From f8a27a086e3fb081a45d7ffaf39beccfd8923713 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Thu, 22 Oct 2020 15:18:55 +0200 Subject: [PATCH] sys-apps/file: update to 5.39 Update sys-apps/file to 5.39 to address https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218 . --- .../portage-stable/sys-apps/file/Manifest | 4 +- ...ile-5.33-r2.ebuild => file-5.37-r1.ebuild} | 19 +-- .../sys-apps/file/file-5.38-r1.ebuild | 142 +++++++++++++++++ .../sys-apps/file/file-5.39-r3.ebuild | 146 ++++++++++++++++++ .../sys-apps/file/file-9999.ebuild | 72 +++++---- .../file/files/file-5.33-CVE-2018-10360.patch | 18 --- .../file/files/file-5.37-CVE-2019-18218.patch | 36 +++++ ...iaeiaeiae-Do-as-the-comment-says-and.patch | 40 +++++ ...it-is-only-set-when-DF_1_PIE-bit-is-.patch | 29 ++++ ...38-td-is-for-ptrdiff_t-not-for-off_t.patch | 27 ++++ .../files/file-5.39-add-missing-termios.patch | 30 ++++ .../files/file-5.39-portage-sandbox.patch | 26 ++++ .../file/files/file-5.39-seccomp-musl.patch | 37 +++++ .../portage-stable/sys-apps/file/metadata.xml | 3 +- 14 files changed, 573 insertions(+), 56 deletions(-) rename sdk_container/src/third_party/portage-stable/sys-apps/file/{file-5.33-r2.ebuild => file-5.37-r1.ebuild} (80%) create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest index 25da8f481e..42c17cea29 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest @@ -1 +1,3 @@ -DIST file-5.33.tar.gz 817060 BLAKE2B 735f176f09085243dacaddda1b734ef2191ff1684f08022ed1874e84fd0c84679b5a765383c5c5ad27a7216abc23b9c2211fb7110846122563e18285de0f0e51 SHA512 36c9f2e2aa814b5557eef114fdd3de159688c7a3c9632a9f5c6355c4d2a5694cee81279bda80897616fca07289a7fedb1f797439a2903c76dc84870694773c9e +DIST file-5.37.tar.gz 887682 BLAKE2B c5635e5de879af31cbef1c988275ab8620133909d146769b27a2f8eefa90871fad5fa75e66b9e1d77a6261e5d6dec315fb5a8ad587d8c214eaa0bc2e5a929fe7 SHA512 bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d +DIST file-5.38.tar.gz 932528 BLAKE2B 08d8d56e2e1b6a0c9fb0caed89ca6145bf683ecc52a639c036ded01b913e7eea75d9235851a2fbd410cbc9b929c26579b06fe1d54fb73817c951bef3544bc345 SHA512 9eeeba69cbc9f0c00a0bdf9eaf60c73a4a709e797068f109d85c1ef2a19c8b0e012ecd73714f03cbb1770dfa717e8a661ad746b644cc030cafbfb1f7aac35a40 +DIST file-5.39.tar.gz 954266 BLAKE2B 4d6d9a6317961e0a2aa391f502b0be8bbb40ede57c3470230d91aaf9ce5d35bcaceb32d551ca5a391fc8c40b64517fdb996833a8b1ca47ced7e92e9e545d2682 SHA512 9cf1a7b769c56eb6f5b25c66ce85fa1300128396e445b2e53dbbd8951e5da973a7a07c4ef9f7ebd1fe945d47bdaf2cd9ef09bd2be6c217a0bcb907d9449835e6 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.33-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.37-r1.ebuild similarity index 80% rename from sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.33-r2.ebuild rename to sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.37-r1.ebuild index c01383f720..9d459e0e01 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.33-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.37-r1.ebuild @@ -1,19 +1,19 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy ) +PYTHON_COMPAT=( python3_{6,7} ) DISTUTILS_OPTIONAL=1 -inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal +inherit distutils-r1 libtool toolchain-funcs multilib-minimal if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://github.com/glensc/file.git" inherit autotools git-r3 else SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" - KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" fi DESCRIPTION="identify a file's format by scanning binary data for patterns" @@ -33,7 +33,7 @@ DEPEND=" RDEPEND="${DEPEND} python? ( !dev-python/python-magic )" -PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch ) +PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch ) src_prepare() { default @@ -42,7 +42,8 @@ src_prepare() { elibtoolize # don't let python README kill main README #60043 - mv python/README{,.python} || die + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 } multilib_src_configure() { @@ -63,7 +64,7 @@ src_configure() { mkdir -p "${WORKDIR}"/build || die cd "${WORKDIR}"/build || die tc-export_build_env BUILD_C{C,XX} - ECONF_SOURCE=${S} \ + ECONF_SOURCE="${S}" \ ac_cv_header_zlib_h=no \ ac_cv_lib_z_gzopen=no \ CHOST=${CBUILD} \ @@ -123,5 +124,5 @@ multilib_src_install_all() { cd python || die distutils-r1_src_install fi - prune_libtool_files + find "${ED}" -type f -name "*.la" -delete || die } diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild new file mode 100644 index 0000000000..cbd64a5247 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild @@ -0,0 +1,142 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..7} ) +DISTUTILS_OPTIONAL=1 + +inherit distutils-r1 libtool toolchain-funcs multilib-minimal + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/glensc/file.git" + inherit autotools git-r3 +else + SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi + +DESCRIPTION="identify a file's format by scanning binary data for patterns" +HOMEPAGE="https://www.darwinsys.com/file/" + +LICENSE="BSD-2" +SLOT="0" +IUSE="bzip2 lzma python static-libs zlib" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +DEPEND=" + bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) + python? ( + ${PYTHON_DEPS} + dev-python/setuptools[${PYTHON_USEDEP}] + ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +RDEPEND="${DEPEND} + python? ( !dev-python/python-magic )" + +PATCHES=( + "${FILESDIR}"/${P}-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch + "${FILESDIR}"/${P}-td-is-for-ptrdiff_t-not-for-off_t.patch + "${FILESDIR}"/${P}-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch +) + +src_prepare() { + default + + [[ ${PV} == "9999" ]] && eautoreconf + elibtoolize + + # don't let python README kill main README #60043 + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 +} + +multilib_src_configure() { + local myeconfargs=( + --disable-libseccomp + --enable-fsect-man5 + $(use_enable bzip2 bzlib) + $(use_enable lzma xzlib) + $(use_enable static-libs static) + $(use_enable zlib) + ) + econf "${myeconfargs[@]}" +} + +build_src_configure() { + local myeconfargs=( + --disable-shared + --disable-libseccomp + --disable-bzlib + --disable-xzlib + --disable-zlib + ) + tc-env_build econf "${myeconfargs[@]}" +} + +need_build_file() { + # when cross-compiling, we need to build up our own file + # because people often don't keep matching host/target + # file versions #362941 + tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" +} + +src_configure() { + local ECONF_SOURCE=${S} + + if need_build_file; then + mkdir -p "${WORKDIR}"/build || die + cd "${WORKDIR}"/build || die + build_src_configure + fi + + multilib-minimal_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + emake + else + cd src || die + emake magic.h #586444 + emake libmagic.la + fi +} + +src_compile() { + if need_build_file; then + emake -C "${WORKDIR}"/build/src magic.h #586444 + emake -C "${WORKDIR}"/build/src file + local -x PATH="${WORKDIR}/build/src:${PATH}" + fi + multilib-minimal_src_compile + + if use python ; then + cd python || die + distutils-r1_src_compile + fi +} + +multilib_src_install() { + if multilib_is_native_abi ; then + default + else + emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" + fi +} + +multilib_src_install_all() { + dodoc ChangeLog MAINT README + + # Required for `file -C` + dodir /usr/share/misc/magic + insinto /usr/share/misc/magic + doins -r magic/Magdir/* + + if use python ; then + cd python || die + distutils-r1_src_install + fi + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild new file mode 100644 index 0000000000..7631cc1d7d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild @@ -0,0 +1,146 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..7} ) +DISTUTILS_OPTIONAL=1 + +inherit distutils-r1 libtool toolchain-funcs multilib-minimal + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/glensc/file.git" + inherit autotools git-r3 +else + SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi + +DESCRIPTION="identify a file's format by scanning binary data for patterns" +HOMEPAGE="https://www.darwinsys.com/file/" + +LICENSE="BSD-2" +SLOT="0" +IUSE="bzip2 lzma python seccomp static-libs zlib" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +DEPEND=" + bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) + python? ( + ${PYTHON_DEPS} + dev-python/setuptools[${PYTHON_USEDEP}] + ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +RDEPEND="${DEPEND} + python? ( !dev-python/python-magic ) + seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" + +PATCHES=( + "${FILESDIR}/file-5.39-add-missing-termios.patch" #728416 + "${FILESDIR}/file-5.39-seccomp-musl.patch" + "${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978 +) + +src_prepare() { + default + + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi + + elibtoolize + + # don't let python README kill main README #60043 + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 +} + +multilib_src_configure() { + local myeconfargs=( + --enable-fsect-man5 + $(use_enable bzip2 bzlib) + $(use_enable lzma xzlib) + $(use_enable seccomp libseccomp) + $(use_enable static-libs static) + $(use_enable zlib) + ) + econf "${myeconfargs[@]}" +} + +build_src_configure() { + local myeconfargs=( + --disable-shared + --disable-libseccomp + --disable-bzlib + --disable-xzlib + --disable-zlib + ) + tc-env_build econf "${myeconfargs[@]}" +} + +need_build_file() { + # when cross-compiling, we need to build up our own file + # because people often don't keep matching host/target + # file versions #362941 + tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" +} + +src_configure() { + local ECONF_SOURCE=${S} + + if need_build_file; then + mkdir -p "${WORKDIR}"/build || die + cd "${WORKDIR}"/build || die + build_src_configure + fi + + multilib-minimal_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + emake + else + cd src || die + emake magic.h #586444 + emake libmagic.la + fi +} + +src_compile() { + if need_build_file; then + emake -C "${WORKDIR}"/build/src magic.h #586444 + emake -C "${WORKDIR}"/build/src file + local -x PATH="${WORKDIR}/build/src:${PATH}" + fi + multilib-minimal_src_compile + + if use python ; then + cd python || die + distutils-r1_src_compile + fi +} + +multilib_src_install() { + if multilib_is_native_abi ; then + default + else + emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" + fi +} + +multilib_src_install_all() { + dodoc ChangeLog MAINT README + + # Required for `file -C` + dodir /usr/share/misc/magic + insinto /usr/share/misc/magic + doins -r magic/Magdir/* + + if use python ; then + cd python || die + distutils-r1_src_install + fi + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild index 72de11bc59..e78b8a2155 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild @@ -1,19 +1,19 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 -PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy ) +PYTHON_COMPAT=( python3_{6..7} ) DISTUTILS_OPTIONAL=1 -inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal +inherit distutils-r1 libtool toolchain-funcs multilib-minimal if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://github.com/glensc/file.git" inherit autotools git-r3 else SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" fi DESCRIPTION="identify a file's format by scanning binary data for patterns" @@ -21,10 +21,12 @@ HOMEPAGE="https://www.darwinsys.com/file/" LICENSE="BSD-2" SLOT="0" -IUSE="python seccomp static-libs zlib" +IUSE="bzip2 lzma python seccomp static-libs zlib" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" DEPEND=" + bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) python? ( ${PYTHON_DEPS} dev-python/setuptools[${PYTHON_USEDEP}] @@ -32,47 +34,63 @@ DEPEND=" zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" RDEPEND="${DEPEND} python? ( !dev-python/python-magic ) - seccomp? ( sys-libs/libseccomp )" + seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" + +PATCHES=( + "${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978 +) src_prepare() { default - [[ ${PV} == "9999" ]] && eautoreconf + if [[ ${PV} == 9999 ]]; then + eautoreconf + fi + elibtoolize # don't let python README kill main README #60043 - mv python/README.md README.python || die + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 } multilib_src_configure() { local myeconfargs=( --enable-fsect-man5 + $(use_enable bzip2 bzlib) + $(use_enable lzma xzlib) $(use_enable seccomp libseccomp) $(use_enable static-libs static) $(use_enable zlib) ) - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + econf "${myeconfargs[@]}" } -src_configure() { +build_src_configure() { + local myeconfargs=( + --disable-shared + --disable-libseccomp + --disable-bzlib + --disable-xzlib + --disable-zlib + ) + tc-env_build econf "${myeconfargs[@]}" +} + +need_build_file() { # when cross-compiling, we need to build up our own file # because people often don't keep matching host/target # file versions #362941 - if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then + tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" +} + +src_configure() { + local ECONF_SOURCE=${S} + + if need_build_file; then mkdir -p "${WORKDIR}"/build || die cd "${WORKDIR}"/build || die - tc-export_build_env BUILD_C{C,XX} - ECONF_SOURCE=${S} \ - ac_cv_header_zlib_h=no \ - ac_cv_lib_z_gzopen=no \ - CHOST=${CBUILD} \ - CFLAGS=${BUILD_CFLAGS} \ - CXXFLAGS=${BUILD_CXXFLAGS} \ - CPPFLAGS=${BUILD_CPPFLAGS} \ - LDFLAGS="${BUILD_LDFLAGS} -static" \ - CC=${BUILD_CC} \ - CXX=${BUILD_CXX} \ - econf --disable-shared $(use_enable seccomp libseccomp) + build_src_configure fi multilib-minimal_src_configure @@ -89,10 +107,10 @@ multilib_src_compile() { } src_compile() { - if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then + if need_build_file; then emake -C "${WORKDIR}"/build/src magic.h #586444 emake -C "${WORKDIR}"/build/src file - PATH="${WORKDIR}/build/src:${PATH}" + local -x PATH="${WORKDIR}/build/src:${PATH}" fi multilib-minimal_src_compile @@ -122,5 +140,5 @@ multilib_src_install_all() { cd python || die distutils-r1_src_install fi - prune_libtool_files + find "${ED}" -type f -name "*.la" -delete || die } diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch deleted file mode 100644 index a489846b10..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch +++ /dev/null @@ -1,18 +0,0 @@ -Avoid reading past the end of buffer - -CVE-2018-10360 - -https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22 - ---- a/src/readelf.c -+++ b/src/readelf.c -@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, - - cname = (unsigned char *) - &nbuf[doff + prpsoffsets(i)]; -- for (cp = cname; *cp && isprint(*cp); cp++) -+ for (cp = cname; cp < nbuf + size && *cp -+ && isprint(*cp); cp++) - continue; - /* - * Linux apparently appends a space at the end diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch new file mode 100644 index 0000000000..1cd02b778a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch @@ -0,0 +1,36 @@ +CVE-2019-18218 +https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 + +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch new file mode 100644 index 0000000000..240edc11f6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch @@ -0,0 +1,40 @@ +From c9d21a58bea2ecb2dc8876e09e471094d54a25e4 Mon Sep 17 00:00:00 2001 +From: Thomas Deutschmann +Date: Mon, 13 Apr 2020 01:08:12 +0200 +Subject: [PATCH 1/3] Revert "PR/93: iaeiaeiaeiae: Do as the comment says, and + count as dynamically linked" + +This reverts commit 24c9c086cd7c55b7b0a003a145b32466468e2608. + +Fixes misdetection of shared libraries as statically linked as +reported in bug 717264. + +Bug: https://bugs.gentoo.org/717264 +Signed-off-by: Thomas Deutschmann +--- + src/readelf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 40bcfab1..afec31d1 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -1638,6 +1638,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, + /* Things we can determine before we seek */ + switch (xph_type) { + case PT_DYNAMIC: ++ linking_style = "dynamically"; + doread = 1; + break; + case PT_NOTE: +@@ -1653,7 +1654,6 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off, + } + /*FALLTHROUGH*/ + case PT_INTERP: +- linking_style = "dynamically"; + doread = 1; + break; + default: +-- +2.26.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch new file mode 100644 index 0000000000..bb211f355f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch @@ -0,0 +1,29 @@ +From ed971e5e3ae79bd28697d16c8b78b693052484e4 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Wed, 12 Feb 2020 22:17:33 +0000 +Subject: [PATCH 3/3] The executable bit is only set when DF_1_PIE bit is set + so it is fine. + +--- + magic/Magdir/elf | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/magic/Magdir/elf b/magic/Magdir/elf +index b5a2e00b..f5e1af9a 100644 +--- a/magic/Magdir/elf ++++ b/magic/Magdir/elf +@@ -50,8 +50,9 @@ + !:mime application/x-object + >16 leshort 2 executable, + !:mime application/x-executable +->16 leshort 3 shared object, +-!:mime application/x-sharedlib ++>16 leshort 3 ${x?pie executable:shared object}, ++ ++!:mime application/x-${x?pie-executable:sharedlib} + >16 leshort 4 core file, + !:mime application/x-coredump + # OS-specific +-- +2.26.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch new file mode 100644 index 0000000000..09fcaef151 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch @@ -0,0 +1,27 @@ +From c49dc91df427f89ebcf9cdec556b8fc88cdfc3c1 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Tue, 17 Dec 2019 15:27:27 +0000 +Subject: [PATCH 2/3] %td is for ptrdiff_t not for off_t. + +--- + src/readelf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index afec31d1..8ac3b7d6 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -1349,8 +1349,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, + name_off = xsh_offset; + + if (fsize != SIZE_UNKNOWN && fsize < name_off) { +- if (file_printf(ms, ", too large section header offset %td", +- name_off) == -1) ++ if (file_printf(ms, ", too large section header offset %jd", ++ (intmax_t)name_off) == -1) + return -1; + return 0; + } +-- +2.26.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch new file mode 100644 index 0000000000..0614f52dd2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch @@ -0,0 +1,30 @@ +From 471e2c6c61ecd30ba6e304ae0444d364cfd44254 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Thu, 18 Jun 2020 16:25:12 +0000 +Subject: [PATCH] PR/168: gyakovlev: Include + +--- + src/seccomp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index e667adfe4..68c56485d 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $") + #endif /* lint */ + + #if HAVE_LIBSECCOMP +@@ -35,6 +35,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $") + #include /* prctl */ + #include + #include ++#include + #include + #include + #include diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch new file mode 100644 index 0000000000..3ea2664167 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch @@ -0,0 +1,26 @@ +From 81765a2d4fcce23f42495d5ec03bbfecb2a3c381 Mon Sep 17 00:00:00 2001 +From: tka +Date: Wed, 24 Jun 2020 11:18:45 +0200 +Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox + +Bug: https://bugs.gentoo.org/728978 +--- + src/seccomp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/seccomp.c b/src/seccomp.c +index db9364ae..7f5d6f26 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -229,6 +229,8 @@ enable_sandbox_full(void) + ALLOW_RULE(write); + ALLOW_RULE(writev); + ++ // needed by Gentoo's portage sandbox ++ ALLOW_RULE(getcwd); + + #if 0 + // needed by valgrind +-- +2.28.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch new file mode 100644 index 0000000000..72836de67e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch @@ -0,0 +1,37 @@ +From 93c91e2ba8042d499fee168e27cbd526438454c6 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sat, 5 Sep 2020 17:20:32 +0000 +Subject: [PATCH] PR/194: puchuu: Handle muslc syscalls + +--- + src/seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 68c56485d..db9364ae4 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.17 2020/09/05 17:20:32 christos Exp $") + #endif /* lint */ + + #if HAVE_LIBSECCOMP +@@ -220,12 +220,14 @@ enable_sandbox_full(void) + ALLOW_RULE(rt_sigreturn); + ALLOW_RULE(select); + ALLOW_RULE(stat); ++ ALLOW_RULE(statx); + ALLOW_RULE(stat64); + ALLOW_RULE(sysinfo); + ALLOW_RULE(umask); // Used in file_pipe2file() + ALLOW_RULE(getpid); // Used by glibc in file_pipe2file() + ALLOW_RULE(unlink); + ALLOW_RULE(write); ++ ALLOW_RULE(writev); + + + #if 0 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml index 2c14dbfaaa..6e4080f7c3 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml @@ -6,6 +6,7 @@ Gentoo Base System - http://bugs.gw.com/ + https://bugs.astron.com/ + cpe:/a:file_project:file