[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: 97ebdf452e739583cb3f1d5cbcff6bb145811e2a
Author: Sam James gentoo org>
AuthorDate: Mon Mar 4 10:03:49 2024 +
Commit: Sam James gentoo org>
CommitDate: Mon Mar 4 10:05:37 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97ebdf45
app-arch/xz-utils: workaround USE=pgo build failure
Workaround a build failure with USE=pgo by disabling instrumentation of the
crc{32,64} IFUNC resolvers.
No revbump as it shouldn't affect runtime at all - instrumentation would kill
it immediately if at all, it's not an issue from the profiled binaries, just
the instrumentation to profile them.
Bug: https://gcc.gnu.org/PR114115
Closes: https://bugs.gentoo.org/925415
Signed-off-by: Sam James gentoo.org>
.../xz-utils-5.6.0-ifunc-crc-workaround.patch | 27 ++
app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild | 1 +
2 files changed, 28 insertions(+)
diff --git a/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch
b/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch
new file mode 100644
index ..e793aac56a78
--- /dev/null
+++ b/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch
@@ -0,0 +1,27 @@
+https://bugs.gentoo.org/925415
+https://gcc.gnu.org/PR114115
+
+Workaround a build failure with USE=pgo by disabling instrumentation of the
+crc{32,64} IFUNC resolvers.
+--- a/src/liblzma/check/crc32_fast.c
b/src/liblzma/check/crc32_fast.c
+@@ -135,7 +135,7 @@ typedef uint32_t (*crc32_func_type)(
+ // This resolver is shared between all three dispatch methods. It serves as
+ // the ifunc resolver if ifunc is supported, otherwise it is called as a
+ // regular function by the constructor or first call resolution methods.
+-static crc32_func_type
++static __attribute__((no_profile_instrument_function)) crc32_func_type
+ crc32_resolve(void)
+ {
+ return is_arch_extension_supported()
+--- a/src/liblzma/check/crc64_fast.c
b/src/liblzma/check/crc64_fast.c
+@@ -98,7 +98,7 @@ typedef uint64_t (*crc64_func_type)(
+ # pragma GCC diagnostic ignored "-Wunused-function"
+ #endif
+
+-static crc64_func_type
++static __attribute__((no_profile_instrument_function)) crc64_func_type
+ crc64_resolve(void)
+ {
+ return is_arch_extension_supported()
diff --git a/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild
b/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild
index 26708cb6aea1..7260487c61d5 100644
--- a/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild
+++ b/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild
@@ -55,6 +55,7 @@ fi
PATCHES=(
"${FILESDIR}"/${P}-logging-verbosity-threads-auto.patch
+ "${FILESDIR}"/${PN}-5.6.0-ifunc-crc-workaround.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: dfcc1f271fa3da8b8710c80737e85a7347f16ba0
Author: Sam James gentoo org>
AuthorDate: Thu Dec 28 03:55:32 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu Dec 28 03:55:32 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfcc1f27
app-arch/xz-utils: drop 5.4.2, 5.4.3, 5.4.4
Signed-off-by: Sam James gentoo.org>
app-arch/xz-utils/Manifest | 6 -
.../files/xz-utils-5.4.2-Wsign-conversion.patch| 23
app-arch/xz-utils/xz-utils-5.4.2.ebuild| 130 --
app-arch/xz-utils/xz-utils-5.4.3.ebuild| 126 --
app-arch/xz-utils/xz-utils-5.4.4.ebuild| 146 -
5 files changed, 431 deletions(-)
diff --git a/app-arch/xz-utils/Manifest b/app-arch/xz-utils/Manifest
index a204f775e53d..976c7a3cbe2a 100644
--- a/app-arch/xz-utils/Manifest
+++ b/app-arch/xz-utils/Manifest
@@ -1,8 +1,2 @@
-DIST xz-5.4.2.tar.gz 2799022 BLAKE2B
3c622b0823f0cbb5fbc5eaa0372fc2f0fefe0950d131417f831bce47b6d9747d145429f0649de106819331f9ae6a289c497182c7b6d1e211513308dd083a9b72
SHA512
149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737
-DIST xz-5.4.2.tar.gz.sig 566 BLAKE2B
95c9c70fdd25b92095dd9691e4d9d4306a3f982becfe7bd42ca6132a76f29be2c2bc66f4fc2bda547058c18e227292f4185799eb905084fc3ab415ae867b4b1b
SHA512
30e965c228ed3a8ecb804db8eb11703a765b7ee934030ea69bb3940b630811eb71bf74fd20371ef7759761904ece4f0144a0b00be4d843cf98299fd016f161aa
-DIST xz-5.4.3.tar.gz 2869347 BLAKE2B
c4192a59ca751567ebab17e08e72aa1bf0f5ca14af0b59fded1c4dff02c1b76ab30119a4138932f78f69bd4b7827071c81d6ca1c56be65491466ea061786ed78
SHA512
aff0fe166af6df4491a6f5df2372cab100b081452461a0e8c6fd65b72af3f250f16c64d9fb8fd309141e9b9ae4e41649f48687cc29e63dd82f27f2eab19b4023
-DIST xz-5.4.3.tar.gz.sig 566 BLAKE2B
1e3f86a2de532e77cae4c31928d57edeac81ca207e03c71523210605dc6bab76a50793697a242b232f74911c6e1872a0339ed977e2dd0d201504bd859fd3b4f4
SHA512
b7c7eedf4d9604ee50ec97275e5ab57e22a567402815281440ca765210c75707bd2de20e7ebfb0842725690ae19557916fc41a9fbdace5fec8190632b038292e
-DIST xz-5.4.4.tar.gz 2874706 BLAKE2B
0ade3767651a07a6bb4d53b510d7e97239e182788c42bc3388b97c54463ccaa968e27bcb88d34697df70381eea91279615f2622b5493ae2da22632e9576d8989
SHA512
2e27d864c9f346e53afc549d7046385b5d35a749af15d84f69de14612657df2f0e2ce71d3be03d57adadf8fd28549ecf4ef1c214bdcd1f061b5a47239e0104e8
-DIST xz-5.4.4.tar.gz.sig 566 BLAKE2B
9d695293fe479e07b4051f9b22af19191ec7cb5063da519769a24a08cff46819a4f29db002cea92e4af982410dd660d9b3185c8ef0908abbf13b86f89c0baa0f
SHA512
6f12f0b30e4e5c78238f5d758443621d4126edf5ec8d02c51f06cc27e40822f0429c2018ec567eae20d118a81295f9d31e2f9101720d289bebab15f72590e9f2
DIST xz-5.4.5.tar.gz 2884510 BLAKE2B
647c8227080a7f37e3321e778d7f52ccb9da3810f2be81b2d2b46001605b22cef6e724f9b3facfada26a12b24401c9a11449d6066443849b37b28e0eaa199315
SHA512
91f8f548c915de0ed79cee13ce0336b51c1cebf2eb142fa1efecfd07771c662c99cad3730540fcb712057ab274130e13b87960f6b4c62f0bd9477f27a303fb2b
DIST xz-5.4.5.tar.gz.sig 566 BLAKE2B
c6ec64f92ecb30395e6d580be5d0aad1ee007585245ed42e7b05f1ea3a8cd8bf4317e8dc964c65417daa0a04e8f523c6ba8ae61a7f5b2ff3dc17dd53c7593ce2
SHA512
4f2c779d3c14bacd0451cfd68846201a48931128994c4119fcbf4f0dd7331710c32098039d38561de29327d543d67174fddbb6a83cb2fcfda9b3153cab092d4d
diff --git a/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch
b/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch
deleted file mode 100644
index 217cc759a904..
--- a/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-https://github.com/tukaani-project/xz/commit/0673c9ec98b6bae12b33dc295564514aaa26e2fc
-
-From 0673c9ec98b6bae12b33dc295564514aaa26e2fc Mon Sep 17 00:00:00 2001
-From: Lasse Collin
-Date: Sun, 19 Mar 2023 22:45:59 +0200
-Subject: [PATCH] liblzma: Silence -Wsign-conversion in SSE2 code in
- memcmplen.h.
-
-Thanks to Christian Hesse for reporting the issue.
-Fixes: https://github.com/tukaani-project/xz/issues/44
a/src/liblzma/common/memcmplen.h
-+++ b/src/liblzma/common/memcmplen.h
-@@ -89,7 +89,8 @@ lzma_memcmplen(const uint8_t *buf1, const uint8_t *buf2,
- // version isn't used on x86-64.
- # define LZMA_MEMCMPLEN_EXTRA 16
- while (len < limit) {
-- const uint32_t x = 0x ^ _mm_movemask_epi8(_mm_cmpeq_epi8(
-+ const uint32_t x = 0x ^ (uint32_t)_mm_movemask_epi8(
-+ _mm_cmpeq_epi8(
- _mm_loadu_si128((const __m128i *)(buf1 + len)),
- _mm_loadu_si128((const __m128i *)(buf2 + len;
-
-
diff --git a/app-arch/xz-utils/xz-utils-5.4.2.ebuild
b/app-arch/xz-utils/xz-utils-5.4.2.ebuild
deleted file mode 100644
index 39a9c712d3e0..
--- a/app-arch/xz-utils/xz-utils-5.4.2.ebuild
+++ /dev/null
@@ -1,130 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distri
[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: f5e1e0856c8c0fd62343a53590e2f29266a85d54
Author: Sam James gentoo org>
AuthorDate: Thu Apr 7 18:10:32 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Apr 7 18:10:32 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5e1e085
app-arch/xz-utils: patch xzgrep vulnerability (ZDI-CAN-16587)
Bug: https://bugs.gentoo.org/837155
Signed-off-by: Sam James gentoo.org>
.../xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch | 88 +++
app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild | 118 +
2 files changed, 206 insertions(+)
diff --git a/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
b/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
new file mode 100644
index ..7293a982c269
--- /dev/null
+++ b/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
@@ -0,0 +1,88 @@
+https://bugs.gentoo.org/837155
+https://git.tukaani.org/?p=xz.git;a=commitdiff;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6;hp=bd93b776c1bd15e90661033c918cdeb354dbcc38
+
+From: Lasse Collin
+Date: Tue, 29 Mar 2022 19:19:12 +0300
+Subject: [PATCH 1/1] xzgrep: Fix escaping of malicious filenames
+ (ZDI-CAN-16587).
+
+Malicious filenames can make xzgrep to write to arbitrary files
+or (with a GNU sed extension) lead to arbitrary code execution.
+
+xzgrep from XZ Utils versions up to and including 5.2.5 are
+affected. 5.3.1alpha and 5.3.2alpha are affected as well.
+This patch works for all of them.
+
+This bug was inherited from gzip's zgrep. gzip 1.12 includes
+a fix for zgrep.
+
+The issue with the old sed script is that with multiple newlines,
+the N-command will read the second line of input, then the
+s-commands will be skipped because it's not the end of the
+file yet, then a new sed cycle starts and the pattern space
+is printed and emptied. So only the last line or two get escaped.
+
+One way to fix this would be to read all lines into the pattern
+space first. However, the included fix is even simpler: All lines
+except the last line get a backslash appended at the end. To ensure
+that shell command substitution doesn't eat a possible trailing
+newline, a colon is appended to the filename before escaping.
+The colon is later used to separate the filename from the grep
+output so it is fine to add it here instead of a few lines later.
+
+The old code also wasn't POSIX compliant as it used \n in the
+replacement section of the s-command. Using \ is the
+POSIX compatible method.
+
+LC_ALL=C was added to the two critical sed commands. POSIX sed
+manual recommends it when using sed to manipulate pathnames
+because in other locales invalid multibyte sequences might
+cause issues with some sed implementations. In case of GNU sed,
+these particular sed scripts wouldn't have such problems but some
+other scripts could have, see:
+
+info '(sed)Locale Considerations'
+
+This vulnerability was discovered by:
+cleemy desu wayo working with Trend Micro Zero Day Initiative
+
+Thanks to Jim Meyering and Paul Eggert discussing the different
+ways to fix this and for coordinating the patch release schedule
+with gzip.
+--- a/src/scripts/xzgrep.in
b/src/scripts/xzgrep.in
+@@ -180,22 +180,26 @@ for i; do
+ { test $# -eq 1 || test $no_filename -eq 1; }; then
+ eval "$grep"
+ else
++ # Append a colon so that the last character will never be a newline
++ # which would otherwise get lost in shell command substitution.
++ i="$i:"
++
++ # Escape & \ | and newlines only if such characters are present
++ # (speed optimization).
+ case $i in
+ (*'
+ '* | *'&'* | *'\'* | *'|'*)
+-i=$(printf '%s\n' "$i" |
+-sed '
+- $!N
+- $s/[&\|]/\\&/g
+- $s/\n/\\n/g
+-');;
++i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
+ esac
+- sed_script="s|^|$i:|"
++
++ # $i already ends with a colon so don't add it here.
++ sed_script="s|^|$i|"
+
+ # Fail if grep or sed fails.
+ r=$(
+ exec 4>&1
+-(eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
++(eval "$grep" 4>&-; echo $? >&4) 3>&- |
++LC_ALL=C sed "$sed_script" >&3 4>&-
+ ) || r=2
+ exit $r
+ fi >&3 5>&-
diff --git a/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
b/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
new file mode 100644
index ..7edf1c42498f
--- /dev/null
+++ b/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Remember: we cannot leverage autotools in this ebuild in order
+# to avoid circular deps with autotools
+
+EAPI=7
+
+inherit libtool multilib multilib-minimal preserve-libs usr-ldscript
+
+if [[ ${PV} == ]] ; then
+ EGIT_REPO_URI="https://git.tukaani.org/xz.git";
+ i
