dev-libs/glib: fix CVE-2019-12450

plus an unrelated small patch from upstream 2-58 branch.

Bug: https://bugs.gentoo.org/690498
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <leio@gentoo.org>

1 files changed, 315 insertions, 0 deletions

diff --git a/dev-libs/glib/glib-2.58.3-r1.ebuild b/dev-libs/glib/glib-2.58.3-r1.ebuild
new file mode 100644
index 000000000000..310e79a8cf41
--- /dev/null
+++ b/dev-libs/glib/glib-2.58.3-r1.ebuild
@@ -0,0 +1,315 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
+GNOME2_EAUTORECONF=yes
+
+inherit autotools bash-completion-r1 epunt-cxx flag-o-matic gnome2 libtool linux-info \
+	multilib multilib-minimal pax-utils python-any-r1 toolchain-funcs virtualx
+
+# Until bug #537330 glib is a reverse dependency of pkgconfig and, then
+# adding new dependencies end up making stage3 to grow. Every addition needs
+# then to be think very closely.
+
+DESCRIPTION="The GLib library of C routines"
+HOMEPAGE="https://www.gtk.org/"
+SRC_URI="${SRC_URI}
+	https://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz" # pkg.m4 for eautoreconf
+
+LICENSE="LGPL-2.1+"
+SLOT="2"
+IUSE="dbus debug fam gtk-doc kernel_linux +mime selinux static-libs systemtap test utils xattr"
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux"
+
+# Added util-linux multilib dependency to have libmount support (which
+# is always turned on on linux systems, unless explicitly disabled, but
+# this ebuild does not do that anyway) (bug #599586)
+
+RDEPEND="
+	!<dev-util/gdbus-codegen-${PV}
+	>=dev-libs/libpcre-8.31:3[${MULTILIB_USEDEP},static-libs?]
+	>=virtual/libiconv-0-r1[${MULTILIB_USEDEP}]
+	>=virtual/libffi-3.0.13-r1:=[${MULTILIB_USEDEP}]
+	>=virtual/libintl-0-r2[${MULTILIB_USEDEP}]
+	>=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	kernel_linux? ( >=sys-apps/util-linux-2.23[${MULTILIB_USEDEP}] )
+	selinux? ( >=sys-libs/libselinux-2.2.2-r5[${MULTILIB_USEDEP}] )
+	xattr? ( >=sys-apps/attr-2.4.47-r1[${MULTILIB_USEDEP}] )
+	fam? ( >=virtual/fam-0-r1[${MULTILIB_USEDEP}] )
+	utils? (
+		>=dev-util/gdbus-codegen-${PV}
+		virtual/libelf:0=
+	)
+"
+DEPEND="${RDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	>=dev-libs/libxslt-1.0
+	>=sys-devel/gettext-0.11
+	gtk-doc? ( >=dev-util/gtk-doc-1.20 )
+	systemtap? ( >=dev-util/systemtap-1.3 )
+	${PYTHON_DEPS}
+	test? (
+		sys-devel/gdb
+		>=dev-util/gdbus-codegen-${PV}
+		>=sys-apps/dbus-1.2.14 )
+"
+# configure.ac has gtk-doc-am stuff behind m4_ifdef, so we don't need a gtk-doc-am build dep
+
+# Migration of glib-genmarshal, glib-mkenums and gtester-report to a separate
+# python depending package, which can be buildtime depended in packages that
+# need these tools, without pulling in python at runtime.
+RDEPEND="${RDEPEND}
+	>=dev-util/glib-utils-${PV}"
+PDEPEND="
+	dbus? ( gnome-base/dconf )
+	mime? ( x11-misc/shared-mime-info )
+"
+# shared-mime-info needed for gio/xdgmime, bug #409481
+# dconf is needed to be able to save settings, bug #498436
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/gio-querymodules$(get_exeext)
+)
+
+pkg_setup() {
+	if use kernel_linux ; then
+		CONFIG_CHECK="~INOTIFY_USER"
+		if use test ; then
+			CONFIG_CHECK="~IPV6"
+			WARNING_IPV6="Your kernel needs IPV6 support for running some tests, skipping them."
+		fi
+		linux-info_pkg_setup
+	fi
+	python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	# Prevent build failure in stage3 where pkgconfig is not available, bug #481056
+	mv -f "${WORKDIR}"/pkg-config-*/pkg.m4 "${S}"/m4macros/ || die
+
+	if use test; then
+		# Disable tests requiring dev-util/desktop-file-utils when not installed, bug #286629, upstream bug #629163
+		if ! has_version dev-util/desktop-file-utils ; then
+			ewarn "Some tests will be skipped due dev-util/desktop-file-utils not being present on your system,"
+			ewarn "think on installing it to get these tests run."
+			sed -i -e "/appinfo\/associations/d" gio/tests/appinfo.c || die
+			sed -i -e "/g_test_add_func/d" gio/tests/desktop-app-info.c || die
+		fi
+
+		# gdesktopappinfo requires existing terminal (gnome-terminal or any
+		# other), falling back to xterm if one doesn't exist
+		#if ! has_version x11-terms/xterm && ! has_version x11-terms/gnome-terminal ; then
+		#	ewarn "Some tests will be skipped due to missing terminal program"
+		# These tests seem to sometimes fail even with a terminal; skip for now and reevulate with meson
+		# Also try https://gitlab.gnome.org/GNOME/glib/issues/1601 once ready for backport (or in a bump) and file new issue if still fails
+		sed -i -e "/appinfo\/launch/d" gio/tests/appinfo.c || die
+		# desktop-app-info/launch* might fail similarly
+		sed -i -e "/desktop-app-info\/launch-as-manager/d" gio/tests/desktop-app-info.c || die
+		#fi
+
+		# https://bugzilla.gnome.org/show_bug.cgi?id=722604
+		sed -i -e "/timer\/stop/d" glib/tests/timer.c || die
+		sed -i -e "/timer\/basic/d" glib/tests/timer.c || die
+
+		ewarn "Tests for search-utils have been skipped"
+		sed -i -e "/search-utils/d" glib/tests/Makefile.am || die
+	else
+		# Don't build tests, also prevents extra deps, bug #512022
+		sed -i -e 's/ tests//' {.,gio,glib}/Makefile.am || die
+	fi
+
+	# gdbus-codegen is a separate package
+	eapply "${FILESDIR}"/${PN}-2.58.2-external-gdbus-codegen.patch
+
+	# gdbus message upper limit check fix from glib-2-58
+	eapply "${FILESDIR}"/${PV}-gdbusmessage-limit-fix.patch
+	# gfile copy fallback security fix (wrong permissions at start)
+	eapply "${FILESDIR}"/${PV}-CVE-2019-12450.patch
+
+	# Tarball doesn't come with gtk-doc.make and we can't unconditionally depend on dev-util/gtk-doc due
+	# to circular deps during bootstramp. If actually not building gtk-doc, an almost empty file will do
+	# fine as well - this is also what upstream autogen.sh does if gtkdocize is not found. If gtk-doc is
+	# installed, eautoreconf will call gtkdocize, which overwrites the empty gtk-doc.make with a full copy.
+	cat > gtk-doc.make << EOF
+EXTRA_DIST =
+CLEANFILES =
+EOF
+
+	gnome2_src_prepare
+	epunt_cxx
+}
+
+multilib_src_configure() {
+	# Avoid circular depend with dev-util/pkgconfig and
+	# native builds (cross-compiles won't need pkg-config
+	# in the target ROOT to work here)
+	if ! tc-is-cross-compiler && ! $(tc-getPKG_CONFIG) --version >& /dev/null; then
+		if has_version sys-apps/dbus; then
+			export DBUS1_CFLAGS="-I/usr/include/dbus-1.0 -I/usr/$(get_libdir)/dbus-1.0/include"
+			export DBUS1_LIBS="-ldbus-1"
+		fi
+		export LIBFFI_CFLAGS="-I$(echo /usr/$(get_libdir)/libffi-*/include)"
+		export LIBFFI_LIBS="-lffi"
+		export PCRE_CFLAGS=" " # test -n "$PCRE_CFLAGS" needs to pass
+		export PCRE_LIBS="-lpcre"
+	fi
+
+	# These configure tests don't work when cross-compiling.
+	if tc-is-cross-compiler ; then
+		# https://bugzilla.gnome.org/show_bug.cgi?id=756473
+		case ${CHOST} in
+		hppa*|metag*) export glib_cv_stack_grows=yes ;;
+		*)            export glib_cv_stack_grows=no ;;
+		esac
+		# https://bugzilla.gnome.org/show_bug.cgi?id=756474
+		export glib_cv_uscore=no
+		# https://bugzilla.gnome.org/show_bug.cgi?id=756475
+		export ac_cv_func_posix_get{pwuid,grgid}_r=yes
+	fi
+
+	local myconf
+
+	case "${CHOST}" in
+		*-mingw*) myconf="${myconf} --with-threads=win32" ;;
+		*)        myconf="${myconf} --with-threads=posix" ;;
+	esac
+
+	# libelf used only by the gresource bin
+	ECONF_SOURCE="${S}" gnome2_src_configure ${myconf} \
+		$(usex debug --enable-debug=yes ' ') \
+		$(use_enable xattr) \
+		$(use_enable fam) \
+		$(multilib_native_use_enable gtk-doc) \
+		$(use_enable kernel_linux libmount) \
+		$(use_enable selinux) \
+		$(use_enable static-libs static) \
+		$(use_enable systemtap dtrace) \
+		$(use_enable systemtap systemtap) \
+		$(multilib_native_use_enable utils libelf) \
+		--with-python=${EPYTHON} \
+		--disable-compile-warnings \
+		--enable-man \
+		--with-pcre=system \
+		--with-xml-catalog="${EPREFIX}/etc/xml/catalog"
+
+	if multilib_is_native_abi; then
+		local d
+		for d in glib gio gobject; do
+			ln -s "${S}"/docs/reference/${d}/html docs/reference/${d}/html || die
+		done
+	fi
+}
+
+multilib_src_test() {
+	export XDG_CONFIG_DIRS=/etc/xdg
+	export XDG_DATA_DIRS=/usr/local/share:/usr/share
+	export G_DBUS_COOKIE_SHA1_KEYRING_DIR="${T}/temp"
+	export LC_TIME=C # bug #411967
+	unset GSETTINGS_BACKEND # bug #596380
+	python_setup
+
+	# Related test is a bit nitpicking
+	mkdir "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+	chmod 0700 "$G_DBUS_COOKIE_SHA1_KEYRING_DIR"
+
+	# Hardened: gdb needs this, bug #338891
+	if host-is-pax ; then
+		pax-mark -mr "${BUILD_DIR}"/tests/.libs/assert-msg-test \
+			|| die "Hardened adjustment failed"
+	fi
+
+	# Need X for dbus-launch session X11 initialization
+	virtx emake check
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" completiondir="$(get_bashcompdir)" install
+	keepdir /usr/$(get_libdir)/gio/modules
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	# These are installed by dev-util/glib-utils
+	# TODO: With patching we might be able to get rid of the python-any deps and removals, and test depend on glib-utils instead; revisit with meson
+	rm "${ED}usr/bin/glib-genmarshal" || die
+	rm "${ED}usr/share/man/man1/glib-genmarshal.1" || die
+	rm "${ED}usr/bin/glib-mkenums" || die
+	rm "${ED}usr/share/man/man1/glib-mkenums.1" || die
+	rm "${ED}usr/bin/gtester-report" || die
+	rm "${ED}usr/share/man/man1/gtester-report.1" || die
+
+	# Do not install charset.alias even if generated, leave it to libiconv
+	rm -f "${ED}/usr/$(get_libdir)/charset.alias"
+
+	# Don't install gdb python macros, bug 291328
+	rm -rf "${ED}/usr/share/gdb/" "${ED}/usr/share/glib-2.0/gdb/"
+
+	# Completely useless with or without USE static-libs, people need to use pkg-config
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_preinst() {
+	gnome2_pkg_preinst
+
+	# Make gschemas.compiled belong to glib alone
+	local cache="usr/share/glib-2.0/schemas/gschemas.compiled"
+
+	if [[ -e ${EROOT}${cache} ]]; then
+		cp "${EROOT}"${cache} "${ED}"/${cache} || die
+	else
+		touch "${ED}"/${cache} || die
+	fi
+
+	multilib_pkg_preinst() {
+		# Make giomodule.cache belong to glib alone
+		local cache="usr/$(get_libdir)/gio/modules/giomodule.cache"
+
+		if [[ -e ${EROOT}${cache} ]]; then
+			cp "${EROOT}"${cache} "${ED}"/${cache} || die
+		else
+			touch "${ED}"/${cache} || die
+		fi
+	}
+
+	# Don't run the cache ownership when cross-compiling, as it would end up with an empty cache
+	# file due to inability to create it and GIO might not look at any of the modules there
+	if ! tc-is-cross-compiler ; then
+		multilib_foreach_abi multilib_pkg_preinst
+	fi
+}
+
+pkg_postinst() {
+	# force (re)generation of gschemas.compiled
+	GNOME2_ECLASS_GLIB_SCHEMAS="force"
+
+	gnome2_pkg_postinst
+
+	multilib_pkg_postinst() {
+		gnome2_giomodule_cache_update \
+			|| die "Update GIO modules cache failed (for ${ABI})"
+	}
+	if ! tc-is-cross-compiler ; then
+		multilib_foreach_abi multilib_pkg_postinst
+	else
+		ewarn "Updating of GIO modules cache skipped due to cross-compilation."
+		ewarn "You might want to run gio-querymodules manually on the target for"
+		ewarn "your final image for performance reasons and re-run it when packages"
+		ewarn "installing GIO modules get upgraded or added to the image."
+	fi
+}
+
+pkg_postrm() {
+	gnome2_pkg_postrm
+
+	if [[ -z ${REPLACED_BY_VERSION} ]]; then
+		multilib_pkg_postrm() {
+			rm -f "${EROOT}"usr/$(get_libdir)/gio/modules/giomodule.cache
+		}
+		multilib_foreach_abi multilib_pkg_postrm
+		rm -f "${EROOT}"usr/share/glib-2.0/schemas/gschemas.compiled
+	fi
+}