From 5d41b6271b2f12f9cbe0b7acff0287a9dcff2efc Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Wed, 18 Nov 2020 16:33:42 -0600 Subject: [PATCH 1/7] libextractor: update to 1.10 Update for CVE-2019-15531 Closes: #26493 [via git-merge-pr] --- common/shlibs | 4 +- srcpkgs/libextractor/patches/exiv-0.27.patch | 127 ------------------- srcpkgs/libextractor/template | 6 +- 3 files changed, 5 insertions(+), 132 deletions(-) delete mode 100644 srcpkgs/libextractor/patches/exiv-0.27.patch diff --git a/common/shlibs b/common/shlibs index 98fc15ee985..41bc5f14e19 100644 --- a/common/shlibs +++ b/common/shlibs @@ -1733,8 +1733,8 @@ libGraphicsMagick++.so.12 libgraphicsmagick-1.3.22_1 libGraphicsMagickWand.so.2 libgraphicsmagick-1.3.19_1 liblensfun.so.1 lensfun-0.3.2_1 libmitlm.so.1 mitlm-0.4.2_1 -libextractor.so.3 libextractor-1.1_1 -libextractor_common.so.1 libextractor-1.1_1 +libextractor.so.2 libextractor-1.10_1 +libextractor_common.so.1 libextractor-1.10_1 libpano13.so.3 libpano13-2.9.19_1 libubsan.so.1 libsanitizer-8.2.0_1 libtsan.so.0 libsanitizer-6.3.0_1 diff --git a/srcpkgs/libextractor/patches/exiv-0.27.patch b/srcpkgs/libextractor/patches/exiv-0.27.patch deleted file mode 100644 index cfdb6426408..00000000000 --- a/srcpkgs/libextractor/patches/exiv-0.27.patch +++ /dev/null @@ -1,127 +0,0 @@ -From bbe21db4bf8face03adf0efd2eb18540582cb5ba Mon Sep 17 00:00:00 2001 -From: Andreas Sturmlechner -Date: Sun, 30 Dec 2018 00:46:57 +0100 -Subject: [PATCH] Fix build with exiv2-0.27 - ---- - src/plugins/exiv2_extractor.cc | 35 +++++++++++++++++++++++++++------- - 1 file changed, 28 insertions(+), 7 deletions(-) - -diff --git a/src/plugins/exiv2_extractor.cc b/src/plugins/exiv2_extractor.cc -index 8741d40..ef402a8 100644 ---- a/src/plugins/exiv2_extractor.cc -+++ b/src/plugins/exiv2_extractor.cc -@@ -27,10 +27,7 @@ - #include - #include - #include --#include --#include --#include --#include -+#include - - /** - * Enable debugging to get error messages. -@@ -180,7 +177,7 @@ public: - * - * @return -1 on error - */ --#if EXIV2_VERSION >= EXIV2_MAKE_VERSION(0,26,0) -+#if EXIV2_TEST_VERSION(0,26,0) - virtual size_t size (void) const; - #else - virtual long int size (void) const; -@@ -316,7 +313,11 @@ ExtractorIO::getb () - const unsigned char *r; - - if (1 != ec->read (ec->cls, &data, 1)) -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - r = (const unsigned char *) data; - return *r; - } -@@ -371,7 +372,11 @@ ExtractorIO::putb (Exiv2::byte data) - void - ExtractorIO::transfer (Exiv2::BasicIo& src) - { -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - } - - -@@ -416,7 +421,11 @@ ExtractorIO::seek (long offset, - Exiv2::byte * - ExtractorIO::mmap (bool isWritable) - { -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - } - - -@@ -449,7 +458,7 @@ ExtractorIO::tell (void) const - * - * @return -1 on error - */ --#if EXIV2_VERSION >= EXIV2_MAKE_VERSION(0,26,0) -+#if EXIV2_TEST_VERSION(0,26,0) - size_t - #else - long int -@@ -504,7 +513,11 @@ ExtractorIO::eof () const - std::string - ExtractorIO::path () const - { -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - } - - -@@ -517,7 +530,11 @@ ExtractorIO::path () const - std::wstring - ExtractorIO::wpath () const - { -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - } - #endif - -@@ -531,7 +548,11 @@ Exiv2::BasicIo::AutoPtr - ExtractorIO::temporary () const - { - fprintf (stderr, "throwing temporary error\n"); -+#if EXIV2_TEST_VERSION(0,27,0) -+ throw Exiv2::BasicError (Exiv2::kerDecodeLangAltQualifierFailed); -+#else - throw Exiv2::BasicError (42 /* error code */); -+#endif - } - - -@@ -697,7 +718,7 @@ EXTRACTOR_exiv2_extract_method (struct EXTRACTOR_ExtractContext *ec) - { - try - { --#if EXIV2_MAKE_VERSION(0,23,0) <= EXIV2_VERSION -+#if !EXIV2_TEST_VERSION(0,24,0) - Exiv2::LogMsg::setLevel (Exiv2::LogMsg::mute); - #endif - std::auto_ptr eio(new ExtractorIO (ec)); --- -2.20.1 - diff --git a/srcpkgs/libextractor/template b/srcpkgs/libextractor/template index bd7af6f78de..9e2c898b2b6 100644 --- a/srcpkgs/libextractor/template +++ b/srcpkgs/libextractor/template @@ -1,6 +1,6 @@ # Template file for 'libextractor' pkgname=libextractor -version=1.9 +version=1.10 revision=1 build_style=gnu-configure configure_args="--disable-static" @@ -14,11 +14,11 @@ maintainer="Martin Riese " license="GPL-3.0-or-later" homepage="https://www.gnu.org/software/libextractor/" distfiles="${GNU_SITE}/${pkgname}/${pkgname}-${version}.tar.gz" -checksum=f08f257d26c5e9b503f068d6753c8e55cb76f47f73a81da6ed2bba3de3fee2ff +checksum=9eed11b5ddc7c929ba112c50de8cfaa379f1d99a0c8e064101775837cf432357 patch_args="-Np1" post_install() { - sed -i "s|\(-specs=.*hardened-ld\)||g" ${DESTDIR}/usr/lib/pkgconfig/libextractor.pc + vsed -i "s|\(-specs=.*hardened-ld\)||g" ${DESTDIR}/usr/lib/pkgconfig/libextractor.pc } libextractor-devel_package() { From df75c615eeb8b63aec279be25b87cb0b092c6379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Fri, 18 Dec 2020 15:01:53 -0300 Subject: [PATCH 2/7] tmp --- srcpkgs/libextractor/template | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/srcpkgs/libextractor/template b/srcpkgs/libextractor/template index 9e2c898b2b6..6e7418de150 100644 --- a/srcpkgs/libextractor/template +++ b/srcpkgs/libextractor/template @@ -17,6 +17,10 @@ distfiles="${GNU_SITE}/${pkgname}/${pkgname}-${version}.tar.gz" checksum=9eed11b5ddc7c929ba112c50de8cfaa379f1d99a0c8e064101775837cf432357 patch_args="-Np1" +do_check() { + : #tmp +} + post_install() { vsed -i "s|\(-specs=.*hardened-ld\)||g" ${DESTDIR}/usr/lib/pkgconfig/libextractor.pc } From f5882ed4df5057b4732e77f368428bb4a89e1e7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Sat, 19 Dec 2020 21:58:34 -0300 Subject: [PATCH 3/7] gnunet: test --- srcpkgs/gnunet/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/gnunet/template b/srcpkgs/gnunet/template index 0ca97a9168d..a8a6dabe66b 100644 --- a/srcpkgs/gnunet/template +++ b/srcpkgs/gnunet/template @@ -1,7 +1,7 @@ # Template file for 'gnunet' pkgname=gnunet version=0.12.2 -revision=3 +revision=4 build_style=gnu-configure conf_files="/etc/gnunet/gnunet.conf" hostmakedepends="automake gettext gettext-devel libtool pkg-config tar texinfo" From d5349b17e0904b581acba4b0f03a90e79060ae88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Fri, 18 Dec 2020 16:22:32 -0300 Subject: [PATCH 4/7] xbps-src: source cross profiles in show-var when using -a switch. This allows the user to query for variables such as XBPS_CROSS_TRIPLET, which are only available in a cross-build context. --- xbps-src | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xbps-src b/xbps-src index 54016874010..83729a9c2c0 100755 --- a/xbps-src +++ b/xbps-src @@ -902,7 +902,11 @@ case "$XBPS_TARGET" in for f in ${XBPS_COMMONDIR}/environment/setup/*.sh; do source $f done - source ${XBPS_COMMONDIR}/build-profiles/${XBPS_MACHINE}.sh + if [ "$XBPS_CROSS_BUILD" ]; then + source ${XBPS_COMMONDIR}/cross-profiles/${XBPS_CROSS_BUILD}.sh + else + source ${XBPS_COMMONDIR}/build-profiles/${XBPS_MACHINE}.sh + fi eval value="\${$XBPS_TARGET_PKG}" echo $value ;; From 3d35ed1869ff5f2ee47c01acc213ceed6dd3d329 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Fri, 18 Dec 2020 14:53:10 -0300 Subject: [PATCH 5/7] .github/workflows: add script to check that packages can still be installed. --- .github/workflows/build.yaml | 8 ++++++++ common/travis/check-install.sh | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100755 common/travis/check-install.sh diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index be2fd7969db..72f2b3811a3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -87,3 +87,11 @@ jobs: cd / "$here/common/travis/show_files.sh" "$BOOTSTRAP" "$ARCH" ) + + - name: Verify repository state + run: | + ( + here="$(pwd)" + cd / + "$here/common/travis/check-install.sh" "$BOOTSTRAP" "$ARCH" + ) diff --git a/common/travis/check-install.sh b/common/travis/check-install.sh new file mode 100755 index 00000000000..5c1220636b8 --- /dev/null +++ b/common/travis/check-install.sh @@ -0,0 +1,25 @@ +#!/bin/sh +# +# check-install.sh + +export XBPS_TARGET_ARCH="$2" XBPS_DISTDIR=/hostrepo + +if [ "$1" != "$XBPS_TARGET_ARCH" ]; then + triplet="$(/hostrepo/xbps-src -a "$XBPS_TARGET_ARCH" show-var XBPS_CROSS_TRIPLET)" + ROOTDIR="-r /usr/$triplet" +fi + +ADDREPO="--repository=$HOME/hostdir/binpkgs --repository=$HOME/hostdir/binpkgs/nonfree" + +while read -r pkg; do + for subpkg in $(xsubpkg $pkg); do + /bin/echo -e "\x1b[32mTrying to install dependants of $subpkg:\x1b[0m" + for dep in $(xbps-query $ADDREPO -RX "$subpkg"); do + xbps-install \ + $ROOTDIR $ADDREPO \ + -Sny \ + "$subpkg" "$dep" + [ $? -eq 8 ] && exit 1 + done + done +done < /tmp/templates From 07cc1f1fba39ca1e73dab9b03a430c63bbeedbe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Wed, 23 Dec 2020 12:01:16 -0300 Subject: [PATCH 6/7] gnunet --- srcpkgs/gnunet/template | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/srcpkgs/gnunet/template b/srcpkgs/gnunet/template index a8a6dabe66b..207dd27db36 100644 --- a/srcpkgs/gnunet/template +++ b/srcpkgs/gnunet/template @@ -44,6 +44,10 @@ pre_configure() { NOCONFIGURE=1 autoreconf -fi } +do_check() { + echo tmp +} + post_install() { vmkdir etc/gnunet vcopy "${FILESDIR}/gnunet.conf" etc/gnunet/gnunet.conf From 4309f314a8bb46b0d270eb80c1c10df052fdcbf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89rico=20Rolim?= Date: Wed, 23 Dec 2020 15:17:53 -0300 Subject: [PATCH 7/7] trav --- common/travis/check-install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/common/travis/check-install.sh b/common/travis/check-install.sh index 5c1220636b8..d9725670002 100755 --- a/common/travis/check-install.sh +++ b/common/travis/check-install.sh @@ -18,8 +18,11 @@ while read -r pkg; do xbps-install \ $ROOTDIR $ADDREPO \ -Sny \ - "$subpkg" "$dep" - [ $? -eq 8 ] && exit 1 + "$subpkg" "$(xbps-uhelper getpkgname "$dep")" + if [ $? -eq 8 ]; then + /bin/echo -e "\x1b[31mFailed to install '$subpkg' and '$dep'\x1b[0m" + exit 1 + fi done done done < /tmp/templates