app-admin/augeas: fixing bug 628084 CVE-2017-7555

Package-Manager: Portage-2.3.6, Repoman-2.3.3

app-admin/augeas/Manifest

@@ -1,5 +1,2 @@
-DIST augeas-1.3.0.tar.gz 1983656 SHA256 80763031af76515a8ea66013ddc3c466742a15d2e907c7c8e2e3b7410262e2af SHA512 92cc2cf83faa42e83621fe0f73fe9f7247d802f17da781e51d068056d20b1645de1f0ea0d5070c0d5729a3f6554d64a95e31111bf3e44b959386559619843e79 WHIRLPOOL 4e4c3374adca662ce90f94eb204028526ec0c3a9b0bc6644515994b88e289f3e1aa5f2b6ce7c28103a2a64e5185c8ba64d55e1a448e14f745d53aec4bf20e8b3
-DIST augeas-1.5.0.tar.gz 2072169 SHA256 223bb6e6fe3e9e92277dafd5d34e623733eb969a72a382998d204feab253f73f SHA512 4683668c6562e14cd39bda69f2fa7f6db5f5a76386521a9b10c41fa2031c10ff158f682b56066d0525554c4229677c64e92f6453f75d185d367bc7481fc10695 WHIRLPOOL e4bd492320cdfcf5c8470b8e4c0fb35077b1190bb8c18b245d54f532badc4975ac564fca97ec6f8f039a77a771b16d0354ef53d02ccd5c912ab9f91ca391d282
-DIST augeas-1.6.0.tar.gz 2076723 SHA256 8ba0d9bf059e7ef52118826d1285f097b399fc7a56756ce28e053da0b3ab69b5 SHA512 c07f8638b9d22ceedb2951d658eb578d5757376e0cda8d7d0e075ae0c3347ef98542fb99e18956d404588befe1c92702388cf33337f4b4ee45f830d85c04b06d WHIRLPOOL 39698ab73e2828e906b9a508643e25ed08beea1464821fb56012ed3c0b721aa8c2feacdfa6254f93eae1963d1d2ecdf2b3aeb75897722243f6b9662ecff8bf7f
 DIST augeas-1.7.0.tar.gz 2156168 SHA256 b9315575d07f7ba28ca2f9f60b4987dfe77b5970c98b59dc6ca7873fc4979763 SHA512 d2a5580ffa69c0229cfae85261cf7740b268ceac35f076aef6a7e8631497e5726530adfdb85f715ebb102f28af98861b4fa29d7e3eaa37a5dafff8eaf817befb WHIRLPOOL 29a8aca382592a4492e0d5153525fe26998729f1a7a482dede5275af712dce49ee08f700549dc8f96790ec6031a0a32e5017e059cf4feea0067f1424b80021d5
 DIST augeas-1.8.0.tar.gz 2164146 SHA256 515ce904138d99ff51d45ba7ed0d809bdee6c42d3bc538c8c820e010392d4cc5 SHA512 bc7b450b7ef20b7c5bac1b500c89569673a164d32e0f29b5ca100657d0100fcdbb14027d559e206b5ada2c389ac3641181a97cc0c5dcceb1ae1e9932b2decf2c WHIRLPOOL 5f5dffac092bc241bc81b853ce05dd57530aab54e83668007e67dd29ca95583d7dfaebae75f96a822d5231d6bfd16aca30dc17b5b4d7ee6c2096fb9b917a4536

app-admin/augeas/augeas-1.6.0.ebuild → app-admin/augeas/augeas-1.7.0-r1.ebuild

@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=5
@@ -22,6 +22,10 @@ DEPEND="${RDEPEND}
 	>=app-doc/NaturalDocs-1.40
 	test? ( dev-lang/ruby )"
 
+PATCHES=(
+	"${FILESDIR}/cve-2017-7555.patch"
+)
+
 #PATCHES=(
 #	"${FILESDIR}"/${P}-gets.patch
 #	"${FILESDIR}"/${P}-test.patch

app-admin/augeas/augeas-1.5.0.ebuild → app-admin/augeas/augeas-1.8.0-r1.ebuild

@@ -1,17 +1,17 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=5
+EAPI=6
 
-inherit autotools-utils
+inherit autotools
 
 DESCRIPTION="A library for changing configuration files"
 HOMEPAGE="http://augeas.net/"
 SRC_URI="http://download.augeas.net/${P}.tar.gz"
 
 SLOT="0"
 LICENSE="LGPL-2.1"
-KEYWORDS="alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 IUSE="static-libs test"
 
 RDEPEND="
@@ -22,12 +22,9 @@ DEPEND="${RDEPEND}
 	>=app-doc/NaturalDocs-1.40
 	test? ( dev-lang/ruby )"
 
-#PATCHES=(
-#	"${FILESDIR}"/${P}-gets.patch
-#	"${FILESDIR}"/${P}-test.patch
-#	"${FILESDIR}"/${P}-test2.patch
-#	"${FILESDIR}"/${P}-libxml2-pkgconfig.patch
-#	)
+PATCHES=(
+	"${FILESDIR}/cve-2017-7555.patch"
+)
 
 src_prepare() {
 	if [ -f /usr/share/NaturalDocs/Config/Languages.txt ] ; then
@@ -36,13 +33,15 @@ src_prepare() {
 	if [ -f /usr/share/NaturalDocs/Config/Topics.txt ] ; then
 		addwrite /usr/share/NaturalDocs/Config/Topics.txt
 	fi
-	autotools-utils_src_prepare
+	default
 }
 
 src_configure() {
 	# Needs to implemented
-	local myeconfargs=( --without-selinux )
-	autotools-utils_src_configure
+	local myeconfargs="--without-selinux
+	$(use_enable !static-libs shared)
+	$(use_enable static-libs static)"
+	eautoreconf
+	econf ${myeconfargs}
+	default
 }
-
-AUTOTOOLS_IN_SOURCE_BUILD=1

app-admin/augeas/files/cve-2017-7555.patch

@@ -0,0 +1,159 @@
+From 4cca923b732990bec0c699b2e69911c2221b2498 Mon Sep 17 00:00:00 2001
+From: David Lutterkort <[email protected]>
+Date: Fri, 4 Aug 2017 17:13:52 -0700
+Subject: [PATCH] * src/pathx.c (parse_name): correctly handle trailing
+ whitespace in names
+
+When a name ended in whitespace, we incorrectly assumed it was always ok to
+trim that whitespace. That is not true if that whitespace is escaped,
+i.e. if the path expression is something like '/x\ '. In that case, the
+name really needs to be literally 'x ', i.e., we can not trim that
+whitespace.
+
+The incorrect behavior led to turning '/x\ ' first into 'x\' and then,
+because we assume that '\' is always followed by a character inside the
+string, when we removed the escaping '\', we would read beyond the end of
+the intermediate string result; if we were lucky, that would lead to a
+crash, otherwise we'd continue with junk.
+
+We now make sure that escaped whitespace at the end of a string does not
+get stripped, avoiding all these headaches.
+
+Fixes RHBZ https://bugzilla.redhat.com/show_bug.cgi?id=1475621
+---
+ src/pathx.c        | 27 +++++++++++++++++++------
+ tests/test-xpath.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 80 insertions(+), 6 deletions(-)
+
+diff --git a/src/pathx.c b/src/pathx.c
+index d292cb30..9a2f9c76 100644
+--- a/src/pathx.c
++++ b/src/pathx.c
+@@ -1710,6 +1710,16 @@ int pathx_escape_name(const char *in, char **out) {
+     return 0;
+ }
+
++/* Return true if POS is preceded by an odd number of backslashes, i.e., if
++ * POS is escaped. Stop the search when we get to START */
++static bool backslash_escaped(const char *pos, const char *start) {
++    bool result=false;
++    while (pos-- > start && *pos == '\\') {
++        result = !result;
++    }
++    return result;
++}
++
+ /*
+  * NameNoWS ::= [^][|/\= \t\n] | \\.
+  * NameWS   ::= [^][|/\=] | \\.
+@@ -1719,11 +1729,14 @@ static char *parse_name(struct state *state) {
+     const char *s = state->pos;
+     char *result;
+
++    /* Advance state->pos until it points to the first character that is
++     * not part of a name. */
+     while (*state->pos != '\0' && strchr(name_follow, *state->pos) == NULL) {
+-        /* This is a hack: since we allow spaces in names, we need to avoid
+-         * gobbling up stuff that is in follow(Name), e.g. 'or' so that
+-         * things like [name1 or name2] still work.
+-         */
++        /* Since we allow spaces in names, we need to avoid gobbling up
++         * stuff that is in follow(Name), e.g. 'or' so that things like
++         * [name1 or name2] still work. In other words, we'll parse 'x frob
++         * y' as one name, but for 'x or y', we consider 'x' a name in its
++         * own right. */
+         if (STREQLEN(state->pos, " or ", strlen(" or ")) ||
+             STREQLEN(state->pos, " and ", strlen(" and ")))
+             break;
+@@ -1738,10 +1751,12 @@ static char *parse_name(struct state *state) {
+         state->pos += 1;
+     }
+
+-    /* Strip trailing white space */
++    /* Strip trailing white space. Make sure we respect escaped whitespace
++     * and don't strip it as in "x\\ " */
+     if (state->pos > s) {
+         state->pos -= 1;
+-        while (isspace(*state->pos) && state->pos >= s)
++        while (isspace(*state->pos) && state->pos > s
++               && !backslash_escaped(state->pos, s))
+             state->pos -= 1;
+         state->pos += 1;
+     }
+diff --git a/tests/test-xpath.c b/tests/test-xpath.c
+index 3e418e5f..82986474 100644
+--- a/tests/test-xpath.c
++++ b/tests/test-xpath.c
+@@ -355,6 +355,62 @@ static int test_wrong_regexp_flag(struct augeas *aug) {
+     return -1;
+ }
+
++static int test_trailing_ws_in_name(struct augeas *aug) {
++    int r;
++
++    printf("%-30s ... ", "trailing_ws_in_name");
++
++    /* We used to incorrectly lop escaped whitespace off the end of a
++     * name. Make sure that we really create a tree node with label 'x '
++     * with the below set, and look for it in a number of ways to ensure we
++     * are not lopping off trailing whitespace. */
++    r = aug_set(aug, "/ws\\ ", "1");
++    if (r < 0) {
++        fprintf(stderr, "failed to set '/ws ': %d\n", r);
++        goto fail;
++    }
++    /* We did not create a node with label 'ws' */
++    r = aug_get(aug, "/ws", NULL);
++    if (r != 0) {
++        fprintf(stderr, "created '/ws' instead: %d\n", r);
++        goto fail;
++    }
++
++    /* We did not create a node with label 'ws\t' (this also checks that we
++     * don't create something like 'ws\\' by dropping the last whitespace
++     * character. */
++    r = aug_get(aug, "/ws\\\t", NULL);
++    if (r != 0) {
++        fprintf(stderr, "found '/ws\\t': %d\n", r);
++        goto fail;
++    }
++
++    /* But we did create 'ws ' */
++    r = aug_get(aug, "/ws\\ ", NULL);
++    if (r != 1) {
++        fprintf(stderr, "could not find '/ws ': %d\n", r);
++        goto fail;
++    }
++
++    /* If the whitespace is preceded by an even number of '\\' chars,
++     * whitespace must be stripped */
++    r = aug_set(aug, "/nows\\\\ ", "1");
++    if (r < 0) {
++        fprintf(stderr, "set of '/nows' failed: %d\n", r);
++        goto fail;
++    }
++    r = aug_get(aug, "/nows\\\\", NULL);
++    if (r != 1) {
++        fprintf(stderr, "could not get '/nows\\'\n");
++        goto fail;
++    }
++    printf("PASS\n");
++    return 0;
++ fail:
++    printf("FAIL\n");
++    return -1;
++}
++
+ static int run_tests(struct test *tests, int argc, char **argv) {
+     char *lensdir;
+     struct augeas *aug = NULL;
+@@ -398,6 +454,9 @@ static int run_tests(struct test *tests, int argc, char **argv) {
+
+         if (test_wrong_regexp_flag(aug) < 0)
+             result = EXIT_FAILURE;
++
++        if (test_trailing_ws_in_name(aug) < 0)
++            result = EXIT_FAILURE;
+     }
+     aug_close(aug);
+     free(lensdir);