diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-08-13 11:06:03 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-08-13 11:06:03 +0100 |
commit | be8708090362c01c6111c4b76f1e395c14d86e00 (patch) | |
tree | bb61ca73e867522450783849eb63c9e1f0ba1730 /sys-fs/erofs-utils | |
parent | e93a38d535f2c29b55a5756d2de99425986b0bf3 (diff) |
gentoo auto-resync : 13:08:2024 - 11:06:03
Diffstat (limited to 'sys-fs/erofs-utils')
-rw-r--r-- | sys-fs/erofs-utils/Manifest | 8 | ||||
-rw-r--r-- | sys-fs/erofs-utils/erofs-utils-1.8.1.ebuild (renamed from sys-fs/erofs-utils/erofs-utils-1.6-r1.ebuild) | 22 | ||||
-rw-r--r-- | sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33551.patch | 70 | ||||
-rw-r--r-- | sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33552.patch | 117 | ||||
-rw-r--r-- | sys-fs/erofs-utils/metadata.xml | 1 |
5 files changed, 20 insertions, 198 deletions
diff --git a/sys-fs/erofs-utils/Manifest b/sys-fs/erofs-utils/Manifest index 90805cfa6902..3a0bc34d8528 100644 --- a/sys-fs/erofs-utils/Manifest +++ b/sys-fs/erofs-utils/Manifest @@ -1,7 +1,5 @@ -AUX erofs-utils-1.6-CVE-2023-33551.patch 2204 BLAKE2B d0cf130e455123df3d4961b3f2b292167f189257bfd5d4aec9afb932179fa8642b84d62b891a70480b2d2dd0be52420467b81d1471c27b5d1c0f7c6c6e61f482 SHA512 e8c7ad3f00c6f86a76f3f9f5001939fc878157229f9223796f2dfdb6ea37c2598f4b5d45934a6c5c3171689bbf455f8987f583617b5853fe0eaed7a237c63b8f -AUX erofs-utils-1.6-CVE-2023-33552.patch 3294 BLAKE2B 45a36f7c91dcbbce8a0e25a28727fcccbf1cb9d0f073909e7f883f033de5d2b1ee133a1604cdf4c132624441973432e298d76ae38333259421e0e47096b56b07 SHA512 952eb009d3c0ecde751af1246f9c34bbb16bb692a8664cbc7ac084e41840acc1e082cceb3b44826091f3819b73c0e04e19f051c949c5c7a0145ea3170dc92ada -DIST erofs-utils-1.6.tar.gz 126558 BLAKE2B ad4ce3777c484d485b91f29a97c08499398595d654a4ad63e1cc6a75c176b0476d3af1d7a2bf1ef5f6df996281c1b1bdfdf004be4428c0c168652af68acd83d1 SHA512 1537c5cb60cb70c607b8c00408451f90122fe902d80c9d35dde7b9205588ae3513ddd7cb38d4062e55bb57e37d9b53a668752792e6cba0bc0d78176afed3e502 DIST erofs-utils-1.7.tar.gz 165393 BLAKE2B f22183fbc3346db0632f0fc842586251d0e17ea19e1de3be51cd807dfac4a6150a080d6b81625c3e08eeebc2ae28d7840f8209c905ca87fc70481d3d8c3913ec SHA512 0f204cd40644bde28f9bd0c5c234d93e68db3a3998bb089f43bfb3ce9a9db1e1cc2fa65919205cbd4a484fa4388cffadf5b395bc4363de3882e1a19778c2d62b -EBUILD erofs-utils-1.6-r1.ebuild 989 BLAKE2B 12b5a6b4d33748b0d55034c9ef6fd2d812f37a7ba2410beff7765b8554ad67c4f389055eb051c52c89e3d371833b3b983bd8d54c958d566668a581ffbc72bd86 SHA512 8b4b4c8877d49ceaf3a28515914123b80ddf4948047626cea09644e6694f5c2ed65eb114b89a0a26157650fb42a0dcf0e194eca3ae2d2fb6356879e87b60bd8e +DIST erofs-utils-1.8.1.tar.gz 184385 BLAKE2B 0ecf7ad0d42f3941751511f3ab42e7e25b85dc64849867a221272cf4596f6bfff3cb1c22877a485de79b4445f68eea8e77cb3f8c742a23ee5ad7ce0232b85091 SHA512 b7fe2441e5295680bc683e978ad97ee359785fd842d77fa86ef6bf869b5da87ad613f48782b5f59684995b6cbc5c274938c9ea9067baa537f09c029eabb4cca3 EBUILD erofs-utils-1.7.ebuild 1006 BLAKE2B 362142e2d8da00981233599debae7463c5300571cdab96305e3b1ad7a120857aa84ab774b0807600f14b26a089477556a3e4e15e52a16e763b75aeac45dddc61 SHA512 e5e007b1a4a554b55865ef418dc14ad4eec95de1f5c1f59c8beb07ff74aa748ac9b20b732e249c7ce1e1e82d46ce06ad2e683f8776bdcd79309c76eb8c55b72d -MISC metadata.xml 422 BLAKE2B 9c580f677db0b02904c12e023efd2c1abf0dca9d5dd84776ea55551e3997a968bf23c092b9bfa98e941f7d16009c6e56cdd0120a075872c8e3f84a77899ba556 SHA512 bb5def8dcfe0ecfdc8ce9e6fec61b7c707114abef8e79f2c0f27736341e9c3cca48c053b613d85db762c1632194e76d3ab33386bf0be7ba669a6aaee652b64c1 +EBUILD erofs-utils-1.8.1.ebuild 1258 BLAKE2B f9c180bb0ae7b899db5f16a413b6a45a4951d0cf5c694c5983fd3ad9547de090ec0093bf9b4464050527634de9ba722580db850e51a314dd9ac08ccc6491b972 SHA512 8e7c7ecca451e41e83306d10a7bf2be3a031e7a775467707ede52009c5dc79efd91cd8f7f9c3adf7f72d2f49fa67d8756fcced3dba6b2ca03f36da31a32def08 +MISC metadata.xml 561 BLAKE2B 021bc1323881f1d1e5aaf0ab2c49d393319048c31da034c297e6877a2c23f3e7bbf2392919df7bacfa75289ba11d051c2f896128e954348f3dd6c0850b847262 SHA512 2fb30129b20709a2cff8fa8b9fdb7e04aed0dd6df3c03306058109b0f85203273dbf925a16754a74a08b52f38c11dc1b1881419258e2fe1caa418c63b3c3d25f diff --git a/sys-fs/erofs-utils/erofs-utils-1.6-r1.ebuild b/sys-fs/erofs-utils/erofs-utils-1.8.1.ebuild index 87fe99420cfd..07c3889f14bb 100644 --- a/sys-fs/erofs-utils/erofs-utils-1.6-r1.ebuild +++ b/sys-fs/erofs-utils/erofs-utils-1.8.1.ebuild @@ -1,4 +1,4 @@ -# Copyright 2021-2023 Gentoo Authors +# Copyright 2021-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,13 +7,14 @@ inherit autotools DESCRIPTION="Userspace tools for EROFS" HOMEPAGE="https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git" -LICENSE="GPL-2+" SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/xiang/${PN}.git/snapshot/${P}.tar.gz" -KEYWORDS="~amd64 ~loong" +LICENSE="GPL-2+" SLOT="0" -IUSE="fuse +lz4 +lzma selinux +uuid" +KEYWORDS="~amd64 ~arm64 ~loong" + +IUSE="fuse libdeflate +lz4 +lzma selinux static-libs +threads +uuid +zlib +zstd" RDEPEND=" fuse? ( sys-fs/fuse:0 ) @@ -21,13 +22,16 @@ RDEPEND=" lzma? ( >=app-arch/xz-utils-5.4.0:0= ) selinux? ( sys-libs/libselinux:0= ) uuid? ( sys-apps/util-linux ) + zlib? ( + libdeflate? ( app-arch/libdeflate:0= ) + !libdeflate? ( sys-libs/zlib:0= ) + ) + zstd? ( app-arch/zstd:0= ) " DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" PATCHES=( - "${FILESDIR}/${P}-CVE-2023-33551.patch" - "${FILESDIR}/${P}-CVE-2023-33552.patch" ) src_prepare() { @@ -39,10 +43,16 @@ src_configure() { local myeconfargs=( --disable-werror $(use_enable fuse) + $(use_with libdeflate) $(use_enable lz4) $(use_enable lzma) $(use_with selinux) + $(use_enable static-libs static-fuse) + $(use_enable threads multithreading) $(use_with uuid) + $(use_with zlib) + $(use_with zstd libzstd) + --without-qpl # not packaged ) econf "${myeconfargs[@]}" diff --git a/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33551.patch b/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33551.patch deleted file mode 100644 index ce20d18cb33f..000000000000 --- a/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33551.patch +++ /dev/null @@ -1,70 +0,0 @@ -https://git.kernel.org/xiang/erofs-utils/c/27aeef179bf17d5f1d98f827e93d24839a6d4176 -From: Gao Xiang <hsiangkao@linux.alibaba.com> -Date: Fri, 2 Jun 2023 13:52:56 +0800 -Subject: erofs-utils: fsck: block insane long paths when extracting images - -Since some crafted EROFS filesystem images could have insane deep -hierarchy (or may form directory loops) which triggers the -PATH_MAX-sized path buffer OR stack overflow. - -Actually some crafted images cannot be deemed as real corrupted -images but over-PATH_MAX paths are not something that we'd like to -support for now. - -CVE: CVE-2023-33551 -Closes: https://nvd.nist.gov/vuln/detail/CVE-2023-33551 -Reported-by: Chaoming Yang <lometsj@live.com> -Fixes: f44043561491 ("erofs-utils: introduce fsck.erofs") -Fixes: b11f84f593f9 ("erofs-utils: fsck: convert to use erofs_iterate_dir()") -Fixes: 412c8f908132 ("erofs-utils: fsck: add --extract=X support to extract to path X") -Signeo-off-by: Gao Xiang <hsiangkao@linux.alibaba.com> -Link: https://lore.kernel.org/r/20230602055256.18061-1-hsiangkao@linux.alibaba.com ---- a/fsck/main.c -+++ b/fsck/main.c -@@ -680,28 +680,35 @@ again: - static int erofsfsck_dirent_iter(struct erofs_dir_context *ctx) - { - int ret; -- size_t prev_pos = fsckcfg.extract_pos; -+ size_t prev_pos, curr_pos; - - if (ctx->dot_dotdot) - return 0; - -- if (fsckcfg.extract_path) { -- size_t curr_pos = prev_pos; -+ prev_pos = fsckcfg.extract_pos; -+ curr_pos = prev_pos; -+ -+ if (prev_pos + ctx->de_namelen >= PATH_MAX) { -+ erofs_err("unable to fsck since the path is too long (%u)", -+ curr_pos + ctx->de_namelen); -+ return -EOPNOTSUPP; -+ } - -+ if (fsckcfg.extract_path) { - fsckcfg.extract_path[curr_pos++] = '/'; - strncpy(fsckcfg.extract_path + curr_pos, ctx->dname, - ctx->de_namelen); - curr_pos += ctx->de_namelen; - fsckcfg.extract_path[curr_pos] = '\0'; -- fsckcfg.extract_pos = curr_pos; -+ } else { -+ curr_pos += ctx->de_namelen; - } -- -+ fsckcfg.extract_pos = curr_pos; - ret = erofsfsck_check_inode(ctx->dir->nid, ctx->de_nid); - -- if (fsckcfg.extract_path) { -+ if (fsckcfg.extract_path) - fsckcfg.extract_path[prev_pos] = '\0'; -- fsckcfg.extract_pos = prev_pos; -- } -+ fsckcfg.extract_pos = prev_pos; - return ret; - } - --- -cgit - diff --git a/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33552.patch b/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33552.patch deleted file mode 100644 index c53a9b8044fe..000000000000 --- a/sys-fs/erofs-utils/files/erofs-utils-1.6-CVE-2023-33552.patch +++ /dev/null @@ -1,117 +0,0 @@ -https://git.kernel.org/xiang/erofs-utils/c/2145dff03dd3f3f74bcda3b52160fbad37f7fcfe -From: Gao Xiang <hsiangkao@linux.alibaba.com> -Date: Fri, 2 Jun 2023 11:05:19 +0800 -Subject: erofs-utils: fsck: don't allocate/read too large extents - -Since some crafted EROFS filesystem images could have insane large -extents, which causes unexpected bahaviors when extracting data. - -Fix it by extracting large extents with a buffer of a reasonable -maximum size limit and reading multiple times instead. - -Note that only `--extract` option is impacted. - -CVE: CVE-2023-33552 -Closes: https://nvd.nist.gov/vuln/detail/CVE-2023-33552 -Reported-by: Chaoming Yang <lometsj@live.com> -Fixes: 412c8f908132 ("erofs-utils: fsck: add --extract=X support to extract to path X") -Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com> -Link: https://lore.kernel.org/r/20230602030519.117071-1-hsiangkao@linux.alibaba.com ---- a/fsck/main.c -+++ b/fsck/main.c -@@ -392,6 +392,8 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd) - } - - while (pos < inode->i_size) { -+ unsigned int alloc_rawsize; -+ - map.m_la = pos; - if (compressed) - ret = z_erofs_map_blocks_iter(inode, &map, -@@ -420,10 +422,28 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd) - if (!(map.m_flags & EROFS_MAP_MAPPED) || !fsckcfg.check_decomp) - continue; - -- if (map.m_plen > raw_size) { -- raw_size = map.m_plen; -- raw = realloc(raw, raw_size); -- BUG_ON(!raw); -+ if (map.m_plen > Z_EROFS_PCLUSTER_MAX_SIZE) { -+ if (compressed) { -+ erofs_err("invalid pcluster size %" PRIu64 " @ offset %" PRIu64 " of nid %" PRIu64, -+ map.m_plen, map.m_la, -+ inode->nid | 0ULL); -+ ret = -EFSCORRUPTED; -+ goto out; -+ } -+ alloc_rawsize = Z_EROFS_PCLUSTER_MAX_SIZE; -+ } else { -+ alloc_rawsize = map.m_plen; -+ } -+ -+ if (alloc_rawsize > raw_size) { -+ char *newraw = realloc(raw, alloc_rawsize); -+ -+ if (!newraw) { -+ ret = -ENOMEM; -+ goto out; -+ } -+ raw = newraw; -+ raw_size = alloc_rawsize; - } - - if (compressed) { -@@ -434,18 +454,27 @@ static int erofs_verify_inode_data(struct erofs_inode *inode, int outfd) - } - ret = z_erofs_read_one_data(inode, &map, raw, buffer, - 0, map.m_llen, false); -+ if (ret) -+ goto out; -+ -+ if (outfd >= 0 && write(outfd, buffer, map.m_llen) < 0) -+ goto fail_eio; - } else { -- ret = erofs_read_one_data(&map, raw, 0, map.m_plen); -- } -- if (ret) -- goto out; -+ u64 p = 0; - -- if (outfd >= 0 && write(outfd, compressed ? buffer : raw, -- map.m_llen) < 0) { -- erofs_err("I/O error occurred when verifying data chunk @ nid %llu", -- inode->nid | 0ULL); -- ret = -EIO; -- goto out; -+ do { -+ u64 count = min_t(u64, alloc_rawsize, -+ map.m_llen); -+ -+ ret = erofs_read_one_data(&map, raw, p, count); -+ if (ret) -+ goto out; -+ -+ if (outfd >= 0 && write(outfd, raw, count) < 0) -+ goto fail_eio; -+ map.m_llen -= count; -+ p += count; -+ } while (map.m_llen); - } - } - -@@ -460,6 +489,12 @@ out: - if (buffer) - free(buffer); - return ret < 0 ? ret : 0; -+ -+fail_eio: -+ erofs_err("I/O error occurred when verifying data chunk @ nid %llu", -+ inode->nid | 0ULL); -+ ret = -EIO; -+ goto out; - } - - static inline int erofs_extract_dir(struct erofs_inode *inode) --- -cgit - diff --git a/sys-fs/erofs-utils/metadata.xml b/sys-fs/erofs-utils/metadata.xml index bcc4b30fe149..eaf0493a8357 100644 --- a/sys-fs/erofs-utils/metadata.xml +++ b/sys-fs/erofs-utils/metadata.xml @@ -7,6 +7,7 @@ </maintainer> <use> <flag name="fuse">Builds erofsfuse (requires <pkg>sys-fs/fuse</pkg>).</flag> + <flag name="libdeflate">Use <pkg>app-arch/libdeflate</pkg> rather than <pkg>sys-libs/zlib</pkg> for handling deflate compression.</flag> <flag name="uuid">Enables UUID support via <pkg>sys-apps/util-linux</pkg>.</flag> </use> </pkgmetadata> |