gentoo auto-resync : 30:10:2023 - 15:46:36

5 files changed, 406 insertions, 0 deletions

diff --git a/sys-libs/Manifest.gz b/sys-libs/Manifest.gz
index 2176e24f0511..ac5e035fe55c 100644
--- a/sys-libs/Manifest.gz
+++ b/sys-libs/Manifest.gz
diff --git a/sys-libs/zlib/Manifest b/sys-libs/zlib/Manifest
index 284dec52b69c..480a53927d6b 100644
--- a/sys-libs/zlib/Manifest
+++ b/sys-libs/zlib/Manifest
@@ -1,5 +1,6 @@
 AUX zlib-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch 3209 BLAKE2B 26e9fd2d68534c6b2d5d88c5dc8150d63dede949ab71d454d94c13736c3f02c8e01201d39ccaa7fe189db0a272a315aa01a6a214f0cc7e25030b2c96b5fbe0ce SHA512 e5db2181e21d6fe7ef4d36b99fd80f4df576dabb7cbf3d205b30abd6760fdc33efaa3668fd927efe2c27a019c419b769b721760d9eb2f10d5d6955adf7a751bf
 AUX zlib-1.2.11-minizip-drop-crypt-header.patch 997 BLAKE2B a964dfb26d05045507cb2ebf1154b890782d9952288627dd5093eeeaed9265a6041922e9fef378333ad3b9ac2333d692b06db1d6425df25d6062b9fc42ec8c50 SHA512 158c4b711e8afc248cbd55f2057dede18540ad35ec1a47d0cfb0fe9bf10b1507bb1b4525badcc0a8b6505062d838ee4fb2d4ebfbf9c9d1694336a704bc0b690e
+AUX zlib-1.2.13-CVE-2023-45853.patch 1657 BLAKE2B d18588e24ec87454f4056751756881cfb3632ab24ace37dbd1a173e4914a20d9101cecc505251a9635c034f3ee99e31532fe95fe273df92fc83b0f9e0691a473 SHA512 38d801e2072cc9f6dacf25704cf935e7ec75f006ecda6933ea1667fce8e5fe154ed5d0b20a334a9c55b4d8ea9a8e7e466aa93fda5de3f409f2ccf8d5fa938bd1
 AUX zlib-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch 1870 BLAKE2B f0dd2ae5ebcbf0c7fe44d4362690bcb852fa61fc081645050cddb9af187c28e3f3cec6d3173d8d2be9912bc5fc0d0933e9840c0e6b11ccba663d69f81ef41bd3 SHA512 3b4d695d307c407d58921c6426971e13f0aba33447a3ceb23724d7c3e75a1a85f5d962fa8321e6ca4ff6217819e36cf7b96d8c1df214fc2c79ba2e2f99607712
 AUX zlib-1.2.13-use-LDFLAGS-in-configure.patch 2650 BLAKE2B 3cfae2b0658534aab64f7969d86307bf96724f4ec847e378c2f87b6b9e43c00bae96845d1c3405d5d913d2005e9f18f53923329ad1cfd73e9395f94d035e275f SHA512 77499165a934d171c7d4bbd177f3cfa2e57db8923c61222a48734f8d3879245ed91fe2b900b3a429db89e098a4d4fcd9f3b6f2c1c3a86f761e1b33b56a73987d
 DIST zlib-1.2.13.tar.xz 1296496 BLAKE2B cefcd25989ce27e7d339af2a88455fcf64f6f5e647bedb0f05a45e4370a885fe45a60c023aa63e79b8ecf20ed3254d0052245f33f5769aca2838b42242be14a8 SHA512 9e7ac71a1824855ae526506883e439456b74ac0b811d54e94f6908249ba8719bec4c8d7672903c5280658b26cb6b5e93ecaaafe5cdc2980c760fa196773f0725
@@ -7,5 +8,7 @@ DIST zlib-1.2.13.tar.xz.asc 235 BLAKE2B 29206175f06b4e36960fc6b9403101f55c1f5b76
 DIST zlib-1.3.tar.xz 1295740 BLAKE2B 5fe0f32339267348a313f23a21e9588bdb180b7415be303c85f5f169444d019e5f176ef7322f6e64297c360acc2a6041c50e2f66d1860e5c392d8970990f176a SHA512 3868ac4da5842dd36c9dad794930675b9082ce15cbd099ddb79c0f6bd20a24aa8f33a123f378f26fe0ae02d91f31f2994dccaac565cedeaffed7b315e6ded2a2
 DIST zlib-1.3.tar.xz.asc 235 BLAKE2B 5fe6ce952699a19e848d0a6e6c3622f934340068fdcd29afb35c74f3c8ae66d04de644800d10b38c743bb2f4852ba28f1a97313cb0e6e6f9b804cbca5289ebbb SHA512 8f3ce5c21938d6abc7e121d2939648a0ce2dc01a8ab4eb001d44eb159935dd0b4f5b5e371b3ecfc0ceb23689e2cefe002065968908503cde15b1bba08aff9db6
 EBUILD zlib-1.2.13-r1.ebuild 4678 BLAKE2B 9498146403a409cdf259955307713c952a3633cb25f429a0547f58396dc3d535267b15d15426a0ef798c42406c60e0afce1318bbab31743fa633a2ffc47e53a5 SHA512 02d899d6b9f62af3f820cd13df634687a2358270b48e74f091343ec3181554b4c41e0a910e8fafc3d2d826db8f0a3d5becf7854eab92d75528211f5859fbc1bf
+EBUILD zlib-1.2.13-r2.ebuild 4765 BLAKE2B 493199e6e9b5b4039260a834398b8866cae28f06c8202f2e0f641094f1ff0263be3b6f8f297195685fe4e9d35692accbb376307473c1a8493f96c50a409948bf SHA512 e52a0b29eb208b501cf3eee1d84be6c7daf04f866dfc89a3c08fd4339e24ac0671126e8d42bfb94a05492f77828ae7ebe44990027462f7ad7af70705b838eda5
 EBUILD zlib-1.3-r1.ebuild 4557 BLAKE2B c85ccc6bcb312f3285af230e5fd2546f4d511908f05b44a55d6e32d88cd05e900457ec18d62809a5c6224fc848afdbeec04a966f62186cb431a0de9db54d0ac2 SHA512 e61720d294e1dde5593f111ac5c0fd593292710b7b4aee37f160f5024e596c1ee79d8f628f45281437792aaefcd2742bd8119bd2873c6a1aabdd4b47c5d0e3e4
+EBUILD zlib-1.3-r2.ebuild 4639 BLAKE2B 361354e8f7d60ec23737098d55d6f3d47b2c46ddeeecf0c8dc0881e72b09ef737f3376aa294a8c97c14b8ae5b2a87183d9a35ac95f69b4096a8a528bf58edf67 SHA512 26db22ec0039e4416da93c5d94b9bf7d288eef8721368c18cd493101d2cffb3ddd2cccaa86cc754c5e302476756bec407687b523ef56abcd95f42f3855bd7298
 MISC metadata.xml 494 BLAKE2B a4a57a4153aefc189e407bcb8ce84f7c94581cc66967f69097087da7e6ff48d2de683b919fb00445d095c47ef39d31e01590f8c989ce0e5e01474e73ee2a0565 SHA512 a7e0160c127b3c2a6afe99e95992d9dbd017061303759c299ec38800efd6a9e11a35ae850c23c77c09c8833cd9d61ac1267f6becadf9c22437ee35e4304400c9
diff --git a/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch b/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch
new file mode 100644
index 000000000000..ecb5acecbb33
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/916484
+https://github.com/madler/zlib/pull/843
+https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
+
+From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
+From: Hans Wennborg <hans@chromium.org>
+Date: Fri, 18 Aug 2023 11:05:33 +0200
+Subject: [PATCH] Reject overflows of zip header fields in minizip.
+
+This checks the lengths of the file name, extra field, and comment
+that would be put in the zip headers, and rejects them if they are
+too long. They are each limited to 65535 bytes in length by the zip
+format. This also avoids possible buffer overflows if the provided
+fields are too long.
+---
+ contrib/minizip/zip.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
+index 3d3d4cadd..0446109b2 100644
+--- a/contrib/minizip/zip.c
++++ b/contrib/minizip/zip.c
+@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
+       return ZIP_PARAMERROR;
+ #endif
+ 
++    // The filename and comment length must fit in 16 bits.
++    if ((filename!=NULL) && (strlen(filename)>0xffff))
++        return ZIP_PARAMERROR;
++    if ((comment!=NULL) && (strlen(comment)>0xffff))
++        return ZIP_PARAMERROR;
++    // The extra field length must fit in 16 bits. If the member also requires
++    // a Zip64 extra block, that will also need to fit within that 16-bit
++    // length, but that will be checked for later.
++    if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
++        return ZIP_PARAMERROR;
++
+     zi = (zip64_internal*)file;
+ 
+     if (zi->in_opened_file_inzip == 1)
diff --git a/sys-libs/zlib/zlib-1.2.13-r2.ebuild b/sys-libs/zlib/zlib-1.2.13-r2.ebuild
new file mode 100644
index 000000000000..4e5edf8a4fa5
--- /dev/null
+++ b/sys-libs/zlib/zlib-1.2.13-r2.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Worth keeping an eye on 'develop' branch upstream for possible backports.
+AUTOTOOLS_AUTO_DEPEND="no"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc
+inherit autotools multilib-minimal flag-o-matic toolchain-funcs usr-ldscript verify-sig
+
+DESCRIPTION="Standard (de)compression library"
+HOMEPAGE="https://zlib.net/"
+SRC_URI="https://zlib.net/${P}.tar.xz
+	https://zlib.net/fossils/${P}.tar.xz
+	https://zlib.net/current/beta/${P}.tar.xz
+	verify-sig? ( https://zlib.net/${P}.tar.xz.asc )"
+
+LICENSE="ZLIB"
+SLOT="0/1" # subslot = SONAME
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="minizip static-libs"
+
+RDEPEND="!sys-libs/zlib-ng[compat]"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	minizip? ( ${AUTOTOOLS_DEPEND} )
+	verify-sig? ( sec-keys/openpgp-keys-madler )
+"
+
+PATCHES=(
+	# Don't install unexpected & unused crypt.h header (which would clash with other pkgs)
+	# Pending upstream. bug #658536
+	"${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch
+
+	# Respect AR, RANLIB, NM during build. Pending upstream. bug #831628
+	"${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch
+
+	# Respect LDFLAGS during configure tests. Pending upstream
+	"${FILESDIR}"/${PN}-1.2.13-use-LDFLAGS-in-configure.patch
+
+	# Fix building on sparc with older binutils, we pass it in ebuild instead
+	"${FILESDIR}"/${PN}-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch
+
+	# CVE-2023-45853 (bug #916484)
+	"${FILESDIR}"/${PN}-1.2.13-CVE-2023-45853.patch
+)
+
+src_prepare() {
+	default
+
+	if use minizip ; then
+		cd contrib/minizip || die
+		eautoreconf
+	fi
+
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			# Uses preconfigured Makefile rather than configure script
+			multilib_copy_sources
+
+			;;
+	esac
+}
+
+echoit() { echo "$@"; "$@"; }
+
+multilib_src_configure() {
+	# We pass manually instead of relying on the configure script/makefile
+	# because it would pass it even for older binutils.
+	use sparc && append-flags $(test-flags-CCLD -Wl,--no-warn-rwx-segments)
+
+	# ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
+	# https://github.com/gentoo/gentoo/pull/28355
+	# mold needs this too but right now tc-ld-is-mold is also not available
+	if tc-ld-is-lld; then
+		append-ldflags -Wl,--undefined-version
+	fi
+
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			;;
+
+		*)
+			# bug #347167
+			local uname=$("${BROOT}"/usr/share/gnuconfig/config.sub "${CHOST}" | cut -d- -f3)
+
+			local myconf=(
+				--shared
+				--prefix="${EPREFIX}/usr"
+				--libdir="${EPREFIX}/usr/$(get_libdir)"
+				${uname:+--uname=${uname}}
+			)
+
+			# Not an autoconf script, so can't use econf
+			echoit "${S}"/configure "${myconf[@]}" || die
+
+			;;
+	esac
+
+	if use minizip ; then
+		local minizipdir="contrib/minizip"
+		mkdir -p "${BUILD_DIR}/${minizipdir}" || die
+
+		cd ${minizipdir} || die
+		ECONF_SOURCE="${S}/${minizipdir}" econf $(use_enable static-libs static)
+	fi
+}
+
+multilib_src_compile() {
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			emake -f win32/Makefile.gcc STRIP=true PREFIX=${CHOST}-
+			sed \
+				-e 's|@prefix@|'"${EPREFIX}"'/usr|g' \
+				-e 's|@exec_prefix@|${prefix}|g' \
+				-e 's|@libdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@sharedlibdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@includedir@|${prefix}/include|g' \
+				-e 's|@VERSION@|'${PV}'|g' \
+				zlib.pc.in > zlib.pc || die
+			;;
+
+		*)
+			emake
+
+			;;
+	esac
+
+	use minizip && emake -C contrib/minizip
+}
+
+sed_macros() {
+	# Clean up namespace a little, bug #383179
+	# We do it here so we only have to tweak 2 files
+	sed -i -r 's:\<(O[FN])\>:_Z_\1:g' "$@" || die
+}
+
+multilib_src_install() {
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			emake -f win32/Makefile.gcc install \
+				BINARY_PATH="${ED}/usr/bin" \
+				LIBRARY_PATH="${ED}/usr/$(get_libdir)" \
+				INCLUDE_PATH="${ED}/usr/include" \
+				SHARED_MODE=1
+
+			# Overwrites zlib.pc created from win32/Makefile.gcc, bug #620136
+			insinto /usr/$(get_libdir)/pkgconfig
+			doins zlib.pc
+
+			;;
+
+		*)
+			emake install DESTDIR="${D}" LDCONFIG=:
+			gen_usr_ldscript -a z
+
+			;;
+	esac
+
+	sed_macros "${ED}"/usr/include/*.h
+
+	if use minizip ; then
+		emake -C contrib/minizip install DESTDIR="${D}"
+		sed_macros "${ED}"/usr/include/minizip/*.h
+
+		# This might not exist if slibtool is used.
+		# bug #816756
+		rm -f "${ED}"/usr/$(get_libdir)/libminizip.la || die
+	fi
+
+	if ! use static-libs ; then
+		# bug #419645
+		rm "${ED}"/usr/$(get_libdir)/libz.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc FAQ README ChangeLog doc/*.txt
+
+	if use minizip ; then
+		dodoc contrib/minizip/*.txt
+		doman contrib/minizip/*.1
+	fi
+}
diff --git a/sys-libs/zlib/zlib-1.3-r2.ebuild b/sys-libs/zlib/zlib-1.3-r2.ebuild
new file mode 100644
index 000000000000..89522d3657a8
--- /dev/null
+++ b/sys-libs/zlib/zlib-1.3-r2.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Worth keeping an eye on 'develop' branch upstream for possible backports.
+AUTOTOOLS_AUTO_DEPEND="no"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc
+inherit autotools edo multilib-minimal flag-o-matic toolchain-funcs usr-ldscript verify-sig
+
+DESCRIPTION="Standard (de)compression library"
+HOMEPAGE="https://zlib.net/"
+SRC_URI="
+	https://zlib.net/${P}.tar.xz
+	https://zlib.net/fossils/${P}.tar.xz
+	https://zlib.net/current/beta/${P}.tar.xz
+	https://github.com/madler/zlib/releases/download/v${PV}/${P}.tar.xz
+	verify-sig? (
+		https://zlib.net/${P}.tar.xz.asc
+		https://github.com/madler/zlib/releases/download/v${PV}/${P}.tar.xz.asc
+	)
+"
+
+LICENSE="ZLIB"
+SLOT="0/1" # subslot = SONAME
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="minizip static-libs"
+
+RDEPEND="!sys-libs/zlib-ng[compat]"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	minizip? ( ${AUTOTOOLS_DEPEND} )
+	verify-sig? ( sec-keys/openpgp-keys-madler )
+"
+
+PATCHES=(
+	# Don't install unexpected & unused crypt.h header (which would clash with other pkgs)
+	# Pending upstream. bug #658536
+	"${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch
+
+	# Respect AR, RANLIB, NM during build. Pending upstream. bug #831628
+	"${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch
+
+	# Respect LDFLAGS during configure tests. Pending upstream
+	"${FILESDIR}"/${PN}-1.2.13-use-LDFLAGS-in-configure.patch
+
+	# Fix building on sparc with older binutils, we pass it in ebuild instead
+	"${FILESDIR}"/${PN}-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch
+
+	# CVE-2023-45853 (bug #916484)
+	"${FILESDIR}"/${PN}-1.2.13-CVE-2023-45853.patch
+)
+
+src_prepare() {
+	default
+
+	if use minizip ; then
+		cd contrib/minizip || die
+		eautoreconf
+	fi
+
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			# Uses preconfigured Makefile rather than configure script
+			multilib_copy_sources
+
+			;;
+	esac
+}
+
+multilib_src_configure() {
+	# We pass manually instead of relying on the configure script/makefile
+	# because it would pass it even for older binutils.
+	use sparc && append-flags $(test-flags-CCLD -Wl,--no-warn-rwx-segments)
+
+	# ideally we want !tc-ld-is-bfd for best future-proofing, but it needs
+	# https://github.com/gentoo/gentoo/pull/28355
+	# mold needs this too but right now tc-ld-is-mold is also not available
+	if tc-ld-is-lld; then
+		append-ldflags -Wl,--undefined-version
+	fi
+
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			;;
+
+		*)
+			# bug #347167
+			local uname=$("${BROOT}"/usr/share/gnuconfig/config.sub "${CHOST}" | cut -d- -f3)
+
+			local myconf=(
+				--shared
+				--prefix="${EPREFIX}/usr"
+				--libdir="${EPREFIX}/usr/$(get_libdir)"
+				${uname:+--uname=${uname}}
+			)
+
+			# Not an autoconf script, so can't use econf
+			edo "${S}"/configure "${myconf[@]}"
+
+			;;
+	esac
+
+	if use minizip ; then
+		local minizipdir="contrib/minizip"
+		mkdir -p "${BUILD_DIR}/${minizipdir}" || die
+
+		cd ${minizipdir} || die
+		ECONF_SOURCE="${S}/${minizipdir}" econf $(use_enable static-libs static)
+	fi
+}
+
+multilib_src_compile() {
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			emake -f win32/Makefile.gcc STRIP=true PREFIX=${CHOST}-
+			sed \
+				-e 's|@prefix@|'"${EPREFIX}"'/usr|g' \
+				-e 's|@exec_prefix@|${prefix}|g' \
+				-e 's|@libdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@sharedlibdir@|${exec_prefix}/'$(get_libdir)'|g' \
+				-e 's|@includedir@|${prefix}/include|g' \
+				-e 's|@VERSION@|'${PV}'|g' \
+				zlib.pc.in > zlib.pc || die
+			;;
+
+		*)
+			emake
+
+			;;
+	esac
+
+	use minizip && emake -C contrib/minizip
+}
+
+multilib_src_install() {
+	case ${CHOST} in
+		*-mingw*|mingw*)
+			emake -f win32/Makefile.gcc install \
+				BINARY_PATH="${ED}/usr/bin" \
+				LIBRARY_PATH="${ED}/usr/$(get_libdir)" \
+				INCLUDE_PATH="${ED}/usr/include" \
+				SHARED_MODE=1
+
+			# Overwrites zlib.pc created from win32/Makefile.gcc, bug #620136
+			insinto /usr/$(get_libdir)/pkgconfig
+			doins zlib.pc
+
+			;;
+
+		*)
+			emake install DESTDIR="${D}" LDCONFIG=:
+			gen_usr_ldscript -a z
+
+			;;
+	esac
+
+	if use minizip ; then
+		emake -C contrib/minizip install DESTDIR="${D}"
+
+		# This might not exist if slibtool is used.
+		# bug #816756
+		rm -f "${ED}"/usr/$(get_libdir)/libminizip.la || die
+	fi
+
+	if ! use static-libs ; then
+		# bug #419645
+		rm "${ED}"/usr/$(get_libdir)/libz.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc FAQ README ChangeLog doc/*.txt
+
+	if use minizip ; then
+		dodoc contrib/minizip/*.txt
+		doman contrib/minizip/*.1
+	fi
+}