commit: 82469e1b6888efad9c7e08dec227694c9f1684c8 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Apr 20 19:21:39 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Apr 20 19:36:50 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82469e1b
sys-devel/distcc: backport corruption fix Closes: https://bugs.gentoo.org/904720 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-devel/distcc/distcc-3.4-r2.ebuild | 182 +++++++++++++++++++++ ...cc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch | 65 ++++++++ 2 files changed, 247 insertions(+) diff --git a/sys-devel/distcc/distcc-3.4-r2.ebuild b/sys-devel/distcc/distcc-3.4-r2.ebuild new file mode 100644 index 000000000000..1f64a9e6be93 --- /dev/null +++ b/sys-devel/distcc/distcc-3.4-r2.ebuild @@ -0,0 +1,182 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) + +inherit autotools flag-o-matic prefix python-single-r1 systemd + +DESCRIPTION="Distribute compilation of C code across several machines on a network" +HOMEPAGE="https://github.com/distcc/distcc"; +SRC_URI="https://github.com/distcc/distcc/releases/download/v${PV}/${P}.tar.gz"; + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="gssapi gtk hardened ipv6 selinux xinetd zeroconf" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + dev-libs/popt + gssapi? ( net-libs/libgssglue ) + gtk? ( x11-libs/gtk+:3 ) + zeroconf? ( >=net-dns/avahi-0.6[dbus] ) +" +DEPEND="${RDEPEND} + sys-libs/binutils-libs" +BDEPEND=" + sys-devel/autoconf-archive + virtual/pkgconfig" +RDEPEND+=" + acct-user/distcc + dev-util/shadowman + >=sys-devel/gcc-config-1.4.1 + selinux? ( sec-policy/selinux-distcc ) + xinetd? ( sys-apps/xinetd )" + +src_prepare() { + eapply "${FILESDIR}/${PN}-3.0-xinetd.patch" + # SOCKSv5 support needed for Portage, bug #537616 + eapply "${FILESDIR}/${PN}-3.2_rc1-socks5.patch" + eapply "${FILESDIR}/${PN}-3.4-pump-tests.patch" + eapply "${FILESDIR}/${P}-fix-dcc_gcc_rewrite_fqn-corruption.patch" + eapply_user + + # Bugs #120001, #167844 and probably more. See patch for description. + use hardened && eapply "${FILESDIR}/distcc-hardened.patch" + + sed -i \ + -e "/PATH/s:\$distcc_location:${EPREFIX}/usr/lib/distcc/bin:" \ + -e "s:@PYTHON@:${EPYTHON}:" \ + pump.in || die "sed failed" + + sed \ + -e "s:@EPREFIX@:${EPREFIX:-/}:" \ + -e "s:@libdir@:/usr/lib:" \ + "${FILESDIR}/distcc-config" > "${T}/distcc-config" || die + + # TODO: gdb tests fail due to gdb failing to find .c file + sed -i -e '/Gdb.*Case,/d' test/testdistcc.py || die + + hprefixify update-distcc-symlinks.py src/{serve,daemon}.c + python_fix_shebang update-distcc-symlinks.py "${T}/distcc-config" + eautoreconf +} + +src_configure() { + # https://github.com/distcc/distcc/issues/454 + append-cppflags -DPY_SSIZE_T_CLEAN + + local myconf=( + --disable-Werror + --libdir="${EPREFIX}"/usr/lib + $(use_enable ipv6 rfc2553) + $(use_with gtk) + --without-gnome + $(use_with gssapi auth) + $(use_with zeroconf avahi) + ) + + econf "${myconf[@]}" +} + +src_test() { + # sandbox breaks some tests, and hangs some too + # retest once #590084 is fixed + local -x SANDBOX_ON=0 + emake -j1 check +} + +src_install() { + # override GZIP_BIN to stop it from compressing manpages + emake -j1 DESTDIR="${D}" GZIP_BIN=false install + python_optimize + + newinitd "${FILESDIR}/distccd.initd" distccd + systemd_newunit "${FILESDIR}/distccd.service-1" distccd.service + systemd_install_serviced "${FILESDIR}/distccd.service.conf" + + cp "${FILESDIR}/distccd.confd" "${T}/distccd" || die + if use zeroconf; then + cat >> "${T}/distccd" <<-EOF || die + + # Enable zeroconf support in distccd + DISTCCD_OPTS="\${DISTCCD_OPTS} --zeroconf" + EOF + + sed -i '/ExecStart/ s|$| --zeroconf|' "${D}$(systemd_get_systemunitdir)"/distccd.service || die + fi + doconfd "${T}/distccd" + + newenvd - 02distcc <<-EOF || die + # This file is managed by distcc-config; use it to change these settings. + # DISTCC_LOG and DISTCC_DIR should not be set. + DISTCC_VERBOSE="${DISTCC_VERBOSE:-0}" + DISTCC_FALLBACK="${DISTCC_FALLBACK:-1}" + DISTCC_SAVE_TEMPS="${DISTCC_SAVE_TEMPS:-0}" + DISTCC_TCP_CORK="${DISTCC_TCP_CORK}" + DISTCC_SSH="${DISTCC_SSH}" + UNCACHED_ERR_FD="${UNCACHED_ERR_FD}" + DISTCC_ENABLE_DISCREPANCY_EMAIL="${DISTCC_ENABLE_DISCREPANCY_EMAIL}" + DCC_EMAILLOG_WHOM_TO_BLAME="${DCC_EMAILLOG_WHOM_TO_BLAME}" + EOF + + keepdir /usr/lib/distcc + + dobin "${T}/distcc-config" + + if use gtk; then + einfo "Renaming /usr/bin/distccmon-gnome to /usr/bin/distccmon-gui" + einfo "This is to have a little sensability in naming schemes between distccmon programs" + mv "${ED}/usr/bin/distccmon-gnome" "${ED}/usr/bin/distccmon-gui" || die + dosym distccmon-gui /usr/bin/distccmon-gnome + fi + + if use xinetd; then + insinto /etc/xinetd.d + newins "doc/example/xinetd" distcc + fi + + insinto /usr/share/shadowman/tools + newins - distcc <<<"${EPREFIX}/usr/lib/distcc/bin" + newins - distccd <<<"${EPREFIX}/usr/lib/distcc" + + rm -r "${ED}/etc/default" || die + rm "${ED}/etc/distcc/clients.allow" || die + rm "${ED}/etc/distcc/commands.allow.sh" || die +} + +pkg_postinst() { + # remove the old paths when switching from libXX to lib + if [[ $(get_libdir) != lib && ${SYMLINK_LIB} != yes && \ + -d ${EROOT}/usr/$(get_libdir)/distcc ]]; then + rm -r -f "${EROOT}/usr/$(get_libdir)/distcc" || die + fi + + if [[ -z ${ROOT} ]]; then + eselect compiler-shadow update distcc + eselect compiler-shadow update distccd + fi + + elog + elog "Tips on using distcc with Gentoo can be found at" + elog "https://wiki.gentoo.org/wiki/Distcc"; + elog + elog "distcc-pump is known to cause breakage with multiple packages." + elog "Do NOT enable it globally." + elog + elog "To use the distccmon programs with Gentoo you should use this command:" + elog "# DISTCC_DIR=\"${DISTCC_DIR:-${BUILD_PREFIX}/.distcc}\" distccmon-text 5" + + if use gtk; then + elog "Or:" + elog "# DISTCC_DIR=\"${DISTCC_DIR:-${BUILD_PREFIX}/.distcc}\" distccmon-gnome" + fi +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} && -z ${ROOT} ]]; then + eselect compiler-shadow remove distcc + fi +} diff --git a/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch b/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch new file mode 100644 index 000000000000..14c08db329d1 --- /dev/null +++ b/sys-devel/distcc/files/distcc-3.4-fix-dcc_gcc_rewrite_fqn-corruption.patch @@ -0,0 +1,65 @@ +https://bugs.gentoo.org/904720 +https://github.com/distcc/distcc/commit/879b71d6e95673e58d33f6c3c341a893ee307161 + +From 879b71d6e95673e58d33f6c3c341a893ee307161 Mon Sep 17 00:00:00 2001 +From: Alexey Sheplyakov <[email protected]> +Date: Sat, 10 Jul 2021 22:18:14 +0400 +Subject: [PATCH] dcc_gcc_rewrite_fqn: avoid heap corruption + +On ALT Linux I've run into the following bug: + +distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c +free(): invalid next size (fast) +Aborted (core dumped) + +Apparently dcc_gcc_rewrite writes beyond the allocated memory: + +valgrind --leak-check=full -v ./distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c + +==11382== ERROR SUMMARY: 53 errors from 5 contexts (suppressed: 0 from 0) +==11382== +==11382== 1 errors in context 1 of 5: +==11382== Invalid write of size 1 +==11382== at 0x4C349D8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== Address 0x544e828 is 1 bytes after a block of size 23 alloc'd +==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== +==11382== +==11382== 1 errors in context 2 of 5: +==11382== Invalid write of size 1 +==11382== at 0x4C349C8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) +==11382== Address 0x544e827 is 0 bytes after a block of size 23 alloc'd +==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) +==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) +==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) +==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) +==11382== by 0x10E380: main (distcc.c:352) + +and ALT Linux' hardened glibc does not quite like that. +Correctly compute the `newcmd_len` to avoid the problem. + +ALTBUG: #40425 +--- a/src/compile.c ++++ b/src/compile.c +@@ -584,7 +584,7 @@ static int dcc_gcc_rewrite_fqn(char **argv) + return -ENOENT; + + +- newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1); ++ newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1; + newcmd = malloc(newcmd_len); + if (!newcmd) + return -ENOMEM; +
