From 46e2330f712a1c60bed71abc25eea1f4f499f150 Mon Sep 17 00:00:00 2001 From: Tony Vroon Date: Tue, 13 Apr 2021 20:16:21 +0100 Subject: app-arch/rpm: Version bump to 4.16.1.3 Switch to new crypto provider libgcrypt, as NSS is deprecated. As flagged up by Sam James in bug #780684. This has potential to address some test suite failures, but even with -usersandbox I still drown in a sea of: mktemp: failed to create file via template '/var/tmp/portage/app-arch/rpm-4.16.1.3/temp/rpmXXXXXX': No such file or directory Addresses CVE-2021-20271, a security vulnerability in the signature check functionality. Also addresses undisclosed vulnerability CVE-2021-3421. As flagged up by John "ajak" Helmert III in bug #778533 Bug: https://bugs.gentoo.org/778533 Closes: https://bugs.gentoo.org/780684 Signed-Off-By: Tony Vroon Package-Manager: Portage-3.0.17, Repoman-3.0.2 --- app-arch/rpm/Manifest | 1 + app-arch/rpm/files/rpm-4.16.1.3-libdir.patch | 34 ++++++ app-arch/rpm/rpm-4.16.1.3.ebuild | 148 +++++++++++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 app-arch/rpm/files/rpm-4.16.1.3-libdir.patch create mode 100644 app-arch/rpm/rpm-4.16.1.3.ebuild (limited to 'app-arch') diff --git a/app-arch/rpm/Manifest b/app-arch/rpm/Manifest index 08fa264efdf5..4209654a2059 100644 --- a/app-arch/rpm/Manifest +++ b/app-arch/rpm/Manifest @@ -1,2 +1,3 @@ DIST rpm-4.14.2.1.tar.bz2 4156574 BLAKE2B 2eb0cf621eecef7d8977d28d52be922156ceb64b14d2aefda0f5a927b90cf3d3e9c055d773e05ed52422254397153b79557dc94bdb43ca28a2ea126153a43c1f SHA512 0aad457f91918904c15649a1764ce7cbfaf38e083678031286e866f7997be0435a6b7b73596706d97e9263cff7b4df4a3150b142d81e6e3fddbfcf67bd83f990 DIST rpm-4.16.0.tar.bz2 4341683 BLAKE2B 5161e5dcc6d9a1f1d4b8e44740fb368050b808fd9e8b8276fb17b530a4642e1b9ad104b5a30c0071215aef7f823eeab10988dd41f73af1c52d575529c374b5eb SHA512 177119c3ac3d48980db55bb4ba0fdbb2a911968e5efc690bfa8cc343f850fc90531cc0dee6dd8e45d2b14f0d951ced35bd8893d24011b7f270745d281ddf4e3d +DIST rpm-4.16.1.3.tar.bz2 4354652 BLAKE2B 10013014bdeaf908b64c90f8e76f1d4b0cd0e8cb926f0cd979d7b1e1963b9a25c5b98531deea7e74e00168e2e6349f443fa4578c69c717ca1ab5e6b79d801f3a SHA512 54e503b32dffaa73d6168f26a00220d9d9124082d8a1eb1ddf34ce32a482f07cb06ec654cf065fca1607cc37b13fa7d4fa9895553541d7cfddecf68c9eb96f2e diff --git a/app-arch/rpm/files/rpm-4.16.1.3-libdir.patch b/app-arch/rpm/files/rpm-4.16.1.3-libdir.patch new file mode 100644 index 000000000000..a2c95ff064e2 --- /dev/null +++ b/app-arch/rpm/files/rpm-4.16.1.3-libdir.patch @@ -0,0 +1,34 @@ +diff -uNr rpm-4.16.1.3.ORIG/configure.ac rpm-4.16.1.3/configure.ac +--- rpm-4.16.1.3.ORIG/configure.ac 2021-04-13 19:32:35.630955569 +0100 ++++ rpm-4.16.1.3/configure.ac 2021-04-13 19:32:54.939623251 +0100 +@@ -957,13 +957,7 @@ + AC_DEFINE_UNQUOTED([RUNDIR],["${RUNDIR}"],[run-time variable directory]) + AC_SUBST(RUNDIR) + +-if test X"$prefix" = XNONE ; then +- usrprefix="$ac_default_prefix" +-else +- usrprefix=$prefix +-fi +- +-RPMCONFIGDIR="`echo ${usrprefix}/lib/rpm`" ++RPMCONFIGDIR="`echo ${libexecdir}/rpm/`" + AC_SUBST(RPMCONFIGDIR) + + AC_SUBST(OBJDUMP) +diff -uNr rpm-4.16.1.3.ORIG/rpm.am rpm-4.16.1.3/rpm.am +--- rpm-4.16.1.3.ORIG/rpm.am 2021-04-13 19:32:35.584956361 +0100 ++++ rpm-4.16.1.3/rpm.am 2021-04-13 19:32:54.940623234 +0100 +@@ -1,10 +1,8 @@ + # Internal binaries +-## HACK: It probably should be $(libexecdir)/rpm or $(libdir)/rpm +-rpmlibexecdir = $(prefix)/lib/rpm ++rpmlibexecdir = $(pkglibexecdir) + + # Host independent config files +-## HACK: it probably should be $(datadir)/rpm +-rpmconfigdir = $(prefix)/lib/rpm ++rpmconfigdir = $(pkglibexecdir) + + # Libtool version (current-revision-age) for all our libraries + rpm_version_info = 10:3:1 diff --git a/app-arch/rpm/rpm-4.16.1.3.ebuild b/app-arch/rpm/rpm-4.16.1.3.ebuild new file mode 100644 index 000000000000..32b827a153fc --- /dev/null +++ b/app-arch/rpm/rpm-4.16.1.3.ebuild @@ -0,0 +1,148 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +LUA_COMPAT=( lua5-2 ) +PYTHON_COMPAT=( python3_{7,8,9} ) + +inherit autotools flag-o-matic lua-single perl-module python-single-r1 toolchain-funcs + +DESCRIPTION="Red Hat Package Management Utils" +HOMEPAGE="https://rpm.org + https://github.com/rpm-software-management/rpm" +SRC_URI="http://ftp.rpm.org/releases/rpm-$(ver_cut 1-2).x/${P}.tar.bz2" + +LICENSE="GPL-2 LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" + +# Tests are broken. See bug 657500 +RESTRICT="test" + +IUSE="acl caps doc dbus lua nls openmp python selinux test +zstd" +REQUIRED_USE="lua? ( ${LUA_REQUIRED_USE} ) + python? ( ${PYTHON_REQUIRED_USE} )" + +CDEPEND="!app-arch/rpm5 + app-arch/libarchive + >=sys-libs/db-4.5:* + >=sys-libs/zlib-1.2.3-r1 + >=app-arch/bzip2-1.0.1 + >=dev-libs/popt-1.7 + >=app-crypt/gnupg-1.2 + dbus? ( sys-apps/dbus ) + dev-libs/elfutils + virtual/libintl + >=dev-lang/perl-5.8.8 + dev-libs/libgcrypt + python? ( ${PYTHON_DEPS} ) + nls? ( virtual/libintl ) + lua? ( ${LUA_DEPS} ) + acl? ( virtual/acl ) + caps? ( >=sys-libs/libcap-2.0 ) + zstd? ( app-arch/zstd ) +" +DEPEND="${CDEPEND} + nls? ( sys-devel/gettext ) + doc? ( app-doc/doxygen ) + virtual/pkgconfig + test? ( sys-apps/fakechroot ) +" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-rpm ) +" + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + use lua && lua-single_pkg_setup + use python && python-single-r1_pkg_setup + + # Added USE=openmp and this check for bug #779769 + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +src_prepare() { + eapply "${FILESDIR}"/${PN}-4.16.0-autotools.patch + eapply "${FILESDIR}"/${PN}-4.8.1-db-path.patch + eapply "${FILESDIR}"/${P}-libdir.patch + + # fix #356769 + sed -i 's:%{_var}/tmp:/var/tmp:' macros.in || die "Fixing tmppath failed" + # fix #492642 + sed -i "s:@__PYTHON@:${PYTHON}:" macros.in || die "Fixing %__python failed" + + eapply_user + eautoreconf + + # Prevent automake maintainer mode from kicking in (#450448). + touch -r Makefile.am preinstall.am +} + +src_configure() { + econf \ + --without-selinux \ + --with-crypto=libgcrypt \ + $(use_enable python) \ + $(use_enable nls) \ + $(use_enable openmp) \ + $(use_enable dbus inhibit-plugin) \ + $(use_with lua) \ + $(use_with caps cap) \ + $(use_with acl) \ + $(use_enable zstd zstd $(usex zstd yes no)) +} + +src_install() { + default + + # remove la files + find "${ED}" -name '*.la' -delete || die + + # fix symlinks to /bin/rpm (#349840) + for binary in rpmquery rpmverify;do + ln -sf rpm "${ED}"/usr/bin/${binary} || die + done + + if ! use nls; then + rm -rf "${ED}"/usr/share/man/?? || die + fi + + keepdir /usr/src/rpm/{SRPMS,SPECS,SOURCES,RPMS,BUILD} + + dodoc CREDITS README* + if use doc; then + for docname in librpm; do + docinto "html/${docname}" + dodoc -r "doc/${docname}/html/." + done + fi + + # Fix perllocal.pod file collision + perl_delete_localpod + + use python && python_optimize +} + +src_test() { + # Known to fail with FEATURES=usersandbox (bug #657500): + if has usersandbox $FEATURES ; then + ewarn "You are emerging ${P} with 'usersandbox' enabled." \ + "Expect some test failures or emerge with 'FEATURES=-usersandbox'!" + fi + + emake check +} + +pkg_postinst() { + if [[ -f "${EROOT}"/var/lib/rpm/Packages ]] ; then + einfo "RPM database found... Rebuilding database (may take a while)..." + "${EROOT}"/usr/bin/rpmdb --rebuilddb --root="${EROOT}/" || die + else + einfo "No RPM database found... Creating database..." + "${EROOT}"/usr/bin/rpmdb --initdb --root="${EROOT}/" || die + fi +} -- cgit v1.2.3-65-gdbad