From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1029928-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C0BD7138334
	for <garchives@archives.gentoo.org>; Tue, 12 Jun 2018 08:18:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B7A83E0882;
	Tue, 12 Jun 2018 08:18:16 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6D512E0882
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Jun 2018 08:18:16 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E9174335C89
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Jun 2018 08:18:14 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 9D0E02AF
	for <gentoo-commits@lists.gentoo.org>; Tue, 12 Jun 2018 08:18:13 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1528791483.331976f64a3ac2e70aa62d6631db0e148f19d0fe.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/file/, sys-apps/file/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/file/file-5.33-r2.ebuild sys-apps/file/files/file-5.33-CVE-2018-10360.patch
X-VCS-Directories: sys-apps/file/files/ sys-apps/file/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: 331976f64a3ac2e70aa62d6631db0e148f19d0fe
X-VCS-Branch: master
Date: Tue, 12 Jun 2018 08:18:13 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: f86ba79a-3d0f-413a-a3c9-e54f9c90604c
X-Archives-Hash: 95fc8b57312ecc7fa8c5b79e7f13a493

commit:     331976f64a3ac2e70aa62d6631db0e148f19d0fe
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 12 08:17:44 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 12 08:18:03 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=331976f6

sys-apps/file: Avoid reading past the end of buffer (CVE-2018-10360)

Bug: https://bugs.gentoo.org/657930
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-apps/file/file-5.33-r2.ebuild                  | 127 +++++++++++++++++++++
 sys-apps/file/files/file-5.33-CVE-2018-10360.patch |  18 +++
 2 files changed, 145 insertions(+)

diff --git a/sys-apps/file/file-5.33-r2.ebuild b/sys-apps/file/file-5.33-r2.ebuild
new file mode 100644
index 00000000000..4537ffb58aa
--- /dev/null
+++ b/sys-apps/file/file-5.33-r2.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+DISTUTILS_OPTIONAL=1
+
+inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit autotools git-r3
+else
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="python static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	python? ( !dev-python/python-magic )"
+
+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch )
+
+src_prepare() {
+	default
+
+	[[ ${PV} == "9999" ]] && eautoreconf
+	elibtoolize
+
+	# don't let python README kill main README #60043
+	mv python/README{,.python} || die
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--disable-libseccomp
+		--enable-fsect-man5
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+src_configure() {
+	# when cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions #362941
+	if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		tc-export_build_env BUILD_C{C,XX}
+		ECONF_SOURCE=${S} \
+		ac_cv_header_zlib_h=no \
+		ac_cv_lib_z_gzopen=no \
+		CHOST=${CBUILD} \
+		CFLAGS=${BUILD_CFLAGS} \
+		CXXFLAGS=${BUILD_CXXFLAGS} \
+		CPPFLAGS=${BUILD_CPPFLAGS} \
+		LDFLAGS="${BUILD_LDFLAGS} -static" \
+		CC=${BUILD_CC} \
+		CXX=${BUILD_CXX} \
+		econf --disable-shared --disable-libseccomp
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		cd src || die
+		emake magic.h #586444
+		emake libmagic.la
+	fi
+}
+
+src_compile() {
+	if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then
+		emake -C "${WORKDIR}"/build/src magic.h #586444
+		emake -C "${WORKDIR}"/build/src file
+		PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT README
+
+	# Required for `file -C`
+	dodir /usr/share/misc/magic
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+	prune_libtool_files
+}

diff --git a/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
new file mode 100644
index 00000000000..a489846b10f
--- /dev/null
+++ b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
@@ -0,0 +1,18 @@
+Avoid reading past the end of buffer
+
+CVE-2018-10360
+
+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end