[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/

["Lars Wendler" <polynomial-c@gentoo.org>]

commit:     3036a22411fb59d675268b3f945410d20c3c3e6a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  6 14:56:21 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb  6 14:56:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3036a224

sys-apps/man-db: Bump to version 2.8.0

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 sys-apps/man-db/Manifest                           |   1 +
 .../files/man-db-2.8.0-libseccomp_automagic.patch  |  45 ++++++++
 sys-apps/man-db/man-db-2.8.0.ebuild                | 128 +++++++++++++++++++++
 3 files changed, 174 insertions(+)

diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest
index 591b7273dd2..05aa8e84537 100644
--- a/sys-apps/man-db/Manifest
+++ b/sys-apps/man-db/Manifest
@@ -1 +1,2 @@
 DIST man-db-2.7.6.1.tar.xz 1541316 BLAKE2B ea3aa7e90ea8af4882bd99d99374cc37d9c0c7f70bb970973eb3f2178aa4323bcdebc7f39f142ec0144dbe55a9f86aba15d9fe281d2662d280b8e6dca9452f24 SHA512 623c5e7f8b7c289908b2c926f8777293b8d39aeceef0d2509d701a8b0bfa81408650f655c8608318221786c751a79ee91124b07993de5298cd7fa6d8bb737301
+DIST man-db-2.8.0.tar.xz 1620344 BLAKE2B abb2879848f4db187d28bb3d8359ecfab0033ea3a5333ebd1a837733de563972d97153f11c08e8669553dc5cddea12ca774117985b32d218a30db407437717f3 SHA512 06f52ecd6e7ced858a32117ea4be3ed5fc3d4428cb810d31b85dd75556e999f5badc6eb81f642b56afe2a697462ccca9fd8cc5ecfbd40f132d5a74f84f316d39

diff --git a/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch b/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch
new file mode 100644
index 00000000000..333bc5fe295
--- /dev/null
+++ b/sys-apps/man-db/files/man-db-2.8.0-libseccomp_automagic.patch
@@ -0,0 +1,45 @@
+From c693c0d6c41e777def51984035710779697d1989 Mon Sep 17 00:00:00 2001
+From: Lars Wendler <polynomial-c@gentoo.org>
+Date: Tue, 6 Feb 2018 14:41:22 +0100
+Subject: [PATCH] Change libseccomp logic to not be automagic only.
+
+Introduce --with-libseccomp configure option so that users can disable
+seccomp even if libseccomp is available on the system.
+The default is unchanged to before this patch. If no --with(out)-libseccomp
+has been given on command line, the macro looks for presence of libseccomp
+and uses that if found.
+---
+ m4/man-libseccomp.m4 | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/m4/man-libseccomp.m4 b/m4/man-libseccomp.m4
+index a9377317..17a52f72 100644
+--- a/m4/man-libseccomp.m4
++++ b/m4/man-libseccomp.m4
+@@ -1,9 +1,18 @@
+ # man-libseccomp.m4 serial 1
+ dnl MAN_LIBSECCOMP
+-dnl Check for the libseccomp library.
++dnl Add a --with-libseccomp option.
+ AC_DEFUN([MAN_LIBSECCOMP],
+-[PKG_CHECK_MODULES([libseccomp], [libseccomp],
+-	[AC_DEFINE([HAVE_LIBSECCOMP], [1],
+-		[Define to 1 if you have the `libseccomp' library.])],
+-	[:])
++	[AC_ARG_WITH([libseccomp],
++		[AS_HELP_STRING([--with-libseccomp],
++			       [use libseccomp to do most subprocessing])],
++		[],
++		[with_libseccomp=check])
++	if test "x$with_libseccomp" != "xno"; then
++		PKG_CHECK_MODULES([libseccomp], [libseccomp],
++			[AC_DEFINE([HAVE_LIBSECCOMP], [1],
++				[Define to 1 if you have the `libseccomp' library.])],
++			[if test "xyes" = "x$with_libseccomp"; then
++				AC_MSG_ERROR(--with-libseccomp given but cannot find libseccomp)
++			 fi])
++	fi
+ ]) # MAN_LIBSECCOMP
+-- 
+2.16.1
+

diff --git a/sys-apps/man-db/man-db-2.8.0.ebuild b/sys-apps/man-db/man-db-2.8.0.ebuild
new file mode 100644
index 00000000000..10c1e80763d
--- /dev/null
+++ b/sys-apps/man-db/man-db-2.8.0.ebuild
@@ -0,0 +1,128 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools ltprune user versionator
+
+DESCRIPTION="a man replacement that utilizes berkdb instead of flat files"
+HOMEPAGE="http://www.nongnu.org/man-db/"
+SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="berkdb +gdbm +manpager nls selinux static-libs zlib"
+
+CDEPEND="
+	!sys-apps/man
+	>=dev-libs/libpipeline-1.5.0
+	sys-apps/groff
+	berkdb? ( sys-libs/db:= )
+	gdbm? ( sys-libs/gdbm:= )
+	!berkdb? ( !gdbm? ( sys-libs/gdbm:= ) )
+	zlib? ( sys-libs/zlib )
+"
+DEPEND="
+	${CDEPEND}
+	app-arch/xz-utils
+	virtual/pkgconfig
+	nls? (
+		>=app-text/po4a-0.45
+		sys-devel/gettext
+	)
+"
+RDEPEND="
+	${CDEPEND}
+	selinux? ( sec-policy/selinux-mandb )
+"
+PDEPEND="manpager? ( app-text/manpager )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.8.0-libseccomp_automagic.patch"
+)
+
+pkg_setup() {
+	# Create user now as Makefile in src_install does setuid/chown
+	enewgroup man 15
+	enewuser man 13 -1 /usr/share/man man
+
+	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150
+		ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings"
+	fi
+}
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+src_configure() {
+	export ac_cv_lib_z_gzopen=$(usex zlib)
+	local myeconfargs=(
+		--docdir='$(datarootdir)'/doc/${PF}
+		--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
+		--enable-setuid
+		--enable-cache-owner=man
+		--with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x"
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		# fails to show any man page with this error message:
+		# man: /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE: Bad system call
+		# This will be made optional or hard enabled once the issue has been resolved.
+		--without-libseccomp
+		--with-db=$(usex gdbm gdbm $(usex berkdb db gdbm))
+	)
+	econf "${myeconfargs[@]}"
+
+	# Disable color output from groff so that the manpager can add it. #184604
+	sed -i \
+		-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
+		src/man_db.conf || die
+}
+
+src_install() {
+	default
+	dodoc docs/{HACKING,TODO}
+	prune_libtool_files
+
+	exeinto /etc/cron.daily
+	newexe "${FILESDIR}"/man-db.cron man-db #289884
+}
+
+pkg_preinst() {
+	local cachedir="${EROOT}var/cache/man"
+	# If the system was already exploited, and the attacker is hiding in the
+	# cachedir of the old man-db, let's wipe them out.
+	# see bug  #602588 comment 18
+	local _replacing_version=
+	local _setgid_vuln=0
+	for _replacing_version in ${REPLACING_VERSIONS}; do
+		if version_is_at_least '2.7.6.1-r2' "${_replacing_version}"; then
+			debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
+		else
+			_setgid_vuln=1
+			debug-print "Applying cleanup for security bug #602588"
+		fi
+	done
+	[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
+
+	# Fall back to recreating the cachedir
+	if [[ ! -d ${cachedir} ]] ; then
+		mkdir -p "${cachedir}" || die
+		chown man:man "${cachedir}" || die
+	fi
+
+	# Update the whatis cache
+	if [[ -f ${cachedir}/whatis ]] ; then
+		einfo "Cleaning ${cachedir} from sys-apps/man"
+		find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
+	fi
+}
+
+pkg_postinst() {
+	if [[ $(get_version_component_range 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then
+		einfo "Rebuilding man-db from scratch with new database format!"
+		mandb --quiet --create
+	fi
+}