commit: 9cc1a365bdd51562f8eda8a067c22b46f0a6813f Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Tue Jun 17 00:27:43 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue Jun 17 00:32:36 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cc1a365
sys-process/procps: backport several fixes to 4.0.5 * Security fix for bug #958286 (issue w/ legacy top configuration files) * Fix build on macOS * Fix build w/ old linux-headers for bug #911375 * Workaround for musl Bug: https://bugs.gentoo.org/958286 Closes: https://bugs.gentoo.org/911375 Closes: https://bugs.gentoo.org/947680 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-process/procps/files/procps-4.0.5-macos.patch | 28 +++++ .../procps-4.0.5-pgrep-old-linux-headers.patch | 57 +++++++++ .../procps-4.0.5-top-legacy-config-vuln.patch | 39 ++++++ sys-process/procps/procps-4.0.5-r1.ebuild | 131 +++++++++++++++++++++ 4 files changed, 255 insertions(+) diff --git a/sys-process/procps/files/procps-4.0.5-macos.patch b/sys-process/procps/files/procps-4.0.5-macos.patch new file mode 100644 index 000000000000..79890994f11d --- /dev/null +++ b/sys-process/procps/files/procps-4.0.5-macos.patch @@ -0,0 +1,28 @@ +https://gitlab.com/procps-ng/procps/-/commit/2dc340e47669e0b0df7f71ff082e05ac5fa36615 + +From 2dc340e47669e0b0df7f71ff082e05ac5fa36615 Mon Sep 17 00:00:00 2001 +From: Rui Chen <[email protected]> +Date: Thu, 26 Dec 2024 11:09:18 -0500 +Subject: [PATCH] local/signals.c: guard `SIGPOLL` to fix build on macOS + +Signed-off-by: Rui Chen <[email protected]> +--- + local/signals.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/local/signals.c b/local/signals.c +index 6d68c07d..12656796 100644 +--- a/local/signals.c ++++ b/local/signals.c +@@ -125,7 +125,9 @@ static const mapstruct sigtable[] = { + {"VTALRM", SIGVTALRM}, + {"PROF", SIGPROF}, + {"WINCH", SIGWINCH}, ++#ifdef SIGPOLL + {"POLL", SIGPOLL}, // in SUSv3, prioritize over IO ++#endif + #ifdef SIGIO + {"IO", SIGIO}, // possibly = POLL + #endif +-- +GitLab diff --git a/sys-process/procps/files/procps-4.0.5-pgrep-old-linux-headers.patch b/sys-process/procps/files/procps-4.0.5-pgrep-old-linux-headers.patch new file mode 100644 index 000000000000..1f9ff443393d --- /dev/null +++ b/sys-process/procps/files/procps-4.0.5-pgrep-old-linux-headers.patch @@ -0,0 +1,57 @@ +https://bugs.gentoo.org/911375 +https://gitlab.com/procps-ng/procps/-/commit/90a0ddcd64c2d43dc2c2c856b1b42b5cae6b8a44 + +From 90a0ddcd64c2d43dc2c2c856b1b42b5cae6b8a44 Mon Sep 17 00:00:00 2001 +From: Markus Mayer <[email protected]> +Date: Wed, 11 Dec 2024 14:53:33 -0800 +Subject: [PATCH] pgrep: provide definition for __NR_pidfd_open if needed + +We already implement pidfd_open() ourselves if libc doesn't provide it. +Let's also provide our own definition of __NR_pidfd_open in case the +kernel headers don't contain it. + +This way, pgrep can provide its full capabilities after being built +against older kernel headers (for increased compatibility) but being run +on systems with newer kernels. + +Signed-off-by: Markus Mayer <[email protected]> +--- + configure.ac | 2 +- + src/pgrep.c | 9 +++++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1e984b12..14ba3ad7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -325,7 +325,7 @@ AS_IF([[test "x$enable_pidwait" = xyes -a "x$have_pidfd_open" = xno]], + AC_COMPILE_IFELSE([AC_LANG_SOURCE([ + #include <sys/syscall.h> + #ifndef __NR_pidfd_open +-#error __NR_pidfd_open not defined ++#warning __NR_pidfd_open not defined; using our definition + #endif + ])], + AC_MSG_RESULT([yes]), +diff --git a/src/pgrep.c b/src/pgrep.c +index 2c6b06b8..6fc25dd4 100644 +--- a/src/pgrep.c ++++ b/src/pgrep.c +@@ -874,6 +874,15 @@ static int signal_option(int *argc, char **argv) + } + + #if defined(ENABLE_PIDWAIT) && !defined(HAVE_PIDFD_OPEN) ++ ++#ifndef __NR_pidfd_open ++#ifdef __alpha__ ++#define __NR_pidfd_open 544 ++#else ++#define __NR_pidfd_open 434 ++#endif ++#endif ++ + static int pidfd_open (pid_t pid, unsigned int flags) + { + return syscall(__NR_pidfd_open, pid, flags); +-- +GitLab diff --git a/sys-process/procps/files/procps-4.0.5-top-legacy-config-vuln.patch b/sys-process/procps/files/procps-4.0.5-top-legacy-config-vuln.patch new file mode 100644 index 000000000000..676f16046a1c --- /dev/null +++ b/sys-process/procps/files/procps-4.0.5-top-legacy-config-vuln.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/958286 +https://gitlab.com/procps-ng/procps/-/commit/c7498168cfdcf566519d8c46bd26c1be42f2e3f3 + +From c7498168cfdcf566519d8c46bd26c1be42f2e3f3 Mon Sep 17 00:00:00 2001 +From: Jim Warner <[email protected]> +Date: Mon, 26 May 2025 00:00:00 -0500 +Subject: [PATCH] top: fix vulnerability with legacy configuration files + +Reference(s): +https://gitlab.com/procps-ng/procps/-/issues/384 + +Signed-off-by: Jim Warner <[email protected]> +--- + src/top/top.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/top/top.c b/src/top/top.c +index c55b08f0..eef3b219 100644 +--- a/src/top/top.c ++++ b/src/top/top.c +@@ -4015,10 +4015,12 @@ static int config_wins (FILE *fp, char *buf, int wix) { + + if (1 != fscanf(fp, "%3s\tfieldscur=", w->rc.winname)) + return 0; +- if (Rc.id < RCF_XFORMED_ID) +- fscanf(fp, "%s\n", buf ); +- else { +- for (x = 0; ; x++) ++ if (Rc.id < RCF_XFORMED_ID) { ++ fscanf(fp, "%100s\n", buf ); // buf size = LRGBUFSIZ (512) ++ if (strlen(buf) >= sizeof(CVT_FORMER)) // but if we exceed max of 86 ++ return 0; // that rc file was corrupted ++ } else { ++ for (x = 0; x < PFLAGSSIZ; x++) + if (1 != fscanf(fp, "%d", &w->rc.fieldscur[x])) + break; + } +-- +GitLab diff --git a/sys-process/procps/procps-4.0.5-r1.ebuild b/sys-process/procps/procps-4.0.5-r1.ebuild new file mode 100644 index 000000000000..c160a8003bc8 --- /dev/null +++ b/sys-process/procps/procps-4.0.5-r1.ebuild @@ -0,0 +1,131 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools flag-o-matic multilib-minimal toolchain-funcs + +DESCRIPTION="Standard informational utilities and process-handling tools" +HOMEPAGE="https://gitlab.com/procps-ng/procps"; +# Per e.g. https://gitlab.com/procps-ng/procps/-/releases/v4.0.5, the dist tarballs +# are still hosted on SF. +SRC_URI="https://downloads.sourceforge.net/${PN}-ng/${PN}-ng-${PV}.tar.xz"; +S="${WORKDIR}"/${PN}-ng-${PV} + +# See bug #913210 +LICENSE="GPL-2+ LGPL-2+ LGPL-2.1+" +SLOT="0/0-ng" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="elogind +kill modern-top +ncurses nls selinux static-libs skill systemd test unicode" +RESTRICT="!test? ( test )" + +DEPEND=" + elogind? ( sys-auth/elogind ) + elibc_musl? ( sys-libs/error-standalone ) + ncurses? ( >=sys-libs/ncurses-5.7-r7:=[unicode(+)?] ) + selinux? ( sys-libs/libselinux[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd[${MULTILIB_USEDEP}] ) +" +RDEPEND=" + ${DEPEND} + !<app-i18n/man-pages-l10n-4.2.0-r1 + !<app-i18n/man-pages-de-2.12-r1 + !<app-i18n/man-pages-pl-0.7-r1 + kill? ( + !sys-apps/coreutils[kill] + !sys-apps/util-linux[kill] + ) +" +BDEPEND=" + elogind? ( virtual/pkgconfig ) + elibc_musl? ( virtual/pkgconfig ) + ncurses? ( virtual/pkgconfig ) + systemd? ( virtual/pkgconfig ) + test? ( dev-util/dejagnu ) +" + +# bug #898830 +QA_CONFIG_IMPL_DECL_SKIP=( makedev ) + +PATCHES=( + "${FILESDIR}"/${PN}-4.0.4-xfail-pmap-test.patch + "${FILESDIR}"/${PN}-4.0.5-sysctl-manpage.patch # bug #565304 + "${FILESDIR}"/${PN}-4.0.5-fix-tests-multilib.patch + "${FILESDIR}"/${PN}-4.0.5-top-legacy-config-vuln.patch # bug #958286 + "${FILESDIR}"/${PN}-4.0.5-macos.patch + "${FILESDIR}"/${PN}-4.0.5-pgrep-old-linux-headers.patch # bug #911375 +) + +src_prepare() { + default + + # Only needed for fix-tests-multilib.patch and pgrep-old-linux-headers.patch + eautoreconf +} + +multilib_src_configure() { + # http://www.freelists.org/post/procps/PATCH-enable-transparent-large-file-support + # bug #471102 + append-lfs-flags + + # Workaround for bug #947680, can be dropped w/ >4.0.5 + if use elibc_musl ; then + append-cflags "$($(tc-getPKG_CONFIG) --cflags error-standalone)" + append-libs "$($(tc-getPKG_CONFIG) --libs error-standalone)" + fi + + local myeconfargs=( + # No elogind multilib support + $(multilib_native_use_with elogind) + $(multilib_native_use_enable kill) + $(multilib_native_use_enable modern-top) + $(multilib_native_enable pidof) + $(multilib_native_enable pidwait) + $(multilib_native_use_with ncurses) + # bug #794997 + $(multilib_native_use_enable !elibc_musl w) + $(use_enable nls) + $(use_enable selinux libselinux) + $(use_enable static-libs static) + $(use_with systemd) + $(use_enable skill) + ) + + if use ncurses; then + # Only pass whis when we are building the 'watch' command + myeconfargs+=( $(multilib_native_use_enable unicode watch8bit) ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_test() { + local ps="${BUILD_DIR}/src/ps/pscommand" + if [[ $("${ps}" --no-headers -o cls -q $$) == IDL ]]; then + # bug #708230 + ewarn "Skipping tests due to SCHED_IDLE" + else + # bug #461302 + emake check </dev/null + fi +} + +multilib_src_install() { + default + + dodoc "${S}"/sysctl.conf + + if multilib_is_native_abi; then + # We keep ps and kill in /bin per bug #565304. + dodir /bin + mv "${ED}"/usr/bin/ps "${ED}"/bin/ || die + if use kill; then + mv "${ED}"/usr/bin/kill "${ED}"/bin/ || die + fi + fi +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -type f -name '*.la' -delete || die +}
