sys-apps/acl: Sync with Gentoo

It's from Gentoo commit 4a976778611351073dc919fbe430e0a7089dd5a9. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-05-05 04:06:33 +02:00 · 2026-03-02 07:28:57 +00:00 · 2026-03-02 07:28:57 +00:00 · 7f849f2601
commit 7f849f2601
parent 6fe043b55d
2 changed files with 54 additions and 1 deletions
--- a/sdk_container/src/third_party/portage-stable/sys-apps/acl/acl-2.3.2-r3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/acl/acl-2.3.2-r3.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=8
@ -20,6 +20,10 @@ RDEPEND="
 DEPEND="${RDEPEND}"
 BDEPEND="nls? ( sys-devel/gettext )"

+PATCHES=(
+	"${FILESDIR}/acl-2.3.2-memory.patch"
+)
+
 src_prepare() {
 	default

--- a/sdk_container/src/third_party/portage-stable/sys-apps/acl/files/acl-2.3.2-memory.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-apps/acl/files/acl-2.3.2-memory.patch
@ -0,0 +1,49 @@
+https://bugs.gentoo.org/970228
+https://cgit.git.savannah.nongnu.org/cgit/acl.git/commit/?id=56abe432b65801f31277fb9a3bca0f9e31502315
+
+From 56abe432b65801f31277fb9a3bca0f9e31502315 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Thu, 25 Apr 2024 12:43:49 +0200
+Subject: libmisc: __acl_get_uid(): fix memory wasting loop if user does not
+ exist
+
+I noticed that `acl_from_text()` unexpectedly returns ENOMEM for invalid
+user names. The reason for this is a missing break statement in the for
+loop in `__acl_get_uid()`, which causes the loop to act as if ERANGE was
+returned from `getpwnam_r()`, thereby exponentially increasing the
+buffer size to (in my case) multiple gigabytes, until `grow_buffer()`
+reports ENOMEM, which terminates the `__acl_get_uid()` function.
+
+This is a pretty costly "no such user" lookup that can disturb a
+process's heap memory management, but can also cause a process to fail
+e.g. if it is multithreaded and other threads encounter an ENOMEM,
+before `__acl_get_uid()` frees the gigantic heap buffer and returns.
+The allocated memory isn't actually used. Therefore on Linux it should
+not affect other processes by default, due to its overcommit memory
+and lazy memory allocation strategy.
+
+Fix this by properly terminating the for loop on any conditions except
+an ERANGE error being reported. The same break statement correctly
+exists in `__acl_get_gid()` already.
+
+Fixes: 3737f00 ("use thread-safe getpwnam_r and getgrnam_r")
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+---
+ libmisc/uid_gid_lookup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libmisc/uid_gid_lookup.c b/libmisc/uid_gid_lookup.c
+index a4f21f6..74baab4 100644
+--- a/libmisc/uid_gid_lookup.c
+++ b/libmisc/uid_gid_lookup.c
+@@ -91,6 +91,7 @@ __acl_get_uid(const char *token, uid_t *uid_p)
+ 		if (err == ERANGE)
+ 			continue;
+ 		errno = err ? err : EINVAL;
+		break;
+ 	}
+ 	free(buffer);
+ 	return result ? 0 : -1;
+-- 
+cgit v1.2.3
+