diff options
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/Manifest.gz | bin | 14744 -> 14744 bytes | |||
-rw-r--r-- | sys-libs/zlib/Manifest | 3 | ||||
-rw-r--r-- | sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch | 40 | ||||
-rw-r--r-- | sys-libs/zlib/zlib-1.2.13-r2.ebuild | 184 | ||||
-rw-r--r-- | sys-libs/zlib/zlib-1.3-r2.ebuild | 179 |
5 files changed, 406 insertions, 0 deletions
diff --git a/sys-libs/Manifest.gz b/sys-libs/Manifest.gz Binary files differindex 2176e24f0511..ac5e035fe55c 100644 --- a/sys-libs/Manifest.gz +++ b/sys-libs/Manifest.gz diff --git a/sys-libs/zlib/Manifest b/sys-libs/zlib/Manifest index 284dec52b69c..480a53927d6b 100644 --- a/sys-libs/zlib/Manifest +++ b/sys-libs/zlib/Manifest @@ -1,5 +1,6 @@ AUX zlib-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch 3209 BLAKE2B 26e9fd2d68534c6b2d5d88c5dc8150d63dede949ab71d454d94c13736c3f02c8e01201d39ccaa7fe189db0a272a315aa01a6a214f0cc7e25030b2c96b5fbe0ce SHA512 e5db2181e21d6fe7ef4d36b99fd80f4df576dabb7cbf3d205b30abd6760fdc33efaa3668fd927efe2c27a019c419b769b721760d9eb2f10d5d6955adf7a751bf AUX zlib-1.2.11-minizip-drop-crypt-header.patch 997 BLAKE2B a964dfb26d05045507cb2ebf1154b890782d9952288627dd5093eeeaed9265a6041922e9fef378333ad3b9ac2333d692b06db1d6425df25d6062b9fc42ec8c50 SHA512 158c4b711e8afc248cbd55f2057dede18540ad35ec1a47d0cfb0fe9bf10b1507bb1b4525badcc0a8b6505062d838ee4fb2d4ebfbf9c9d1694336a704bc0b690e +AUX zlib-1.2.13-CVE-2023-45853.patch 1657 BLAKE2B d18588e24ec87454f4056751756881cfb3632ab24ace37dbd1a173e4914a20d9101cecc505251a9635c034f3ee99e31532fe95fe273df92fc83b0f9e0691a473 SHA512 38d801e2072cc9f6dacf25704cf935e7ec75f006ecda6933ea1667fce8e5fe154ed5d0b20a334a9c55b4d8ea9a8e7e466aa93fda5de3f409f2ccf8d5fa938bd1 AUX zlib-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch 1870 BLAKE2B f0dd2ae5ebcbf0c7fe44d4362690bcb852fa61fc081645050cddb9af187c28e3f3cec6d3173d8d2be9912bc5fc0d0933e9840c0e6b11ccba663d69f81ef41bd3 SHA512 3b4d695d307c407d58921c6426971e13f0aba33447a3ceb23724d7c3e75a1a85f5d962fa8321e6ca4ff6217819e36cf7b96d8c1df214fc2c79ba2e2f99607712 AUX zlib-1.2.13-use-LDFLAGS-in-configure.patch 2650 BLAKE2B 3cfae2b0658534aab64f7969d86307bf96724f4ec847e378c2f87b6b9e43c00bae96845d1c3405d5d913d2005e9f18f53923329ad1cfd73e9395f94d035e275f SHA512 77499165a934d171c7d4bbd177f3cfa2e57db8923c61222a48734f8d3879245ed91fe2b900b3a429db89e098a4d4fcd9f3b6f2c1c3a86f761e1b33b56a73987d DIST zlib-1.2.13.tar.xz 1296496 BLAKE2B cefcd25989ce27e7d339af2a88455fcf64f6f5e647bedb0f05a45e4370a885fe45a60c023aa63e79b8ecf20ed3254d0052245f33f5769aca2838b42242be14a8 SHA512 9e7ac71a1824855ae526506883e439456b74ac0b811d54e94f6908249ba8719bec4c8d7672903c5280658b26cb6b5e93ecaaafe5cdc2980c760fa196773f0725 @@ -7,5 +8,7 @@ DIST zlib-1.2.13.tar.xz.asc 235 BLAKE2B 29206175f06b4e36960fc6b9403101f55c1f5b76 DIST zlib-1.3.tar.xz 1295740 BLAKE2B 5fe0f32339267348a313f23a21e9588bdb180b7415be303c85f5f169444d019e5f176ef7322f6e64297c360acc2a6041c50e2f66d1860e5c392d8970990f176a SHA512 3868ac4da5842dd36c9dad794930675b9082ce15cbd099ddb79c0f6bd20a24aa8f33a123f378f26fe0ae02d91f31f2994dccaac565cedeaffed7b315e6ded2a2 DIST zlib-1.3.tar.xz.asc 235 BLAKE2B 5fe6ce952699a19e848d0a6e6c3622f934340068fdcd29afb35c74f3c8ae66d04de644800d10b38c743bb2f4852ba28f1a97313cb0e6e6f9b804cbca5289ebbb SHA512 8f3ce5c21938d6abc7e121d2939648a0ce2dc01a8ab4eb001d44eb159935dd0b4f5b5e371b3ecfc0ceb23689e2cefe002065968908503cde15b1bba08aff9db6 EBUILD zlib-1.2.13-r1.ebuild 4678 BLAKE2B 9498146403a409cdf259955307713c952a3633cb25f429a0547f58396dc3d535267b15d15426a0ef798c42406c60e0afce1318bbab31743fa633a2ffc47e53a5 SHA512 02d899d6b9f62af3f820cd13df634687a2358270b48e74f091343ec3181554b4c41e0a910e8fafc3d2d826db8f0a3d5becf7854eab92d75528211f5859fbc1bf +EBUILD zlib-1.2.13-r2.ebuild 4765 BLAKE2B 493199e6e9b5b4039260a834398b8866cae28f06c8202f2e0f641094f1ff0263be3b6f8f297195685fe4e9d35692accbb376307473c1a8493f96c50a409948bf SHA512 e52a0b29eb208b501cf3eee1d84be6c7daf04f866dfc89a3c08fd4339e24ac0671126e8d42bfb94a05492f77828ae7ebe44990027462f7ad7af70705b838eda5 EBUILD zlib-1.3-r1.ebuild 4557 BLAKE2B c85ccc6bcb312f3285af230e5fd2546f4d511908f05b44a55d6e32d88cd05e900457ec18d62809a5c6224fc848afdbeec04a966f62186cb431a0de9db54d0ac2 SHA512 e61720d294e1dde5593f111ac5c0fd593292710b7b4aee37f160f5024e596c1ee79d8f628f45281437792aaefcd2742bd8119bd2873c6a1aabdd4b47c5d0e3e4 +EBUILD zlib-1.3-r2.ebuild 4639 BLAKE2B 361354e8f7d60ec23737098d55d6f3d47b2c46ddeeecf0c8dc0881e72b09ef737f3376aa294a8c97c14b8ae5b2a87183d9a35ac95f69b4096a8a528bf58edf67 SHA512 26db22ec0039e4416da93c5d94b9bf7d288eef8721368c18cd493101d2cffb3ddd2cccaa86cc754c5e302476756bec407687b523ef56abcd95f42f3855bd7298 MISC metadata.xml 494 BLAKE2B a4a57a4153aefc189e407bcb8ce84f7c94581cc66967f69097087da7e6ff48d2de683b919fb00445d095c47ef39d31e01590f8c989ce0e5e01474e73ee2a0565 SHA512 a7e0160c127b3c2a6afe99e95992d9dbd017061303759c299ec38800efd6a9e11a35ae850c23c77c09c8833cd9d61ac1267f6becadf9c22437ee35e4304400c9 diff --git a/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch b/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch new file mode 100644 index 000000000000..ecb5acecbb33 --- /dev/null +++ b/sys-libs/zlib/files/zlib-1.2.13-CVE-2023-45853.patch @@ -0,0 +1,40 @@ +https://bugs.gentoo.org/916484 +https://github.com/madler/zlib/pull/843 +https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c + +From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 +From: Hans Wennborg <hans@chromium.org> +Date: Fri, 18 Aug 2023 11:05:33 +0200 +Subject: [PATCH] Reject overflows of zip header fields in minizip. + +This checks the lengths of the file name, extra field, and comment +that would be put in the zip headers, and rejects them if they are +too long. They are each limited to 65535 bytes in length by the zip +format. This also avoids possible buffer overflows if the provided +fields are too long. +--- + contrib/minizip/zip.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4cadd..0446109b2 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++ // The filename and comment length must fit in 16 bits. ++ if ((filename!=NULL) && (strlen(filename)>0xffff)) ++ return ZIP_PARAMERROR; ++ if ((comment!=NULL) && (strlen(comment)>0xffff)) ++ return ZIP_PARAMERROR; ++ // The extra field length must fit in 16 bits. If the member also requires ++ // a Zip64 extra block, that will also need to fit within that 16-bit ++ // length, but that will be checked for later. ++ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) ++ return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) diff --git a/sys-libs/zlib/zlib-1.2.13-r2.ebuild b/sys-libs/zlib/zlib-1.2.13-r2.ebuild new file mode 100644 index 000000000000..4e5edf8a4fa5 --- /dev/null +++ b/sys-libs/zlib/zlib-1.2.13-r2.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Worth keeping an eye on 'develop' branch upstream for possible backports. +AUTOTOOLS_AUTO_DEPEND="no" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc +inherit autotools multilib-minimal flag-o-matic toolchain-funcs usr-ldscript verify-sig + +DESCRIPTION="Standard (de)compression library" +HOMEPAGE="https://zlib.net/" +SRC_URI="https://zlib.net/${P}.tar.xz + https://zlib.net/fossils/${P}.tar.xz + https://zlib.net/current/beta/${P}.tar.xz + verify-sig? ( https://zlib.net/${P}.tar.xz.asc )" + +LICENSE="ZLIB" +SLOT="0/1" # subslot = SONAME +KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="minizip static-libs" + +RDEPEND="!sys-libs/zlib-ng[compat]" +DEPEND="${RDEPEND}" +BDEPEND=" + minizip? ( ${AUTOTOOLS_DEPEND} ) + verify-sig? ( sec-keys/openpgp-keys-madler ) +" + +PATCHES=( + # Don't install unexpected & unused crypt.h header (which would clash with other pkgs) + # Pending upstream. bug #658536 + "${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch + + # Respect AR, RANLIB, NM during build. Pending upstream. bug #831628 + "${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch + + # Respect LDFLAGS during configure tests. Pending upstream + "${FILESDIR}"/${PN}-1.2.13-use-LDFLAGS-in-configure.patch + + # Fix building on sparc with older binutils, we pass it in ebuild instead + "${FILESDIR}"/${PN}-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch + + # CVE-2023-45853 (bug #916484) + "${FILESDIR}"/${PN}-1.2.13-CVE-2023-45853.patch +) + +src_prepare() { + default + + if use minizip ; then + cd contrib/minizip || die + eautoreconf + fi + + case ${CHOST} in + *-mingw*|mingw*) + # Uses preconfigured Makefile rather than configure script + multilib_copy_sources + + ;; + esac +} + +echoit() { echo "$@"; "$@"; } + +multilib_src_configure() { + # We pass manually instead of relying on the configure script/makefile + # because it would pass it even for older binutils. + use sparc && append-flags $(test-flags-CCLD -Wl,--no-warn-rwx-segments) + + # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs + # https://github.com/gentoo/gentoo/pull/28355 + # mold needs this too but right now tc-ld-is-mold is also not available + if tc-ld-is-lld; then + append-ldflags -Wl,--undefined-version + fi + + case ${CHOST} in + *-mingw*|mingw*) + ;; + + *) + # bug #347167 + local uname=$("${BROOT}"/usr/share/gnuconfig/config.sub "${CHOST}" | cut -d- -f3) + + local myconf=( + --shared + --prefix="${EPREFIX}/usr" + --libdir="${EPREFIX}/usr/$(get_libdir)" + ${uname:+--uname=${uname}} + ) + + # Not an autoconf script, so can't use econf + echoit "${S}"/configure "${myconf[@]}" || die + + ;; + esac + + if use minizip ; then + local minizipdir="contrib/minizip" + mkdir -p "${BUILD_DIR}/${minizipdir}" || die + + cd ${minizipdir} || die + ECONF_SOURCE="${S}/${minizipdir}" econf $(use_enable static-libs static) + fi +} + +multilib_src_compile() { + case ${CHOST} in + *-mingw*|mingw*) + emake -f win32/Makefile.gcc STRIP=true PREFIX=${CHOST}- + sed \ + -e 's|@prefix@|'"${EPREFIX}"'/usr|g' \ + -e 's|@exec_prefix@|${prefix}|g' \ + -e 's|@libdir@|${exec_prefix}/'$(get_libdir)'|g' \ + -e 's|@sharedlibdir@|${exec_prefix}/'$(get_libdir)'|g' \ + -e 's|@includedir@|${prefix}/include|g' \ + -e 's|@VERSION@|'${PV}'|g' \ + zlib.pc.in > zlib.pc || die + ;; + + *) + emake + + ;; + esac + + use minizip && emake -C contrib/minizip +} + +sed_macros() { + # Clean up namespace a little, bug #383179 + # We do it here so we only have to tweak 2 files + sed -i -r 's:\<(O[FN])\>:_Z_\1:g' "$@" || die +} + +multilib_src_install() { + case ${CHOST} in + *-mingw*|mingw*) + emake -f win32/Makefile.gcc install \ + BINARY_PATH="${ED}/usr/bin" \ + LIBRARY_PATH="${ED}/usr/$(get_libdir)" \ + INCLUDE_PATH="${ED}/usr/include" \ + SHARED_MODE=1 + + # Overwrites zlib.pc created from win32/Makefile.gcc, bug #620136 + insinto /usr/$(get_libdir)/pkgconfig + doins zlib.pc + + ;; + + *) + emake install DESTDIR="${D}" LDCONFIG=: + gen_usr_ldscript -a z + + ;; + esac + + sed_macros "${ED}"/usr/include/*.h + + if use minizip ; then + emake -C contrib/minizip install DESTDIR="${D}" + sed_macros "${ED}"/usr/include/minizip/*.h + + # This might not exist if slibtool is used. + # bug #816756 + rm -f "${ED}"/usr/$(get_libdir)/libminizip.la || die + fi + + if ! use static-libs ; then + # bug #419645 + rm "${ED}"/usr/$(get_libdir)/libz.a || die + fi +} + +multilib_src_install_all() { + dodoc FAQ README ChangeLog doc/*.txt + + if use minizip ; then + dodoc contrib/minizip/*.txt + doman contrib/minizip/*.1 + fi +} diff --git a/sys-libs/zlib/zlib-1.3-r2.ebuild b/sys-libs/zlib/zlib-1.3-r2.ebuild new file mode 100644 index 000000000000..89522d3657a8 --- /dev/null +++ b/sys-libs/zlib/zlib-1.3-r2.ebuild @@ -0,0 +1,179 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# Worth keeping an eye on 'develop' branch upstream for possible backports. +AUTOTOOLS_AUTO_DEPEND="no" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/madler.asc +inherit autotools edo multilib-minimal flag-o-matic toolchain-funcs usr-ldscript verify-sig + +DESCRIPTION="Standard (de)compression library" +HOMEPAGE="https://zlib.net/" +SRC_URI=" + https://zlib.net/${P}.tar.xz + https://zlib.net/fossils/${P}.tar.xz + https://zlib.net/current/beta/${P}.tar.xz + https://github.com/madler/zlib/releases/download/v${PV}/${P}.tar.xz + verify-sig? ( + https://zlib.net/${P}.tar.xz.asc + https://github.com/madler/zlib/releases/download/v${PV}/${P}.tar.xz.asc + ) +" + +LICENSE="ZLIB" +SLOT="0/1" # subslot = SONAME +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="minizip static-libs" + +RDEPEND="!sys-libs/zlib-ng[compat]" +DEPEND="${RDEPEND}" +BDEPEND=" + minizip? ( ${AUTOTOOLS_DEPEND} ) + verify-sig? ( sec-keys/openpgp-keys-madler ) +" + +PATCHES=( + # Don't install unexpected & unused crypt.h header (which would clash with other pkgs) + # Pending upstream. bug #658536 + "${FILESDIR}"/${PN}-1.2.11-minizip-drop-crypt-header.patch + + # Respect AR, RANLIB, NM during build. Pending upstream. bug #831628 + "${FILESDIR}"/${PN}-1.2.11-configure-fix-AR-RANLIB-NM-detection.patch + + # Respect LDFLAGS during configure tests. Pending upstream + "${FILESDIR}"/${PN}-1.2.13-use-LDFLAGS-in-configure.patch + + # Fix building on sparc with older binutils, we pass it in ebuild instead + "${FILESDIR}"/${PN}-1.2.13-Revert-Turn-off-RWX-segment-warnings-on-sparc-system.patch + + # CVE-2023-45853 (bug #916484) + "${FILESDIR}"/${PN}-1.2.13-CVE-2023-45853.patch +) + +src_prepare() { + default + + if use minizip ; then + cd contrib/minizip || die + eautoreconf + fi + + case ${CHOST} in + *-mingw*|mingw*) + # Uses preconfigured Makefile rather than configure script + multilib_copy_sources + + ;; + esac +} + +multilib_src_configure() { + # We pass manually instead of relying on the configure script/makefile + # because it would pass it even for older binutils. + use sparc && append-flags $(test-flags-CCLD -Wl,--no-warn-rwx-segments) + + # ideally we want !tc-ld-is-bfd for best future-proofing, but it needs + # https://github.com/gentoo/gentoo/pull/28355 + # mold needs this too but right now tc-ld-is-mold is also not available + if tc-ld-is-lld; then + append-ldflags -Wl,--undefined-version + fi + + case ${CHOST} in + *-mingw*|mingw*) + ;; + + *) + # bug #347167 + local uname=$("${BROOT}"/usr/share/gnuconfig/config.sub "${CHOST}" | cut -d- -f3) + + local myconf=( + --shared + --prefix="${EPREFIX}/usr" + --libdir="${EPREFIX}/usr/$(get_libdir)" + ${uname:+--uname=${uname}} + ) + + # Not an autoconf script, so can't use econf + edo "${S}"/configure "${myconf[@]}" + + ;; + esac + + if use minizip ; then + local minizipdir="contrib/minizip" + mkdir -p "${BUILD_DIR}/${minizipdir}" || die + + cd ${minizipdir} || die + ECONF_SOURCE="${S}/${minizipdir}" econf $(use_enable static-libs static) + fi +} + +multilib_src_compile() { + case ${CHOST} in + *-mingw*|mingw*) + emake -f win32/Makefile.gcc STRIP=true PREFIX=${CHOST}- + sed \ + -e 's|@prefix@|'"${EPREFIX}"'/usr|g' \ + -e 's|@exec_prefix@|${prefix}|g' \ + -e 's|@libdir@|${exec_prefix}/'$(get_libdir)'|g' \ + -e 's|@sharedlibdir@|${exec_prefix}/'$(get_libdir)'|g' \ + -e 's|@includedir@|${prefix}/include|g' \ + -e 's|@VERSION@|'${PV}'|g' \ + zlib.pc.in > zlib.pc || die + ;; + + *) + emake + + ;; + esac + + use minizip && emake -C contrib/minizip +} + +multilib_src_install() { + case ${CHOST} in + *-mingw*|mingw*) + emake -f win32/Makefile.gcc install \ + BINARY_PATH="${ED}/usr/bin" \ + LIBRARY_PATH="${ED}/usr/$(get_libdir)" \ + INCLUDE_PATH="${ED}/usr/include" \ + SHARED_MODE=1 + + # Overwrites zlib.pc created from win32/Makefile.gcc, bug #620136 + insinto /usr/$(get_libdir)/pkgconfig + doins zlib.pc + + ;; + + *) + emake install DESTDIR="${D}" LDCONFIG=: + gen_usr_ldscript -a z + + ;; + esac + + if use minizip ; then + emake -C contrib/minizip install DESTDIR="${D}" + + # This might not exist if slibtool is used. + # bug #816756 + rm -f "${ED}"/usr/$(get_libdir)/libminizip.la || die + fi + + if ! use static-libs ; then + # bug #419645 + rm "${ED}"/usr/$(get_libdir)/libz.a || die + fi +} + +multilib_src_install_all() { + dodoc FAQ README ChangeLog doc/*.txt + + if use minizip ; then + dodoc contrib/minizip/*.txt + doman contrib/minizip/*.1 + fi +} |