commit: d69385cd24a131899918f7d51f8350a30564e983 Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> AuthorDate: Sun Jan 15 03:56:10 2023 +0000 Commit: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> CommitDate: Sun Jan 15 03:59:03 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d69385cd
dev-util/schroot: add resize -> reserve patch otherwise it fails at runtime on hardened systems. Thanks-to: Arsen Arsenović <arsen <AT> aarsen.me> Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> .../files/schroot-1.6.13-resize-reserve.patch | 103 +++++++++++++++++++++ ....6.13_p2.ebuild => schroot-1.6.13_p2-r1.ebuild} | 5 +- 2 files changed, 107 insertions(+), 1 deletion(-) diff --git a/dev-util/schroot/files/schroot-1.6.13-resize-reserve.patch b/dev-util/schroot/files/schroot-1.6.13-resize-reserve.patch new file mode 100644 index 000000000000..da798f3b4761 --- /dev/null +++ b/dev-util/schroot/files/schroot-1.6.13-resize-reserve.patch @@ -0,0 +1,103 @@ +From 6d7a762d6d630548ed558e0de8ddf04f3b0a69fc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arsen=20Arsenovi=C4=87?= <[email protected]> +Date: Sat, 14 Jan 2023 22:53:20 +0100 +Subject: [PATCH] sbuild-util: use resize instead of reserve + +Using reserved but uninitialized space is invalid, and, additionally, +reserve is not required to allocate memory or change the buffer size at +all. +--- + sbuild/sbuild-util.cc | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/sbuild/sbuild-util.cc b/sbuild/sbuild-util.cc +index b89068a7..b6af7e89 100644 +--- a/sbuild/sbuild-util.cc ++++ b/sbuild/sbuild-util.cc +@@ -624,17 +624,17 @@ void + sbuild::passwd::query_uid (uid_t uid) + { + buffer_type::size_type size = 1 << 7; +- buffer.reserve(size); ++ buffer.resize(size); + int error; + + ::passwd *pwd_result; + + while ((error = getpwuid_r(uid, this, +- &buffer[0], buffer.capacity(), ++ &buffer[0], buffer.size(), + &pwd_result)) == ERANGE) + { + size <<= 1; +- buffer.reserve(size); ++ buffer.resize(size); + } + + if (pwd_result) +@@ -647,17 +647,17 @@ void + sbuild::passwd::query_name (const char *name) + { + buffer_type::size_type size = 1 << 8; +- buffer.reserve(size); ++ buffer.resize(size); + int error; + + ::passwd *pwd_result; + + while ((error = getpwnam_r(name, this, +- &buffer[0], buffer.capacity(), ++ &buffer[0], buffer.size(), + &pwd_result)) == ERANGE) + { + size <<= 1; +- buffer.reserve(size); ++ buffer.resize(size); + } + + if (pwd_result) +@@ -733,17 +733,17 @@ void + sbuild::group::query_gid (gid_t gid) + { + buffer_type::size_type size = 1 << 7; +- buffer.reserve(size); ++ buffer.resize(size); + int error; + + ::group *grp_result; + + while ((error = getgrgid_r(gid, this, +- &buffer[0], buffer.capacity(), ++ &buffer[0], buffer.size(), + &grp_result)) == ERANGE) + { + size <<= 1; +- buffer.reserve(size); ++ buffer.resize(size); + } + + if (grp_result) +@@ -756,17 +756,17 @@ void + sbuild::group::query_name (const char *name) + { + buffer_type::size_type size = 1 << 8; +- buffer.reserve(size); ++ buffer.resize(size); + int error; + + ::group *grp_result; + + while ((error = getgrnam_r(name, this, +- &buffer[0], buffer.capacity(), ++ &buffer[0], buffer.size(), + &grp_result)) == ERANGE) + { + size <<= 1; +- buffer.reserve(size); ++ buffer.resize(size); + } + + if (grp_result) +-- +2.30.2 + diff --git a/dev-util/schroot/schroot-1.6.13_p2.ebuild b/dev-util/schroot/schroot-1.6.13_p2-r1.ebuild similarity index 96% rename from dev-util/schroot/schroot-1.6.13_p2.ebuild rename to dev-util/schroot/schroot-1.6.13_p2-r1.ebuild index dedc047eec42..839f9adc48f4 100644 --- a/dev-util/schroot/schroot-1.6.13_p2.ebuild +++ b/dev-util/schroot/schroot-1.6.13_p2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -50,6 +50,9 @@ S="${WORKDIR}/re${PN}" PATCHES=( "${FILESDIR}"/${PN}-1.6.13_p2-build-fixes.patch + + # https://codeberg.org/shelter/reschroot/pulls/6 + "${FILESDIR}"/${PN}-1.6.13-resize-reserve.patch ) src_unpack() {
