From 331976f64a3ac2e70aa62d6631db0e148f19d0fe Mon Sep 17 00:00:00 2001
From: Thomas Deutschmann <whissi@gentoo.org>
Date: Tue, 12 Jun 2018 10:17:44 +0200
Subject: sys-apps/file: Avoid reading past the end of buffer (CVE-2018-10360)

Bug: https://bugs.gentoo.org/657930
Package-Manager: Portage-2.3.40, Repoman-2.3.9
---
 sys-apps/file/file-5.33-r2.ebuild                  | 127 +++++++++++++++++++++
 sys-apps/file/files/file-5.33-CVE-2018-10360.patch |  18 +++
 2 files changed, 145 insertions(+)
 create mode 100644 sys-apps/file/file-5.33-r2.ebuild
 create mode 100644 sys-apps/file/files/file-5.33-CVE-2018-10360.patch

(limited to 'sys-apps')

diff --git a/sys-apps/file/file-5.33-r2.ebuild b/sys-apps/file/file-5.33-r2.ebuild
new file mode 100644
index 000000000000..4537ffb58aa8
--- /dev/null
+++ b/sys-apps/file/file-5.33-r2.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} pypy )
+DISTUTILS_OPTIONAL=1
+
+inherit distutils-r1 libtool ltprune toolchain-funcs multilib-minimal
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit autotools git-r3
+else
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="python static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	python? ( !dev-python/python-magic )"
+
+PATCHES=( "${FILESDIR}"/${P}-CVE-2018-10360.patch )
+
+src_prepare() {
+	default
+
+	[[ ${PV} == "9999" ]] && eautoreconf
+	elibtoolize
+
+	# don't let python README kill main README #60043
+	mv python/README{,.python} || die
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--disable-libseccomp
+		--enable-fsect-man5
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+src_configure() {
+	# when cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions #362941
+	if tc-is-cross-compiler && ! ROOT=/ has_version ~${CATEGORY}/${P} ; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		tc-export_build_env BUILD_C{C,XX}
+		ECONF_SOURCE=${S} \
+		ac_cv_header_zlib_h=no \
+		ac_cv_lib_z_gzopen=no \
+		CHOST=${CBUILD} \
+		CFLAGS=${BUILD_CFLAGS} \
+		CXXFLAGS=${BUILD_CXXFLAGS} \
+		CPPFLAGS=${BUILD_CPPFLAGS} \
+		LDFLAGS="${BUILD_LDFLAGS} -static" \
+		CC=${BUILD_CC} \
+		CXX=${BUILD_CXX} \
+		econf --disable-shared --disable-libseccomp
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		cd src || die
+		emake magic.h #586444
+		emake libmagic.la
+	fi
+}
+
+src_compile() {
+	if tc-is-cross-compiler && ! ROOT=/ has_version "~${CATEGORY}/${P}" ; then
+		emake -C "${WORKDIR}"/build/src magic.h #586444
+		emake -C "${WORKDIR}"/build/src file
+		PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT README
+
+	# Required for `file -C`
+	dodir /usr/share/misc/magic
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+	prune_libtool_files
+}
diff --git a/sys-apps/file/files/file-5.33-CVE-2018-10360.patch b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
new file mode 100644
index 000000000000..a489846b10f8
--- /dev/null
+++ b/sys-apps/file/files/file-5.33-CVE-2018-10360.patch
@@ -0,0 +1,18 @@
+Avoid reading past the end of buffer
+
+CVE-2018-10360
+
+https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
+ 
+ 				cname = (unsigned char *)
+ 				    &nbuf[doff + prpsoffsets(i)];
+-				for (cp = cname; *cp && isprint(*cp); cp++)
++				for (cp = cname; cp < nbuf + size && *cp
++				    && isprint(*cp); cp++)
+ 					continue;
+ 				/*
+ 				 * Linux apparently appends a space at the end
-- 
cgit v1.2.3-65-gdbad