=Elf32_Ehdr::ELFCLASS32
+     || sizeof(Elf32_Phdr) != e_phentsize
+     || (Elf32_Ehdr::ELFDATA2MSB == ehdri.e_ident[Elf32_Ehdr::EI_DATA]
+             && &N_BELE_RTP::be_policy != bele)
+@@ -761,7 +762,8 @@ PackLinuxElf64::PackLinuxElf64help1(InputFile *f)
+     e_phnum = get_te16(&ehdri.e_phnum);
+     e_shnum = get_te16(&ehdri.e_shnum);
+     unsigned const e_phentsize = get_te16(&ehdri.e_phentsize);
+-    if (ehdri.e_ident[Elf64_Ehdr::EI_CLASS]!=Elf64_Ehdr::ELFCLASS64
++    if (memcmp((char const *)&ehdri, "\x7f\x45\x4c\x46", 4)  // "\177ELF"
++    || ehdri.e_ident[Elf64_Ehdr::EI_CLASS]!=Elf64_Ehdr::ELFCLASS64
+     || sizeof(Elf64_Phdr) != e_phentsize
+     || (Elf64_Ehdr::ELFDATA2MSB == ehdri.e_ident[Elf64_Ehdr::EI_DATA]
+             && &N_BELE_RTP::be_policy != bele)
+@@ -5780,7 +5782,7 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
+         }
+         if (file_size <= dt_offsets[n_off]) {
+             char msg[60]; snprintf(msg, sizeof(msg), "bad DT_{%#x} = %#x (beyond EOF)",
+-                dt_names[k], dt_offsets[n_off]);
++                k, dt_offsets[n_off]);
+                 throwCantPack(msg);
+         }
+         n_off += !!dt_offsets[n_off];
diff --git a/app-arch/upx/upx-4.0.1-r1.ebuild b/app-arch/upx/upx-4.0.1-r1.ebuild
new file mode 100644
index 000000000000..a1f1b77dd66d
--- /dev/null
+++ b/app-arch/upx/upx-4.0.1-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+DESCRIPTION="Ultimate Packer for eXecutables (free version using UCL compression and not NRV)"
+HOMEPAGE="https://upx.github.io/"
+SRC_URI="https://github.com/upx/upx/releases/download/v${PV}/${P}-src.tar.xz"
+S="${WORKDIR}/${P}-src"
+
+LICENSE="GPL-2+ UPX-exception" # Read the exception before applying any patches
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
+
+RDEPEND="!app-arch/upx-bin"
+BDEPEND="app-arch/xz-utils[extra-filters]"
+
+PATCHES=(
+	"${FILESDIR}/${P}-CVE-2023-23456.patch"
+	"${FILESDIR}/${P}-CVE-2023-23457.patch"
+)
+
+src_configure() {
+	local mycmakeargs=(
+		-DUPX_CONFIG_DISABLE_WERROR=ON
+	)
+	cmake_src_configure
+}
+
+src_test() {
+	# Don't run tests in parallel, #878977
+	cmake_src_test -j1
+}
-- 
cgit v1.2.3