From e748ba9741f6540f4675c23e3e37b73e822c13a4 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 31 May 2021 20:59:14 +0100 Subject: gentoo resync : 31.05.2021 --- dev-libs/libcroco/Manifest | 3 +- .../files/libcroco-0.6.13-CVE-2020-12825.patch | 187 +++++++++++++++++++++ dev-libs/libcroco/libcroco-0.6.13-r1.ebuild | 57 +++++++ dev-libs/libcroco/libcroco-0.6.13.ebuild | 55 ------ 4 files changed, 246 insertions(+), 56 deletions(-) create mode 100644 dev-libs/libcroco/files/libcroco-0.6.13-CVE-2020-12825.patch create mode 100644 dev-libs/libcroco/libcroco-0.6.13-r1.ebuild delete mode 100644 dev-libs/libcroco/libcroco-0.6.13.ebuild (limited to 'dev-libs/libcroco') diff --git a/dev-libs/libcroco/Manifest b/dev-libs/libcroco/Manifest index f8f287688bcb..91a00e5ae29f 100644 --- a/dev-libs/libcroco/Manifest +++ b/dev-libs/libcroco/Manifest @@ -1,3 +1,4 @@ +AUX libcroco-0.6.13-CVE-2020-12825.patch 7600 BLAKE2B 2303fb7044f7458e5861b0d054bb6c6137265dfa080d6e93b0c10f8fbf0c02104a6f14248ef5a95e1967fa7c55aecfc31f8d15cfb24d792d530f10e9c375a3d3 SHA512 f1704914cf6bad4b530e239998d7c2be7d5bc8b2e071526c04b5797a52513cb50289ca575639872217a64dbe6adbc7e0a352e9427a4df5cc98f36f13baf88a33 DIST libcroco-0.6.13.tar.xz 487840 BLAKE2B 511212f1849343d55104cc6d17662cacd524bae098bab12d6db58df41710c8dca2c5beb7a37e42feac6d856934a07feb3d11c55dc74ba055e21066f2bdefb260 SHA512 038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 -EBUILD libcroco-0.6.13.ebuild 1305 BLAKE2B 82078462794835865bc3e92633e2efea2e8abcb45837d968a7a4cfa984d7c3dc9f37a7784481f5227879058cd969413ae6e166f70c1b0b45e4ebbf30b7cedfe6 SHA512 c2cab85a8228b0afef2c7cab7c6c012200eef3c80658db477a60f74d6e5ade364e2c85645215507536489c5c7aad115a7709b0bc06e2965f9b12047e2ac05352 +EBUILD libcroco-0.6.13-r1.ebuild 1366 BLAKE2B 06f0c1795c8b74e897fffa70d26b4d3a81ca86eeb99a47b0d3ad3eae864e664d88297f875b7e83f53b9d1ff4b16c9daf7b95d1e90add9a91e4a79d9951d5d3a9 SHA512 99a7c151b42a330b22051743c5c051f6951eee15319d4a526a2b1c29eb27f6ffc558e8bc13c50cbbee86286536c681c7c5aa3bd356d75e919e6ab197283b5f5e MISC metadata.xml 677 BLAKE2B 075dc643dd13fa706bb3240a389f715e760c6d06c851c5074d6c58843668bbcbda2167fff34f720e57d48f01aaacf61dc2a5a98c11a5240550b7e2500bfef6a2 SHA512 57849cfa0cf0e61f52db3e7a357957d3eb0ea3e93381475ad1821a5e0d63c7971f31b4f52a9a851d303bac59a83edbb5fbdc76d54ccfdd6332ca5c93a43a0b14 diff --git a/dev-libs/libcroco/files/libcroco-0.6.13-CVE-2020-12825.patch b/dev-libs/libcroco/files/libcroco-0.6.13-CVE-2020-12825.patch new file mode 100644 index 000000000000..26fc677eb160 --- /dev/null +++ b/dev-libs/libcroco/files/libcroco-0.6.13-CVE-2020-12825.patch @@ -0,0 +1,187 @@ +From 44cbd1e718d6a08e59b9300280c340218a84e089 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 12 Aug 2020 13:54:15 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 +--- + src/cr-parser.c | 44 ++++++++++++++++++++++++++-------------- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/cr-parser.c +index 07f4ed9e8b..8304b75614 100644 +--- a/src/cr-parser.c ++++ b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, &init_pos); + +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token); +@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + ref++; + goto continue_parsing; +@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + if (status == CR_OK) { + ref++; + goto continue_parsing; +@@ -1161,10 +1170,12 @@ cr_parser_parse_value_core (CRParser * a_this) + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; + * + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *@return CR_OK upon successfull completion, an error code otherwise. + */ + static enum CRStatus +-cr_parser_parse_any_core (CRParser * a_this) ++cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token1 = NULL, + *token2 = NULL; +@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this) + + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1); +@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this) + *We consider parameter as being an "any*" production. + */ + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +-- +GitLab + diff --git a/dev-libs/libcroco/libcroco-0.6.13-r1.ebuild b/dev-libs/libcroco/libcroco-0.6.13-r1.ebuild new file mode 100644 index 000000000000..6dc6bb37f910 --- /dev/null +++ b/dev-libs/libcroco/libcroco-0.6.13-r1.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit gnome2 multilib-minimal + +DESCRIPTION="Generic Cascading Style Sheet (CSS) parsing and manipulation toolkit" +HOMEPAGE="https://gitlab.gnome.org/Archive/libcroco" + +LICENSE="LGPL-2" +SLOT="0.6" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="test" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-libs/glib-2.34.3:2[${MULTILIB_USEDEP}] + >=dev-libs/libxml2-2.9.1-r4[${MULTILIB_USEDEP}] +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-util/gtk-doc-am + virtual/pkgconfig +" + +PATCHES=( "${FILESDIR}"/${PN}-0.6.13-CVE-2020-12825.patch ) + +src_prepare() { + if ! use test; then + # don't waste time building tests + sed 's/^\(SUBDIRS .*\=.*\)tests\(.*\)$/\1\2/' -i Makefile.am Makefile.in \ + || die "sed failed" + fi + + gnome2_src_prepare +} + +multilib_src_configure() { + ECONF_SOURCE=${S} \ + gnome2_src_configure \ + --disable-static \ + $([[ ${CHOST} == *-darwin* ]] && echo --disable-Bsymbolic) + + if multilib_is_native_abi; then + ln -s "${S}"/docs/reference/html docs/reference/html || die + fi +} + +multilib_src_install() { + gnome2_src_install +} + +multilib_src_install_all() { + DOCS=( AUTHORS ChangeLog HACKING NEWS README TODO ) + einstalldocs +} diff --git a/dev-libs/libcroco/libcroco-0.6.13.ebuild b/dev-libs/libcroco/libcroco-0.6.13.ebuild deleted file mode 100644 index 4b2cca0bd0cb..000000000000 --- a/dev-libs/libcroco/libcroco-0.6.13.ebuild +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit gnome2 multilib-minimal - -DESCRIPTION="Generic Cascading Style Sheet (CSS) parsing and manipulation toolkit" -HOMEPAGE="https://gitlab.gnome.org/Archive/libcroco" - -LICENSE="LGPL-2" -SLOT="0.6" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x64-solaris ~x86-solaris" -IUSE="test" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=dev-libs/glib-2.34.3:2[${MULTILIB_USEDEP}] - >=dev-libs/libxml2-2.9.1-r4[${MULTILIB_USEDEP}] -" -DEPEND="${RDEPEND}" -BDEPEND=" - dev-util/gtk-doc-am - virtual/pkgconfig -" - -src_prepare() { - if ! use test; then - # don't waste time building tests - sed 's/^\(SUBDIRS .*\=.*\)tests\(.*\)$/\1\2/' -i Makefile.am Makefile.in \ - || die "sed failed" - fi - - gnome2_src_prepare -} - -multilib_src_configure() { - ECONF_SOURCE=${S} \ - gnome2_src_configure \ - --disable-static \ - $([[ ${CHOST} == *-darwin* ]] && echo --disable-Bsymbolic) - - if multilib_is_native_abi; then - ln -s "${S}"/docs/reference/html docs/reference/html || die - fi -} - -multilib_src_install() { - gnome2_src_install -} - -multilib_src_install_all() { - DOCS=( AUTHORS ChangeLog HACKING NEWS README TODO ) - einstalldocs -} -- cgit v1.2.3