[gentoo-commits] repo/gentoo:master commit in: sys-apps/file/, sys-apps/file/files/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/file/, sys-apps/file/files/
Date:	Tue, 12 Jun 2018 08:18:17
Message-Id:	`1528791483.331976f64a3ac2e70aa62d6631db0e148f19d0fe.whissi@gentoo`

1

commit:     331976f64a3ac2e70aa62d6631db0e148f19d0fe

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jun 12 08:17:44 2018 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Tue Jun 12 08:18:03 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=331976f6

7

8

sys-apps/file: Avoid reading past the end of buffer (CVE-2018-10360)

9

10

Bug: https://bugs.gentoo.org/657930

11

Package-Manager: Portage-2.3.40, Repoman-2.3.9

12

13

 sys-apps/file/file-5.33-r2.ebuild                  | 127 +++++++++++++++++++++

14

 sys-apps/file/files/file-5.33-CVE-2018-10360.patch |  18 +++

15

 2 files changed, 145 insertions(+)

16

17

diff --git a/sys-apps/file/file-5.33-r2.ebuild b/sys-apps/file/file-5.33-r2.ebuild

18

new file mode 100644

19

index 00000000000..4537ffb58aa

20

--- /dev/null

21

+++ b/sys-apps/file/file-5.33-r2.ebuild

22

@@ -0,0 +1,127 @@

23

+# Copyright 1999-2018 Gentoo Foundation

24

+# Distributed under the terms of the GNU General Public License v2

25

+

26

+EAPI=6

27

+

28

+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )

29

+DISTUTILS_OPTIONAL=1

30

+

31

+inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal

32

+

33

+if [[ ${PV} == "9999" ]] ; then

34

+	EGIT_REPO_URI="https://github.com/glensc/file.git"

35

+	inherit autotools git-r3

36

+else

37

+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"

38

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"

39

+fi

40

+

41

+DESCRIPTION="identify a file's format by scanning binary data for patterns"

42

+HOMEPAGE="https://www.darwinsys.com/file/"

43

+

44

+LICENSE="BSD-2"

45

+SLOT="0"

46

+IUSE="python static-libs zlib"

47

+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"

48

+

49

+DEPEND="

50

+	python? (

51

+		${PYTHON_DEPS}

52

+		dev-python/setuptools[${PYTHON_USEDEP}]

53

+	)

54

+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"

55

+RDEPEND="${DEPEND}

56

+	python? ( !dev-python/python-magic )"

57

+

58

+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch )

59

+

60

+src_prepare() {

61

+	default

62

+

63

+	[[ ${PV} == "9999" ]] && eautoreconf

64

+	elibtoolize

65

+

66

+	# don't let python README kill main README #60043

67

+	mv python/README{,.python} || die

68

+}

69

+

70

+multilib_src_configure() {

71

+	local myeconfargs=(

72

+		--disable-libseccomp

73

+		--enable-fsect-man5

74

+		$(use_enable static-libs static)

75

+		$(use_enable zlib)

76

+	)

77

+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"

78

+}

79

+

80

+src_configure() {

81

+	# when cross-compiling, we need to build up our own file

82

+	# because people often don't keep matching host/target

83

+	# file versions #362941

84

+	if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then

85

+		mkdir -p "${WORKDIR}"/build || die

86

+		cd "${WORKDIR}"/build || die

87

+		tc-export_build_env BUILD_C{C,XX}

88

+		ECONF_SOURCE=${S} \

89

+		ac_cv_header_zlib_h=no \

90

+		ac_cv_lib_z_gzopen=no \

91

+		CHOST=${CBUILD} \

92

+		CFLAGS=${BUILD_CFLAGS} \

93

+		CXXFLAGS=${BUILD_CXXFLAGS} \

94

+		CPPFLAGS=${BUILD_CPPFLAGS} \

95

+		LDFLAGS="${BUILD_LDFLAGS} -static" \

96

+		CC=${BUILD_CC} \

97

+		CXX=${BUILD_CXX} \

98

+		econf --disable-shared --disable-libseccomp

99

+	fi

100

+

101

+	multilib-minimal_src_configure

102

+}

103

+

104

+multilib_src_compile() {

105

+	if multilib_is_native_abi ; then

106

+		emake

107

+	else

108

+		cd src || die

109

+		emake magic.h #586444

110

+		emake libmagic.la

111

+	fi

112

+}

113

+

114

+src_compile() {

115

+	if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then

116

+		emake -C "${WORKDIR}"/build/src magic.h #586444

117

+		emake -C "${WORKDIR}"/build/src file

118

+		PATH="${WORKDIR}/build/src:${PATH}"

119

+	fi

120

+	multilib-minimal_src_compile

121

+

122

+	if use python ; then

123

+		cd python || die

124

+		distutils-r1_src_compile

125

+	fi

126

+}

127

+

128

+multilib_src_install() {

129

+	if multilib_is_native_abi ; then

130

+		default

131

+	else

132

+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"

133

+	fi

134

+}

135

+

136

+multilib_src_install_all() {

137

+	dodoc ChangeLog MAINT README

138

+

139

+	# Required for `file -C`

140

+	dodir /usr/share/misc/magic

141

+	insinto /usr/share/misc/magic

142

+	doins -r magic/Magdir/*

143

+

144

+	if use python ; then

145

+		cd python || die

146

+		distutils-r1_src_install

147

+	fi

148

+	prune_libtool_files

149

+}

150

151

diff --git a/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch

152

new file mode 100644

153

index 00000000000..a489846b10f

154

--- /dev/null

155

+++ b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch

156

@@ -0,0 +1,18 @@

157

+Avoid reading past the end of buffer

158

+

159

+CVE-2018-10360

160

+

161

+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22

162

+

163

+--- a/src/readelf.c

164

++++ b/src/readelf.c

165

+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,

166

+

167

+ 				cname = (unsigned char *)

168

+ 				    &nbuf[doff + prpsoffsets(i)];

169

+-				for (cp = cname; *cp && isprint(*cp); cp++)

170

++				for (cp = cname; cp < nbuf + size && *cp

171

++				    && isprint(*cp); cp++)

172

+ 					continue;

173

+ 				/*

174

+ 				 * Linux apparently appends a space at the end

1	commit: 331976f64a3ac2e70aa62d6631db0e148f19d0fe
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jun 12 08:17:44 2018 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Tue Jun 12 08:18:03 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=331976f6
7
8	sys-apps/file: Avoid reading past the end of buffer (CVE-2018-10360)
9
10	Bug: https://bugs.gentoo.org/657930
11	Package-Manager: Portage-2.3.40, Repoman-2.3.9
12
13	sys-apps/file/file-5.33-r2.ebuild \| 127 +++++++++++++++++++++
14	sys-apps/file/files/file-5.33-CVE-2018-10360.patch \| 18 +++
15	2 files changed, 145 insertions(+)
16
17	diff --git a/sys-apps/file/file-5.33-r2.ebuild b/sys-apps/file/file-5.33-r2.ebuild
18	new file mode 100644
19	index 00000000000..4537ffb58aa
20	--- /dev/null
21	+++ b/sys-apps/file/file-5.33-r2.ebuild
22	@@ -0,0 +1,127 @@
23	+# Copyright 1999-2018 Gentoo Foundation
24	+# Distributed under the terms of the GNU General Public License v2
25	+
26	+EAPI=6
27	+
28	+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
29	+DISTUTILS_OPTIONAL=1
30	+
31	+inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal
32	+
33	+if [[ ${PV} == "9999" ]] ; then
34	+ EGIT_REPO_URI="https://github.com/glensc/file.git"
35	+ inherit autotools git-r3
36	+else
37	+ SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
38	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
39	+fi
40	+
41	+DESCRIPTION="identify a file's format by scanning binary data for patterns"
42	+HOMEPAGE="https://www.darwinsys.com/file/"
43	+
44	+LICENSE="BSD-2"
45	+SLOT="0"
46	+IUSE="python static-libs zlib"
47	+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
48	+
49	+DEPEND="
50	+ python? (
51	+ ${PYTHON_DEPS}
52	+ dev-python/setuptools[${PYTHON_USEDEP}]
53	+ )
54	+ zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
55	+RDEPEND="${DEPEND}
56	+ python? ( !dev-python/python-magic )"
57	+
58	+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch )
59	+
60	+src_prepare() {
61	+ default
62	+
63	+ [[ ${PV} == "9999" ]] && eautoreconf
64	+ elibtoolize
65	+
66	+ # don't let python README kill main README #60043
67	+ mv python/README{,.python} \|\| die
68	+}
69	+
70	+multilib_src_configure() {
71	+ local myeconfargs=(
72	+ --disable-libseccomp
73	+ --enable-fsect-man5
74	+ $(use_enable static-libs static)
75	+ $(use_enable zlib)
76	+ )
77	+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
78	+}
79	+
80	+src_configure() {
81	+ # when cross-compiling, we need to build up our own file
82	+ # because people often don't keep matching host/target
83	+ # file versions #362941
84	+ if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then
85	+ mkdir -p "${WORKDIR}"/build \|\| die
86	+ cd "${WORKDIR}"/build \|\| die
87	+ tc-export_build_env BUILD_C{C,XX}
88	+ ECONF_SOURCE=${S} \
89	+ ac_cv_header_zlib_h=no \
90	+ ac_cv_lib_z_gzopen=no \
91	+ CHOST=${CBUILD} \
92	+ CFLAGS=${BUILD_CFLAGS} \
93	+ CXXFLAGS=${BUILD_CXXFLAGS} \
94	+ CPPFLAGS=${BUILD_CPPFLAGS} \
95	+ LDFLAGS="${BUILD_LDFLAGS} -static" \
96	+ CC=${BUILD_CC} \
97	+ CXX=${BUILD_CXX} \
98	+ econf --disable-shared --disable-libseccomp
99	+ fi
100	+
101	+ multilib-minimal_src_configure
102	+}
103	+
104	+multilib_src_compile() {
105	+ if multilib_is_native_abi ; then
106	+ emake
107	+ else
108	+ cd src \|\| die
109	+ emake magic.h #586444
110	+ emake libmagic.la
111	+ fi
112	+}
113	+
114	+src_compile() {
115	+ if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then
116	+ emake -C "${WORKDIR}"/build/src magic.h #586444
117	+ emake -C "${WORKDIR}"/build/src file
118	+ PATH="${WORKDIR}/build/src:${PATH}"
119	+ fi
120	+ multilib-minimal_src_compile
121	+
122	+ if use python ; then
123	+ cd python \|\| die
124	+ distutils-r1_src_compile
125	+ fi
126	+}
127	+
128	+multilib_src_install() {
129	+ if multilib_is_native_abi ; then
130	+ default
131	+ else
132	+ emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
133	+ fi
134	+}
135	+
136	+multilib_src_install_all() {
137	+ dodoc ChangeLog MAINT README
138	+
139	+ # Required for `file -C`
140	+ dodir /usr/share/misc/magic
141	+ insinto /usr/share/misc/magic
142	+ doins -r magic/Magdir/*
143	+
144	+ if use python ; then
145	+ cd python \|\| die
146	+ distutils-r1_src_install
147	+ fi
148	+ prune_libtool_files
149	+}
150
151	diff --git a/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
152	new file mode 100644
153	index 00000000000..a489846b10f
154	--- /dev/null
155	+++ b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
156	@@ -0,0 +1,18 @@
157	+Avoid reading past the end of buffer
158	+
159	+CVE-2018-10360
160	+
161	+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
162	+
163	+--- a/src/readelf.c
164	++++ b/src/readelf.c
165	+@@ -842,7 +842,8 @@ do_core_note(struct magic_set ms, unsigned char nbuf, uint32_t type,
166	+
167	+ cname = (unsigned char *)
168	+ &nbuf[doff + prpsoffsets(i)];
169	+- for (cp = cname; cp && isprint(cp); cp++)
170	++ for (cp = cname; cp < nbuf + size && *cp
171	++ && isprint(*cp); cp++)
172	+ continue;
173	+ /*
174	+ * Linux apparently appends a space at the end

Gentoo Archives: gentoo-commits