commit: 1229b2908e47bb2fed9cf77013f0440a421e1708 Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> AuthorDate: Wed Jul 29 11:29:19 2020 +0000 Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> CommitDate: Wed Jul 29 11:31:31 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1229b290
sys-apps/pacman: remove last-rited pkg Closes: https://bugs.gentoo.org/659474 Closes: https://bugs.gentoo.org/627342 Closes: https://bugs.gentoo.org/627348 Closes: https://bugs.gentoo.org/711134 Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> sys-apps/pacman/Manifest | 1 - .../pacman/files/pacman-5.0.2-CVE-2016-5434.patch | 136 --------------------- sys-apps/pacman/metadata.xml | 17 --- sys-apps/pacman/pacman-5.0.2-r2.ebuild | 117 ------------------ 4 files changed, 271 deletions(-) diff --git a/sys-apps/pacman/Manifest b/sys-apps/pacman/Manifest deleted file mode 100644 index 39c12c13579..00000000000 --- a/sys-apps/pacman/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST pacman-5.0.2.tar.gz 3361701 BLAKE2B 499041cb9914991c12c21383aaf36465189ced456ca8b2908d3c036acc3ef9dde0fba1efd823580c12e6d8dbdcaa5e53a7b1329cac347208d1de21702e8f3efa SHA512 94a8cce1a52d2365a993c72f16537f4dbea6100feb8f22e8782cc7d2c1ef8a525a63f3c40bb183294c0faedcc743e3d806d2fc3c50a21ab9b03df2910039d628 diff --git a/sys-apps/pacman/files/pacman-5.0.2-CVE-2016-5434.patch b/sys-apps/pacman/files/pacman-5.0.2-CVE-2016-5434.patch deleted file mode 100644 index c245cb78dcb..00000000000 --- a/sys-apps/pacman/files/pacman-5.0.2-CVE-2016-5434.patch +++ /dev/null @@ -1,136 +0,0 @@ -From bf84fd00d3ac1ae2a43dac57f7ef689ef2e8b8aa Mon Sep 17 00:00:00 2001 -From: Nils Freydank <[email protected]> -Date: Fri, 20 Oct 2017 22:30:33 +0200 -Subject: [PATCH] Fix CVE-2016-5434 (DoS/loop and out of boundary read) - -This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using -functions instead of macros. (Thanks to Tobias for explanations of his patch.) -A short question on Freenode IRC showed that macros are generally discouraged -and functions should be used. - -The patch introduces a static size_t length_check() in libalpm/signing.c. - -[1] Original patch: -https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html -CVE request (and assignment): -http://seclists.org/oss-sec/2016/q2/526 ---- - This patch is provided to upstream, but not merged (2017-10-25). - - lib/libalpm/signing.c | 48 ++++++++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 44 insertions(+), 4 deletions(-) - -diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c -index 95cb3280..51b11df6 100644 ---- a/lib/libalpm/signing.c -+++ b/lib/libalpm/signing.c -@@ -986,6 +986,19 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist) - return 0; - } - -+/* Check to avoid out of boundary reads */ -+static size_t length_check(size_t length, size_t position, size_t a, -+ alpm_handle_t *handle, const char *identifier) -+{ -+ if( a == 0 || length - position <= a) { -+ _alpm_log(handle, ALPM_LOG_ERROR, -+ _("%s: signature format error"), identifier); -+ return -1; -+ } else { -+ return 0; -+ } -+} -+ - /** - * Extract the Issuer Key ID from a signature - * @param sig PGP signature -@@ -1022,16 +1035,25 @@ int SYMEXPORT alpm_extract_keyid(alpm_handle_t *handle, const char *identifier, - - switch(sig[pos] & 0x03) { - case 0: -+ if(length_check(len, pos, 2, handle, identifier) != 0) { -+ return -1; -+ } - blen = sig[pos + 1]; - pos = pos + 2; - break; - - case 1: -+ if(length_check(len, pos, 3, handle, identifier)) { -+ return -1; -+ } - blen = (sig[pos + 1] << 8) | sig[pos + 2]; - pos = pos + 3; - break; - - case 2: -+ if(length_check(len, pos, 5, handle, identifier)) { -+ return -1; -+ } - blen = (sig[pos + 1] << 24) | (sig[pos + 2] << 16) | (sig[pos + 3] << 8) | sig[pos + 4]; - pos = pos + 5; - break; -@@ -1059,7 +1081,16 @@ int SYMEXPORT alpm_extract_keyid(alpm_handle_t *handle, const char *identifier, - - pos = pos + 4; - -+ /* pos got changed above, so an explicit check is necessary -+ * check for 2 as that catches another some lines down */ -+ if(length_check(len, pos, 2, handle, identifier)) { -+ return -1; -+ } - hlen = (sig[pos] << 8) | sig[pos + 1]; -+ -+ if(length_check(len, pos, hlen + 2, handle, identifier)) { -+ return -1; -+ } - pos = pos + hlen + 2; - - ulen = (sig[pos] << 8) | sig[pos + 1]; -@@ -1072,30 +1103,39 @@ int SYMEXPORT alpm_extract_keyid(alpm_handle_t *handle, const char *identifier, - slen = sig[spos]; - spos = spos + 1; - } else if(sig[spos] < 255) { -+ if(length_check(pos + ulen, spos, 2, handle, identifier)){ -+ return -1; -+ } - slen = (sig[spos] << 8) | sig[spos + 1]; - spos = spos + 2; - } else { -+ /* check for pos and spos, as spos is still pos */ -+ if(length_check(len, pos, 5, handle, identifier)) { -+ return -1; -+ } - slen = (sig[spos + 1] << 24) | (sig[spos + 2] << 16) | (sig[spos + 3] << 8) | sig[spos + 4]; - spos = spos + 5; - } -- - if(sig[spos] == 16) { - /* issuer key ID */ - char key[17]; - size_t i; -+ if(length_check(pos + ulen, spos, 8, handle, identifier)) { -+ return -1; -+ } - for (i = 0; i < 8; i++) { - sprintf(&key[i * 2], "%02X", sig[spos + i + 1]); - } - *keys = alpm_list_add(*keys, strdup(key)); - break; - } -- -+ if(length_check(pos + ulen + 1, spos, slen, handle, identifier)) { -+ return -1; -+ } - spos = spos + slen; - } -- - pos = pos + (blen - hlen - 8); - } -- - return 0; - } - --- -2.14.2 - diff --git a/sys-apps/pacman/metadata.xml b/sys-apps/pacman/metadata.xml deleted file mode 100644 index 0a733cd836d..00000000000 --- a/sys-apps/pacman/metadata.xml +++ /dev/null @@ -1,17 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> -<pkgmetadata> - <upstream> - <bugs-to>mailto:[email protected]</bugs-to> - <changelog>https://git.archlinux.org/pacman.git/tree/NEWS</changelog> - <doc>https://www.archlinux.org/pacman/</doc> - </upstream> - <!-- maintainer-needed --> - <slots> - <subslots>Reflect major ABI of libalpm.so.</subslots> - </slots> - <use> - <flag name="doc">Install extended documentation using <pkg>app-doc/doxygen</pkg>. (Man pages are included by default.)</flag> - <flag name="gpg">Enable GPG signature verification using <pkg>app-crypt/gpgme</pkg></flag> - </use> -</pkgmetadata> diff --git a/sys-apps/pacman/pacman-5.0.2-r2.ebuild b/sys-apps/pacman/pacman-5.0.2-r2.ebuild deleted file mode 100644 index 59c23752551..00000000000 --- a/sys-apps/pacman/pacman-5.0.2-r2.ebuild +++ /dev/null @@ -1,117 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -PYTHON_COMPAT=( python2_7 ) - -inherit autotools - -DESCRIPTION="Archlinux's binary package manager" -HOMEPAGE="https://archlinux.org/pacman/"; - -PATCHES=() - -if [[ ${PV} == "9999" ]]; then - inherit git-r3 - EGIT_REPO_URI="https://git.archlinux.org/pacman.git"; -else - SRC_URI="https://sources.archlinux.org/other/pacman/${P}.tar.gz"; - # Do *not* re-add ~x86! - # https://www.archlinux.org/news/phasing-out-i686-support/ - KEYWORDS="-* ~amd64" - - PATCHES+=( "${FILESDIR}"/${PN}-5.0.2-CVE-2016-5434.patch ) -fi - -LICENSE="GPL-2" -SLOT="0/10" - -IUSE="curl debug doc +gpg libressl test" -COMMON_DEPEND=" - app-arch/libarchive:=[lzma] - gpg? ( >=app-crypt/gpgme-1.4.0:= ) - curl? ( net-misc/curl ) - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - virtual/libiconv - virtual/libintl -" -RDEPEND="${COMMON_DEPEND}" - -DEPEND="${COMMON_DEPEND} - app-text/asciidoc - doc? ( app-doc/doxygen ) - test? ( - sys-apps/fakeroot - sys-apps/fakechroot - ) -" - -# workaround until tests are fixed/sorted out -RESTRICT="test" - -src_prepare() { - # Remove a line that adds "-Werror" in ./configure when - # "--enable-debug" is passed: - sed -i -e '/-Werror/d' configure.ac || die - - default - eautoreconf -} - -src_configure() { - local myeconfargs=( - --disable-static - --localstatedir=/var - --disable-git-version - --with-openssl - # Help protect user from shooting his/her Gentoo installation - # in its foot. - --with-root-dir="${EPREFIX}/var/chroot/archlinux" - $(use_enable debug) - # full doc with doxygen - $(use_enable doc doxygen) - $(use_with curl libcurl) - $(use_with gpg gpgme) - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - emake -C contrib -} - -src_install() { - dodir /etc/pacman.d/ - # contributed parts, i.e. not pacman itself, but useful helpers and some templates and basic docs - dobin "${S}"/contrib/{bacman,checkupdates,pac{cache,diff,list,log-pkglist,scripts,search},rankmirrors,updpkgsums} - newdoc "${S}"/contrib/README contrib-README - dodoc "${S}"/contrib/PKGBUILD.vim - # create /var/chroot/archlinux - # see bug #631754 - dodir /var/chroot/archlinux - keepdir /var/chroot/archlinux /var/lib/pacman - - default - find "${D}" -name '*.la' -delete || die - - # avoid creating stuff inside /var/cache/ - # see bug #633742 for more information - rm -r "${D}"/var/cache/pacman - rmdir "${D}"/var/cache -} - -pkg_postinst() { - einfo "" - einfo "The default root dir was set to ${EPREFIX}/var/chroot/archlinux" - einfo "to avoid breaking Gentoo systems due to oscitancy." - einfo "If you prefer another directory, take a look at" - einfo "pacman's parameter -r|--root)." - einfo "" - einfo "You will need to setup at least one mirror in /etc/pacman.d/mirrorlist." - einfo "Please generate it manually according to the Archlinux documentation:" - einfo "https://wiki.archlinux.org/index.php/Mirror"; - einfo "" -}
