[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: 97ebdf452e739583cb3f1d5cbcff6bb145811e2a Author: Sam James gentoo org> AuthorDate: Mon Mar 4 10:03:49 2024 + Commit: Sam James gentoo org> CommitDate: Mon Mar 4 10:05:37 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97ebdf45 app-arch/xz-utils: workaround USE=pgo build failure Workaround a build failure with USE=pgo by disabling instrumentation of the crc{32,64} IFUNC resolvers. No revbump as it shouldn't affect runtime at all - instrumentation would kill it immediately if at all, it's not an issue from the profiled binaries, just the instrumentation to profile them. Bug: https://gcc.gnu.org/PR114115 Closes: https://bugs.gentoo.org/925415 Signed-off-by: Sam James gentoo.org> .../xz-utils-5.6.0-ifunc-crc-workaround.patch | 27 ++ app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild | 1 + 2 files changed, 28 insertions(+) diff --git a/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch b/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch new file mode 100644 index ..e793aac56a78 --- /dev/null +++ b/app-arch/xz-utils/files/xz-utils-5.6.0-ifunc-crc-workaround.patch @@ -0,0 +1,27 @@ +https://bugs.gentoo.org/925415 +https://gcc.gnu.org/PR114115 + +Workaround a build failure with USE=pgo by disabling instrumentation of the +crc{32,64} IFUNC resolvers. +--- a/src/liblzma/check/crc32_fast.c b/src/liblzma/check/crc32_fast.c +@@ -135,7 +135,7 @@ typedef uint32_t (*crc32_func_type)( + // This resolver is shared between all three dispatch methods. It serves as + // the ifunc resolver if ifunc is supported, otherwise it is called as a + // regular function by the constructor or first call resolution methods. +-static crc32_func_type ++static __attribute__((no_profile_instrument_function)) crc32_func_type + crc32_resolve(void) + { + return is_arch_extension_supported() +--- a/src/liblzma/check/crc64_fast.c b/src/liblzma/check/crc64_fast.c +@@ -98,7 +98,7 @@ typedef uint64_t (*crc64_func_type)( + # pragma GCC diagnostic ignored "-Wunused-function" + #endif + +-static crc64_func_type ++static __attribute__((no_profile_instrument_function)) crc64_func_type + crc64_resolve(void) + { + return is_arch_extension_supported() diff --git a/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild b/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild index 26708cb6aea1..7260487c61d5 100644 --- a/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild +++ b/app-arch/xz-utils/xz-utils-5.6.0-r1.ebuild @@ -55,6 +55,7 @@ fi PATCHES=( "${FILESDIR}"/${P}-logging-verbosity-threads-auto.patch + "${FILESDIR}"/${PN}-5.6.0-ifunc-crc-workaround.patch ) src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: dfcc1f271fa3da8b8710c80737e85a7347f16ba0 Author: Sam James gentoo org> AuthorDate: Thu Dec 28 03:55:32 2023 + Commit: Sam James gentoo org> CommitDate: Thu Dec 28 03:55:32 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfcc1f27 app-arch/xz-utils: drop 5.4.2, 5.4.3, 5.4.4 Signed-off-by: Sam James gentoo.org> app-arch/xz-utils/Manifest | 6 - .../files/xz-utils-5.4.2-Wsign-conversion.patch| 23 app-arch/xz-utils/xz-utils-5.4.2.ebuild| 130 -- app-arch/xz-utils/xz-utils-5.4.3.ebuild| 126 -- app-arch/xz-utils/xz-utils-5.4.4.ebuild| 146 - 5 files changed, 431 deletions(-) diff --git a/app-arch/xz-utils/Manifest b/app-arch/xz-utils/Manifest index a204f775e53d..976c7a3cbe2a 100644 --- a/app-arch/xz-utils/Manifest +++ b/app-arch/xz-utils/Manifest @@ -1,8 +1,2 @@ -DIST xz-5.4.2.tar.gz 2799022 BLAKE2B 3c622b0823f0cbb5fbc5eaa0372fc2f0fefe0950d131417f831bce47b6d9747d145429f0649de106819331f9ae6a289c497182c7b6d1e211513308dd083a9b72 SHA512 149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737 -DIST xz-5.4.2.tar.gz.sig 566 BLAKE2B 95c9c70fdd25b92095dd9691e4d9d4306a3f982becfe7bd42ca6132a76f29be2c2bc66f4fc2bda547058c18e227292f4185799eb905084fc3ab415ae867b4b1b SHA512 30e965c228ed3a8ecb804db8eb11703a765b7ee934030ea69bb3940b630811eb71bf74fd20371ef7759761904ece4f0144a0b00be4d843cf98299fd016f161aa -DIST xz-5.4.3.tar.gz 2869347 BLAKE2B c4192a59ca751567ebab17e08e72aa1bf0f5ca14af0b59fded1c4dff02c1b76ab30119a4138932f78f69bd4b7827071c81d6ca1c56be65491466ea061786ed78 SHA512 aff0fe166af6df4491a6f5df2372cab100b081452461a0e8c6fd65b72af3f250f16c64d9fb8fd309141e9b9ae4e41649f48687cc29e63dd82f27f2eab19b4023 -DIST xz-5.4.3.tar.gz.sig 566 BLAKE2B 1e3f86a2de532e77cae4c31928d57edeac81ca207e03c71523210605dc6bab76a50793697a242b232f74911c6e1872a0339ed977e2dd0d201504bd859fd3b4f4 SHA512 b7c7eedf4d9604ee50ec97275e5ab57e22a567402815281440ca765210c75707bd2de20e7ebfb0842725690ae19557916fc41a9fbdace5fec8190632b038292e -DIST xz-5.4.4.tar.gz 2874706 BLAKE2B 0ade3767651a07a6bb4d53b510d7e97239e182788c42bc3388b97c54463ccaa968e27bcb88d34697df70381eea91279615f2622b5493ae2da22632e9576d8989 SHA512 2e27d864c9f346e53afc549d7046385b5d35a749af15d84f69de14612657df2f0e2ce71d3be03d57adadf8fd28549ecf4ef1c214bdcd1f061b5a47239e0104e8 -DIST xz-5.4.4.tar.gz.sig 566 BLAKE2B 9d695293fe479e07b4051f9b22af19191ec7cb5063da519769a24a08cff46819a4f29db002cea92e4af982410dd660d9b3185c8ef0908abbf13b86f89c0baa0f SHA512 6f12f0b30e4e5c78238f5d758443621d4126edf5ec8d02c51f06cc27e40822f0429c2018ec567eae20d118a81295f9d31e2f9101720d289bebab15f72590e9f2 DIST xz-5.4.5.tar.gz 2884510 BLAKE2B 647c8227080a7f37e3321e778d7f52ccb9da3810f2be81b2d2b46001605b22cef6e724f9b3facfada26a12b24401c9a11449d6066443849b37b28e0eaa199315 SHA512 91f8f548c915de0ed79cee13ce0336b51c1cebf2eb142fa1efecfd07771c662c99cad3730540fcb712057ab274130e13b87960f6b4c62f0bd9477f27a303fb2b DIST xz-5.4.5.tar.gz.sig 566 BLAKE2B c6ec64f92ecb30395e6d580be5d0aad1ee007585245ed42e7b05f1ea3a8cd8bf4317e8dc964c65417daa0a04e8f523c6ba8ae61a7f5b2ff3dc17dd53c7593ce2 SHA512 4f2c779d3c14bacd0451cfd68846201a48931128994c4119fcbf4f0dd7331710c32098039d38561de29327d543d67174fddbb6a83cb2fcfda9b3153cab092d4d diff --git a/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch b/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch deleted file mode 100644 index 217cc759a904.. --- a/app-arch/xz-utils/files/xz-utils-5.4.2-Wsign-conversion.patch +++ /dev/null @@ -1,23 +0,0 @@ -https://github.com/tukaani-project/xz/commit/0673c9ec98b6bae12b33dc295564514aaa26e2fc - -From 0673c9ec98b6bae12b33dc295564514aaa26e2fc Mon Sep 17 00:00:00 2001 -From: Lasse Collin -Date: Sun, 19 Mar 2023 22:45:59 +0200 -Subject: [PATCH] liblzma: Silence -Wsign-conversion in SSE2 code in - memcmplen.h. - -Thanks to Christian Hesse for reporting the issue. -Fixes: https://github.com/tukaani-project/xz/issues/44 a/src/liblzma/common/memcmplen.h -+++ b/src/liblzma/common/memcmplen.h -@@ -89,7 +89,8 @@ lzma_memcmplen(const uint8_t *buf1, const uint8_t *buf2, - // version isn't used on x86-64. - # define LZMA_MEMCMPLEN_EXTRA 16 - while (len < limit) { -- const uint32_t x = 0x ^ _mm_movemask_epi8(_mm_cmpeq_epi8( -+ const uint32_t x = 0x ^ (uint32_t)_mm_movemask_epi8( -+ _mm_cmpeq_epi8( - _mm_loadu_si128((const __m128i *)(buf1 + len)), - _mm_loadu_si128((const __m128i *)(buf2 + len; - - diff --git a/app-arch/xz-utils/xz-utils-5.4.2.ebuild b/app-arch/xz-utils/xz-utils-5.4.2.ebuild deleted file mode 100644 index 39a9c712d3e0.. --- a/app-arch/xz-utils/xz-utils-5.4.2.ebuild +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distri
[gentoo-commits] repo/gentoo:master commit in: app-arch/xz-utils/files/, app-arch/xz-utils/
commit: f5e1e0856c8c0fd62343a53590e2f29266a85d54 Author: Sam James gentoo org> AuthorDate: Thu Apr 7 18:10:32 2022 + Commit: Sam James gentoo org> CommitDate: Thu Apr 7 18:10:32 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5e1e085 app-arch/xz-utils: patch xzgrep vulnerability (ZDI-CAN-16587) Bug: https://bugs.gentoo.org/837155 Signed-off-by: Sam James gentoo.org> .../xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch | 88 +++ app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild | 118 + 2 files changed, 206 insertions(+) diff --git a/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch b/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch new file mode 100644 index ..7293a982c269 --- /dev/null +++ b/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch @@ -0,0 +1,88 @@ +https://bugs.gentoo.org/837155 +https://git.tukaani.org/?p=xz.git;a=commitdiff;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6;hp=bd93b776c1bd15e90661033c918cdeb354dbcc38 + +From: Lasse Collin +Date: Tue, 29 Mar 2022 19:19:12 +0300 +Subject: [PATCH 1/1] xzgrep: Fix escaping of malicious filenames + (ZDI-CAN-16587). + +Malicious filenames can make xzgrep to write to arbitrary files +or (with a GNU sed extension) lead to arbitrary code execution. + +xzgrep from XZ Utils versions up to and including 5.2.5 are +affected. 5.3.1alpha and 5.3.2alpha are affected as well. +This patch works for all of them. + +This bug was inherited from gzip's zgrep. gzip 1.12 includes +a fix for zgrep. + +The issue with the old sed script is that with multiple newlines, +the N-command will read the second line of input, then the +s-commands will be skipped because it's not the end of the +file yet, then a new sed cycle starts and the pattern space +is printed and emptied. So only the last line or two get escaped. + +One way to fix this would be to read all lines into the pattern +space first. However, the included fix is even simpler: All lines +except the last line get a backslash appended at the end. To ensure +that shell command substitution doesn't eat a possible trailing +newline, a colon is appended to the filename before escaping. +The colon is later used to separate the filename from the grep +output so it is fine to add it here instead of a few lines later. + +The old code also wasn't POSIX compliant as it used \n in the +replacement section of the s-command. Using \ is the +POSIX compatible method. + +LC_ALL=C was added to the two critical sed commands. POSIX sed +manual recommends it when using sed to manipulate pathnames +because in other locales invalid multibyte sequences might +cause issues with some sed implementations. In case of GNU sed, +these particular sed scripts wouldn't have such problems but some +other scripts could have, see: + +info '(sed)Locale Considerations' + +This vulnerability was discovered by: +cleemy desu wayo working with Trend Micro Zero Day Initiative + +Thanks to Jim Meyering and Paul Eggert discussing the different +ways to fix this and for coordinating the patch release schedule +with gzip. +--- a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in +@@ -180,22 +180,26 @@ for i; do + { test $# -eq 1 || test $no_filename -eq 1; }; then + eval "$grep" + else ++ # Append a colon so that the last character will never be a newline ++ # which would otherwise get lost in shell command substitution. ++ i="$i:" ++ ++ # Escape & \ | and newlines only if such characters are present ++ # (speed optimization). + case $i in + (*' + '* | *'&'* | *'\'* | *'|'*) +-i=$(printf '%s\n' "$i" | +-sed ' +- $!N +- $s/[&\|]/\\&/g +- $s/\n/\\n/g +-');; ++i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');; + esac +- sed_script="s|^|$i:|" ++ ++ # $i already ends with a colon so don't add it here. ++ sed_script="s|^|$i|" + + # Fail if grep or sed fails. + r=$( + exec 4>&1 +-(eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- ++(eval "$grep" 4>&-; echo $? >&4) 3>&- | ++LC_ALL=C sed "$sed_script" >&3 4>&- + ) || r=2 + exit $r + fi >&3 5>&- diff --git a/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild b/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild new file mode 100644 index ..7edf1c42498f --- /dev/null +++ b/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# Remember: we cannot leverage autotools in this ebuild in order +# to avoid circular deps with autotools + +EAPI=7 + +inherit libtool multilib multilib-minimal preserve-libs usr-ldscript + +if [[ ${PV} == ]] ; then + EGIT_REPO_URI="https://git.tukaani.org/xz.git"; + i