1 |
commit: b4e5bfd9d4c04c2f942bbecce62e4394d827de16 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Aug 16 12:38:46 2019 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 16 12:40:22 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4e5bfd9 |
7 |
|
8 |
sys-devel/patch: rev bump to add some patches |
9 |
|
10 |
Bug: https://bugs.gentoo.org/690136 |
11 |
Package-Manager: Portage-2.3.71, Repoman-2.3.17 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
...lid-memory-access-in-context-format-diffs.patch | 26 +++++ |
15 |
.../files/patch-2.7.6-CVE-2018-1000156-fix1.patch | 102 +++++++++++++++++++ |
16 |
.../files/patch-2.7.6-CVE-2018-1000156-fix2.patch | 37 +++++++ |
17 |
.../patch/files/patch-2.7.6-CVE-2019-13636.patch | 108 +++++++++++++++++++++ |
18 |
.../patch/files/patch-2.7.6-CVE-2019-13638.patch | 38 ++++++++ |
19 |
...hen-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch | 89 +++++++++++++++++ |
20 |
sys-devel/patch/patch-2.7.6-r4.ebuild | 46 +++++++++ |
21 |
7 files changed, 446 insertions(+) |
22 |
|
23 |
diff --git a/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch |
24 |
new file mode 100644 |
25 |
index 00000000000..5eef875b85d |
26 |
--- /dev/null |
27 |
+++ b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch |
28 |
@@ -0,0 +1,26 @@ |
29 |
+From 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48 Mon Sep 17 00:00:00 2001 |
30 |
+From: Andreas Gruenbacher <agruen@×××.org> |
31 |
+Date: Mon, 15 Jul 2019 19:10:02 +0200 |
32 |
+Subject: Avoid invalid memory access in context format diffs |
33 |
+ |
34 |
+* src/pch.c (another_hunk): Avoid invalid memory access in context format |
35 |
+diffs. |
36 |
+--- |
37 |
+ src/pch.c | 1 + |
38 |
+ 1 file changed, 1 insertion(+) |
39 |
+ |
40 |
+diff --git a/src/pch.c b/src/pch.c |
41 |
+index a500ad9..cb54e03 100644 |
42 |
+--- a/src/pch.c |
43 |
++++ b/src/pch.c |
44 |
+@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev) |
45 |
+ ptrn_prefix_context = context; |
46 |
+ ptrn_suffix_context = context; |
47 |
+ if (repl_beginning |
48 |
++ || p_end <= 0 |
49 |
+ || (p_end |
50 |
+ != p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n'))) |
51 |
+ { |
52 |
+-- |
53 |
+cgit v1.0-41-gc330 |
54 |
+ |
55 |
|
56 |
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch |
57 |
new file mode 100644 |
58 |
index 00000000000..d2492f59317 |
59 |
--- /dev/null |
60 |
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch |
61 |
@@ -0,0 +1,102 @@ |
62 |
+From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001 |
63 |
+From: Jean Delvare <jdelvare@××××.de> |
64 |
+Date: Thu, 3 May 2018 14:31:55 +0200 |
65 |
+Subject: Don't leak temporary file on failed ed-style patch |
66 |
+ |
67 |
+Now that we write ed-style patches to a temporary file before we |
68 |
+apply them, we need to ensure that the temporary file is removed |
69 |
+before we leave, even on fatal error. |
70 |
+ |
71 |
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local |
72 |
+ tmpname. Don't unlink the file directly, instead tag it for removal |
73 |
+ at exit time. |
74 |
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit. |
75 |
+ |
76 |
+This closes bug #53820: |
77 |
+https://savannah.gnu.org/bugs/index.php?53820 |
78 |
+ |
79 |
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") |
80 |
+--- |
81 |
+ src/common.h | 2 ++ |
82 |
+ src/patch.c | 1 + |
83 |
+ src/pch.c | 11 +++++------ |
84 |
+ 3 files changed, 8 insertions(+), 6 deletions(-) |
85 |
+ |
86 |
+diff --git a/src/common.h b/src/common.h |
87 |
+index 904a3f8..53c5e32 100644 |
88 |
+--- a/src/common.h |
89 |
++++ b/src/common.h |
90 |
+@@ -94,10 +94,12 @@ XTERN char const *origsuff; |
91 |
+ XTERN char const * TMPINNAME; |
92 |
+ XTERN char const * TMPOUTNAME; |
93 |
+ XTERN char const * TMPPATNAME; |
94 |
++XTERN char const * TMPEDNAME; |
95 |
+ |
96 |
+ XTERN bool TMPINNAME_needs_removal; |
97 |
+ XTERN bool TMPOUTNAME_needs_removal; |
98 |
+ XTERN bool TMPPATNAME_needs_removal; |
99 |
++XTERN bool TMPEDNAME_needs_removal; |
100 |
+ |
101 |
+ #ifdef DEBUGGING |
102 |
+ XTERN int debug; |
103 |
+diff --git a/src/patch.c b/src/patch.c |
104 |
+index 3fcaec5..9146597 100644 |
105 |
+--- a/src/patch.c |
106 |
++++ b/src/patch.c |
107 |
+@@ -2003,6 +2003,7 @@ cleanup (void) |
108 |
+ remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal); |
109 |
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal); |
110 |
+ remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal); |
111 |
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal); |
112 |
+ remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal); |
113 |
+ output_files (NULL); |
114 |
+ } |
115 |
+diff --git a/src/pch.c b/src/pch.c |
116 |
+index 79a3c99..1bb3153 100644 |
117 |
+--- a/src/pch.c |
118 |
++++ b/src/pch.c |
119 |
+@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char c |
120 |
+ file_offset beginning_of_this_line; |
121 |
+ size_t chars_read; |
122 |
+ FILE *tmpfp = 0; |
123 |
+- char const *tmpname; |
124 |
+ int tmpfd; |
125 |
+ pid_t pid; |
126 |
+ |
127 |
+@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname, |
128 |
+ invalid commands and treats the next line as a new command, which |
129 |
+ can lead to arbitrary command execution. */ |
130 |
+ |
131 |
+- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); |
132 |
++ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0); |
133 |
+ if (tmpfd == -1) |
134 |
+- pfatal ("Can't create temporary file %s", quotearg (tmpname)); |
135 |
++ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME)); |
136 |
++ TMPEDNAME_needs_removal = true; |
137 |
+ tmpfp = fdopen (tmpfd, "w+b"); |
138 |
+ if (! tmpfp) |
139 |
+- pfatal ("Can't open stream for file %s", quotearg (tmpname)); |
140 |
++ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME)); |
141 |
+ } |
142 |
+ |
143 |
+ for (;;) { |
144 |
+@@ -2449,7 +2449,7 @@ do_ed_script (char const *inname, char c |
145 |
+ write_fatal (); |
146 |
+ |
147 |
+ if (lseek (tmpfd, 0, SEEK_SET) == -1) |
148 |
+- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); |
149 |
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME)); |
150 |
+ |
151 |
+ if (! dry_run && ! skip_rest_of_patch) { |
152 |
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL; |
153 |
+@@ -2482,7 +2482,6 @@ do_ed_script (char const *inname, char c |
154 |
+ } |
155 |
+ |
156 |
+ fclose (tmpfp); |
157 |
+- safe_unlink (tmpname); |
158 |
+ |
159 |
+ if (ofp) |
160 |
+ { |
161 |
+-- |
162 |
+cgit v1.0-41-gc330 |
163 |
+ |
164 |
|
165 |
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch |
166 |
new file mode 100644 |
167 |
index 00000000000..7b74ff06c4b |
168 |
--- /dev/null |
169 |
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch |
170 |
@@ -0,0 +1,37 @@ |
171 |
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001 |
172 |
+From: Jean Delvare <jdelvare@××××.de> |
173 |
+Date: Mon, 7 May 2018 15:14:45 +0200 |
174 |
+Subject: Don't leak temporary file on failed multi-file ed-style patch |
175 |
+ |
176 |
+The previous fix worked fine with single-file ed-style patches, but |
177 |
+would still leak temporary files in the case of multi-file ed-style |
178 |
+patch. Fix that case as well, and extend the test case to check for |
179 |
+it. |
180 |
+ |
181 |
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to |
182 |
+ the next file in a patch. |
183 |
+ |
184 |
+This closes bug #53820: |
185 |
+https://savannah.gnu.org/bugs/index.php?53820 |
186 |
+ |
187 |
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") |
188 |
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch") |
189 |
+--- |
190 |
+ src/patch.c | 1 + |
191 |
+ 2 files changed, 32 insertions(+) |
192 |
+ |
193 |
+diff --git a/src/patch.c b/src/patch.c |
194 |
+index 9146597..81c7a02 100644 |
195 |
+--- a/src/patch.c |
196 |
++++ b/src/patch.c |
197 |
+@@ -236,6 +236,7 @@ main (int argc, char **argv) |
198 |
+ } |
199 |
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal); |
200 |
+ } |
201 |
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal); |
202 |
+ |
203 |
+ if (! skip_rest_of_patch && ! file_type) |
204 |
+ { |
205 |
+-- |
206 |
+cgit v1.0-41-gc330 |
207 |
+ |
208 |
|
209 |
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch |
210 |
new file mode 100644 |
211 |
index 00000000000..3515399f073 |
212 |
--- /dev/null |
213 |
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch |
214 |
@@ -0,0 +1,108 @@ |
215 |
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001 |
216 |
+From: Andreas Gruenbacher <agruen@×××.org> |
217 |
+Date: Mon, 15 Jul 2019 16:21:48 +0200 |
218 |
+Subject: Don't follow symlinks unless --follow-symlinks is given |
219 |
+ |
220 |
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file, |
221 |
+append_to_file): Unless the --follow-symlinks option is given, open files with |
222 |
+the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing |
223 |
+that consistently for input files. |
224 |
+* src/util.c (create_backup): When creating empty backup files, (re)create them |
225 |
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well. |
226 |
+--- |
227 |
+ src/inp.c | 12 ++++++++++-- |
228 |
+ src/util.c | 14 +++++++++++--- |
229 |
+ 2 files changed, 21 insertions(+), 5 deletions(-) |
230 |
+ |
231 |
+diff --git a/src/inp.c b/src/inp.c |
232 |
+index 32d0919..22d7473 100644 |
233 |
+--- a/src/inp.c |
234 |
++++ b/src/inp.c |
235 |
+@@ -238,8 +238,13 @@ plan_a (char const *filename) |
236 |
+ { |
237 |
+ if (S_ISREG (instat.st_mode)) |
238 |
+ { |
239 |
+- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0); |
240 |
++ int flags = O_RDONLY | binary_transput; |
241 |
+ size_t buffered = 0, n; |
242 |
++ int ifd; |
243 |
++ |
244 |
++ if (! follow_symlinks) |
245 |
++ flags |= O_NOFOLLOW; |
246 |
++ ifd = safe_open (filename, flags, 0); |
247 |
+ if (ifd < 0) |
248 |
+ pfatal ("can't open file %s", quotearg (filename)); |
249 |
+ |
250 |
+@@ -340,6 +345,7 @@ plan_a (char const *filename) |
251 |
+ static void |
252 |
+ plan_b (char const *filename) |
253 |
+ { |
254 |
++ int flags = O_RDONLY | binary_transput; |
255 |
+ int ifd; |
256 |
+ FILE *ifp; |
257 |
+ int c; |
258 |
+@@ -353,7 +359,9 @@ plan_b (char const *filename) |
259 |
+ |
260 |
+ if (instat.st_size == 0) |
261 |
+ filename = NULL_DEVICE; |
262 |
+- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0 |
263 |
++ if (! follow_symlinks) |
264 |
++ flags |= O_NOFOLLOW; |
265 |
++ if ((ifd = safe_open (filename, flags, 0)) < 0 |
266 |
+ || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r"))) |
267 |
+ pfatal ("Can't open file %s", quotearg (filename)); |
268 |
+ if (TMPINNAME_needs_removal) |
269 |
+diff --git a/src/util.c b/src/util.c |
270 |
+index 1cc08ba..fb38307 100644 |
271 |
+--- a/src/util.c |
272 |
++++ b/src/util.c |
273 |
+@@ -393,7 +393,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original) |
274 |
+ |
275 |
+ try_makedirs_errno = ENOENT; |
276 |
+ safe_unlink (bakname); |
277 |
+- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0) |
278 |
++ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0) |
279 |
+ { |
280 |
+ if (errno != try_makedirs_errno) |
281 |
+ pfatal ("Can't create file %s", quotearg (bakname)); |
282 |
+@@ -584,10 +584,13 @@ create_file (char const *file, int open_flags, mode_t mode, |
283 |
+ static void |
284 |
+ copy_to_fd (const char *from, int tofd) |
285 |
+ { |
286 |
++ int from_flags = O_RDONLY | O_BINARY; |
287 |
+ int fromfd; |
288 |
+ ssize_t i; |
289 |
+ |
290 |
+- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0) |
291 |
++ if (! follow_symlinks) |
292 |
++ from_flags |= O_NOFOLLOW; |
293 |
++ if ((fromfd = safe_open (from, from_flags, 0)) < 0) |
294 |
+ pfatal ("Can't reopen file %s", quotearg (from)); |
295 |
+ while ((i = read (fromfd, buf, bufsize)) != 0) |
296 |
+ { |
297 |
+@@ -630,6 +633,8 @@ copy_file (char const *from, char const *to, struct stat *tost, |
298 |
+ else |
299 |
+ { |
300 |
+ assert (S_ISREG (mode)); |
301 |
++ if (! follow_symlinks) |
302 |
++ to_flags |= O_NOFOLLOW; |
303 |
+ tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode, |
304 |
+ to_dir_known_to_exist); |
305 |
+ copy_to_fd (from, tofd); |
306 |
+@@ -645,9 +650,12 @@ copy_file (char const *from, char const *to, struct stat *tost, |
307 |
+ void |
308 |
+ append_to_file (char const *from, char const *to) |
309 |
+ { |
310 |
++ int to_flags = O_WRONLY | O_APPEND | O_BINARY; |
311 |
+ int tofd; |
312 |
+ |
313 |
+- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0) |
314 |
++ if (! follow_symlinks) |
315 |
++ to_flags |= O_NOFOLLOW; |
316 |
++ if ((tofd = safe_open (to, to_flags, 0)) < 0) |
317 |
+ pfatal ("Can't reopen file %s", quotearg (to)); |
318 |
+ copy_to_fd (from, tofd); |
319 |
+ if (close (tofd) != 0) |
320 |
+-- |
321 |
+cgit v1.0-41-gc330 |
322 |
+ |
323 |
|
324 |
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch |
325 |
new file mode 100644 |
326 |
index 00000000000..38caff628aa |
327 |
--- /dev/null |
328 |
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch |
329 |
@@ -0,0 +1,38 @@ |
330 |
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 |
331 |
+From: Andreas Gruenbacher <agruen@×××.org> |
332 |
+Date: Fri, 6 Apr 2018 19:36:15 +0200 |
333 |
+Subject: Invoke ed directly instead of using the shell |
334 |
+ |
335 |
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell |
336 |
+command to avoid quoting vulnerabilities. |
337 |
+--- |
338 |
+ src/pch.c | 6 ++---- |
339 |
+ 1 file changed, 2 insertions(+), 4 deletions(-) |
340 |
+ |
341 |
+diff --git a/src/pch.c b/src/pch.c |
342 |
+index 4fd5a05..16e001a 100644 |
343 |
+--- a/src/pch.c |
344 |
++++ b/src/pch.c |
345 |
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, |
346 |
+ *outname_needs_removal = true; |
347 |
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); |
348 |
+ } |
349 |
+- sprintf (buf, "%s %s%s", editor_program, |
350 |
+- verbosity == VERBOSE ? "" : "- ", |
351 |
+- outname); |
352 |
+ fflush (stdout); |
353 |
+ |
354 |
+ pid = fork(); |
355 |
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, |
356 |
+ else if (pid == 0) |
357 |
+ { |
358 |
+ dup2 (tmpfd, 0); |
359 |
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); |
360 |
++ assert (outname[0] != '!' && outname[0] != '-'); |
361 |
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL); |
362 |
+ _exit (2); |
363 |
+ } |
364 |
+ else |
365 |
+-- |
366 |
+cgit v1.0-41-gc330 |
367 |
+ |
368 |
|
369 |
diff --git a/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch |
370 |
new file mode 100644 |
371 |
index 00000000000..961e5786138 |
372 |
--- /dev/null |
373 |
+++ b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch |
374 |
@@ -0,0 +1,89 @@ |
375 |
+From 61d7788b83b302207a67b82786f4fd79e3538f30 Mon Sep 17 00:00:00 2001 |
376 |
+From: Andreas Gruenbacher <agruen@×××.org> |
377 |
+Date: Thu, 27 Jun 2019 11:10:43 +0200 |
378 |
+Subject: Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY |
379 |
+ |
380 |
+* src/safe.c (min_cached_fds): Define minimum number of cached dir file |
381 |
+descriptors. |
382 |
+(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY. |
383 |
+(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is |
384 |
+RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent |
385 |
+of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small |
386 |
+hash table will usually suffice; if needed, the hash table will grow. |
387 |
+(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is |
388 |
+RLIM_INFINITY. |
389 |
+--- |
390 |
+ src/safe.c | 36 +++++++++++++++++++++++------------- |
391 |
+ 1 file changed, 23 insertions(+), 13 deletions(-) |
392 |
+ |
393 |
+diff --git a/src/safe.c b/src/safe.c |
394 |
+index 5a7202f..f147b0e 100644 |
395 |
+--- a/src/safe.c |
396 |
++++ b/src/safe.c |
397 |
+@@ -67,7 +67,8 @@ struct cached_dirfd { |
398 |
+ }; |
399 |
+ |
400 |
+ static Hash_table *cached_dirfds = NULL; |
401 |
+-static size_t max_cached_fds; |
402 |
++static rlim_t min_cached_fds = 8; |
403 |
++static rlim_t max_cached_fds; |
404 |
+ LIST_HEAD (lru_list); |
405 |
+ |
406 |
+ static size_t hash_cached_dirfd (const void *entry, size_t table_size) |
407 |
+@@ -98,11 +99,17 @@ static void init_dirfd_cache (void) |
408 |
+ { |
409 |
+ struct rlimit nofile; |
410 |
+ |
411 |
+- max_cached_fds = 8; |
412 |
+ if (getrlimit (RLIMIT_NOFILE, &nofile) == 0) |
413 |
+- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds); |
414 |
++ { |
415 |
++ if (nofile.rlim_cur == RLIM_INFINITY) |
416 |
++ max_cached_fds = RLIM_INFINITY; |
417 |
++ else |
418 |
++ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds); |
419 |
++ } |
420 |
++ else |
421 |
++ max_cached_fds = min_cached_fds; |
422 |
+ |
423 |
+- cached_dirfds = hash_initialize (max_cached_fds, |
424 |
++ cached_dirfds = hash_initialize (min_cached_fds, |
425 |
+ NULL, |
426 |
+ hash_cached_dirfd, |
427 |
+ compare_cached_dirfds, |
428 |
+@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd) |
429 |
+ if (cached_dirfds == NULL) |
430 |
+ init_dirfd_cache (); |
431 |
+ |
432 |
+- /* Trim off the least recently used entries */ |
433 |
+- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds) |
434 |
++ if (max_cached_fds != RLIM_INFINITY) |
435 |
+ { |
436 |
+- struct cached_dirfd *last = |
437 |
+- list_entry (lru_list.prev, struct cached_dirfd, lru_link); |
438 |
+- if (&last->lru_link == &lru_list) |
439 |
+- break; |
440 |
+- if (last->fd == keepfd) |
441 |
++ /* Trim off the least recently used entries */ |
442 |
++ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds) |
443 |
+ { |
444 |
+- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link); |
445 |
++ struct cached_dirfd *last = |
446 |
++ list_entry (lru_list.prev, struct cached_dirfd, lru_link); |
447 |
+ if (&last->lru_link == &lru_list) |
448 |
+ break; |
449 |
++ if (last->fd == keepfd) |
450 |
++ { |
451 |
++ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link); |
452 |
++ if (&last->lru_link == &lru_list) |
453 |
++ break; |
454 |
++ } |
455 |
++ remove_cached_dirfd (last); |
456 |
+ } |
457 |
+- remove_cached_dirfd (last); |
458 |
+ } |
459 |
+ |
460 |
+ /* Only insert if the parent still exists. */ |
461 |
+-- |
462 |
+cgit v1.0-41-gc330 |
463 |
+ |
464 |
|
465 |
diff --git a/sys-devel/patch/patch-2.7.6-r4.ebuild b/sys-devel/patch/patch-2.7.6-r4.ebuild |
466 |
new file mode 100644 |
467 |
index 00000000000..cce90dd296d |
468 |
--- /dev/null |
469 |
+++ b/sys-devel/patch/patch-2.7.6-r4.ebuild |
470 |
@@ -0,0 +1,46 @@ |
471 |
+# Copyright 1999-2019 Gentoo Authors |
472 |
+# Distributed under the terms of the GNU General Public License v2 |
473 |
+ |
474 |
+EAPI="7" |
475 |
+ |
476 |
+inherit flag-o-matic |
477 |
+ |
478 |
+DESCRIPTION="Utility to apply diffs to files" |
479 |
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html" |
480 |
+SRC_URI="mirror://gnu/patch/${P}.tar.xz" |
481 |
+ |
482 |
+LICENSE="GPL-3+" |
483 |
+SLOT="0" |
484 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
485 |
+IUSE="static test xattr" |
486 |
+ |
487 |
+RDEPEND="xattr? ( sys-apps/attr )" |
488 |
+DEPEND="${RDEPEND} |
489 |
+ test? ( sys-apps/ed )" |
490 |
+ |
491 |
+PATCHES=( |
492 |
+ "${FILESDIR}"/${P}-fix-test-suite.patch |
493 |
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch |
494 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch |
495 |
+ "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch |
496 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch |
497 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch |
498 |
+ "${FILESDIR}"/${PN}-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch |
499 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix1.patch |
500 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix2.patch |
501 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13636.patch |
502 |
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13638.patch |
503 |
+ "${FILESDIR}"/${PN}-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch |
504 |
+) |
505 |
+ |
506 |
+src_configure() { |
507 |
+ use static && append-ldflags -static |
508 |
+ |
509 |
+ local myeconfargs=( |
510 |
+ $(use_enable xattr) |
511 |
+ --program-prefix="$(use userland_BSD && echo g)" |
512 |
+ ) |
513 |
+ # Do not let $ED mess up the search for `ed` 470210. |
514 |
+ ac_cv_path_ED=$(type -P ed) \ |
515 |
+ econf "${myeconfargs[@]}" |
516 |
+} |