diff --git a/sys-apps/file/Manifest b/sys-apps/file/Manifest new file mode 100644 index 0000000..ee15e7f --- /dev/null +++ b/sys-apps/file/Manifest @@ -0,0 +1,3 @@ +AUX file-5.37-CVE-2019-18218.patch 1038 BLAKE2B 30622d39fb4006b07fabab70dfe6fc3f574aac769c7728bada7b622fd670616efc12d42cabf95b32a8a98c811e171059af2e127c170c1935dc00def4a1fc05b6 SHA512 3517e35db03944bcca6da28ddac9f0d08ce052b03d1508d26851fd6691bedc89f3974822a1559576987c8c10a0343bc8788cc7df52406d66a591ddcd39b23a5c +DIST file-5.37.tar.gz 887682 BLAKE2B c5635e5de879af31cbef1c988275ab8620133909d146769b27a2f8eefa90871fad5fa75e66b9e1d77a6261e5d6dec315fb5a8ad587d8c214eaa0bc2e5a929fe7 SHA512 bf153c15aebdd00329806231d20f295077b8b99efd0181d01279bcf3734a1718567df38cf75bc929eb8015ac98d29bb4bf1228d7ece8bfdfe14dd976391dd06d +EBUILD file-5.37-r1.ebuild 3153 BLAKE2B 19df45e9db45ca58085f3758d9396a074b6cd3a2475228ff7774551e85adb321203091958ae36eaa2aa12bbbfc2bf7aa79ad1e8b95345a106accd20fd621f54a SHA512 786d0ad8abe705e1e5ed1c3604dc4d6e4ae00ab27150368dd00475baefaeb37ec72c45297fd68def3fcb276b2ee29a8b8982e0010223d87df55450d49c8a1d76 diff --git a/sys-apps/file/file-5.37-r1.ebuild b/sys-apps/file/file-5.37-r1.ebuild new file mode 100644 index 0000000..8daeba6 --- /dev/null +++ b/sys-apps/file/file-5.37-r1.ebuild @@ -0,0 +1,128 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7,8} ) +DISTUTILS_OPTIONAL=1 + +inherit distutils-r1 libtool toolchain-funcs multilib-minimal + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/glensc/file.git" + inherit autotools git-r3 +else + SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi + +DESCRIPTION="identify a file's format by scanning binary data for patterns" +HOMEPAGE="https://www.darwinsys.com/file/" + +LICENSE="BSD-2" +SLOT="0" +IUSE="python static-libs zlib" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +DEPEND=" + python? ( + ${PYTHON_DEPS} + dev-python/setuptools[${PYTHON_USEDEP}] + ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +RDEPEND="${DEPEND} + python? ( !dev-python/python-magic )" + +PATCHES=( "${FILESDIR}"/${P}-CVE-2019-18218.patch ) + +src_prepare() { + default + + [[ ${PV} == "9999" ]] && eautoreconf + elibtoolize + + # don't let python README kill main README #60043 + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 +} + +multilib_src_configure() { + local myeconfargs=( + --disable-libseccomp + --enable-fsect-man5 + $(use_enable static-libs static) + $(use_enable zlib) + ) + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +src_configure() { + # when cross-compiling, we need to build up our own file + # because people often don't keep matching host/target + # file versions #362941 + if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then + mkdir -p "${WORKDIR}"/build || die + cd "${WORKDIR}"/build || die + tc-export_build_env BUILD_C{C,XX} + ECONF_SOURCE="${S}" \ + ac_cv_header_zlib_h=no \ + ac_cv_lib_z_gzopen=no \ + CHOST=${CBUILD} \ + CFLAGS=${BUILD_CFLAGS} \ + CXXFLAGS=${BUILD_CXXFLAGS} \ + CPPFLAGS=${BUILD_CPPFLAGS} \ + LDFLAGS="${BUILD_LDFLAGS} -static" \ + CC=${BUILD_CC} \ + CXX=${BUILD_CXX} \ + econf --disable-shared --disable-libseccomp + fi + + multilib-minimal_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + emake + else + cd src || die + emake magic.h #586444 + emake libmagic.la + fi +} + +src_compile() { + if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then + emake -C "${WORKDIR}"/build/src magic.h #586444 + emake -C "${WORKDIR}"/build/src file + PATH="${WORKDIR}/build/src:${PATH}" + fi + multilib-minimal_src_compile + + if use python ; then + cd python || die + distutils-r1_src_compile + fi +} + +multilib_src_install() { + if multilib_is_native_abi ; then + default + else + emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" + fi +} + +multilib_src_install_all() { + dodoc ChangeLog MAINT README + + # Required for `file -C` + dodir /usr/share/misc/magic + insinto /usr/share/misc/magic + doins -r magic/Magdir/* + + if use python ; then + cd python || die + distutils-r1_src_install + fi + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/sys-apps/file/files/file-5.37-CVE-2019-18218.patch b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch new file mode 100644 index 0000000..1cd02b7 --- /dev/null +++ b/sys-apps/file/files/file-5.37-CVE-2019-18218.patch @@ -0,0 +1,36 @@ +CVE-2019-18218 +https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 + +--- a/src/cdf.c ++++ b/src/cdf.c +@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { +--- a/src/cdf.h ++++ b/src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1