commit: 7d0191b1f3430240225b3e6c565f8ab6a9715996 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Wed Jun 7 07:41:05 2023 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Wed Jun 7 07:42:49 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d0191b1
dev-libs/iniparser: add patch for CVE-2023-33461 from upstream - drop old 3.1-r3 - drop obsolete patches - add patch from upstream for CVE-2023-33461 - drop my maintainership, portage-utils doesn't use this any more Bug: https://bugs.gentoo.org/907928 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> dev-libs/iniparser/Manifest | 1 - .../iniparser/files/iniparser-3.0-autotools.patch | 38 ----------- dev-libs/iniparser/files/iniparser-3.0b-cpp.patch | 45 ------------- .../files/iniparser-4.0-out-of-bounds-read.patch | 11 ---- .../files/iniparser-4.1-CVE-null-getstring.patch | 43 +++++++++++++ dev-libs/iniparser/iniparser-3.1-r3.ebuild | 50 --------------- dev-libs/iniparser/iniparser-4.1-r1.ebuild | 75 ++++++++++++++++++++++ dev-libs/iniparser/metadata.xml | 4 -- 8 files changed, 118 insertions(+), 149 deletions(-) diff --git a/dev-libs/iniparser/Manifest b/dev-libs/iniparser/Manifest index f061f9715a2a..80cc71c57966 100644 --- a/dev-libs/iniparser/Manifest +++ b/dev-libs/iniparser/Manifest @@ -1,2 +1 @@ -DIST iniparser-3.1.tar.gz 39097 BLAKE2B 4ada36f5bb95476c06deffa7938a750bcdeb0bd5bb817b24274c1e1c588d9abbd23c3a58f3cb3b6f961912f3e12e74aadf224da4cd81863b874e4a84d11c1744 SHA512 8fd8324c5629fdc3e3eff00afb5f0832402ccc760c5b92db82aa29b340ec891419ca2c4fee3a4d4d67cf9bc51c76b095bc0c458e087c2b8e72ac36867c47ae86 DIST iniparser-4.1.tar.gz 44732 BLAKE2B a3480dab512b41eb9635c733b76048ab089a311c2970aae5ce89d103ff6ab1923d5824a5fca3bf445ba213ecd9954018fdef2831fd98c1a43c9ae7d4fb1cb388 SHA512 a8125aaaead1f9dfde380fa1e45bae31ca2312be029f2c53b4072cb3b127d16578a95c7c0aee1e3dda5e7b8db7a865ba6dfe8a1d80eb673061b3babef744e968 diff --git a/dev-libs/iniparser/files/iniparser-3.0-autotools.patch b/dev-libs/iniparser/files/iniparser-3.0-autotools.patch deleted file mode 100644 index 361c96a7d4fb..000000000000 --- a/dev-libs/iniparser/files/iniparser-3.0-autotools.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- /dev/null -+++ b/Makefile.am -@@ -0,0 +1,8 @@ -+ACLOCAL_AMFLAGS = -I config -+ -+lib_LTLIBRARIES = libiniparser.la -+ -+libiniparser_la_LDFLAGS = -no-undefined -version-info @SHARED_VERSION_INFO@ -+libiniparser_la_SOURCES = src/dictionary.c src/iniparser.c -+ -+include_HEADERS = src/dictionary.h src/iniparser.h ---- /dev/null -+++ b/configure.ac -@@ -0,0 +1,24 @@ -+AC_PREREQ([2.65]) -+AC_INIT([iniparser], [3.0], [[email protected]]) -+ -+AC_CONFIG_AUX_DIR(config) -+AC_CONFIG_MACRO_DIR(config) -+ -+AM_INIT_AUTOMAKE([1.8 foreign]) -+ -+SHARED_VERSION_INFO="0" -+AC_SUBST(SHARED_VERSION_INFO) -+ -+# Checks for programs. -+AC_PROG_CC -+AC_SYS_LARGEFILE -+ -+LT_INIT -+# Checks for header files. -+AC_CHECK_HEADERS([ ctype.h stdio.h stdlib.h string.h ]) -+ -+# Checks for library functions. -+AC_CHECK_FUNCS([strcmp]) -+ -+AC_CONFIG_FILES([Makefile]) -+AC_OUTPUT diff --git a/dev-libs/iniparser/files/iniparser-3.0b-cpp.patch b/dev-libs/iniparser/files/iniparser-3.0b-cpp.patch deleted file mode 100644 index b7cd17d2d226..000000000000 --- a/dev-libs/iniparser/files/iniparser-3.0b-cpp.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- a/src/dictionary.c -+++ b/src/dictionary.c -@@ -32,6 +32,9 @@ - /*--------------------------------------------------------------------------- - Private functions - ---------------------------------------------------------------------------*/ -+#ifdef __cplusplus -+extern "C" { -+#endif - - /* Doubles the allocated size associated to a pointer */ - /* 'size' is the current allocated size. */ -@@ -394,5 +397,10 @@ - dictionary_del(d); - return 0 ; - } -+ -+#ifdef __cplusplus -+} -+#endif -+ - #endif - /* vim: set ts=4 et sw=4 tw=75 */ ---- a/src/iniparser.h -+++ b/src/iniparser.h -@@ -49,6 +49,10 @@ - int iniparser_getnsec(dictionary * d); - - -+#ifdef __cplusplus -+extern "C" { -+#endif -+ - /*-------------------------------------------------------------------------*/ - /** - @brief Get name for section n in a dictionary. -@@ -304,4 +308,8 @@ - /*--------------------------------------------------------------------------*/ - void iniparser_freedict(dictionary * d); - -+#ifdef __cplusplus -+} -+#endif -+ - #endif diff --git a/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch b/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch deleted file mode 100644 index f6488810ac12..000000000000 --- a/dev-libs/iniparser/files/iniparser-4.0-out-of-bounds-read.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/iniparser.c -+++ b/src/iniparser.c -@@ -663,7 +663,7 @@ - while (fgets(line+last, ASCIILINESZ-last, in)!=NULL) { - lineno++ ; - len = (int)strlen(line)-1; -- if (len==0) -+ if (len<=0) - continue; - /* Safety check against buffer overflows */ - if (line[len]!='\n') { diff --git a/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch b/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch new file mode 100644 index 000000000000..bf3c035fda07 --- /dev/null +++ b/dev-libs/iniparser/files/iniparser-4.1-CVE-null-getstring.patch @@ -0,0 +1,43 @@ +From ace9871f65d11b5d73f0b9ee8cf5d2807439442d Mon Sep 17 00:00:00 2001 +From: Antonio <[email protected]> +Date: Fri, 2 Jun 2023 15:03:10 -0300 +Subject: [PATCH] Handle null return from iniparser_getstring + +Fix handling of NULL returns from iniparser_getstring in +iniparser_getboolean, iniparser_getlongint and iniparser_getdouble, +avoiding a crash. +--- + src/iniparser.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/iniparser.c b/src/iniparser.c +index f1d1658..dbceb20 100644 +--- a/src/iniparser.c ++++ b/src/iniparser.c +@@ -456,7 +456,7 @@ long int iniparser_getlongint(const dictionary * d, const char * key, long int n + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return strtol(str, NULL, 0); + } + +@@ -511,7 +511,7 @@ double iniparser_getdouble(const dictionary * d, const char * key, double notfou + const char * str ; + + str = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (str==INI_INVALID_KEY) return notfound ; ++ if (str==NULL || str==INI_INVALID_KEY) return notfound ; + return atof(str); + } + +@@ -553,7 +553,7 @@ int iniparser_getboolean(const dictionary * d, const char * key, int notfound) + const char * c ; + + c = iniparser_getstring(d, key, INI_INVALID_KEY); +- if (c==INI_INVALID_KEY) return notfound ; ++ if (c==NULL || c==INI_INVALID_KEY) return notfound ; + if (c[0]=='y' || c[0]=='Y' || c[0]=='1' || c[0]=='t' || c[0]=='T') { + ret = 1 ; + } else if (c[0]=='n' || c[0]=='N' || c[0]=='0' || c[0]=='f' || c[0]=='F') { diff --git a/dev-libs/iniparser/iniparser-3.1-r3.ebuild b/dev-libs/iniparser/iniparser-3.1-r3.ebuild deleted file mode 100644 index 37dc4fdbbabb..000000000000 --- a/dev-libs/iniparser/iniparser-3.1-r3.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools - -DESCRIPTION="A free stand-alone ini file parsing library" -HOMEPAGE="http://ndevilla.free.fr/iniparser/"; -SRC_URI="http://ndevilla.free.fr/iniparser/${P}.tar.gz"; - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" -IUSE="doc examples" -# the tests are rather examples than tests, no point in running them -RESTRICT="test" - -BDEPEND="doc? ( app-doc/doxygen )" - -S="${WORKDIR}/${PN}" - -PATCHES=( - "${FILESDIR}"/${PN}-3.0b-cpp.patch - "${FILESDIR}"/${PN}-3.0-autotools.patch - "${FILESDIR}"/${PN}-4.0-out-of-bounds-read.patch -) - -src_prepare() { - default - eautoreconf -} - -src_install() { - if use doc; then - emake -C doc - HTML_DOCS=( html/. ) - fi - - default - - if use examples; then - docinto examples - dodoc test/*.{c,ini,py} - docompress -x /usr/share/doc/${PF}/examples - fi - - # No static archives - find "${ED}" -name '*.la' -delete || die -} diff --git a/dev-libs/iniparser/iniparser-4.1-r1.ebuild b/dev-libs/iniparser/iniparser-4.1-r1.ebuild new file mode 100644 index 000000000000..67b34398872b --- /dev/null +++ b/dev-libs/iniparser/iniparser-4.1-r1.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit toolchain-funcs flag-o-matic + +DESCRIPTION="A free stand-alone ini file parsing library" +HOMEPAGE="https://github.com/ndevilla/iniparser"; +SRC_URI="https://github.com/ndevilla/iniparser/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="MIT" +SLOT="4" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +IUSE="doc examples" + +BDEPEND="doc? ( app-doc/doxygen )" + +PATCHES=( + ${FILESDIR}/${P}-CVE-null-getstring.patch # upstream, bug #907928 +) + +_newlib_so_with_symlinks() { + local source="${1}" base="${2}" current="${3}" revision="${4}" age="${5}" + + newlib.so ${source} ${base}.so.${current}.${revision}.${age} + local i + for i in ".${current}" '' ; do + dosym ${base}.so.${current}.${revision}.${age} /usr/$(get_libdir)/${base}.so${i} + done +} + +src_prepare() { + default + rm -r html || die +} + +src_configure() { + append-lfs-flags +} + +_emake() { + emake CC="$(tc-getCC)" AR="$(tc-getAR)" V=1 \ + SO_TARGET=lib${PN}${SLOT}.so.1 \ + ADDITIONAL_CFLAGS= \ + "$@" +} + +src_compile() { + _emake +} + +src_test() { + _emake -C test +} + +src_install() { + _newlib_so_with_symlinks lib${PN}${SLOT}.so.1 lib${PN}${SLOT} 1 0 0 + + insinto /usr/include/${PN}${SLOT} + doins src/*.h + + if use doc; then + emake -C doc + HTML_DOCS=( html/. ) + fi + + if use examples; then + docinto examples + dodoc -r example/. + docompress -x /usr/share/doc/${PF}/examples + fi + + einstalldocs +} diff --git a/dev-libs/iniparser/metadata.xml b/dev-libs/iniparser/metadata.xml index d34e989567aa..3b48e648fba0 100644 --- a/dev-libs/iniparser/metadata.xml +++ b/dev-libs/iniparser/metadata.xml @@ -5,10 +5,6 @@ <email>[email protected]</email> <name>Samba Team</name> </maintainer> - <maintainer type="person"> - <email>[email protected]</email> - <name>Fabian Groffen</name> - </maintainer> <upstream> <remote-id type="github">ndevilla/iniparser</remote-id> </upstream>
