commit: 7bf490bf9bec287e3927af2df506fa63a9e245f1 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Fri Oct 1 09:42:55 2021 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Fri Oct 1 09:42:55 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bf490bf
app-misc/mc: Security cleanup Bug: https://bugs.gentoo.org/811159 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> app-misc/mc/Manifest | 1 - app-misc/mc/files/mc-4.8.26-file-seccomp.patch | 142 ------------------------- app-misc/mc/files/mc-4.8.26-shadow-crash.patch | 39 ------- app-misc/mc/mc-4.8.26-r4.ebuild | 125 ---------------------- app-misc/mc/mc-4.8.26-r5.ebuild | 131 ----------------------- 5 files changed, 438 deletions(-) diff --git a/app-misc/mc/Manifest b/app-misc/mc/Manifest index 771926154e4..24aa9112735 100644 --- a/app-misc/mc/Manifest +++ b/app-misc/mc/Manifest @@ -1,2 +1 @@ -DIST mc-4.8.26.tar.xz 2492612 BLAKE2B e13ab99fb7d5a9e2cf1149ad96d763681b0186fbf5c03fc9e349a57a4a6f48b598c9eeed85e4cb94a18c5c5b89d4ee0e21f6d34c8cfd5e21da53551085aa3469 SHA512 f2f06915b775ecc94016fe5d5db9301e953cc89ee0708e79ee96e14a9f53142a467b27061ca57f65b40310fa86d4d13e2f2a29a601f8fefa6216fb10f73007be DIST mc-4.8.27.tar.xz 2510296 BLAKE2B efb0f3a8beb7285a793085a8e3b3a49619d0f8a4babff7de90f7a462cf6c013bbc08b92bc48e2c2e2204799332cd0160a86e201d9368cabde78e653b4306763f SHA512 c955d66cee06e3a0e0c795f2f6b98b184762363390a903cf8ef83dc5e98e6e94d5a9c06c4788d9ff4b3ae111541df8c7dc0b864a5c21c40421a81cd8690e9a69 diff --git a/app-misc/mc/files/mc-4.8.26-file-seccomp.patch b/app-misc/mc/files/mc-4.8.26-file-seccomp.patch deleted file mode 100644 index 0a36f47f3a4..00000000000 --- a/app-misc/mc/files/mc-4.8.26-file-seccomp.patch +++ /dev/null @@ -1,142 +0,0 @@ -https://bugs.gentoo.org/776988 -https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43 - -From 1ed638d66cf803f69ac12ee80a72d217f2146e43 Mon Sep 17 00:00:00 2001 -From: Andrew Borodin <[email protected]> -Date: Tue, 16 Feb 2021 16:29:51 +0300 -Subject: [PATCH] Ticket #4180: fix zip handling. - -After 8857423e4ebb770b6f0ea3103abf5d35c85fcbe8 zip archives opened with -an error: - - file -L -z archive.zip: Bad system call - -This caused by using /usr/bin/file with -z option, because seccomp (a -security sandbox) doesn't allow it.. - -Solution: use -S option together with -z one. - -The file command accepts the -S option since 5.33. - -Signed-off-by: Andrew Borodin <[email protected]> ---- - configure.ac | 66 +++++++++++++++++++++++++++++++++++-------- - src/filemanager/ext.c | 7 +++-- - src/setup.c | 2 ++ - 3 files changed, 60 insertions(+), 15 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5f372dc3f5..f2351c99ad 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -115,23 +115,65 @@ fi - AC_SUBST(MANDOC) - AC_SUBST(MAN_FLAGS) - --dnl Check for -L option to file -+dnl Check for -z, -L, and -S options to file - AC_CHECK_PROG(HAVE_FILECMD, file, true, false) - if $HAVE_FILECMD; then -- AC_MSG_CHECKING([for -L option to file command]) -- AC_CACHE_VAL(mc_cv_filel, [ -- file -L . > /dev/null 2>&1 -- if test $? = 0; then -- mc_cv_filel=yes -+ dnl Don't use the file command if it doesn't accept the -z option -+ AC_MSG_CHECKING([for -z option to file command]) -+ AC_CACHE_VAL(mc_cv_file_z, [ -+ file -z . > /dev/null 2>&1 -+ if test $? = 0; then -+ mc_cv_file_z=yes -+ else -+ mc_cv_file_z=no -+ fi -+ ]) -+ AC_MSG_RESULT([$mc_cv_file_z]) -+ -+ if test x$mc_cv_file_z = xyes; then -+ AC_DEFINE(USE_FILE_CMD, 1, [Define if the file command accepts the -z option]) - else -- mc_cv_filel=no -+ AC_MSG_WARN([The file command doesn't accept the -z option and will not be used]) - fi -- ]) -- if test x$mc_cv_filel = xyes; then -- AC_DEFINE(FILE_L, 1, [Define if the file command accepts the -L option]) -+ -+ if test x$mc_cv_file_z = xyes; then -+ dnl file is used; check -L and -S options -+ -+ AC_MSG_CHECKING([for -L option to file command]) -+ AC_CACHE_VAL(mc_cv_file_L, [ -+ file -L . > /dev/null 2>&1 -+ if test $? = 0; then -+ mc_cv_file_L=yes -+ else -+ mc_cv_file_L=no -+ fi -+ ]) -+ AC_MSG_RESULT([$mc_cv_file_L]) -+ -+ if test x$mc_cv_file_L = xyes; then -+ AC_DEFINE(FILE_L, "-L ", [Define if the file command accepts the -L option]) -+ else -+ AC_DEFINE(FILE_L, "", [Define if the file command accepts the -L option]) -+ fi -+ -+ dnl The file command accepts the -S option since 5.33 -+ AC_MSG_CHECKING([for -S option to file command]) -+ AC_CACHE_VAL(mc_cv_file_S, [ -+ file -S . > /dev/null 2>&1 -+ if test $? = 0; then -+ mc_cv_file_S=yes -+ else -+ mc_cv_file_S=no -+ fi -+ ]) -+ AC_MSG_RESULT([$mc_cv_file_S]) -+ -+ if test x$mc_cv_file_S = xyes; then -+ AC_DEFINE(FILE_S, "-S ", [Define if file command accepts the -S option]) -+ else -+ AC_DEFINE(FILE_S, "", [Define if file command accepts the -S option]) -+ fi - fi -- filel=$mc_cv_filel -- AC_MSG_RESULT([$filel]) - fi - - dnl Only list browsers here that can be run in background (i.e. with `&') -diff --git a/src/filemanager/ext.c b/src/filemanager/ext.c -index 4e6f10c6c5..d6a09df7bb 100644 ---- a/src/filemanager/ext.c -+++ b/src/filemanager/ext.c -@@ -71,10 +71,11 @@ - - /*** file scope macro definitions ****************************************************************/ - --#ifdef FILE_L --#define FILE_CMD "file -L -z " -+#ifdef USE_FILE_CMD -+#define FILE_CMD "file -z " FILE_S FILE_L - #else --#define FILE_CMD "file -z " -+/* actually file is unused, but define some reasonable command */ -+#define FILE_CMD "file " - #endif - - /*** file scope type declarations ****************************************************************/ -diff --git a/src/setup.c b/src/setup.c -index 77c07649d5..2ef07f2569 100644 ---- a/src/setup.c -+++ b/src/setup.c -@@ -317,7 +317,9 @@ static const struct - { "old_esc_mode", &old_esc_mode }, - { "cd_symlinks", &mc_global.vfs.cd_symlinks }, - { "show_all_if_ambiguous", &mc_global.widget.show_all_if_ambiguous }, -+#ifdef USE_FILE_CMD - { "use_file_to_guess_type", &use_file_to_check_type }, -+#endif - { "alternate_plus_minus", &mc_global.tty.alternate_plus_minus }, - { "only_leading_plus_minus", &only_leading_plus_minus }, - { "show_output_starts_shell", &output_starts_shell }, diff --git a/app-misc/mc/files/mc-4.8.26-shadow-crash.patch b/app-misc/mc/files/mc-4.8.26-shadow-crash.patch deleted file mode 100644 index 4eeee45bc8e..00000000000 --- a/app-misc/mc/files/mc-4.8.26-shadow-crash.patch +++ /dev/null @@ -1,39 +0,0 @@ -https://bugs.gentoo.org/768285 -https://midnight-commander.org/ticket/4192 - -From 6394547dbffbad44ea50c64c282de4b610ca07bf Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <[email protected]> -Date: Wed, 3 Feb 2021 09:47:13 +0300 -Subject: [PATCH] Ticket #4192: fix crash if shadow is out of screen. - -(tty_clip): add extra tests for area boundaries. - -Signed-off-by: Andrew Borodin <[email protected]> ---- - lib/tty/tty-ncurses.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/lib/tty/tty-ncurses.c b/lib/tty/tty-ncurses.c -index 03235cd5b..5cddf5059 100644 ---- a/lib/tty/tty-ncurses.c -+++ b/lib/tty/tty-ncurses.c -@@ -152,9 +152,16 @@ tty_clip (int *y, int *x, int *rows, int *cols) - - if (*y + *rows > LINES) - *rows = LINES - *y; -+ -+ if (*rows <= 0) -+ return FALSE; -+ - if (*x + *cols > COLS) - *cols = COLS - *x; - -+ if (*cols <= 0) -+ return FALSE; -+ - return TRUE; - } - --- -2.30.0 - diff --git a/app-misc/mc/mc-4.8.26-r4.ebuild b/app-misc/mc/mc-4.8.26-r4.ebuild deleted file mode 100644 index 26d020ad5a2..00000000000 --- a/app-misc/mc/mc-4.8.26-r4.ebuild +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic - -MY_P=${P/_/-} - -DESCRIPTION="GNU Midnight Commander is a text based file manager" -HOMEPAGE="https://midnight-commander.org"; -SRC_URI="http://ftp.midnight-commander.org/${MY_P}.tar.xz"; - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris" -IUSE="+edit gpm nls samba sftp +slang spell test unicode X +xdg" - -REQUIRED_USE="spell? ( edit )" - -RDEPEND=">=dev-libs/glib-2.26.0:2 - gpm? ( sys-libs/gpm ) - kernel_linux? ( sys-fs/e2fsprogs ) - samba? ( net-fs/samba ) - sftp? ( net-libs/libssh2 ) - slang? ( >=sys-libs/slang-2 ) - !slang? ( sys-libs/ncurses:=[unicode(+)?] ) - spell? ( app-text/aspell ) - X? ( x11-libs/libX11 - x11-libs/libICE - x11-libs/libXau - x11-libs/libXdmcp - x11-libs/libSM )" -DEPEND="${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - nls? ( sys-devel/gettext ) - test? ( dev-libs/check ) - " - -PATCHES=( - "${FILESDIR}"/${P}-shadow-crash.patch - "${FILESDIR}"/${P}-file-seccomp.patch -) - -RESTRICT="!test? ( test )" - -S="${WORKDIR}/${MY_P}" - -pkg_pretend() { - if use slang && use unicode ; then - ewarn "\"unicode\" USE flag only takes effect when the \"slang\" USE flag is disabled." - fi -} - -src_prepare() { - default - - # patch touches configure.ac - eautoreconf -} - -src_configure() { - [[ ${CHOST} == *-solaris* ]] && append-ldflags "-lnsl -lsocket" - - local myeconfargs=( - --enable-charset - --enable-vfs - --with-homedir=$(usex xdg 'XDG' '.mc') - --with-screen=$(usex slang 'slang' "ncurses$(usex unicode 'w' '')") - $(use_enable kernel_linux vfs-undelfs) - # Today mclib does not expose any headers and is linked to - # single 'mc' binary. Thus there is no advantage of having - # a library. Let's avoid shared library altogether - # as it also conflicts with sci-libs/mc: bug #685938 - --disable-mclib - $(use_enable nls) - $(use_enable samba vfs-smb) - $(use_enable sftp vfs-sftp) - $(use_enable spell aspell) - $(use_enable test tests) - $(use_with gpm gpm-mouse) - $(use_with X x) - $(use_with edit internal-edit) - ) - econf "${myeconfargs[@]}" -} - -src_test() { - # CK_FORK=no to avoid using fork() in check library - # as mc mocks fork() itself: bug #644462. - # - # VERBOSE=1 to make test failures contain detailed - # information. - CK_FORK=no emake check VERBOSE=1 -} - -src_install() { - emake DESTDIR="${D}" install - dodoc AUTHORS README NEWS - - # fix bug #334383 - if use kernel_linux && [[ ${EUID} == 0 ]] ; then - fowners root:tty /usr/libexec/mc/cons.saver - fperms g+s /usr/libexec/mc/cons.saver - fi - - if ! use xdg ; then - sed 's@MC_XDG_OPEN="xdg-open"@MC_XDG_OPEN="/bin/false"@' \ - -i "${ED}"/usr/libexec/mc/ext.d/*.sh || die - fi -} - -pkg_postinst() { - if use spell && ! has_version app-dicts/aspell-en ; then - elog "'spell' USE flag is enabled however app-dicts/aspell-en is not installed." - elog "You should manually set 'spell_language' in the Misc section of ~/.config/mc/ini" - elog "It has to be set to one of your installed aspell dictionaries or 'NONE'" - elog - fi - - elog "To enable exiting to latest working directory," - elog "put this into your ~/.bashrc:" - elog ". ${EPREFIX}/usr/libexec/mc/mc.sh" -} diff --git a/app-misc/mc/mc-4.8.26-r5.ebuild b/app-misc/mc/mc-4.8.26-r5.ebuild deleted file mode 100644 index 7bd110cd799..00000000000 --- a/app-misc/mc/mc-4.8.26-r5.ebuild +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools flag-o-matic - -MY_P=${P/_/-} - -DESCRIPTION="GNU Midnight Commander is a text based file manager" -HOMEPAGE="https://midnight-commander.org"; -SRC_URI="http://ftp.midnight-commander.org/${MY_P}.tar.xz"; - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris" -IUSE="+edit gpm nls samba sftp +slang spell test unicode X +xdg" - -REQUIRED_USE="spell? ( edit )" - -RDEPEND=">=dev-libs/glib-2.26.0:2 - gpm? ( sys-libs/gpm ) - kernel_linux? ( sys-fs/e2fsprogs ) - samba? ( net-fs/samba ) - sftp? ( net-libs/libssh2 ) - slang? ( >=sys-libs/slang-2 ) - !slang? ( sys-libs/ncurses:=[unicode(+)?] ) - spell? ( app-text/aspell ) - X? ( x11-libs/libX11 - x11-libs/libICE - x11-libs/libXau - x11-libs/libXdmcp - x11-libs/libSM )" -DEPEND="${RDEPEND}" -BDEPEND="app-arch/xz-utils - virtual/pkgconfig - nls? ( sys-devel/gettext ) - test? ( dev-libs/check )" - -PATCHES=( - "${FILESDIR}"/${PN}-4.8.26-file-seccomp.patch - "${FILESDIR}"/${PN}-4.8.26-ncurses-mouse.patch - "${FILESDIR}"/${PN}-4.8.26-shadow-crash.patch -) - -RESTRICT="!test? ( test )" - -S="${WORKDIR}/${MY_P}" - -pkg_pretend() { - if use slang && use unicode ; then - ewarn "\"unicode\" USE flag only takes effect when the \"slang\" USE flag is disabled." - fi -} - -src_prepare() { - default - - # patch touches configure.ac - eautoreconf -} - -src_configure() { - [[ ${CHOST} == *-solaris* ]] && append-ldflags "-lnsl -lsocket" - - local myeconfargs=( - --enable-charset - --enable-vfs - --with-homedir=$(usex xdg 'XDG' '.mc') - --with-screen=$(usex slang 'slang' "ncurses$(usex unicode 'w' '')") - $(use_enable kernel_linux vfs-undelfs) - # Today mclib does not expose any headers and is linked to - # single 'mc' binary. Thus there is no advantage of having - # a library. Let's avoid shared library altogether - # as it also conflicts with sci-libs/mc: bug #685938 - --disable-mclib - $(use_enable nls) - $(use_enable samba vfs-smb) - $(use_enable sftp vfs-sftp) - $(use_enable spell aspell) - $(use_enable test tests) - $(use_with gpm gpm-mouse) - $(use_with X x) - $(use_with edit internal-edit) - ) - econf "${myeconfargs[@]}" -} - -src_test() { - # Bug #759466 - if [[ ${EUID} == 0 ]]; then - ewarn "You are emerging ${PN} as root with 'userpriv' disabled." \ - "Expect some test failures, or emerge with 'FEATURES=userpriv'!" - fi - - # CK_FORK=no to avoid using fork() in check library - # as mc mocks fork() itself: bug #644462. - # - # VERBOSE=1 to make test failures contain detailed - # information. - CK_FORK=no emake check VERBOSE=1 -} - -src_install() { - emake DESTDIR="${D}" install - dodoc AUTHORS README NEWS - - # fix bug #334383 - if use kernel_linux && [[ ${EUID} == 0 ]] ; then - fowners root:tty /usr/libexec/mc/cons.saver - fperms g+s /usr/libexec/mc/cons.saver - fi - - if ! use xdg ; then - sed 's@MC_XDG_OPEN="xdg-open"@MC_XDG_OPEN="/bin/false"@' \ - -i "${ED}"/usr/libexec/mc/ext.d/*.sh || die - fi -} - -pkg_postinst() { - if use spell && ! has_version app-dicts/aspell-en ; then - elog "'spell' USE flag is enabled however app-dicts/aspell-en is not installed." - elog "You should manually set 'spell_language' in the Misc section of ~/.config/mc/ini" - elog "It has to be set to one of your installed aspell dictionaries or 'NONE'" - elog - fi - - elog "To enable exiting to latest working directory," - elog "put this into your ~/.bashrc:" - elog ". ${EPREFIX}/usr/libexec/mc/mc.sh" -}
