From 4a74938e510c0dad732ae4c48f815dd0f0cabb46 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Mon, 13 Feb 2023 08:16:09 +0000
Subject: gentoo auto-resync : 13:02:2023 - 08:16:09

---
 sys-apps/iproute2/Manifest                         |   2 +
 .../files/iproute2-6.1.0-strncpy-overlap.patch     |  39 ++++
 sys-apps/iproute2/iproute2-6.1.0-r1.ebuild         | 216 +++++++++++++++++++++
 3 files changed, 257 insertions(+)
 create mode 100644 sys-apps/iproute2/files/iproute2-6.1.0-strncpy-overlap.patch
 create mode 100644 sys-apps/iproute2/iproute2-6.1.0-r1.ebuild

(limited to 'sys-apps/iproute2')

diff --git a/sys-apps/iproute2/Manifest b/sys-apps/iproute2/Manifest
index 4135dad5852a..e112dc88ddbf 100644
--- a/sys-apps/iproute2/Manifest
+++ b/sys-apps/iproute2/Manifest
@@ -2,12 +2,14 @@ AUX iproute2-3.1.0-mtu.patch 1649 BLAKE2B cbecd9770391ca7c7f25b860a95bb5b2783073
 AUX iproute2-4.20.0-no-ipv6.patch 1334 BLAKE2B 612fa64a897fe8c601aca529a09508cc865f2f0fb7cb865ba28f3369748086622b6910f25052047c972f495b5e20014cdf6e9f73b230124f372cfe6301bc0bf2 SHA512 f4b42667d4433225b2e4272b6e629fc43b73ede02ac0e706d2e46d81ffcecd19ca45b8b9789904b4bd6d10d34c82239f9b3c33cfcf3f9e5b309d828a3494c864
 AUX iproute2-5.12.0-configure-nomagic.patch 6967 BLAKE2B 8707ace3766d2bb797901886032bbbfc78b3116b548d317038144307a52ba86a01dc49460fa8b4524f03de3abc5b56f4901a9cb24f1f6cacfbd7a5b92cea7145 SHA512 a6184d1fc150717ab40a278c2a6ce439ea04e9967d55f1d10fecc8162452a1a38a6e11c2f736c5aebfe0ffe726bfa80e154169004ccc571b89dcef9c0dbe1242
 AUX iproute2-5.7.0-mix-signal.h-include.patch 213 BLAKE2B ad6def6d017ff1d78587d1bfb9d92379983d989d9d4a396e773f02c655ac14c57cc25c5d4e37fbdb0e0d1cb1d35fc94ee70077b81d1285ac2d58cb1b19fa69db SHA512 09a9d450179b06c434a41b7bdd8d4a47b8ca2303de3d08b2b101e8695aec28e5d1e454a8c62e1b71d66b6e776dc6975f2837acc0a0f8a2a3f1e31b1eb56b71e3
+AUX iproute2-6.1.0-strncpy-overlap.patch 1401 BLAKE2B 8fe99941751ed3ab451ce8623a165e330f59ec3559e15b51e851c046d67b4a2225ac078dde0afede32eea9d1fc116db50183bc2138477036a145813269da8600 SHA512 c21acdb9af0185b9e50b03efaff7e9233d44d5056a24268785f61759d654aa87e00b41fdb211adfe8d964cfccf45e6c9340ec7cf0b2269c705109e01db34f059
 AUX iproute2-default-color-auto.patch 186 BLAKE2B 4f751e1292d7f14c8fac68c115c666f51d2494cb6d68d2da18e7fd6f694ea1d01b0731488b9482ed41cff8b985140d4bbee135861209d1a8f90ce26a7d972485 SHA512 d47ea460a1d92504184d9063c0539f69e7807204c17eefbb0342a27f30745ccb80e2f7ff61e516f3086516e66e0e68d361312bd6a0babd840927a57ef2fe9793
 DIST iproute2-5.15.0.tar.xz 858068 BLAKE2B bca20ac53e1b2b3ae06186f655ad5073a0e691ed7b3aab25c4fbc118847b72a8a522175732cd22d8ec27480d1ab142319e80a5c3628434bec21260e585e1591d SHA512 e94918fa10e523224b965c7cb5303a101745e89c90d149d2d9876a002b2a894b1c689c519dc22168f3d334c3ee0810c59ec43223baab3d5f4c56f017d6281f22
 DIST iproute2-6.0.0.tar.xz 900312 BLAKE2B 1cfb9b5a7892dec2b35e0eadbd957083e95fdc5077a1aa193329801ff25f9ed90a1fc4152756547be1fab8fe18d9a399001a4c3a61e951f64946156af6a90bae SHA512 be30362b0df6906aa786f935d5f555b8b86c747fe05314066f4180ab2f7c952ae227b7cf04c15e75d8f99ca17bafb7c8dc0fb1c18f3a9e3222d98716bb449f7a
 DIST iproute2-6.1.0.tar.xz 905512 BLAKE2B 38249703e0a9ba74405aebdb97560b286deefa959a9c3f0e0893962b6966f5da2da46199dda6a0f9584bb473f8ba529440643d97f66e9b7619df029e3091d163 SHA512 4e4d3b5e1e1a5444f42671c1e6caee072e80063e34e37386695f76f85a1ab662f4513050814006e5154426cbaadfba1d86b0be14e65978d5e670a16446047b28
 EBUILD iproute2-5.15.0.ebuild 4994 BLAKE2B bc73ac11db47b0d52926149af6546fe81fd94354ca48aad8f452c5fedeebc1629d847ba653175bdb18172a3d74c9e8c6026ffd8f3436130985929e38f4e0dec6 SHA512 5737c4bd54bc283c1c50c9b2f5e7c87f8b40d2665e15d72a05893d890427d1c389d2f6c857bd8ca0db2d38996dadea810b5a11f061e95830347ff7f864bd7f7e
 EBUILD iproute2-6.0.0.ebuild 5943 BLAKE2B d85a48405ed9359c187e770afdd7583f54c3905ee5b58488a604369957333a79c9d0f3c3964436116e5799ad9d8e7ade1ad51c02d89cb10983b9d5f11d015297 SHA512 6df97340ce887a0f9a1319c5a4458872cf8157c3131cb8dd27027fd18867571a6b80267974c1c0009996e4fd8fa6431434d5ae61ab2fc0b0c988ba3668c7f84e
+EBUILD iproute2-6.1.0-r1.ebuild 6000 BLAKE2B 49f03ac76621e34f65217bfbed93815d72914a081dda6598b1ce789dff8cf3f19697b199dde9a9e235738ef35b0cfcbdef04ba4652d3022dee49cd32b7f11a66 SHA512 d8a3fadd4a4ac3a1539f1b6c0e74320b321114ea3ddba75111606362f49412e04b6ca578cfc0f07d2fbc460d2639a1bbe8727c08e65cf103f29c552dc93b3bc5
 EBUILD iproute2-6.1.0.ebuild 5951 BLAKE2B 88d5f8622e202a4fab367d17ad8dd92b1fe5c28acdc525398856f99a943f1058066cc4a61b094a6b997683f4306ec81b34a9c5b8281e4c195e3aa3f50d148ddc SHA512 5734f8baa085cbac1f5793bb8f70d12890dddf8e66748c9fdab68dabd08c21123311d88d49a8dcaf3a0f53147c097483134124124687b337a4a89a1922832014
 EBUILD iproute2-9999.ebuild 5951 BLAKE2B 88d5f8622e202a4fab367d17ad8dd92b1fe5c28acdc525398856f99a943f1058066cc4a61b094a6b997683f4306ec81b34a9c5b8281e4c195e3aa3f50d148ddc SHA512 5734f8baa085cbac1f5793bb8f70d12890dddf8e66748c9fdab68dabd08c21123311d88d49a8dcaf3a0f53147c097483134124124687b337a4a89a1922832014
 MISC metadata.xml 973 BLAKE2B e505f65ebcc30561fe249ede546cbad6289a0be929be6105379c25674e1dbade56fc62fa75839b0485099f13bc175daa55ad8b86f0a346e52907cfa00c4bb3f1 SHA512 a7e201275dd562c097d66083225e74221f81d89a7efac98b7c05cc7c508100a94b9e928854796cfbfbfeb679acfe34fb79026f7d04df8e07f57132ffc64be525
diff --git a/sys-apps/iproute2/files/iproute2-6.1.0-strncpy-overlap.patch b/sys-apps/iproute2/files/iproute2-6.1.0-strncpy-overlap.patch
new file mode 100644
index 000000000000..8b4b0abbbc7d
--- /dev/null
+++ b/sys-apps/iproute2/files/iproute2-6.1.0-strncpy-overlap.patch
@@ -0,0 +1,39 @@
+fix UB in strncpy (e.g. truncated ip route output)
+
+Fix overlapping buffers passed to strncpy which is UB. format_host_rta_r writes
+to the buffer passed to it, so hostname (derived from b1) & b1 partly overlap.
+
+This gets worse with sys-libs/glibc-2.37 where the ip route output can be truncated,
+but it was UB anyway and you can see it occurring w/ glibc-2.36.
+
+Bug: https://lore.kernel.org/netdev/0011AC38-4823-4D0A-8580-B108D08959C2@gentoo.org/T/#u
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30112
+Thanks-to: Doug Freed <dwfreed@mtu.edu>
+--- a/ip/iproute.c
++++ b/ip/iproute.c
+@@ -753,6 +753,7 @@ int print_route(struct nlmsghdr *n, void *arg)
+ 	int ret;
+ 
+ 	SPRINT_BUF(b1);
++	SPRINT_BUF(b2);
+ 
+ 	if (n->nlmsg_type != RTM_NEWROUTE && n->nlmsg_type != RTM_DELROUTE) {
+ 		fprintf(stderr, "Not a route: %08x %08x %08x\n",
+@@ -814,7 +815,7 @@ int print_route(struct nlmsghdr *n, void *arg)
+ 				 r->rtm_dst_len);
+ 		} else {
+ 			const char *hostname = format_host_rta_r(family, tb[RTA_DST],
+-					  b1, sizeof(b1));
++					  b2, sizeof(b2));
+ 			if (hostname)
+ 				strncpy(b1, hostname, sizeof(b1) - 1);
+ 		}
+@@ -837,7 +838,7 @@ int print_route(struct nlmsghdr *n, void *arg)
+ 				 r->rtm_src_len);
+ 		} else {
+ 			const char *hostname = format_host_rta_r(family, tb[RTA_SRC],
+-					  b1, sizeof(b1));
++					  b2, sizeof(b2));
+ 			if (hostname)
+ 				strncpy(b1, hostname, sizeof(b1) - 1);
+ 		}
diff --git a/sys-apps/iproute2/iproute2-6.1.0-r1.ebuild b/sys-apps/iproute2/iproute2-6.1.0-r1.ebuild
new file mode 100644
index 000000000000..72f3265dd8e0
--- /dev/null
+++ b/sys-apps/iproute2/iproute2-6.1.0-r1.ebuild
@@ -0,0 +1,216 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit edo toolchain-funcs
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git"
+	inherit git-r3
+else
+	SRC_URI="https://www.kernel.org/pub/linux/utils/net/${PN}/${P}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+fi
+
+DESCRIPTION="kernel routing and traffic control utilities"
+HOMEPAGE="https://wiki.linuxfoundation.org/networking/iproute2"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="atm berkdb bpf caps elf +iptables libbsd minimal nfs selinux split-usr"
+
+# We could make libmnl optional, but it's tiny, so eh
+RDEPEND="
+	!net-misc/arpd
+	!minimal? ( net-libs/libmnl:= )
+	atm? ( net-dialup/linux-atm )
+	berkdb? ( sys-libs/db:= )
+	bpf? ( dev-libs/libbpf:= )
+	caps? ( sys-libs/libcap )
+	elf? ( virtual/libelf:= )
+	iptables? ( >=net-firewall/iptables-1.4.20:= )
+	libbsd? ( dev-libs/libbsd )
+	nfs? ( net-libs/libtirpc:= )
+	selinux? ( sys-libs/libselinux )
+"
+# We require newer linux-headers for ipset support (bug #549948) and some defines (bug #553876)
+DEPEND="
+	${RDEPEND}
+	>=sys-kernel/linux-headers-3.16
+"
+BDEPEND="
+	app-arch/xz-utils
+	>=sys-devel/bison-2.4
+	sys-devel/flex
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.1.0-mtu.patch # bug #291907
+	"${FILESDIR}"/${PN}-5.12.0-configure-nomagic.patch # bug #643722
+	#"${FILESDIR}"/${PN}-5.1.0-portability.patch
+	"${FILESDIR}"/${PN}-5.7.0-mix-signal.h-include.patch
+	"${FILESDIR}"/${PN}-default-color-auto.patch
+	"${FILESDIR}"/${PN}-6.1.0-strncpy-overlap.patch
+)
+
+src_prepare() {
+	default
+
+	# Fix version if necessary
+	local versionfile="include/version.h"
+	if [[ ${PV} != 9999 ]] && ! grep -Fq "${PV}" ${versionfile} ; then
+		einfo "Fixing version string"
+		sed "s@\"[[:digit:]\.]\+\"@\"${PV}\"@" \
+			-i ${versionfile} || die
+	fi
+
+	# echo -n is not POSIX compliant
+	sed 's@echo -n@printf@' -i configure || die
+
+	sed -i \
+		-e '/^CC :\?=/d' \
+		-e "/^LIBDIR/s:=.*:=/$(get_libdir):" \
+		-e "s|-O2|${CFLAGS} ${CPPFLAGS}|" \
+		-e "/^HOSTCC/s:=.*:= $(tc-getBUILD_CC):" \
+		-e "/^DBM_INCLUDE/s:=.*:=${T}:" \
+		Makefile || die
+
+	# Build against system headers
+	rm -r include/netinet || die #include/linux include/ip{,6}tables{,_common}.h include/libiptc
+	sed -i 's:TCPI_OPT_ECN_SEEN:16:' misc/ss.c || die
+
+	if use minimal ; then
+		sed -i -e '/^SUBDIRS=/s:=.*:=lib tc ip:' Makefile || die
+	fi
+}
+
+src_configure() {
+	tc-export AR CC PKG_CONFIG
+
+	# This sure is ugly. Should probably move into toolchain-funcs at some point.
+	local setns
+	pushd "${T}" >/dev/null || die
+	printf '#include <sched.h>\nint main(){return setns(0, 0);}\n' > test.c || die
+	if ${CC} ${CFLAGS} ${CPPFLAGS} -D_GNU_SOURCE ${LDFLAGS} test.c >&/dev/null ; then
+		setns=y
+	else
+		setns=n
+	fi
+
+	echo 'int main(){return 0;}' > test.c || die
+	if ! ${CC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} test.c -lresolv >&/dev/null ; then
+		sed -i '/^LDLIBS/s:-lresolv::' "${S}"/Makefile || die
+	fi
+	popd >/dev/null || die
+
+	# run "configure" script first which will create "config.mk"...
+	# Using econf breaks since 5.14.0 (a9c3d70d902a0473ee5c13336317006a52ce8242)
+	edo ./configure --libbpf_force $(usex bpf on off)
+
+	# Remove the definitions made by configure and allow them to be overridden
+	# by USE flags below.
+	# We have to do the cheesy only-sed-if-disabled because otherwise
+	# the *_FLAGS etc stuff found by configure will be used but result
+	# in a broken build.
+	if ! use berkdb ; then
+		sed -i -e '/HAVE_BERKELEY_DB/d' config.mk || die
+	fi
+
+	if ! use caps ; then
+		sed -i -e '/HAVE_CAP/d' config.mk || die
+	fi
+
+	if use minimal ; then
+		sed -i -e '/HAVE_MNL/d' config.mk || die
+	fi
+
+	if ! use elf ; then
+		sed -i -e '/HAVE_ELF/d' config.mk || die
+	fi
+
+	if ! use nfs ; then
+		sed -i -e '/HAVE_RPC/d' config.mk || die
+	fi
+
+	if ! use selinux ; then
+		sed -i -e '/HAVE_SELINUX/d' config.mk || die
+	fi
+
+	if ! use libbsd ; then
+		sed -i -e '/HAVE_LIBBSD/d' config.mk || die
+	fi
+
+	# ...Now switch on/off requested features via USE flags
+	# this is only useful if the test did not set other things, per bug #643722
+	# Keep in sync with ifs above, or refactor to be unified.
+	cat <<-EOF >> config.mk
+	TC_CONFIG_ATM := $(usex atm y n)
+	TC_CONFIG_XT  := $(usex iptables y n)
+	TC_CONFIG_NO_XT := $(usex iptables n y)
+	# We've locked in recent enough kernel headers, bug #549948
+	TC_CONFIG_IPSET := y
+	HAVE_BERKELEY_DB := $(usex berkdb y n)
+	HAVE_CAP      := $(usex caps y n)
+	HAVE_MNL      := $(usex minimal n y)
+	HAVE_ELF      := $(usex elf y n)
+	HAVE_RPC      := $(usex nfs y n)
+	HAVE_SELINUX  := $(usex selinux y n)
+	IP_CONFIG_SETNS := ${setns}
+	# Use correct iptables dir, bug #144265, bug #293709
+	IPT_LIB_DIR   := $(use iptables && ${PKG_CONFIG} xtables --variable=xtlibdir)
+	HAVE_LIBBSD   := $(usex libbsd y n)
+	EOF
+}
+
+src_compile() {
+	emake V=1 NETNS_RUN_DIR=/run/netns
+}
+
+src_install() {
+	if use minimal ; then
+		into /
+		dosbin tc/tc
+		dobin ip/ip
+		return 0
+	fi
+
+	emake \
+		DESTDIR="${D}" \
+		PREFIX="${EPREFIX}/usr" \
+		LIBDIR="${EPREFIX}"/$(get_libdir) \
+		SBINDIR="${EPREFIX}"/sbin \
+		CONFDIR="${EPREFIX}"/etc/iproute2 \
+		DOCDIR="${EPREFIX}"/usr/share/doc/${PF} \
+		MANDIR="${EPREFIX}"/usr/share/man \
+		ARPDDIR="${EPREFIX}"/var/lib/arpd \
+		install
+
+	dodir /bin
+	mv "${ED}"/{s,}bin/ip || die # bug #330115
+
+	dolib.a lib/libnetlink.a
+	insinto /usr/include
+	doins include/libnetlink.h
+
+	# Collides with net-analyzer/ifstat
+	# https://bugs.gentoo.org/868321
+	mv "${ED}"/sbin/ifstat{,-iproute2} || die
+
+	if use split-usr ; then
+		# Can remove compatibility symlink in a year: 2023-05-28.
+		# bug #547264
+		mv "${ED}"/sbin/ss "${ED}"/bin/ss || die
+		dosym -r /bin/ss /sbin/ss
+	fi
+
+	if use berkdb ; then
+		keepdir /var/lib/arpd
+		# bug #47482, arpd doesn't need to be in /sbin
+		dodir /usr/bin
+		mv "${ED}"/sbin/arpd "${ED}"/usr/bin/ || die
+	elif [[ -d "${ED}"/var/lib/arpd ]]; then
+		rmdir --ignore-fail-on-non-empty -p "${ED}"/var/lib/arpd || die
+	fi
+}
-- 
cgit v1.2.3