mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-01 10:31:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/file: update to 5.39

Browse Source 
Update sys-apps/file to 5.39 to address
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218 .
This commit is contained in:
Dongsu Park 2020-10-22 15:18:55 +02:00
parent 5b8dbb7fb2
commit f8a27a086e
14 changed files with 573 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/portage-stable/sys-apps/file/Manifest vendored
View File

@ -1 +1,3 @@
DIST file-5.33.tar.gz 817060 BLAKE2B 735f176f09085243dacaddda1b734ef2191ff1684f08022ed1874e84fd0c84679b5a765383c5c5ad27a7216abc23b9c2211fb7110846122563e18285de0f0e51 SHA512 36c9f2e2aa814b5557eef114fdd3de159688c7a3c9632a9f5c6355c4d2a5694cee81279bda80897616fca07289a7fedb1f797439a2903c76dc84870694773c9e DIST file-5.37.tar.gz 887682 BLAKE2B c5635e5de879af31cbef1c988275ab8620133909d146769b27a2f8eefa90871fad5fa75e66b9e1d77a6261e5d6dec315fb5a8ad587d8c214eaa0bc2e5a929fe7 SHA512 bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d
DIST file-5.38.tar.gz 932528 BLAKE2B 08d8d56e2e1b6a0c9fb0caed89ca6145bf683ecc52a639c036ded01b913e7eea75d9235851a2fbd410cbc9b929c26579b06fe1d54fb73817c951bef3544bc345 SHA512 9eeeba69cbc9f0c00a0bdf9eaf60c73a4a709e797068f109d85c1ef2a19c8b0e012ecd73714f03cbb1770dfa717e8a661ad746b644cc030cafbfb1f7aac35a40
DIST file-5.39.tar.gz 954266 BLAKE2B 4d6d9a6317961e0a2aa391f502b0be8bbb40ede57c3470230d91aaf9ce5d35bcaceb32d551ca5a391fc8c40b64517fdb996833a8b1ca47ced7e92e9e545d2682 SHA512 9cf1a7b769c56eb6f5b25c66ce85fa1300128396e445b2e53dbbd8951e5da973a7a07c4ef9f7ebd1fe945d47bdaf2cd9ef09bd2be6c217a0bcb907d9449835e6

19
sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.33-r2.ebuild → sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.37-r1.ebuild vendored
View File

@ -1,19 +1,19 @@
# Copyright 1999-2018 Gentoo Foundation # Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=6 EAPI=7
PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy ) PYTHON_COMPAT=( python3_{6,7} )
DISTUTILS_OPTIONAL=1 DISTUTILS_OPTIONAL=1
inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal inherit distutils-r1 libtool toolchain-funcs multilib-minimal
if [[ ${PV} == "9999" ]] ; then if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/glensc/file.git" EGIT_REPO_URI="https://github.com/glensc/file.git"
inherit autotools git-r3 inherit autotools git-r3
else else
SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi fi
DESCRIPTION="identify a file's format by scanning binary data for patterns" DESCRIPTION="identify a file's format by scanning binary data for patterns"
@ -33,7 +33,7 @@ DEPEND="
RDEPEND="${DEPEND} RDEPEND="${DEPEND}
python? ( !dev-python/python-magic )" python? ( !dev-python/python-magic )"
PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch ) PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch )
src_prepare() { src_prepare() {
default default
@ -42,7 +42,8 @@ src_prepare() {
elibtoolize elibtoolize
# don't let python README kill main README #60043 # don't let python README kill main README #60043
mv python/README{,.python} || die mv python/README.md python/README.python.md || die
sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
} }
multilib_src_configure() { multilib_src_configure() {
@ -63,7 +64,7 @@ src_configure() {
mkdir -p "${WORKDIR}"/build || die mkdir -p "${WORKDIR}"/build || die
cd "${WORKDIR}"/build || die cd "${WORKDIR}"/build || die
tc-export_build_env BUILD_C{C,XX} tc-export_build_env BUILD_C{C,XX}
ECONF_SOURCE=${S} \ ECONF_SOURCE="${S}" \
ac_cv_header_zlib_h=no \ ac_cv_header_zlib_h=no \
ac_cv_lib_z_gzopen=no \ ac_cv_lib_z_gzopen=no \
CHOST=${CBUILD} \ CHOST=${CBUILD} \
@ -123,5 +124,5 @@ multilib_src_install_all() {
cd python || die cd python || die
distutils-r1_src_install distutils-r1_src_install
fi fi
prune_libtool_files find "${ED}" -type f -name "*.la" -delete || die
} }

142
sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.38-r1.ebuild vendored Normal file
View File

@ -0,0 +1,142 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..7} )
DISTUTILS_OPTIONAL=1
inherit distutils-r1 libtool toolchain-funcs multilib-minimal
if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/glensc/file.git"
inherit autotools git-r3
else
SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi
DESCRIPTION="identify a file's format by scanning binary data for patterns"
HOMEPAGE="https://www.darwinsys.com/file/"
LICENSE="BSD-2"
SLOT="0"
IUSE="bzip2 lzma python static-libs zlib"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
DEPEND="
bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
python? (
${PYTHON_DEPS}
dev-python/setuptools[${PYTHON_USEDEP}]
)
zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
RDEPEND="${DEPEND}
python? ( !dev-python/python-magic )"
PATCHES=(
"${FILESDIR}"/${P}-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch
"${FILESDIR}"/${P}-td-is-for-ptrdiff_t-not-for-off_t.patch
"${FILESDIR}"/${P}-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch
)
src_prepare() {
default
[[ ${PV} == "9999" ]] && eautoreconf
elibtoolize
# don't let python README kill main README #60043
mv python/README.md python/README.python.md || die
sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
}
multilib_src_configure() {
local myeconfargs=(
--disable-libseccomp
--enable-fsect-man5
$(use_enable bzip2 bzlib)
$(use_enable lzma xzlib)
$(use_enable static-libs static)
$(use_enable zlib)
)
econf "${myeconfargs[@]}"
}
build_src_configure() {
local myeconfargs=(
--disable-shared
--disable-libseccomp
--disable-bzlib
--disable-xzlib
--disable-zlib
)
tc-env_build econf "${myeconfargs[@]}"
}
need_build_file() {
# when cross-compiling, we need to build up our own file
# because people often don't keep matching host/target
# file versions #362941
tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
}
src_configure() {
local ECONF_SOURCE=${S}
if need_build_file; then
mkdir -p "${WORKDIR}"/build || die
cd "${WORKDIR}"/build || die
build_src_configure
fi
multilib-minimal_src_configure
}
multilib_src_compile() {
if multilib_is_native_abi ; then
emake
else
cd src || die
emake magic.h #586444
emake libmagic.la
fi
}
src_compile() {
if need_build_file; then
emake -C "${WORKDIR}"/build/src magic.h #586444
emake -C "${WORKDIR}"/build/src file
local -x PATH="${WORKDIR}/build/src:${PATH}"
fi
multilib-minimal_src_compile
if use python ; then
cd python || die
distutils-r1_src_compile
fi
}
multilib_src_install() {
if multilib_is_native_abi ; then
default
else
emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
fi
}
multilib_src_install_all() {
dodoc ChangeLog MAINT README
# Required for `file -C`
dodir /usr/share/misc/magic
insinto /usr/share/misc/magic
doins -r magic/Magdir/*
if use python ; then
cd python || die
distutils-r1_src_install
fi
find "${ED}" -type f -name "*.la" -delete || die
}

146
sdk_container/src/third_party/portage-stable/sys-apps/file/file-5.39-r3.ebuild vendored Normal file
View File

@ -0,0 +1,146 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{6..7} )
DISTUTILS_OPTIONAL=1
inherit distutils-r1 libtool toolchain-funcs multilib-minimal
if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/glensc/file.git"
inherit autotools git-r3
else
SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi
DESCRIPTION="identify a file's format by scanning binary data for patterns"
HOMEPAGE="https://www.darwinsys.com/file/"
LICENSE="BSD-2"
SLOT="0"
IUSE="bzip2 lzma python seccomp static-libs zlib"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
DEPEND="
bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
python? (
${PYTHON_DEPS}
dev-python/setuptools[${PYTHON_USEDEP}]
)
zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
RDEPEND="${DEPEND}
python? ( !dev-python/python-magic )
seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )"
PATCHES=(
"${FILESDIR}/file-5.39-add-missing-termios.patch" #728416
"${FILESDIR}/file-5.39-seccomp-musl.patch"
"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
)
src_prepare() {
default
if [[ ${PV} == 9999 ]]; then
eautoreconf
fi
elibtoolize
# don't let python README kill main README #60043
mv python/README.md python/README.python.md || die
sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
}
multilib_src_configure() {
local myeconfargs=(
--enable-fsect-man5
$(use_enable bzip2 bzlib)
$(use_enable lzma xzlib)
$(use_enable seccomp libseccomp)
$(use_enable static-libs static)
$(use_enable zlib)
)
econf "${myeconfargs[@]}"
}
build_src_configure() {
local myeconfargs=(
--disable-shared
--disable-libseccomp
--disable-bzlib
--disable-xzlib
--disable-zlib
)
tc-env_build econf "${myeconfargs[@]}"
}
need_build_file() {
# when cross-compiling, we need to build up our own file
# because people often don't keep matching host/target
# file versions #362941
tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
}
src_configure() {
local ECONF_SOURCE=${S}
if need_build_file; then
mkdir -p "${WORKDIR}"/build || die
cd "${WORKDIR}"/build || die
build_src_configure
fi
multilib-minimal_src_configure
}
multilib_src_compile() {
if multilib_is_native_abi ; then
emake
else
cd src || die
emake magic.h #586444
emake libmagic.la
fi
}
src_compile() {
if need_build_file; then
emake -C "${WORKDIR}"/build/src magic.h #586444
emake -C "${WORKDIR}"/build/src file
local -x PATH="${WORKDIR}/build/src:${PATH}"
fi
multilib-minimal_src_compile
if use python ; then
cd python || die
distutils-r1_src_compile
fi
}
multilib_src_install() {
if multilib_is_native_abi ; then
default
else
emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
fi
}
multilib_src_install_all() {
dodoc ChangeLog MAINT README
# Required for `file -C`
dodir /usr/share/misc/magic
insinto /usr/share/misc/magic
doins -r magic/Magdir/*
if use python ; then
cd python || die
distutils-r1_src_install
fi
find "${ED}" -type f -name "*.la" -delete || die
}

72
sdk_container/src/third_party/portage-stable/sys-apps/file/file-9999.ebuild vendored
View File

@ -1,19 +1,19 @@
# Copyright 1999-2018 Gentoo Foundation # Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=6 EAPI=7
PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy ) PYTHON_COMPAT=( python3_{6..7} )
DISTUTILS_OPTIONAL=1 DISTUTILS_OPTIONAL=1
inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal inherit distutils-r1 libtool toolchain-funcs multilib-minimal
if [[ ${PV} == "9999" ]] ; then if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/glensc/file.git" EGIT_REPO_URI="https://github.com/glensc/file.git"
inherit autotools git-r3 inherit autotools git-r3
else else
SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
fi fi
DESCRIPTION="identify a file's format by scanning binary data for patterns" DESCRIPTION="identify a file's format by scanning binary data for patterns"
@ -21,10 +21,12 @@ HOMEPAGE="https://www.darwinsys.com/file/"
LICENSE="BSD-2" LICENSE="BSD-2"
SLOT="0" SLOT="0"
IUSE="python seccomp static-libs zlib" IUSE="bzip2 lzma python seccomp static-libs zlib"
REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
DEPEND=" DEPEND="
bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
python? ( python? (
${PYTHON_DEPS} ${PYTHON_DEPS}
dev-python/setuptools[${PYTHON_USEDEP}] dev-python/setuptools[${PYTHON_USEDEP}]
@ -32,47 +34,63 @@ DEPEND="
zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
RDEPEND="${DEPEND} RDEPEND="${DEPEND}
python? ( !dev-python/python-magic ) python? ( !dev-python/python-magic )
seccomp? ( sys-libs/libseccomp )" seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )"
PATCHES=(
"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
)
src_prepare() { src_prepare() {
default default
[[ ${PV} == "9999" ]] && eautoreconf if [[ ${PV} == 9999 ]]; then
eautoreconf
fi
elibtoolize elibtoolize
# don't let python README kill main README #60043 # don't let python README kill main README #60043
mv python/README.md README.python || die mv python/README.md python/README.python.md || die
sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
} }
multilib_src_configure() { multilib_src_configure() {
local myeconfargs=( local myeconfargs=(
--enable-fsect-man5 --enable-fsect-man5
$(use_enable bzip2 bzlib)
$(use_enable lzma xzlib)
$(use_enable seccomp libseccomp) $(use_enable seccomp libseccomp)
$(use_enable static-libs static) $(use_enable static-libs static)
$(use_enable zlib) $(use_enable zlib)
) )
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" econf "${myeconfargs[@]}"
} }
src_configure() { build_src_configure() {
local myeconfargs=(
--disable-shared
--disable-libseccomp
--disable-bzlib
--disable-xzlib
--disable-zlib
)
tc-env_build econf "${myeconfargs[@]}"
}
need_build_file() {
# when cross-compiling, we need to build up our own file # when cross-compiling, we need to build up our own file
# because people often don't keep matching host/target # because people often don't keep matching host/target
# file versions #362941 # file versions #362941
if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
}
src_configure() {
local ECONF_SOURCE=${S}
if need_build_file; then
mkdir -p "${WORKDIR}"/build || die mkdir -p "${WORKDIR}"/build || die
cd "${WORKDIR}"/build || die cd "${WORKDIR}"/build || die
tc-export_build_env BUILD_C{C,XX} build_src_configure
ECONF_SOURCE=${S} \
ac_cv_header_zlib_h=no \
ac_cv_lib_z_gzopen=no \
CHOST=${CBUILD} \
CFLAGS=${BUILD_CFLAGS} \
CXXFLAGS=${BUILD_CXXFLAGS} \
CPPFLAGS=${BUILD_CPPFLAGS} \
LDFLAGS="${BUILD_LDFLAGS} -static" \
CC=${BUILD_CC} \
CXX=${BUILD_CXX} \
econf --disable-shared $(use_enable seccomp libseccomp)
fi fi
multilib-minimal_src_configure multilib-minimal_src_configure
@ -89,10 +107,10 @@ multilib_src_compile() {
} }
src_compile() { src_compile() {
if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then if need_build_file; then
emake -C "${WORKDIR}"/build/src magic.h #586444 emake -C "${WORKDIR}"/build/src magic.h #586444
emake -C "${WORKDIR}"/build/src file emake -C "${WORKDIR}"/build/src file
PATH="${WORKDIR}/build/src:${PATH}" local -x PATH="${WORKDIR}/build/src:${PATH}"
fi fi
multilib-minimal_src_compile multilib-minimal_src_compile
@ -122,5 +140,5 @@ multilib_src_install_all() {
cd python || die cd python || die
distutils-r1_src_install distutils-r1_src_install
fi fi
prune_libtool_files find "${ED}" -type f -name "*.la" -delete || die
} }

18
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.33-CVE-2018-10360.patch vendored
View File

@ -1,18 +0,0 @@
Avoid reading past the end of buffer
CVE-2018-10360
https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
cname = (unsigned char *)
&nbuf[doff + prpsoffsets(i)];
- for (cp = cname; *cp && isprint(*cp); cp++)
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
continue;
/*
* Linux apparently appends a space at the end

36
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.37-CVE-2019-18218.patch vendored Normal file
View File

@ -0,0 +1,36 @@
CVE-2019-18218
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
--- a/src/cdf.h
+++ b/src/cdf.h
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1

40
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-Revert-PR-93-iaeiaeiaeiae-Do-as-the-comment-says-and.patch vendored Normal file
View File

@ -0,0 +1,40 @@
From c9d21a58bea2ecb2dc8876e09e471094d54a25e4 Mon Sep 17 00:00:00 2001
From: Thomas Deutschmann <whissi@gentoo.org>
Date: Mon, 13 Apr 2020 01:08:12 +0200
Subject: [PATCH 1/3] Revert "PR/93: iaeiaeiaeiae: Do as the comment says, and
count as dynamically linked"
This reverts commit 24c9c086cd7c55b7b0a003a145b32466468e2608.
Fixes misdetection of shared libraries as statically linked as
reported in bug 717264.
Bug: https://bugs.gentoo.org/717264
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
src/readelf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/readelf.c b/src/readelf.c
index 40bcfab1..afec31d1 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1638,6 +1638,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
/* Things we can determine before we seek */
switch (xph_type) {
case PT_DYNAMIC:
+ linking_style = "dynamically";
doread = 1;
break;
case PT_NOTE:
@@ -1653,7 +1654,6 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
}
/*FALLTHROUGH*/
case PT_INTERP:
- linking_style = "dynamically";
doread = 1;
break;
default:
--
2.26.0

29
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-The-executable-bit-is-only-set-when-DF_1_PIE-bit-is-.patch vendored Normal file
View File

@ -0,0 +1,29 @@
From ed971e5e3ae79bd28697d16c8b78b693052484e4 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 12 Feb 2020 22:17:33 +0000
Subject: [PATCH 3/3] The executable bit is only set when DF_1_PIE bit is set
so it is fine.
---
magic/Magdir/elf | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/magic/Magdir/elf b/magic/Magdir/elf
index b5a2e00b..f5e1af9a 100644
--- a/magic/Magdir/elf
+++ b/magic/Magdir/elf
@@ -50,8 +50,9 @@
!:mime application/x-object
>16 leshort 2 executable,
!:mime application/x-executable
->16 leshort 3 shared object,
-!:mime application/x-sharedlib
+>16 leshort 3 ${x?pie executable:shared object},
+
+!:mime application/x-${x?pie-executable:sharedlib}
>16 leshort 4 core file,
!:mime application/x-coredump
# OS-specific
--
2.26.0

27
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.38-td-is-for-ptrdiff_t-not-for-off_t.patch vendored Normal file
View File

@ -0,0 +1,27 @@
From c49dc91df427f89ebcf9cdec556b8fc88cdfc3c1 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Tue, 17 Dec 2019 15:27:27 +0000
Subject: [PATCH 2/3] %td is for ptrdiff_t not for off_t.
---
src/readelf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/readelf.c b/src/readelf.c
index afec31d1..8ac3b7d6 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1349,8 +1349,8 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
name_off = xsh_offset;
if (fsize != SIZE_UNKNOWN && fsize < name_off) {
- if (file_printf(ms, ", too large section header offset %td",
- name_off) == -1)
+ if (file_printf(ms, ", too large section header offset %jd",
+ (intmax_t)name_off) == -1)
return -1;
return 0;
}
--
2.26.0

30
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-add-missing-termios.patch vendored Normal file
View File

@ -0,0 +1,30 @@
From 471e2c6c61ecd30ba6e304ae0444d364cfd44254 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 18 Jun 2020 16:25:12 +0000
Subject: [PATCH] PR/168: gyakovlev: Include <termios.h>
---
src/seccomp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/seccomp.c b/src/seccomp.c
index e667adfe4..68c56485d 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -27,7 +27,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
+FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
#endif /* lint */
#if HAVE_LIBSECCOMP
@@ -35,6 +35,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
#include <sys/prctl.h> /* prctl */
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <termios.h>
#include <fcntl.h>
#include <stdlib.h>
#include <errno.h>

26
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-portage-sandbox.patch vendored Normal file
View File

@ -0,0 +1,26 @@
From 81765a2d4fcce23f42495d5ec03bbfecb2a3c381 Mon Sep 17 00:00:00 2001
From: tka <tka@kamph.org>
Date: Wed, 24 Jun 2020 11:18:45 +0200
Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox
Bug: https://bugs.gentoo.org/728978
---
src/seccomp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/seccomp.c b/src/seccomp.c
index db9364ae..7f5d6f26 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -229,6 +229,8 @@ enable_sandbox_full(void)
ALLOW_RULE(write);
ALLOW_RULE(writev);
+ // needed by Gentoo's portage sandbox
+ ALLOW_RULE(getcwd);
#if 0
// needed by valgrind
--
2.28.0

37
sdk_container/src/third_party/portage-stable/sys-apps/file/files/file-5.39-seccomp-musl.patch vendored Normal file
View File

@ -0,0 +1,37 @@
From 93c91e2ba8042d499fee168e27cbd526438454c6 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 5 Sep 2020 17:20:32 +0000
Subject: [PATCH] PR/194: puchuu: Handle muslc syscalls
---
src/seccomp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/seccomp.c b/src/seccomp.c
index 68c56485d..db9364ae4 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -27,7 +27,7 @@
#include "file.h"
#ifndef lint
-FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
+FILE_RCSID("@(#)$File: seccomp.c,v 1.17 2020/09/05 17:20:32 christos Exp $")
#endif /* lint */
#if HAVE_LIBSECCOMP
@@ -220,12 +220,14 @@ enable_sandbox_full(void)
ALLOW_RULE(rt_sigreturn);
ALLOW_RULE(select);
ALLOW_RULE(stat);
+ ALLOW_RULE(statx);
ALLOW_RULE(stat64);
ALLOW_RULE(sysinfo);
ALLOW_RULE(umask); // Used in file_pipe2file()
ALLOW_RULE(getpid); // Used by glibc in file_pipe2file()
ALLOW_RULE(unlink);
ALLOW_RULE(write);
+ ALLOW_RULE(writev);
#if 0

3
sdk_container/src/third_party/portage-stable/sys-apps/file/metadata.xml vendored
View File

@ -6,6 +6,7 @@
<name>Gentoo Base System</name> <name>Gentoo Base System</name>
</maintainer> </maintainer>
<upstream> <upstream>
<bugs-to>http://bugs.gw.com/</bugs-to> <bugs-to>https://bugs.astron.com/</bugs-to>
<remote-id type="cpe">cpe:/a:file_project:file</remote-id>
</upstream> </upstream>
</pkgmetadata> </pkgmetadata>