From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5B0761582EF for ; Thu, 13 Feb 2025 18:18:17 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 1ACC9342FF9 for ; Thu, 13 Feb 2025 18:18:17 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 1B20611042D; Thu, 13 Feb 2025 18:18:16 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 1357411042D for ; Thu, 13 Feb 2025 18:18:16 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B5199342FFB for ; Thu, 13 Feb 2025 18:18:15 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 47F9026C6 for ; Thu, 13 Feb 2025 18:18:14 +0000 (UTC) From: "Petr Vaněk" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Petr Vaněk" Message-ID: <1739470662.8d6f6351b58cc6ca60ea848c7c9032b2295b4691.arkamar@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-libs/musl/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-libs/musl/musl-1.2.4-r4.ebuild X-VCS-Directories: sys-libs/musl/ X-VCS-Committer: arkamar X-VCS-Committer-Name: Petr Vaněk X-VCS-Revision: 8d6f6351b58cc6ca60ea848c7c9032b2295b4691 X-VCS-Branch: master Date: Thu, 13 Feb 2025 18:18:14 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 76846f4d-7c41-4d75-84d1-d4a666d4e684 X-Archives-Hash: f38a47b5657ee78a878b4f47eba2d9d6 commit: 8d6f6351b58cc6ca60ea848c7c9032b2295b4691 Author: Petr Vaněk gentoo org> AuthorDate: Thu Feb 13 18:16:29 2025 +0000 Commit: Petr Vaněk gentoo org> CommitDate: Thu Feb 13 18:17:42 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d6f6351 sys-libs/musl: fix for input-controlled out-of-bounds write in iconv Bug: https://bugs.gentoo.org/949712 Signed-off-by: Petr Vaněk gentoo.org> sys-libs/musl/musl-1.2.4-r4.ebuild | 209 +++++++++++++++++++++++++++++++++++++ 1 file changed, 209 insertions(+) diff --git a/sys-libs/musl/musl-1.2.4-r4.ebuild b/sys-libs/musl/musl-1.2.4-r4.ebuild new file mode 100644 index 000000000000..79f9d494100f --- /dev/null +++ b/sys-libs/musl/musl-1.2.4-r4.ebuild @@ -0,0 +1,209 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit crossdev flag-o-matic toolchain-funcs prefix +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://git.musl-libc.org/git/musl" + inherit git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/musl.asc + inherit verify-sig + + SRC_URI="https://musl.libc.org/releases/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://musl.libc.org/releases/${P}.tar.gz.asc )" + KEYWORDS="-* ~amd64 ~arm ~arm64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-musl )" +fi +GETENT_COMMIT="93a08815f8598db442d8b766b463d0150ed8e2ab" +GETENT_FILE="musl-getent-${GETENT_COMMIT}.c" +SRC_URI+=" + https://dev.gentoo.org/~blueness/musl-misc/getconf.c + https://gitlab.alpinelinux.org/alpine/aports/-/raw/${GETENT_COMMIT}/main/musl/getent.c -> ${GETENT_FILE} + https://dev.gentoo.org/~blueness/musl-misc/iconv.c +" + +DESCRIPTION="Light, fast and simple C library focused on standards-conformance and safety" +HOMEPAGE="https://musl.libc.org" + +LICENSE="MIT LGPL-2 GPL-2" +SLOT="0" +IUSE="crypt headers-only split-usr" + +QA_SONAME="usr/lib/libc.so" +QA_DT_NEEDED="usr/lib/libc.so" +# bug #830213 +QA_PRESTRIPPED="usr/lib/crtn.o" + +# We want crypt on by default for this as sys-libs/libxcrypt isn't (yet?) +# built as part as crossdev. Also, elide the blockers when in cross-*, +# as it doesn't make sense to block the normal CBUILD libxcrypt at all +# there when we're installing into /usr/${CHOST} anyway. +if is_crosspkg ; then + IUSE="${IUSE/crypt/+crypt}" +else + RDEPEND="crypt? ( !sys-libs/libxcrypt[system] )" + PDEPEND="!crypt? ( sys-libs/libxcrypt[system] )" +fi + +PATCHES=( + "${FILESDIR}"/${P}-elfutils-0.190-relr.patch + "${FILESDIR}"/${PN}-1.2.4-arm64-crti-alignment.patch + "${FILESDIR}"/${PN}-sched.h-reduce-namespace-conflicts.patch + "${FILESDIR}"/${PN}-iconv-out-of-bound-fix.patch +) + +just_headers() { + use headers-only && target_is_not_host +} + +pkg_setup() { + if [[ ${CTARGET} == ${CHOST} ]] ; then + case ${CHOST} in + *-musl*) ;; + *) die "Use sys-devel/crossdev to build a musl toolchain" ;; + esac + fi + + # fix for #667126, copied from glibc ebuild + # make sure host make.conf doesn't pollute us + if target_is_not_host || tc-is-cross-compiler ; then + CHOST=${CTARGET} strip-unsupported-flags + fi +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + elif use verify-sig ; then + # We only verify the release; not the additional (fixed, safe) files + # we download. + # (Seem to get IPC error on verifying in cross?) + ! target_is_not_host && verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + default + + mkdir "${WORKDIR}"/misc || die + cp "${DISTDIR}"/getconf.c "${WORKDIR}"/misc/getconf.c || die + cp "${DISTDIR}/${GETENT_FILE}" "${WORKDIR}"/misc/getent.c || die + cp "${DISTDIR}"/iconv.c "${WORKDIR}"/misc/iconv.c || die +} + +src_configure() { + strip-flags && filter-lto # Prevent issues caused by aggressive optimizations & bug #877343 + tc-getCC ${CTARGET} + + just_headers && export CC=true + + local sysroot + target_is_not_host && sysroot=/usr/${CTARGET} + ./configure \ + --target=${CTARGET} \ + --prefix="${EPREFIX}${sysroot}/usr" \ + --syslibdir="${EPREFIX}${sysroot}/lib" \ + --disable-gcc-wrapper || die +} + +src_compile() { + emake obj/include/bits/alltypes.h + just_headers && return 0 + + emake + if ! is_crosspkg ; then + emake -C "${T}" getconf getent iconv \ + CC="$(tc-getCC)" \ + CFLAGS="${CFLAGS}" \ + CPPFLAGS="${CPPFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + VPATH="${WORKDIR}/misc" + fi + + $(tc-getCC) ${CFLAGS} -c -o libssp_nonshared.o "${FILESDIR}"/stack_chk_fail_local.c || die + $(tc-getAR) -rcs libssp_nonshared.a libssp_nonshared.o || die +} + +src_install() { + local target="install" + just_headers && target="install-headers" + emake DESTDIR="${D}" ${target} + just_headers && return 0 + + # musl provides ldd via a sym link to its ld.so + local sysroot= + target_is_not_host && sysroot=/usr/${CTARGET} + local ldso=$(basename "${ED}${sysroot}"/lib/ld-musl-*) + dosym -r "${sysroot}/lib/${ldso}" "${sysroot}/usr/bin/ldd" + + if ! use crypt ; then + # Allow sys-libs/libxcrypt[system] to provide it instead + rm "${ED}${sysroot}/usr/include/crypt.h" || die + rm "${ED}${sysroot}"/usr/*/libcrypt.a || die + fi + + if ! is_crosspkg ; then + # Fish out of config: + # ARCH = ... + # SUBARCH = ... + # and print $(ARCH)$(SUBARCH). + local arch=$(awk '{ k[$1] = $3 } END { printf("%s%s", k["ARCH"], k["SUBARCH"]); }' config.mak) + + # The musl build system seems to create a symlink: + # ${D}/lib/ld-musl-${arch}.so.1 -> /usr/lib/libc.so.1 (absolute) + # During cross or within prefix, there's no guarantee that the host is + # using musl so that file may not exist. Use a relative symlink within + # ${D} instead. + rm "${ED}"/lib/ld-musl-${arch}.so.1 || die + if use split-usr; then + dosym ../usr/lib/libc.so /lib/ld-musl-${arch}.so.1 + # If it's still a dead symlink, OK, we really do need to abort. + [[ -e "${ED}"/lib/ld-musl-${arch}.so.1 ]] || die + else + dosym libc.so /usr/lib/ld-musl-${arch}.so.1 + [[ -e "${ED}"/usr/lib/ld-musl-${arch}.so.1 ]] || die + fi + + cp "${FILESDIR}"/ldconfig.in-r3 "${T}"/ldconfig.in || die + sed -e "s|@@ARCH@@|${arch}|" "${T}"/ldconfig.in > "${T}"/ldconfig || die + eprefixify "${T}"/ldconfig + into / + dosbin "${T}"/ldconfig + into /usr + dobin "${T}"/getconf + dobin "${T}"/getent + dobin "${T}"/iconv + newenvd - "00musl" <<-EOF + # 00musl autogenerated by sys-libs/musl ebuild; DO NOT EDIT. + LDPATH="include ld.so.conf.d/*.conf" + EOF + fi + + if target_is_not_host ; then + into /usr/${CTARGET} + dolib.a libssp_nonshared.a + else + dolib.a libssp_nonshared.a + fi +} + +pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d +} + +pkg_postinst() { + target_is_not_host && return 0 + + [ -n "${ROOT}" ] && return 0 + + ldconfig || die +}