From bba809b22a050e394e6ce550572ee7f6c6e02a6e Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 7 Jun 2023 09:41:52 +0100 Subject: gentoo auto-resync : 07:06:2023 - 09:41:52 --- dev-libs/iniparser/Manifest | 4 +- .../files/iniparser-4.1-CVE-null-getstring.patch | 43 +++++++++++++ dev-libs/iniparser/iniparser-4.1-r1.ebuild | 75 ++++++++++++++++++++++ dev-libs/iniparser/metadata.xml | 4 -- 4 files changed, 121 insertions(+), 5 deletions(-) create mode 100644 dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch create mode 100644 dev-libs/iniparser/iniparser-4.1-r1.ebuild (limited to 'dev-libs/iniparser') diff --git a/dev-libs/iniparser/Manifest b/dev-libs/iniparser/Manifest index b3d2e10a1b3b..16e7a91565b9 100644 --- a/dev-libs/iniparser/Manifest +++ b/dev-libs/iniparser/Manifest @@ -1,8 +1,10 @@ AUX iniparser-3.0-autotools.patch 833 BLAKE2B 6d1328b0b5c7afcf769a55d5fa03741449364343a174f466afbb6eeac3a1fd8df799f4f1f866c982c15eb9f5c32dd04b8e914e621b788c770f77a3546c66ef95 SHA512 7da9af6dd9d72148fcdc2a0cf11b1308e33ccf208448af6e7aa3cb3e1f2f34696b8098458a3903b498445dc5627e15e7ccb20347de13f7ddb8e5e999890acd21 AUX iniparser-3.0b-cpp.patch 1032 BLAKE2B bc558d7c0263b2fef25a0cca617a717378a203f3acc95ec276c66122d5f1db99bbd510f35b07107ffc4f59fc6c853d961211be66c5999a7b8a991b00e21b2d33 SHA512 62a2514898a710293c7dabea089aa21597c47eec030eca1d0f3d8a3f7043f7811f374ef56b3b60527568b012af593e86c66f3e7c52f9ff64a000975978e88379 AUX iniparser-4.0-out-of-bounds-read.patch 330 BLAKE2B b60d6a3a514d5e5704e2a97c67ead108150375d850d6afe6f57815e9c4b434415596c514632e0575ea1cdf0cb464d6ca12e47780db5cd237bcf38849771ee41a SHA512 f1f01120fbf740cce5749f8ee9ba2014794523bc045999f45ad28a2bd4842d1e822b65fab2feb0751cba074de956c753949fb8b188454daf129c1ba8f0b6a1d4 +AUX iniparser-4.1-CVE-null-getstring.patch 1667 BLAKE2B b6fa1285106d77167a519cd5ce378c7aabf506da64b9a72b37776c63014e5fd96df9ec426b7ce59293c7162e7086151cb9f56d7dc37b02914e6758a06f67ae05 SHA512 72152482e45792bf3a93302f700dbfb799265b07ad767986b06886cf4b3b353c76ef8cce454548ec5fbbdd7c0a21d66b67604df0753e2270a928d9410263be75 DIST iniparser-3.1.tar.gz 39097 BLAKE2B 4ada36f5bb95476c06deffa7938a750bcdeb0bd5bb817b24274c1e1c588d9abbd23c3a58f3cb3b6f961912f3e12e74aadf224da4cd81863b874e4a84d11c1744 SHA512 8fd8324c5629fdc3e3eff00afb5f0832402ccc760c5b92db82aa29b340ec891419ca2c4fee3a4d4d67cf9bc51c76b095bc0c458e087c2b8e72ac36867c47ae86 DIST iniparser-4.1.tar.gz 44732 BLAKE2B a3480dab512b41eb9635c733b76048ab089a311c2970aae5ce89d103ff6ab1923d5824a5fca3bf445ba213ecd9954018fdef2831fd98c1a43c9ae7d4fb1cb388 SHA512 a8125aaaead1f9dfde380fa1e45bae31ca2312be029f2c53b4072cb3b127d16578a95c7c0aee1e3dda5e7b8db7a865ba6dfe8a1d80eb673061b3babef744e968 EBUILD iniparser-3.1-r3.ebuild 1083 BLAKE2B 68da732c4fac754ae50390890f5b9f674bbac4c6f54aa815af4356dad7a9fc8ef54aaaec9a6c00755f947e7a8bd9dfacabc33eb7ef830b37c66b1621d0ba5416 SHA512 e054f1ba088c5f9d731c2c4ac0934e1c8b466ff86c677719b04400d729fafc51c70098e306755d9bc2d05e425479f6103def9fdab8df14e05187809498dbcfd1 +EBUILD iniparser-4.1-r1.ebuild 1568 BLAKE2B a68f57da3364ced2fec779de8307f465f4436fd8ac55567ae823367700ec76892dd19b38795bde6e631ef39ed214fad6f2cd54e32ec3d274d7c78b8beebf1626 SHA512 cc1a5dd7062490403a1e2221adcfe588ece0986915cfff610e28f968637766d317c2f442e9e76432de895f4916b7a9565222cc2dac1d7215799a2eb05dfc6302 EBUILD iniparser-4.1.ebuild 1480 BLAKE2B c0d0ac4378cb5dbd7347d487fdb420dc7be96091225eaeca96144b5cce70c0f7e68c5c409ce110101da102b4f7ea1935aaf58a123104427dc444adc84374fa26 SHA512 99b75de53a968062693ca398fd0cb34ad42d771192b367ebcc146b2c93b55a414c6112379264f77cd318b2f025a645403aaa252631f87df991b6c13ad624a384 -MISC metadata.xml 436 BLAKE2B c0e0cb8638e1b94424e78ee12f2138aa8b66c8e469447760045a8052f996032e33b10b32c3a8ebcd04bb4ade7bacb339aeb3e876e555c83cb5b762c2eb8a3c26 SHA512 6977c3e2fea75ed71b15dadee4af80a45adf591c03e097a4e640adbbc7c7624a6b0711f1216ce92a7f551676db95e3d0c561d5b383961f60a70dc6625282c741 +MISC metadata.xml 327 BLAKE2B a33541d02c17aad83bbe3c142d65cfd49c2d852906ddb0fb8be0c9c551e1a8ea2e14cbe329a426dfd9951ee4f3fad9459ad3a9559a5c4656c202eb07e8048e5c SHA512 dec6c4abde8e7cbcf7d5fb47cc18afa5e08a3b83217767011d73de57c5cfa1a35b6e0bbdc3db2bbc2761be5050975aeece883b17f84b80c9b16885e444a667dd diff --git a/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch b/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch new file mode 100644 index 000000000000..bf3c035fda07 --- /dev/null +++ b/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch @@ -0,0 +1,43 @@ +From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 +From: Antonio +Date: Fri, 2 Jun 2023 15:03:10 -0300 +Subject: [PATCH] Handle null return from iniparser_getstring + +Fix handling of NULL returns from iniparser_getstring in +iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, +avoiding a crash. +--- + src/iniparser.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index f1d1658..dbceb20 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return strtol(str, NULL, 0); + } + +@@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return atof(str); + } + +@@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) + const char * c ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (c==INI_INVALID_KEY) return notfound ; ++ if (c==NULL || c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { diff --git a/dev-libs/iniparser/iniparser-4.1-r1.ebuild b/dev-libs/iniparser/iniparser-4.1-r1.ebuild new file mode 100644 index 000000000000..67b34398872b --- /dev/null +++ b/dev-libs/iniparser/iniparser-4.1-r1.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs flag-o-matic + +DESCRIPTION="A free stand-alone ini file parsing library" +HOMEPAGE="https://github.com/ndevilla/iniparser" +SRC_URI="https://github.com/ndevilla/iniparser/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="MIT" +SLOT="4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="doc examples" + +BDEPEND="doc? ( app-doc/doxygen )" + +PATCHES=( + ${FILESDIR}/${P}-CVE-null-getstring.patch # upstream, bug #907928 +) + +_newlib_so_with_symlinks() { + local source="${1}" base="${2}" current="${3}" revision="${4}" age="${5}" + + newlib.so ${source} ${base}.so.${current}.${revision}.${age} + local i + for i in ".${current}" '' ; do + dosym ${base}.so.${current}.${revision}.${age} /usr/$(get_libdir)/${base}.so${i} + done +} + +src_prepare() { + default + rm -r html || die +} + +src_configure() { + append-lfs-flags +} + +_emake() { + emake CC="$(tc-getCC)" AR="$(tc-getAR)" V=1 \ + SO_TARGET=lib${PN}${SLOT}.so.1 \ + ADDITIONAL_CFLAGS= \ + "$@" +} + +src_compile() { + _emake +} + +src_test() { + _emake -C test +} + +src_install() { + _newlib_so_with_symlinks lib${PN}${SLOT}.so.1 lib${PN}${SLOT} 1 0 0 + + insinto /usr/include/${PN}${SLOT} + doins src/*.h + + if use doc; then + emake -C doc + HTML_DOCS=( html/. ) + fi + + if use examples; then + docinto examples + dodoc -r example/. + docompress -x /usr/share/doc/${PF}/examples + fi + + einstalldocs +} diff --git a/dev-libs/iniparser/metadata.xml b/dev-libs/iniparser/metadata.xml index d34e989567aa..3b48e648fba0 100644 --- a/dev-libs/iniparser/metadata.xml +++ b/dev-libs/iniparser/metadata.xml @@ -5,10 +5,6 @@ samba@gentoo.org Samba Team - - grobian@gentoo.org - Fabian Groffen - ndevilla/iniparser -- cgit v1.2.3