commit: da60551412d12ea1b7b0fe27a7603fb7873d63c2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Wed Aug 11 12:25:48 2021 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Wed Aug 11 12:30:42 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da605514
sys-apps/util-linux: Revbump to add various upstream fixes * Erase names in agetty by pressing CTRL-C (#804972) * Fixed user mount of davfs2 filesystems (#805218) * Fixed lscpu segfault on riscv plattform with upstream patch (#802606) + Fixed potential buffer overflow in ipcutils (#806070) (CVE-2021-37600) Bug: https://bugs.gentoo.org/806070 Closes: https://bugs.gentoo.org/804972 Closes: https://bugs.gentoo.org/805218 Closes: https://bugs.gentoo.org/802606 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> .../util-linux-2.37.1-agetty_ctrl-c_erase.patch | 50 +++ .../util-linux-2.37.1-ipcutils_calloc_check.patch | 25 ++ .../util-linux-2.37.1-libmount_setgroups_fix.patch | 38 +++ ...l-linux-2.37.1-lscpu_NULL_dereference_fix.patch | 50 +++ sys-apps/util-linux/util-linux-2.37.1-r1.ebuild | 338 +++++++++++++++++++++ 5 files changed, 501 insertions(+) diff --git a/sys-apps/util-linux/files/util-linux-2.37.1-agetty_ctrl-c_erase.patch b/sys-apps/util-linux/files/util-linux-2.37.1-agetty_ctrl-c_erase.patch new file mode 100644 index 00000000000..4828fd449f9 --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.37.1-agetty_ctrl-c_erase.patch @@ -0,0 +1,50 @@ +From 6eb1c01e9dd25a73100f06db37190c63fd57d4d9 Mon Sep 17 00:00:00 2001 +From: Karel Zak <[email protected]> +Date: Fri, 30 Jul 2021 11:50:46 +0200 +Subject: [PATCH] agetty: use CTRL+C to erase username + +aggety(8) from the beginning ignores ^C (the small exception was +between 2.32 and 2.34 when this char has been misinterpreted). + +This patch forces agetty to interpret ^C like ^U, it means to +erase the user's input and wait for a completely new username. +The small difference is that for ^C it does not set 'kill character'. + +This change does not affect serial lines where ^C is still ignored like +in previous decades. I'd like to avoid any regression as I have +no clue if any serial lines do not send this control char in some +context ... + +Fixes: https://github.com/karelzak/util-linux/issues/1399 +References: https://github.com/karelzak/util-linux/issues/1046 +Signed-off-by: Karel Zak <[email protected]> +--- + term-utils/agetty.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/term-utils/agetty.c b/term-utils/agetty.c +index 3b3d5101a..d072d64d3 100644 +--- a/term-utils/agetty.c ++++ b/term-utils/agetty.c +@@ -2267,6 +2267,11 @@ static char *get_logname(struct issue *ie, struct options *op, struct termios *t + break; + case CTL('U'): + cp->kill = ascval; /* set kill character */ ++ /* fallthrough */ ++ case CTL('C'): ++ if (key == CTL('C') && !(op->flags & F_VCONSOLE)) ++ /* Ignore CTRL+C on serial line */ ++ break; + while (bp > logname) { + if ((tp->c_lflag & ECHO) == 0) + write_all(1, erase[cp->parity], 3); +@@ -2275,9 +2280,6 @@ static char *get_logname(struct issue *ie, struct options *op, struct termios *t + break; + case CTL('D'): + exit(EXIT_SUCCESS); +- case CTL('C'): +- /* Ignore */ +- break; + default: + if ((size_t)(bp - logname) >= sizeof(logname) - 1) + log_err(_("%s: input overrun"), op->tty); diff --git a/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch b/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch new file mode 100644 index 00000000000..44490ce1bd0 --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.37.1-ipcutils_calloc_check.patch @@ -0,0 +1,25 @@ +From 86d5de52d43501711586054e7b601fbc57403085 Mon Sep 17 00:00:00 2001 +From: Karel Zak <[email protected]> +Date: Tue, 27 Jul 2021 11:58:31 +0200 +Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 + nmembs + +Fix: https://github.com/karelzak/util-linux/issues/1395 +Signed-off-by: Karel Zak <[email protected]> +--- + sys-utils/ipcutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c +index e784c4dcb9..18868cfd38 100644 +--- a/sys-utils/ipcutils.c ++++ b/sys-utils/ipcutils.c +@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) + { + size_t i; + +- if (!p || !p->sem_nsems || p->sem_perm.id < 0) ++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) + return; + + p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); diff --git a/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch b/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch new file mode 100644 index 00000000000..ebde207986b --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.37.1-libmount_setgroups_fix.patch @@ -0,0 +1,38 @@ +From 420e914c4cc4c2ba34fd75790ea194d7f4a47d2c Mon Sep 17 00:00:00 2001 +From: Karel Zak <[email protected]> +Date: Thu, 29 Jul 2021 11:50:48 +0200 +Subject: [PATCH] libmount: fix setgroups() use + +* keep process in single supplementary group, which is the real group ID for the process + +* make sure we have rights to call setgroups(), requires group permissions + +Fixes: https://github.com/karelzak/util-linux/issues/1398 +Signed-off-by: Karel Zak <[email protected]> +--- + include/c.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/include/c.h b/include/c.h +index c1e4c5ffc..a4504e3ba 100644 +--- a/include/c.h ++++ b/include/c.h +@@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void) + + static inline int drop_permissions(void) + { ++ gid_t newgid = getgid(); ++ + errno = 0; + + /* drop supplementary groups */ +- if (setgroups(0, NULL) != 0) ++ if (geteuid() == 0 && setgroups(1, &newgid) != 0) + goto fail; + + /* drop GID */ +- if (setgid(getgid()) < 0) ++ if (setgid(newgid) < 0) + goto fail; + + /* drop UID */ diff --git a/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch b/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch new file mode 100644 index 00000000000..50322e63a8e --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.37.1-lscpu_NULL_dereference_fix.patch @@ -0,0 +1,50 @@ +From 0d7cef3ddbd2aacbea8c11e8524a3de68dfb8ff6 Mon Sep 17 00:00:00 2001 +From: Karel Zak <[email protected]> +Date: Fri, 30 Jul 2021 14:35:25 +0200 +Subject: [PATCH] lscpu: fix NULL dereference + +Fixes: https://github.com/karelzak/util-linux/issues/1401 +Signed-off-by: Karel Zak <[email protected]> +--- + sys-utils/lscpu-cputype.c | 2 +- + sys-utils/lscpu.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sys-utils/lscpu-cputype.c b/sys-utils/lscpu-cputype.c +index 795a4acf5..be16199e0 100644 +--- a/sys-utils/lscpu-cputype.c ++++ b/sys-utils/lscpu-cputype.c +@@ -569,7 +569,7 @@ int lscpu_read_cpuinfo(struct lscpu_cxt *cxt) + /* Set the default type to CPUs which are missing (or not parsed) + * in cpuinfo */ + ct = lscpu_cputype_get_default(cxt); +- for (i = 0; i < cxt->npossibles; i++) { ++ for (i = 0; ct && i < cxt->npossibles; i++) { + struct lscpu_cpu *cpu = cxt->cpus[i]; + + if (cpu && !cpu->type) +diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c +index 827e84a6d..e11b2f42f 100644 +--- a/sys-utils/lscpu.c ++++ b/sys-utils/lscpu.c +@@ -991,7 +991,7 @@ static void print_summary(struct lscpu_cxt *cxt) + *(p - 2) = '\0'; + add_summary_s(tb, sec, _("CPU op-mode(s):"), buf); + } +- if (ct->addrsz) ++ if (ct && ct->addrsz) + add_summary_s(tb, sec, _("Address sizes:"), ct->addrsz); + #if !defined(WORDS_BIGENDIAN) + add_summary_s(tb, sec, _("Byte Order:"), "Little Endian"); +@@ -1033,9 +1033,9 @@ static void print_summary(struct lscpu_cxt *cxt) + sec = NULL; + + /* Section: cpu type description */ +- if (ct->vendor) ++ if (ct && ct->vendor) + sec = add_summary_s(tb, NULL, _("Vendor ID:"), ct->vendor); +- if (ct->bios_vendor) ++ if (ct && ct->bios_vendor) + add_summary_s(tb, sec, _("BIOS Vendor ID:"), ct->bios_vendor); + + for (i = 0; i < cxt->ncputypes; i++) diff --git a/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild b/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild new file mode 100644 index 00000000000..74d874455d9 --- /dev/null +++ b/sys-apps/util-linux/util-linux-2.37.1-r1.ebuild @@ -0,0 +1,338 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..9} ) + +inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 usr-ldscript \ + pam python-r1 multilib-minimal multiprocessing systemd + +MY_PV="${PV/_/-}" +MY_P="${PN}-${MY_PV}" + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 autotools + EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"; +else + [[ "${PV}" = *_rc* ]] || \ + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" + SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"; +fi + +DESCRIPTION="Various useful Linux utilities" +HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/karelzak/util-linux"; + +LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain" +SLOT="0" +IUSE="audit build caps +cramfs cryptsetup fdformat hardlink kill +logger magic ncurses nls pam python +readline selinux slang static-libs su +suid systemd test tty-helpers udev unicode userland_GNU" + +# Most lib deps here are related to programs rather than our libs, +# so we rarely need to specify ${MULTILIB_USEDEP}. +RDEPEND=" + virtual/libcrypt:= + audit? ( >=sys-process/audit-2.6:= ) + caps? ( sys-libs/libcap-ng ) + cramfs? ( sys-libs/zlib:= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.1.0 ) + hardlink? ( dev-libs/libpcre2:= ) + ncurses? ( + sys-libs/ncurses:=[unicode(+)?] + magic? ( sys-apps/file:0= ) + ) + nls? ( virtual/libintl[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + ppc? ( sys-libs/librtas ) + ppc64? ( sys-libs/librtas ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + slang? ( sys-libs/slang ) + !build? ( systemd? ( sys-apps/systemd ) ) + udev? ( virtual/libudev:= )" +BDEPEND=" + virtual/pkgconfig + nls? ( sys-devel/gettext ) + test? ( sys-devel/bc ) +" +DEPEND=" + ${RDEPEND} + virtual/os-headers +" +RDEPEND+=" + hardlink? ( !app-arch/hardlink ) + logger? ( !>=app-admin/sysklogd-2.0[logger] ) + kill? ( + !sys-apps/coreutils[kill] + !sys-process/procps[kill] + ) + su? ( + !<sys-apps/shadow-4.7-r2 + !>=sys-apps/shadow-4.7-r2[su] + ) + !net-wireless/rfkill + !<app-shells/bash-completion-2.7-r1 +" + +# Required for man-page generation +if [[ "${PV}" == 9999 ]] ; then + BDEPEND+=" + dev-ruby/asciidoctor + " +fi + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" +RESTRICT="!test? ( test )" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}"/${PN}-2.37.1-ipcutils_calloc_check.patch #806070 + "${FILESDIR}"/${PN}-2.37.1-libmount_setgroups_fix.patch #805218 + "${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972 + "${FILESDIR}"/${PN}-2.37.1-lscpu_NULL_dereference_fix.patch #802606 +) + +src_prepare() { + default + + # Prevent uuidd test failure due to socket path limit. #593304 + sed -i \ + -e "s|UUIDD_SOCKET=\"\$(mktemp -u \"\${TS_OUTDIR}/uuiddXXXXXXXXXXXXX\")\"|UUIDD_SOCKET=\"\$(mktemp -u \"${T}/uuiddXXXXXXXXXXXXX.sock\")\"|g" \ + tests/ts/uuid/uuidd || die "Failed to fix uuidd test" + + if ! use userland_GNU ; then + # test runner is using GNU-specific xargs call + sed -i -e 's:xargs:gxargs:' tests/run.sh || die + # test requires util-linux uuidgen (which we don't build) + rm tests/ts/uuid/oids || die + fi + + if [[ ${PV} == 9999 ]] ; then + po/update-potfiles + eautoreconf + fi + + elibtoolize +} + +lfs_fallocate_test() { + # Make sure we can use fallocate with LFS #300307 + cat <<-EOF > "${T}"/fallocate.${ABI}.c + #define _GNU_SOURCE + #include <fcntl.h> + main() { return fallocate(0, 0, 0, 0); } + EOF + append-lfs-flags + $(tc-getCC) ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} "${T}"/fallocate.${ABI}.c -o /dev/null >/dev/null 2>&1 \ + || export ac_cv_func_fallocate=no + rm -f "${T}"/fallocate.${ABI}.c +} + +python_configure() { + local myeconfargs=( + "${commonargs[@]}" + --disable-all-programs + --disable-bash-completion + --without-systemdsystemunitdir + --with-python + ) + if use userland_GNU ; then + myeconfargs+=( + --enable-libblkid + --enable-libmount + --enable-pylibmount + ) + fi + mkdir "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + popd >/dev/null || die +} + +multilib_src_configure() { + lfs_fallocate_test + # The scanf test in a run-time test which fails while cross-compiling. + # Blindly assume a POSIX setup since we require libmount, and libmount + # itself fails when the scanf test fails. #531856 + tc-is-cross-compiler && export scanf_cv_alloc_modifier=ms + export ac_cv_header_security_pam_misc_h=$(multilib_native_usex pam) #485486 + export ac_cv_header_security_pam_appl_h=$(multilib_native_usex pam) #545042 + + # Undo bad ncurses handling by upstream. Fall back to pkg-config. #601530 + export NCURSES6_CONFIG=false NCURSES5_CONFIG=false + export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false + + # configure args shared by python and non-python builds + local commonargs=( + --enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin" + ) + + local myeconfargs=( + "${commonargs[@]}" + --with-bashcompletiondir="$(get_bashcompdir)" + --without-python + $(multilib_native_use_enable suid makeinstall-chown) + $(multilib_native_use_enable suid makeinstall-setuid) + $(multilib_native_use_with readline) + $(multilib_native_use_with slang) + $(multilib_native_use_with systemd) + $(multilib_native_use_with udev) + $(multilib_native_usex ncurses "$(use_with magic libmagic)" '--without-libmagic') + $(multilib_native_usex ncurses "$(use_with unicode ncursesw)" '--without-ncursesw') + $(multilib_native_usex ncurses "$(use_with !unicode ncurses)" '--without-ncurses') + $(multilib_native_use_with audit) + $(tc-has-tls || echo --disable-tls) + $(use_enable nls) + $(use_enable unicode widechar) + $(use_enable static-libs static) + $(use_with ncurses tinfo) + $(use_with selinux) + ) + # build programs only on GNU, on *BSD we want libraries only + if multilib_is_native_abi && use userland_GNU ; then + myeconfargs+=( + --disable-chfn-chsh + --disable-login + --disable-newgrp + --disable-nologin + --disable-pylibmount + --disable-vipw + --enable-agetty + --enable-bash-completion + --enable-line + --enable-partx + --enable-raw + --enable-rename + --enable-rfkill + --enable-schedutils + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_enable caps setpriv) + $(use_enable cramfs) + $(use_enable fdformat) + $(use_enable hardlink) + $(use_enable kill) + $(use_enable logger) + $(use_enable ncurses pg) + $(use_enable su) + $(use_enable tty-helpers mesg) + $(use_enable tty-helpers wall) + $(use_enable tty-helpers write) + $(use_with cryptsetup) + ) + if [[ ${PV} == *9999 ]] ; then + myeconfargs+=( --enable-asciidoc ) + else + # We ship pre-generated man-pages for releases + myeconfargs+=( --disable-asciidoc ) + fi + else + myeconfargs+=( + --disable-all-programs + --disable-asciidoc + --disable-bash-completion + --without-systemdsystemunitdir + # build libraries + --enable-libuuid + --enable-libblkid + --enable-libsmartcols + --enable-libfdisk + ) + if use userland_GNU ; then + # those libraries don't work on *BSD + myeconfargs+=( + --enable-libmount + ) + fi + fi + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_configure + fi +} + +python_compile() { + pushd "${BUILD_DIR}" >/dev/null || die + emake all + popd >/dev/null || die +} + +multilib_src_compile() { + emake all + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_compile + fi +} + +python_test() { + pushd "${BUILD_DIR}" >/dev/null || die + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + popd >/dev/null || die +} + +multilib_src_test() { + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + if multilib_is_native_abi && use python ; then + python_foreach_impl python_test + fi +} + +python_install() { + pushd "${BUILD_DIR}" >/dev/null || die + emake DESTDIR="${D}" install + python_optimize + popd >/dev/null || die +} + +multilib_src_install() { + if multilib_is_native_abi && use python ; then + python_foreach_impl python_install + fi + + # This needs to be called AFTER python_install call (#689190) + emake DESTDIR="${D}" install + + if multilib_is_native_abi && use userland_GNU ; then + # need the libs in / + gen_usr_ldscript -a blkid fdisk mount smartcols uuid + fi +} + +multilib_src_install_all() { + dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*} + + # e2fsprogs-libs didnt install .la files, and .pc work fine + find "${ED}" -name "*.la" -delete || die + + if ! use userland_GNU ; then + # manpage collisions + # TODO: figure out a good way to keep them + rm "${ED}"/usr/share/man/man3/uuid* || die + fi + + if use pam ; then + newpamd "${FILESDIR}/runuser.pamd" runuser + newpamd "${FILESDIR}/runuser-l.pamd" runuser-l + fi + + # Note: + # Bash completion for "runuser" command is provided by same file which + # would also provide bash completion for "su" command. However, we don't + # use "su" command from this package. + # This triggers a known QA warning which we ignore for now to magically + # keep bash completion for "su" command which shadow package does not + # provide. +} + +pkg_postinst() { + if ! use tty-helpers ; then + elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers." + fi + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "The agetty util now clears the terminal by default. You" + elog "might want to add --noclear to your /etc/inittab lines." + fi +}
