Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-arch/xz-utils
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2022-10-28 00:45:28 +0100
committerSam James <sam@gentoo.org>2022-10-28 00:45:35 +0100
commit6309018d86592266bc155c842411afbe52cfb9f9 (patch)
tree1f3f6986b5b3eb75871717336a105508c2898e9b /app-arch/xz-utils
parentapp-arch/xz-utils: tests now work for USE=-extra-filters (diff)
downloadgentoo-6309018d86592266bc155c842411afbe52cfb9f9.tar.gz
gentoo-6309018d86592266bc155c842411afbe52cfb9f9.tar.bz2
gentoo-6309018d86592266bc155c842411afbe52cfb9f9.zip
app-arch/xz-utils: drop 5.2.5-r2
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-arch/xz-utils')
-rw-r--r--app-arch/xz-utils/Manifest2
-rw-r--r--app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch88
-rw-r--r--app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild118
3 files changed, 0 insertions, 208 deletions
diff --git a/app-arch/xz-utils/Manifest b/app-arch/xz-utils/Manifest
index 936e5967dbf7..57102074750a 100644
--- a/app-arch/xz-utils/Manifest
+++ b/app-arch/xz-utils/Manifest
@@ -1,5 +1,3 @@
-DIST xz-5.2.5.tar.gz 1791345 BLAKE2B aded57324e129572c41646b3cc3b0b59a459452d9338d9245663b63dac2a463fb1f1b2b1d2d4ad3c09cb71fb8439df52cd94f24db99e782fc899b94a288a3043 SHA512 7443674247deda2935220fbc4dfc7665e5bb5a260be8ad858c8bd7d7b9f0f868f04ea45e62eb17c0a5e6a2de7c7500ad2d201e2d668c48ca29bd9eea5a73a3ce
-DIST xz-5.2.5.tar.gz.sig 566 BLAKE2B 8b40d8d7913eaebe2595ea41a735d972d1969d8b58f42b2bee6591b51e2e626473fc85d64f1bbbff3cba6b0e1b4423556d6ddaf16f646ccc18ba1bad5cf45d83 SHA512 3aa21484bef0282ed0b83e3fcd5cf3d87bf51fa68e24d55bb11f91bc96f0ac29f468949bc4c8cc20fbd6ad12f5735686fe09ee42efe2b8d728010da9668aa5a9
DIST xz-5.2.6.tar.gz 2069602 BLAKE2B 3cc160dc76944ad2a181fbfb23ce386dbbd04e75bbeb0b159aaaf82e2e8157ea8b2bb80b216d79a7c25339bfbd13bd9d8c261789829cc7c3cb86fc893a7b4b94 SHA512 090958dd6c202c989746686094c86707ad4ae835026640080fc0a9d0fad699821b7d5cb3a67e6700661a0938818ba153662366f89ab8ec47e0bae4a3fe9b1961
DIST xz-5.2.6.tar.gz.sig 566 BLAKE2B 7c6114d93b4e3c8553108da3985029fc4585bfea5d72fc5028024221e91cc43c3b6cd3b7d169e4c8afed445a6beef7c255ef8420c5266a22ee9449a57cacec5d SHA512 50a1ac0f8f87f8c04c25c69870ba054094abf20b668bdecd42ed247a2eff24b8e52178b6442da84c125a9401a6f98d40ca76b27453833a30807c83128ab70eee
DIST xz-5.2.7.tar.gz 2105803 BLAKE2B 5363c5d0403e041c6d2e35b5d3321feeb8e63b8556496373c820975850b50e28e0da903446a49ba516fd9f40e0101dd39cfa9a9b8dd143c9849c84a715bb5d7b SHA512 06329fdbd1d897aa99dc96900c6246457288c586d02bb4869a92dd2f97973f95acb3a2fa9598a20613ea029f816836a8e3b65e36fec2b807b5e7553141429ab9
diff --git a/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch b/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
deleted file mode 100644
index 7293a982c269..000000000000
--- a/app-arch/xz-utils/files/xz-utils-5.2.5-xzgrep-ZDI-CAN-16587.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-https://bugs.gentoo.org/837155
-https://git.tukaani.org/?p=xz.git;a=commitdiff;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6;hp=bd93b776c1bd15e90661033c918cdeb354dbcc38
-
-From: Lasse Collin <lasse.collin@tukaani.org>
-Date: Tue, 29 Mar 2022 19:19:12 +0300
-Subject: [PATCH 1/1] xzgrep: Fix escaping of malicious filenames
- (ZDI-CAN-16587).
-
-Malicious filenames can make xzgrep to write to arbitrary files
-or (with a GNU sed extension) lead to arbitrary code execution.
-
-xzgrep from XZ Utils versions up to and including 5.2.5 are
-affected. 5.3.1alpha and 5.3.2alpha are affected as well.
-This patch works for all of them.
-
-This bug was inherited from gzip's zgrep. gzip 1.12 includes
-a fix for zgrep.
-
-The issue with the old sed script is that with multiple newlines,
-the N-command will read the second line of input, then the
-s-commands will be skipped because it's not the end of the
-file yet, then a new sed cycle starts and the pattern space
-is printed and emptied. So only the last line or two get escaped.
-
-One way to fix this would be to read all lines into the pattern
-space first. However, the included fix is even simpler: All lines
-except the last line get a backslash appended at the end. To ensure
-that shell command substitution doesn't eat a possible trailing
-newline, a colon is appended to the filename before escaping.
-The colon is later used to separate the filename from the grep
-output so it is fine to add it here instead of a few lines later.
-
-The old code also wasn't POSIX compliant as it used \n in the
-replacement section of the s-command. Using \<newline> is the
-POSIX compatible method.
-
-LC_ALL=C was added to the two critical sed commands. POSIX sed
-manual recommends it when using sed to manipulate pathnames
-because in other locales invalid multibyte sequences might
-cause issues with some sed implementations. In case of GNU sed,
-these particular sed scripts wouldn't have such problems but some
-other scripts could have, see:
-
- info '(sed)Locale Considerations'
-
-This vulnerability was discovered by:
-cleemy desu wayo working with Trend Micro Zero Day Initiative
-
-Thanks to Jim Meyering and Paul Eggert discussing the different
-ways to fix this and for coordinating the patch release schedule
-with gzip.
---- a/src/scripts/xzgrep.in
-+++ b/src/scripts/xzgrep.in
-@@ -180,22 +180,26 @@ for i; do
- { test $# -eq 1 || test $no_filename -eq 1; }; then
- eval "$grep"
- else
-+ # Append a colon so that the last character will never be a newline
-+ # which would otherwise get lost in shell command substitution.
-+ i="$i:"
-+
-+ # Escape & \ | and newlines only if such characters are present
-+ # (speed optimization).
- case $i in
- (*'
- '* | *'&'* | *'\'* | *'|'*)
-- i=$(printf '%s\n' "$i" |
-- sed '
-- $!N
-- $s/[&\|]/\\&/g
-- $s/\n/\\n/g
-- ');;
-+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
- esac
-- sed_script="s|^|$i:|"
-+
-+ # $i already ends with a colon so don't add it here.
-+ sed_script="s|^|$i|"
-
- # Fail if grep or sed fails.
- r=$(
- exec 4>&1
-- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&-
-+ (eval "$grep" 4>&-; echo $? >&4) 3>&- |
-+ LC_ALL=C sed "$sed_script" >&3 4>&-
- ) || r=2
- exit $r
- fi >&3 5>&-
diff --git a/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild b/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
deleted file mode 100644
index 752953853e1d..000000000000
--- a/app-arch/xz-utils/xz-utils-5.2.5-r2.ebuild
+++ /dev/null
@@ -1,118 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# Remember: we cannot leverage autotools in this ebuild in order
-# to avoid circular deps with autotools
-
-EAPI=7
-
-inherit libtool multilib multilib-minimal preserve-libs usr-ldscript
-
-if [[ ${PV} == 9999 ]] ; then
- EGIT_REPO_URI="https://git.tukaani.org/xz.git"
- inherit git-r3 autotools
-
- # bug #272880 and bug #286068
- BDEPEND="sys-devel/gettext >=sys-devel/libtool-2"
-else
- VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/lassecollin.asc
- inherit verify-sig
-
- MY_P="${PN/-utils}-${PV/_}"
- SRC_URI="https://tukaani.org/xz/${MY_P}.tar.gz"
- SRC_URI+=" verify-sig? ( https://tukaani.org/xz/${MY_P}.tar.gz.sig )"
-
- if [[ ${PV} != *_alpha* ]] && [[ ${PV} != *_beta* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
- fi
- S="${WORKDIR}/${MY_P}"
-fi
-
-DESCRIPTION="Utils for managing LZMA compressed files"
-HOMEPAGE="https://tukaani.org/xz/"
-
-# See top-level COPYING file as it outlines the various pieces and their licenses.
-LICENSE="public-domain LGPL-2.1+ GPL-2+"
-SLOT="0"
-IUSE="+extra-filters nls static-libs"
-
-RDEPEND="!<app-arch/lzma-4.63
- !<app-arch/p7zip-4.57
- !<app-i18n/man-pages-de-2.16"
-DEPEND="${RDEPEND}"
-BDEPEND="verify-sig? ( sec-keys/openpgp-keys-lassecollin )"
-
-# Tests currently do not account for smaller feature set
-RESTRICT="!extra-filters? ( test )"
-
-PATCHES=(
- "${FILESDIR}"/${P}-xzgrep-ZDI-CAN-16587.patch
-)
-
-src_prepare() {
- default
-
- if [[ ${PV} == 9999 ]] ; then
- eautopoint
- eautoreconf
- else
- # Allow building shared libs on Solaris/x64
- elibtoolize
- fi
-}
-
-multilib_src_configure() {
- local myconf=(
- --enable-threads
- $(use_enable nls)
- $(use_enable static-libs static)
- )
-
- if ! multilib_is_native_abi ; then
- myconf+=(
- --disable-{xz,xzdec,lzmadec,lzmainfo,lzma-links,scripts}
- )
- fi
-
- if ! use extra-filters ; then
- myconf+=(
- # LZMA1 + LZMA2 for standard .lzma & .xz files
- --enable-encoders=lzma1,lzma2
- --enable-decoders=lzma1,lzma2
-
- # those are used by default, depending on preset
- --enable-match-finders=hc3,hc4,bt4
-
- # CRC64 is used by default, though some (old?) files use CRC32
- --enable-checks=crc32,crc64
- )
- fi
-
- if [[ ${CHOST} == *-solaris* ]] ; then
- export gl_cv_posix_shell="${EPREFIX}"/bin/sh
-
- # Undo Solaris-based defaults pointing to /usr/xpg5/bin
- myconf+=( --disable-path-for-script )
- fi
-
- ECONF_SOURCE="${S}" econf "${myconf[@]}"
-}
-
-multilib_src_install() {
- default
-
- gen_usr_ldscript -a lzma
-}
-
-multilib_src_install_all() {
- find "${ED}" -type f -name '*.la' -delete || die
- rm "${ED}"/usr/share/doc/${PF}/COPYING* || die
-}
-
-pkg_preinst() {
- preserve_old_lib /usr/$(get_libdir)/liblzma$(get_libname 0)
-}
-
-pkg_postinst() {
- preserve_old_lib_notify /usr/$(get_libdir)/liblzma$(get_libname 0)
-}