diff options
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/man-db/Manifest | 1 | ||||
-rw-r--r-- | sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch | 44 | ||||
-rw-r--r-- | sys-apps/man-db/man-db-2.9.3-r1.ebuild | 162 | ||||
-rw-r--r-- | sys-apps/man-db/man-db-2.9.3-r2.ebuild | 200 |
4 files changed, 0 insertions, 407 deletions
diff --git a/sys-apps/man-db/Manifest b/sys-apps/man-db/Manifest index b8b41064b44c..1125c257db2f 100644 --- a/sys-apps/man-db/Manifest +++ b/sys-apps/man-db/Manifest @@ -1,2 +1 @@ -DIST man-db-2.9.3.tar.xz 1885840 BLAKE2B 6163660af60a2900220d7b1de74caa9cb9e5764cc5da20469a8fb08e19ee1948937916664fdc493b89da8fd829aa512877892245fabc00fb586c7754c0da3d53 SHA512 ca1c1214753483f6e22efe69a9df9852e0de01a9ad3b9950dcbbc9f38e6060100b98a84333256f8c734002e66e2fd6256bc017a31bd9acfc42002dca2c0f879b DIST man-db-2.9.4.tar.xz 1909020 BLAKE2B 43427e851f0e661ca1cee55211dd7636f4ffde067c75de7715f525029b22c205728f8e86ac49abff60e47a4a4c9e1fbd78e2c87e70bd37778b88594a3897275f SHA512 169f091dd0a1d0dbd1583366f8257afb8f57e030d0f7d4213c14ce0b1fc5debf8b9cf2731de503830cb2826b3a22b3cff7da993d44ec18557935bd293529133c diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch deleted file mode 100644 index 0da1b2c5b2b7..000000000000 --- a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001 -From: "S. Gilles" <sgilles@umd.edu> -Date: Wed, 12 Aug 2020 16:40:07 -0400 -Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks - -libcs such as musl expect ENOSYS to be returned (not EPERM) in their -fallback code, so change the seccomp filter to be more agreeable to -them. - -At the same time, clock_gettime is permitted in the filter, so permit -clock_gettime64 as well -- it will be needed by 2038 in any case. - -* lib/sandbox.c (make_seccomp_filter): Set default action to -SCMP_ACT_ERRNO (ENOSYS). Allow clock_gettime64. -* NEWS: Document this. ---- - NEWS | 9 +++++++++ - lib/sandbox.c | 3 ++- - 2 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/lib/sandbox.c b/lib/sandbox.c -index 21ec28aa..d934a0f9 100644 ---- a/lib/sandbox.c -+++ b/lib/sandbox.c -@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) - ; - - debug ("initialising seccomp filter (permissive: %d)\n", permissive); -- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM)); -+ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS)); - if (!ctx) - error (FATAL, errno, "can't initialise seccomp filter"); - -@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) - /* systemd: SystemCallFilter=@default */ - SC_ALLOW ("clock_getres"); - SC_ALLOW ("clock_gettime"); -+ SC_ALLOW ("clock_gettime64"); - SC_ALLOW ("clock_nanosleep"); - SC_ALLOW ("execve"); - SC_ALLOW ("exit"); --- -cgit v1.2.1 - diff --git a/sys-apps/man-db/man-db-2.9.3-r1.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild deleted file mode 100644 index 2dc1438844d8..000000000000 --- a/sys-apps/man-db/man-db-2.9.3-r1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd - -DESCRIPTION="a man replacement that utilizes berkdb instead of flat files" -HOMEPAGE="http://www.nongnu.org/man-db/" -if [[ "${PV}" = 9999* ]] ; then - inherit autotools git-r3 - EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git" -else - SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" -fi - -LICENSE="GPL-3" -SLOT="0" -IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib" - -CDEPEND=" - !sys-apps/man - >=dev-libs/libpipeline-1.5.0 - sys-apps/groff - gdbm? ( sys-libs/gdbm:= ) - !gdbm? ( berkdb? ( sys-libs/db:= ) ) - !berkdb? ( !gdbm? ( sys-libs/gdbm:= ) ) - seccomp? ( sys-libs/libseccomp ) - zlib? ( sys-libs/zlib ) -" -DEPEND="${CDEPEND}" -BDEPEND=" - app-arch/xz-utils - virtual/pkgconfig - nls? ( - >=app-text/po4a-0.45 - sys-devel/gettext - ) -" -RDEPEND=" - ${CDEPEND} - acct-group/man - acct-user/man - selinux? ( sec-policy/selinux-mandb ) -" -PDEPEND="manpager? ( app-text/manpager )" - -PATCHES=( - "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch - "${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch -) - -pkg_setup() { - if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150 - ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings" - fi -} - -src_unpack() { - if [[ "${PV}" == *9999 ]] ; then - git-r3_src_unpack - - # We need to mess with gnulib :-/ - EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \ - EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \ - git-r3_src_unpack - else - default - fi -} - -src_prepare() { - default - if [[ "${PV}" == *9999 ]] ; then - local bootstrap_opts=( - --gnulib-srcdir=../gnulib - --no-bootstrap-sync - --copy - --no-git - ) - AUTORECONF="/bin/true" \ - LIBTOOLIZE="/bin/true" \ - sh ./bootstrap "${bootstrap_opts[@]}" || die - - eautoreconf - fi -} - -src_configure() { - export ac_cv_lib_z_gzopen=$(usex zlib) - local myeconfargs=( - --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" - --disable-setuid #662438 - --enable-cache-owner=man - --with-sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o 1x 2x 3x 4x 5x 6x 7x 8x" - $(use_enable nls) - $(use_enable static-libs static) - $(use_with seccomp libseccomp) - --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm)) - ) - econf "${myeconfargs[@]}" - - # Disable color output from groff so that the manpager can add it. #184604 - sed -i \ - -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \ - src/man_db.conf || die - - cat > 15man-db <<-EOF || die - SANDBOX_PREDICT="/var/cache/man" - EOF -} - -src_install() { - default - dodoc docs/{HACKING,TODO} - find "${ED}" -type f -name "*.la" -delete || die - - exeinto /etc/cron.daily - newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884 - - insinto /etc/sandbox.d - doins 15man-db -} - -pkg_preinst() { - local cachedir="${EROOT}/var/cache/man" - # If the system was already exploited, and the attacker is hiding in the - # cachedir of the old man-db, let's wipe them out. - # see bug #602588 comment 18 - local _replacing_version= - local _setgid_vuln=0 - for _replacing_version in ${REPLACING_VERSIONS}; do - if ver_test '2.7.6.1-r2' -le "${_replacing_version}"; then - debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!" - else - _setgid_vuln=1 - debug-print "Applying cleanup for security bug #602588" - fi - done - [[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}" - - # Fall back to recreating the cachedir - if [[ ! -d ${cachedir} ]] ; then - mkdir -p "${cachedir}" || die - chown man:man "${cachedir}" || die - fi - - # Update the whatis cache - if [[ -f ${cachedir}/whatis ]] ; then - einfo "Cleaning ${cachedir} from sys-apps/man" - find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete - fi -} - -pkg_postinst() { - if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then - einfo "Rebuilding man-db from scratch with new database format!" - su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null - fi -} diff --git a/sys-apps/man-db/man-db-2.9.3-r2.ebuild b/sys-apps/man-db/man-db-2.9.3-r2.ebuild deleted file mode 100644 index fc6eaf54888c..000000000000 --- a/sys-apps/man-db/man-db-2.9.3-r2.ebuild +++ /dev/null @@ -1,200 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd prefix - -DESCRIPTION="a man replacement that utilizes berkdb instead of flat files" -HOMEPAGE="http://www.nongnu.org/man-db/" -if [[ "${PV}" = 9999* ]] ; then - inherit autotools git-r3 - EGIT_REPO_URI="https://git.savannah.gnu.org/git/man-db.git" -else - SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -fi - -LICENSE="GPL-3" -SLOT="0" -IUSE="berkdb +gdbm +manpager nls +seccomp selinux static-libs zlib" - -CDEPEND=" - !sys-apps/man - >=dev-libs/libpipeline-1.5.0 - sys-apps/groff - gdbm? ( sys-libs/gdbm:= ) - !gdbm? ( berkdb? ( sys-libs/db:= ) ) - !berkdb? ( !gdbm? ( sys-libs/gdbm:= ) ) - seccomp? ( sys-libs/libseccomp ) - zlib? ( sys-libs/zlib ) -" -DEPEND="${CDEPEND}" -BDEPEND=" - app-arch/xz-utils - virtual/pkgconfig - nls? ( - >=app-text/po4a-0.45 - sys-devel/gettext - virtual/libiconv - virtual/libintl - ) -" -RDEPEND=" - ${CDEPEND} - acct-group/man - acct-user/man - selinux? ( sec-policy/selinux-mandb ) -" -PDEPEND="manpager? ( app-text/manpager )" - -PATCHES=( - "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch - "${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch - "${FILESDIR}"/man-db-2.9.3-darwin-libdb-intl.patch -) - -pkg_setup() { - if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150 - ewarn "Defaulting to USE=gdbm due to ambiguous berkdb/gdbm USE flag settings" - fi -} - -src_unpack() { - if [[ "${PV}" == *9999 ]] ; then - git-r3_src_unpack - - # We need to mess with gnulib :-/ - EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \ - EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \ - git-r3_src_unpack - else - default - fi -} - -src_prepare() { - default - if [[ "${PV}" == *9999 ]] ; then - local bootstrap_opts=( - --gnulib-srcdir=../gnulib - --no-bootstrap-sync - --copy - --no-git - ) - AUTORECONF="/bin/true" \ - LIBTOOLIZE="/bin/true" \ - sh ./bootstrap "${bootstrap_opts[@]}" || die - - eautoreconf - fi - - hprefixify src/man_db.conf.in - if use prefix ; then - { - echo "#" - echo "# Added settings for Gentoo Prefix" - [[ ${CHOST} == *-darwin* ]] && \ - echo "MANDATORY_MANPATH ${EPREFIX}/MacOSX.sdk/usr/share/man" - echo "MANDATORY_MANPATH /usr/share/man" - } >> src/man_db.conf.in - fi -} - -src_configure() { - # set sections we want to search by default - local sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o" - sections+=" 1x 2x 3x 4x 5x 6x 7x 8x" - case ${CHOST} in - *-solaris*) - # Solaris tends to use sections named after the pkgs that - # owns them, in particular for libc functions we want those - # sections - local s - for s in $(cd /usr/share/man/ && echo man*) ; do - s=${s#man} - [[ " ${sections} " != *" ${s} "* ]] && sections+=" ${s}" - done - ;; - esac - - export ac_cv_lib_z_gzopen=$(usex zlib) - local myeconfargs=( - --with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" - --disable-setuid #662438 - --enable-cache-owner=man - --with-sections="${sections}" - $(use_enable nls) - $(use_enable static-libs static) - $(use_with seccomp libseccomp) - --with-db=$(usex gdbm gdbm $(usex berkdb db gdbm)) - ) - case ${CHOST} in - *-solaris*|*-darwin*) - myeconfargs+=( - $(use_with nls libiconv-prefix ${EPREFIX}/usr) - $(use_with nls libintl-prefix ${EPREFIX}/usr) - ) - ;; - esac - econf "${myeconfargs[@]}" - - # Disable color output from groff so that the manpager can add it. #184604 - sed -i \ - -e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \ - src/man_db.conf || die - - cat > 15man-db <<-EOF || die - SANDBOX_PREDICT="/var/cache/man" - EOF -} - -src_install() { - default - dodoc docs/{HACKING,TODO} - find "${ED}" -type f -name "*.la" -delete || die - - exeinto /etc/cron.daily - newexe "${FILESDIR}"/man-db.cron-r1 man-db #289884 - - insinto /etc/sandbox.d - doins 15man-db -} - -pkg_preinst() { - local cachedir="${EROOT}/var/cache/man" - # If the system was already exploited, and the attacker is hiding in the - # cachedir of the old man-db, let's wipe them out. - # see bug #602588 comment 18 - local _replacing_version= - local _setgid_vuln=0 - for _replacing_version in ${REPLACING_VERSIONS}; do - if ver_test '2.7.6.1-r2' -le "${_replacing_version}"; then - debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!" - else - _setgid_vuln=1 - debug-print "Applying cleanup for security bug #602588" - fi - done - [[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}" - - # Fall back to recreating the cachedir - if [[ ! -d ${cachedir} ]] ; then - mkdir -p "${cachedir}" || die - chown man:man "${cachedir}" || die - fi - - # Update the whatis cache - if [[ -f ${cachedir}/whatis ]] ; then - einfo "Cleaning ${cachedir} from sys-apps/man" - find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete - fi -} - -pkg_postinst() { - if [[ $(ver_cut 2 ${REPLACING_VERSIONS}) -lt 7 ]] ; then - einfo "Rebuilding man-db from scratch with new database format!" - su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null - fi -} |