apr-util DoS ist upstream seit 1.6.0
Hanno commited on 2018-09-16 11:32:53
Zeige 6 geänderte Dateien mit 0 Einfügungen und 310 Löschungen.
- dev-libs/apr-util/Manifest 8fd3978..0000000
- dev-libs/apr-util/apr-util-1.5.4-r1.ebuild 2dca73b..0000000
- dev-libs/apr-util/apr-util-1.5.4.ebuild 607e001..0000000
- dev-libs/apr-util/files/apr-util-1.5-limit-dos.diff 1db4847..0000000
- dev-libs/apr-util/files/apr-util-1.5.3-sysroot.patch ce07b14..0000000
- dev-libs/apr-util/metadata.xml fbfc99a..0000000
| ... | ... |
@@ -1,6 +0,0 @@ |
| 1 |
-AUX apr-util-1.5-limit-dos.diff 975 SHA256 32b14b12bc61d854d65911cbffb967acf7c955862739f0b0c61989c9b21ca273 SHA512 ccd0ab356e026d8d5d6d386f96a12b52550739a3ccbd3eb0a3c816c1586d8eb4a93064054157da0bc7d8027ff29f7460424d8c4f539b2c4b1468b996c3693e64 WHIRLPOOL 5428582928bf62989d463a003cbf42c998b7d314babb920a4e61bec01b90b41f5370cf7e49213f7beba33aca9efc6843b02648bb21a7f5f2a59f8fd8a4047daa |
|
| 2 |
-AUX apr-util-1.5.3-sysroot.patch 1234 SHA256 752ee44d3e9e39e4cba824556f829776a46e4f5e64d4f359de781d3bfd3a414f SHA512 44ee2a9cf61587f05d43976d40023f6313b310c3eeb37299840445e3faec7f0352367875f515b21d3b1fcdc8c082d8584a21cf8187deb1f6f69187c14f84f0b7 WHIRLPOOL 2017ccccfade6e99a490781100a7ca2ee1901a93b791db78291e3d7850e9916d183084abc6f46b2a80ffb451dfb5f1e999189f9ce6f994b51146563bef52a7af |
|
| 3 |
-DIST apr-util-1.5.4.tar.bz2 694427 SHA256 a6cf327189ca0df2fb9d5633d7326c460fe2b61684745fd7963e79a6dd0dc82e SHA512 ca877d8e444218c4ba0f28063ee075ddcd6c0a487b692dc80ef442fe775ec4eeb337c6957853772e8082e27edcb450d7e909c2c6c3ab4a95bbf0a5ee5ea4a2d1 WHIRLPOOL bc4ce82785513f4bf2207bb26758abc79e6bfef62a57d3e2ead570abc618b321c302390b9dcd8eab1ec44a9e5d398c2cc4d35af2549636e20d7c20678725ac2e |
|
| 4 |
-EBUILD apr-util-1.5.4-r1.ebuild 3415 SHA256 08900f60c8baec189e90d56142d920611b2c953d460effe48ba05e3a7c14f87b SHA512 3acf7ae85631709b7dd2c7bc705a4bc6a12cc6911208e8b735e4c99dae5091d2113c3cd97b108fb32bcf1fec0e26b88146449b6150a7c288c3cf1787ca2a7ab9 WHIRLPOOL a9966791fc8e9f4c5a9df501a9aa5519d77ea8a06147601f187731d9b369b57aa33ca0a1b68d37fe11bd100b03bf0486244ab4da694fa10f5474551c6a320802 |
|
| 5 |
-EBUILD apr-util-1.5.4.ebuild 3343 SHA256 be16b2aec6cca0508ab61c60ff59b2dc2999e112397127bb76f0c31d729cbb7b SHA512 9852e950fb70c8b79fee8dbe261e43eab0d977dff0f48785c69fb775dd91e43edb7aa96b3a9bbccdf3a4ed0f4c618dae08fb6439a82d45a086085fc3eb19834a WHIRLPOOL 7a0bab54f3a9cf1435afcf5dd98d7d546987666a11ace8ed5388b6bc6b5ffaebfba1ad0f6c126cf90cfe43a82c88653ab1d20914ca80e95063792b8a399d765e |
|
| 6 |
-MISC metadata.xml 515 SHA256 d5226f9f0b532aa0adf1cbc7e4b5333dae3411f0c12e6df483a4036d7150133a SHA512 af8e2bbded13ef475d1577eb4faa27e17a045804f1de3e79c4c3d736871db304872fc65db0d606c243292392fb4ac773711ad9e153369714689138249d469158 WHIRLPOOL 0d9a6906df5f22918414a41f8a0806e502ef38696d9c5fc5c9949c13c988fa57d3acae1c99ef1ca2279ca7ec970044bf3e1c704c460cd397262b1a6e34f0de7b |
| ... | ... |
@@ -1,117 +0,0 @@ |
| 1 |
-# Copyright 1999-2015 Gentoo Foundation |
|
| 2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
| 3 |
-# $Id$ |
|
| 4 |
- |
|
| 5 |
-EAPI="4" |
|
| 6 |
- |
|
| 7 |
-# Usually apr-util has the same PV as apr, but in case of security fixes, this may change. |
|
| 8 |
-# APR_PV="${PV}"
|
|
| 9 |
-APR_PV="1.4.6" |
|
| 10 |
- |
|
| 11 |
-inherit autotools db-use eutils libtool multilib toolchain-funcs |
|
| 12 |
- |
|
| 13 |
-DESCRIPTION="Apache Portable Runtime Utility Library" |
|
| 14 |
-HOMEPAGE="http://apr.apache.org/" |
|
| 15 |
-SRC_URI="mirror://apache/apr/${P}.tar.bz2"
|
|
| 16 |
- |
|
| 17 |
-LICENSE="Apache-2.0" |
|
| 18 |
-SLOT="1" |
|
| 19 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
|
| 20 |
-IUSE="berkdb doc freetds gdbm ldap libressl mysql nss odbc openssl postgres sqlite static-libs" |
|
| 21 |
-#RESTRICT="test" |
|
| 22 |
- |
|
| 23 |
-RDEPEND="dev-libs/expat |
|
| 24 |
- >=dev-libs/apr-${APR_PV}:1
|
|
| 25 |
- berkdb? ( >=sys-libs/db-4 ) |
|
| 26 |
- freetds? ( dev-db/freetds ) |
|
| 27 |
- gdbm? ( sys-libs/gdbm ) |
|
| 28 |
- ldap? ( =net-nds/openldap-2* ) |
|
| 29 |
- mysql? ( =virtual/mysql-5* ) |
|
| 30 |
- nss? ( dev-libs/nss ) |
|
| 31 |
- odbc? ( dev-db/unixODBC ) |
|
| 32 |
- openssl? ( |
|
| 33 |
- !libressl? ( dev-libs/openssl:0 ) |
|
| 34 |
- libressl? ( dev-libs/libressl ) |
|
| 35 |
- ) |
|
| 36 |
- postgres? ( dev-db/postgresql ) |
|
| 37 |
- sqlite? ( dev-db/sqlite:3 )" |
|
| 38 |
-DEPEND="${RDEPEND}
|
|
| 39 |
- >=sys-devel/libtool-2.4.2 |
|
| 40 |
- doc? ( app-doc/doxygen )" |
|
| 41 |
- |
|
| 42 |
-DOCS=(CHANGES NOTICE README) |
|
| 43 |
- |
|
| 44 |
-src_prepare() {
|
|
| 45 |
- epatch "${FILESDIR}"/${PN}-1.5.3-sysroot.patch #385775
|
|
| 46 |
- epatch "${FILESDIR}"/apr-util-1.5-limit-dos.diff
|
|
| 47 |
- eautoreconf |
|
| 48 |
- elibtoolize |
|
| 49 |
-} |
|
| 50 |
- |
|
| 51 |
-src_configure() {
|
|
| 52 |
- local myconf=() |
|
| 53 |
- |
|
| 54 |
- tc-is-static-only && myconf+=( --disable-util-dso ) |
|
| 55 |
- |
|
| 56 |
- if use berkdb; then |
|
| 57 |
- local db_version |
|
| 58 |
- db_version="$(db_findver sys-libs/db)" || die "Unable to find Berkeley DB version" |
|
| 59 |
- db_version="$(db_ver_to_slot "${db_version}")"
|
|
| 60 |
- db_version="${db_version/\./}"
|
|
| 61 |
- myconf+=( |
|
| 62 |
- --with-dbm=db${db_version}
|
|
| 63 |
- # We use $T for the libdir because otherwise it'd simply be the normal |
|
| 64 |
- # system libdir. That's pointless as the compiler will search it for |
|
| 65 |
- # us already. This makes cross-compiling and such easier. |
|
| 66 |
- --with-berkeley-db="${SYSROOT}$(db_includedir 2>/dev/null):${T}"
|
|
| 67 |
- ) |
|
| 68 |
- else |
|
| 69 |
- myconf+=( --without-berkeley-db ) |
|
| 70 |
- fi |
|
| 71 |
- |
|
| 72 |
- if use nss || use openssl ; then |
|
| 73 |
- myconf+=( --with-crypto ) # 518708 |
|
| 74 |
- fi |
|
| 75 |
- |
|
| 76 |
- econf \ |
|
| 77 |
- --datadir="${EPREFIX}"/usr/share/apr-util-1 \
|
|
| 78 |
- --with-apr="${SYSROOT}${EPREFIX}"/usr \
|
|
| 79 |
- --with-expat="${EPREFIX}"/usr \
|
|
| 80 |
- --without-sqlite2 \ |
|
| 81 |
- $(use_with freetds) \ |
|
| 82 |
- $(use_with gdbm) \ |
|
| 83 |
- $(use_with ldap) \ |
|
| 84 |
- $(use_with mysql) \ |
|
| 85 |
- $(use_with nss) \ |
|
| 86 |
- $(use_with odbc) \ |
|
| 87 |
- $(use_with openssl) \ |
|
| 88 |
- $(use_with postgres pgsql) \ |
|
| 89 |
- $(use_with sqlite sqlite3) \ |
|
| 90 |
- "${myconf[@]}"
|
|
| 91 |
- # Use the current env build settings rather than whatever apr was built with. |
|
| 92 |
- sed -i -r \ |
|
| 93 |
- -e "/^(apr_builddir|apr_builders|top_builddir)=/s:=:=${SYSROOT}:" \
|
|
| 94 |
- -e "/^CC=/s:=.*:=$(tc-getCC):" \ |
|
| 95 |
- -e '/^(C|CPP|CXX|LD)FLAGS=/d' \ |
|
| 96 |
- -e '/^LTFLAGS/s:--silent::' \ |
|
| 97 |
- build/rules.mk || die |
|
| 98 |
-} |
|
| 99 |
- |
|
| 100 |
-src_compile() {
|
|
| 101 |
- emake |
|
| 102 |
- use doc && emake dox |
|
| 103 |
-} |
|
| 104 |
- |
|
| 105 |
-src_install() {
|
|
| 106 |
- default |
|
| 107 |
- |
|
| 108 |
- find "${ED}" -name "*.la" -delete
|
|
| 109 |
- find "${ED}usr/$(get_libdir)/apr-util-${SLOT}" -name "*.a" -delete
|
|
| 110 |
- use static-libs || find "${ED}" -name "*.a" -delete
|
|
| 111 |
- |
|
| 112 |
- use doc && dohtml -r docs/dox/html/* |
|
| 113 |
- |
|
| 114 |
- # This file is only used on AIX systems, which Gentoo is not, |
|
| 115 |
- # and causes collisions between the SLOTs, so remove it. |
|
| 116 |
- rm -f "${ED}usr/$(get_libdir)/aprutil.exp"
|
|
| 117 |
-} |
| ... | ... |
@@ -1,114 +0,0 @@ |
| 1 |
-# Copyright 1999-2015 Gentoo Foundation |
|
| 2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
| 3 |
-# $Id$ |
|
| 4 |
- |
|
| 5 |
-EAPI="4" |
|
| 6 |
- |
|
| 7 |
-# Usually apr-util has the same PV as apr, but in case of security fixes, this may change. |
|
| 8 |
-# APR_PV="${PV}"
|
|
| 9 |
-APR_PV="1.4.6" |
|
| 10 |
- |
|
| 11 |
-inherit autotools db-use eutils libtool multilib toolchain-funcs |
|
| 12 |
- |
|
| 13 |
-DESCRIPTION="Apache Portable Runtime Utility Library" |
|
| 14 |
-HOMEPAGE="http://apr.apache.org/" |
|
| 15 |
-SRC_URI="mirror://apache/apr/${P}.tar.bz2"
|
|
| 16 |
- |
|
| 17 |
-LICENSE="Apache-2.0" |
|
| 18 |
-SLOT="1" |
|
| 19 |
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" |
|
| 20 |
-IUSE="berkdb doc freetds gdbm ldap mysql nss odbc openssl postgres sqlite static-libs" |
|
| 21 |
-#RESTRICT="test" |
|
| 22 |
- |
|
| 23 |
-RDEPEND="dev-libs/expat |
|
| 24 |
- >=dev-libs/apr-${APR_PV}:1
|
|
| 25 |
- berkdb? ( >=sys-libs/db-4 ) |
|
| 26 |
- freetds? ( dev-db/freetds ) |
|
| 27 |
- gdbm? ( sys-libs/gdbm ) |
|
| 28 |
- ldap? ( =net-nds/openldap-2* ) |
|
| 29 |
- mysql? ( =virtual/mysql-5* ) |
|
| 30 |
- nss? ( dev-libs/nss ) |
|
| 31 |
- odbc? ( dev-db/unixODBC ) |
|
| 32 |
- openssl? ( dev-libs/openssl ) |
|
| 33 |
- postgres? ( dev-db/postgresql ) |
|
| 34 |
- sqlite? ( dev-db/sqlite:3 )" |
|
| 35 |
-DEPEND="${RDEPEND}
|
|
| 36 |
- >=sys-devel/libtool-2.4.2 |
|
| 37 |
- doc? ( app-doc/doxygen )" |
|
| 38 |
- |
|
| 39 |
-DOCS=(CHANGES NOTICE README) |
|
| 40 |
- |
|
| 41 |
-src_prepare() {
|
|
| 42 |
- epatch "${FILESDIR}"/${PN}-1.5.3-sysroot.patch #385775
|
|
| 43 |
- epatch "${FILESDIR}"/apr-util-1.5-limit-dos.diff
|
|
| 44 |
- eautoreconf |
|
| 45 |
- elibtoolize |
|
| 46 |
-} |
|
| 47 |
- |
|
| 48 |
-src_configure() {
|
|
| 49 |
- local myconf=() |
|
| 50 |
- |
|
| 51 |
- tc-is-static-only && myconf+=( --disable-util-dso ) |
|
| 52 |
- |
|
| 53 |
- if use berkdb; then |
|
| 54 |
- local db_version |
|
| 55 |
- db_version="$(db_findver sys-libs/db)" || die "Unable to find Berkeley DB version" |
|
| 56 |
- db_version="$(db_ver_to_slot "${db_version}")"
|
|
| 57 |
- db_version="${db_version/\./}"
|
|
| 58 |
- myconf+=( |
|
| 59 |
- --with-dbm=db${db_version}
|
|
| 60 |
- # We use $T for the libdir because otherwise it'd simply be the normal |
|
| 61 |
- # system libdir. That's pointless as the compiler will search it for |
|
| 62 |
- # us already. This makes cross-compiling and such easier. |
|
| 63 |
- --with-berkeley-db="${SYSROOT}$(db_includedir 2>/dev/null):${T}"
|
|
| 64 |
- ) |
|
| 65 |
- else |
|
| 66 |
- myconf+=( --without-berkeley-db ) |
|
| 67 |
- fi |
|
| 68 |
- |
|
| 69 |
- if use nss || use openssl ; then |
|
| 70 |
- myconf+=( --with-crypto ) # 518708 |
|
| 71 |
- fi |
|
| 72 |
- |
|
| 73 |
- econf \ |
|
| 74 |
- --datadir="${EPREFIX}"/usr/share/apr-util-1 \
|
|
| 75 |
- --with-apr="${SYSROOT}${EPREFIX}"/usr \
|
|
| 76 |
- --with-expat="${EPREFIX}"/usr \
|
|
| 77 |
- --without-sqlite2 \ |
|
| 78 |
- $(use_with freetds) \ |
|
| 79 |
- $(use_with gdbm) \ |
|
| 80 |
- $(use_with ldap) \ |
|
| 81 |
- $(use_with mysql) \ |
|
| 82 |
- $(use_with nss) \ |
|
| 83 |
- $(use_with odbc) \ |
|
| 84 |
- $(use_with openssl) \ |
|
| 85 |
- $(use_with postgres pgsql) \ |
|
| 86 |
- $(use_with sqlite sqlite3) \ |
|
| 87 |
- "${myconf[@]}"
|
|
| 88 |
- # Use the current env build settings rather than whatever apr was built with. |
|
| 89 |
- sed -i -r \ |
|
| 90 |
- -e "/^(apr_builddir|apr_builders|top_builddir)=/s:=:=${SYSROOT}:" \
|
|
| 91 |
- -e "/^CC=/s:=.*:=$(tc-getCC):" \ |
|
| 92 |
- -e '/^(C|CPP|CXX|LD)FLAGS=/d' \ |
|
| 93 |
- -e '/^LTFLAGS/s:--silent::' \ |
|
| 94 |
- build/rules.mk || die |
|
| 95 |
-} |
|
| 96 |
- |
|
| 97 |
-src_compile() {
|
|
| 98 |
- emake |
|
| 99 |
- use doc && emake dox |
|
| 100 |
-} |
|
| 101 |
- |
|
| 102 |
-src_install() {
|
|
| 103 |
- default |
|
| 104 |
- |
|
| 105 |
- find "${ED}" -name "*.la" -delete
|
|
| 106 |
- find "${ED}usr/$(get_libdir)/apr-util-${SLOT}" -name "*.a" -delete
|
|
| 107 |
- use static-libs || find "${ED}" -name "*.a" -delete
|
|
| 108 |
- |
|
| 109 |
- use doc && dohtml -r docs/dox/html/* |
|
| 110 |
- |
|
| 111 |
- # This file is only used on AIX systems, which Gentoo is not, |
|
| 112 |
- # and causes collisions between the SLOTs, so remove it. |
|
| 113 |
- rm -f "${ED}usr/$(get_libdir)/aprutil.exp"
|
|
| 114 |
-} |
| ... | ... |
@@ -1,23 +0,0 @@ |
| 1 |
---- a/crypto/crypt_blowfish.c 2012-07-06 13:41:24.000000000 +0200 |
|
| 2 |
-+++ apr-util-1.5.4/crypto/crypt_blowfish.c 2017-01-10 12:05:56.449895464 +0100 |
|
| 3 |
-@@ -675,9 +675,9 @@ |
|
| 4 |
- setting[2] < 'a' || setting[2] > 'z' || |
|
| 5 |
- !flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] || |
|
| 6 |
- setting[3] != '$' || |
|
| 7 |
-- setting[4] < '0' || setting[4] > '3' || |
|
| 8 |
-+ setting[4] < '0' || setting[4] > '1' || |
|
| 9 |
- setting[5] < '0' || setting[5] > '9' || |
|
| 10 |
-- (setting[4] == '3' && setting[5] > '1') || |
|
| 11 |
-+ (setting[4] == '1' && setting[5] > '7') || |
|
| 12 |
- setting[6] != '$') {
|
|
| 13 |
- __set_errno(EINVAL); |
|
| 14 |
- return NULL; |
|
| 15 |
-@@ -877,7 +877,7 @@ |
|
| 16 |
- const char *input, int size, char *output, int output_size) |
|
| 17 |
- {
|
|
| 18 |
- if (size < 16 || output_size < 7 + 22 + 1 || |
|
| 19 |
-- (count && (count < 4 || count > 31)) || |
|
| 20 |
-+ (count && (count < 4 || count > 17)) || |
|
| 21 |
- prefix[0] != '$' || prefix[1] != '2' || |
|
| 22 |
- (prefix[2] != 'a' && prefix[2] != 'y')) {
|
|
| 23 |
- if (output_size > 0) output[0] = '\0'; |
| ... | ... |
@@ -1,36 +0,0 @@ |
| 1 |
-https://bugs.gentoo.org/385775 |
|
| 2 |
- |
|
| 3 |
-utilize $SYSROOT to find the right includedir tree |
|
| 4 |
- |
|
| 5 |
-drop the -L/-R paths since we know our libdir is the standard path which |
|
| 6 |
-the compiler already knows how to locate |
|
| 7 |
- |
|
| 8 |
---- a/apu-config.in |
|
| 9 |
-+++ b/apu-config.in |
|
| 10 |
-@@ -25,7 +25,7 @@ prefix="@prefix@" |
|
| 11 |
- exec_prefix="@exec_prefix@" |
|
| 12 |
- bindir="@bindir@" |
|
| 13 |
- libdir="@libdir@" |
|
| 14 |
--includedir="@includedir@" |
|
| 15 |
-+includedir="${SYSROOT}@includedir@"
|
|
| 16 |
- |
|
| 17 |
- LIBS="@APRUTIL_EXPORT_LIBS@" |
|
| 18 |
- INCLUDES="@APRUTIL_INCLUDES@" |
|
| 19 |
-@@ -166,7 +166,7 @@ while test $# -gt 0; do |
|
| 20 |
- --link-ld) |
|
| 21 |
- if test "$location" = "installed"; then |
|
| 22 |
- ### avoid using -L if libdir is a "standard" location like /usr/lib |
|
| 23 |
-- flags="$flags -L$libdir -l$APRUTIL_LIBNAME" |
|
| 24 |
-+ flags="$flags -l$APRUTIL_LIBNAME" |
|
| 25 |
- else |
|
| 26 |
- flags="$flags -L$APU_BUILD_DIR -l$APRUTIL_LIBNAME" |
|
| 27 |
- fi |
|
| 28 |
-@@ -182,7 +182,7 @@ while test $# -gt 0; do |
|
| 29 |
- ### avoid using -L if libdir is a "standard" location like /usr/lib |
|
| 30 |
- # Since the user is specifying they are linking with libtool, we |
|
| 31 |
- # *know* that -R will be recognized by libtool. |
|
| 32 |
-- flags="$flags -L$libdir -R$libdir -l$APRUTIL_LIBNAME" |
|
| 33 |
-+ flags="$flags -l$APRUTIL_LIBNAME" |
|
| 34 |
- else |
|
| 35 |
- flags="$flags $LA_FILE" |
|
| 36 |
- fi |
| ... | ... |
@@ -1,14 +0,0 @@ |
| 1 |
-<?xml version="1.0" encoding="UTF-8"?> |
|
| 2 |
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
|
| 3 |
-<pkgmetadata> |
|
| 4 |
- <maintainer type="person"> |
|
| 5 |
- <email>polynomial-c@gentoo.org</email> |
|
| 6 |
- <name>Lars Wendler</name> |
|
| 7 |
- </maintainer> |
|
| 8 |
- <use> |
|
| 9 |
- <flag name="libressl">Use <pkg>dev-libs/libressl</pkg> instead of |
|
| 10 |
- <pkg>dev-libs/openssl</pkg> for 'openssl' USE flag</flag> |
|
| 11 |
- <flag name="nss">Install apr_crypto_nss module</flag> |
|
| 12 |
- <flag name="openssl">Install apr_crypto_openssl module</flag> |
|
| 13 |
- </use> |
|
| 14 |
-</pkgmetadata> |
|
| 15 | 0 |