diff options
author | Andreas K. Hüttel <dilfridge@gentoo.org> | 2020-12-22 23:22:08 +0200 |
---|---|---|
committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2020-12-22 23:22:27 +0200 |
commit | e56515f4c40646457042b106fdf6131a9b585038 (patch) | |
tree | d68ddea52af4bb7ea86ce04509def0f5fb3fc620 /dev-libs/boost | |
parent | dev-python/cmd2: Remove old (diff) | |
download | gentoo-e56515f4c40646457042b106fdf6131a9b585038.tar.gz gentoo-e56515f4c40646457042b106fdf6131a9b585038.tar.bz2 gentoo-e56515f4c40646457042b106fdf6131a9b585038.zip |
dev-libs/boost: Revbump for CVE-2012-2677
Bug: https://bugs.gentoo.org/620468
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'dev-libs/boost')
-rw-r--r-- | dev-libs/boost/boost-1.74.0-r2.ebuild | 359 | ||||
-rw-r--r-- | dev-libs/boost/files/boost-1.74-CVE-2012-2677.patch | 125 |
2 files changed, 484 insertions, 0 deletions
diff --git a/dev-libs/boost/boost-1.74.0-r2.ebuild b/dev-libs/boost/boost-1.74.0-r2.ebuild new file mode 100644 index 000000000000..de5aba9c7e6d --- /dev/null +++ b/dev-libs/boost/boost-1.74.0-r2.ebuild @@ -0,0 +1,359 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6,7,8,9} ) + +inherit flag-o-matic multiprocessing python-r1 toolchain-funcs multilib-minimal + +MY_PV="$(ver_rs 1- _)" +MAJOR_V="$(ver_cut 1-2)" + +DESCRIPTION="Boost Libraries for C++" +HOMEPAGE="https://www.boost.org/" +SRC_URI="https://dl.bintray.com/boostorg/release/${PV}/source/boost_${MY_PV}.tar.bz2" + +LICENSE="Boost-1.0" +SLOT="0/${PV}" # ${PV} instead ${MAJOR_V} due to bug 486122 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris ~x86-winnt" +IUSE="bzip2 context debug doc icu lzma +nls mpi numpy python static-libs +threads tools zlib zstd" +REQUIRED_USE=" + mpi? ( threads ) + python? ( ${PYTHON_REQUIRED_USE} )" + +# the tests will never fail because these are not intended as sanity +# tests at all. They are more a way for upstream to check their own code +# on new compilers. Since they would either be completely unreliable +# (failing for no good reason) or completely useless (never failing) +# there is no point in having them in the ebuild to begin with. +RESTRICT="test" + +RDEPEND=" + !app-admin/eselect-boost + !dev-libs/boost-numpy + !<dev-libs/leatherman-1.12.0-r1 + bzip2? ( app-arch/bzip2:=[${MULTILIB_USEDEP}] ) + icu? ( >=dev-libs/icu-3.6:=[${MULTILIB_USEDEP}] ) + !icu? ( virtual/libiconv[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils:=[${MULTILIB_USEDEP}] ) + mpi? ( >=virtual/mpi-2.0-r4[${MULTILIB_USEDEP},cxx,threads] ) + python? ( + ${PYTHON_DEPS} + numpy? ( $(python_gen_cond_dep 'dev-python/numpy[${PYTHON_USEDEP}]' -3) ) + ) + zlib? ( sys-libs/zlib:=[${MULTILIB_USEDEP}] ) + zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND}" +BDEPEND="=dev-util/boost-build-${MAJOR_V}*" + +S="${WORKDIR}/${PN}_${MY_PV}" + +PATCHES=( + "${FILESDIR}"/${PN}-1.71.0-disable_icu_rpath.patch + "${FILESDIR}"/${PN}-1.71.0-context-x32.patch + "${FILESDIR}"/${PN}-1.71.0-build-auto_index-tool.patch + # upstream unresponsive to pull request + # https://github.com/boostorg/python/pull/286 + "${FILESDIR}"/${PN}-1.73-boost-python-cleanup.patch + # Boost.MPI's __init__.py doesn't work on Py3 + "${FILESDIR}"/${PN}-1.73-boost-mpi-python-PEP-328.patch + # Remove annoying #pragma message + "${FILESDIR}"/${PN}-1.73-property-tree-include.patch + "${FILESDIR}"/${PN}-1.74-CVE-2012-2677.patch +) + +python_bindings_needed() { + multilib_is_native_abi && use python +} + +tools_needed() { + multilib_is_native_abi && use tools +} + +create_user-config.jam() { + local user_config_jam="${BUILD_DIR}"/user-config.jam + if [[ -s ${user_config_jam} ]]; then + einfo "${user_config_jam} already exists, skipping configuration" + return + else + einfo "Creating configuration in ${user_config_jam}" + fi + + local compiler compiler_version compiler_executable="$(tc-getCXX)" + if [[ ${CHOST} == *-darwin* ]]; then + compiler="darwin" + compiler_version="$(gcc-fullversion)" + else + compiler="gcc" + compiler_version="$(gcc-version)" + fi + + if use mpi; then + local mpi_configuration="using mpi ;" + fi + + cat > "${user_config_jam}" <<- __EOF__ || die + using ${compiler} : ${compiler_version} : ${compiler_executable} : <cflags>"${CFLAGS}" <cxxflags>"${CXXFLAGS}" <linkflags>"${LDFLAGS}" ; + ${mpi_configuration} + __EOF__ + + if python_bindings_needed; then + append_to_user_config() { + local py_config + if tc-is-cross-compiler; then + py_config="using python : ${EPYTHON#python} : : ${ESYSROOT}/usr/include/${EPYTHON} : ${ESYSROOT}/usr/$(get_libdir) ;" + else + py_config="using python : ${EPYTHON#python} : ${PYTHON} : $(python_get_includedir) ;" + fi + echo "${py_config}" >> "${user_config_jam}" || die + } + python_foreach_impl append_to_user_config + fi + + if python_bindings_needed && use numpy; then + einfo "Enabling support for NumPy extensions in Boost.Python" + else + einfo "Disabling support for NumPy extensions in Boost.Python" + + # Boost.Build does not allow for disabling of numpy + # extensions, thereby leading to automagic numpy + # https://github.com/boostorg/python/issues/111#issuecomment-280447482 + sed \ + -e 's/\[ unless \[ python\.numpy \] : <build>no \]/<build>no/g' \ + -i "${BUILD_DIR}"/libs/python/build/Jamfile || die + fi +} + +pkg_setup() { + # Bail out on unsupported build configuration, bug #456792 + if [[ -f "${EROOT}"/etc/site-config.jam ]]; then + if ! grep -q 'gentoo\(debug\|release\)' "${EROOT}"/etc/site-config.jam; then + eerror "You are using custom ${EROOT}/etc/site-config.jam without defined gentoorelease/gentoodebug targets." + eerror "Boost can not be built in such configuration." + eerror "Please, either remove this file or add targets from ${EROOT}/usr/share/boost-build/site-config.jam to it." + die "Unsupported target in ${EROOT}/etc/site-config.jam" + fi + fi +} + +src_prepare() { + default + multilib_copy_sources +} + +ejam() { + create_user-config.jam + + local b2_opts=( "--user-config=${BUILD_DIR}/user-config.jam" ) + if python_bindings_needed; then + append_to_b2_opts() { + b2_opts+=( python="${EPYTHON#python}" ) + } + python_foreach_impl append_to_b2_opts + else + b2_opts+=( --without-python ) + fi + b2_opts+=( "$@" ) + + echo b2 "${b2_opts[@]}" >&2 + b2 "${b2_opts[@]}" +} + +src_configure() { + # Workaround for too many parallel processes requested, bug #506064 + [[ "$(makeopts_jobs)" -gt 64 ]] && MAKEOPTS="${MAKEOPTS} -j64" + + OPTIONS=( + $(usex debug gentoodebug gentoorelease) + "-j$(makeopts_jobs)" + -q + -d+2 + pch=off + $(usex icu "-sICU_PATH=${ESYSROOT}/usr" '--disable-icu boost.locale.icu=off') + $(usex mpi '' '--without-mpi') + $(usex nls '' '--without-locale') + $(usex context '' '--without-context --without-coroutine --without-fiber') + $(usex threads '' '--without-thread') + --without-stacktrace + --boost-build="${BROOT}"/usr/share/boost-build + --prefix="${ED}/usr" + --layout=system + # CMake has issues working with multiple python impls, + # disable cmake config generation for the time being + # https://github.com/boostorg/python/issues/262#issuecomment-483069294 + --no-cmake-config + # building with threading=single is currently not possible + # https://svn.boost.org/trac/boost/ticket/7105 + threading=multi + link=$(usex static-libs shared,static shared) + # this seems to be the only way to disable compression algorithms + # https://www.boost.org/doc/libs/1_70_0/libs/iostreams/doc/installation.html#boost-build + -sNO_BZIP2=$(usex bzip2 0 1) + -sNO_LZMA=$(usex lzma 0 1) + -sNO_ZLIB=$(usex zlib 0 1) + -sNO_ZSTD=$(usex zstd 0 1) + ) + + if [[ ${CHOST} == *-darwin* ]]; then + # We need to add the prefix, and in two cases this exceeds, so prepare + # for the largest possible space allocation. + append-ldflags -Wl,-headerpad_max_install_names + fi + + # Use C++14 globally as of 1.62 + append-cxxflags -std=c++14 +} + +multilib_src_compile() { + ejam "${OPTIONS[@]}" || die + + if tools_needed; then + pushd tools >/dev/null || die + ejam \ + "${OPTIONS[@]}" \ + || die "Building of Boost tools failed" + popd >/dev/null || die + fi +} + +multilib_src_install_all() { + if ! use numpy; then + rm -r "${ED}"/usr/include/boost/python/numpy* || die + fi + + if use python; then + if use mpi; then + move_mpi_py_into_sitedir() { + python_moduleinto boost + python_domodule "${S}"/libs/mpi/build/__init__.py + + python_domodule "${ED}"/usr/$(get_libdir)/boost-${EPYTHON}/mpi.so + rm -r "${ED}"/usr/$(get_libdir)/boost-${EPYTHON} || die + + python_optimize + } + python_foreach_impl move_mpi_py_into_sitedir + else + rm -r "${ED}"/usr/include/boost/mpi/python* || die + fi + else + rm -r "${ED}"/usr/include/boost/{python*,mpi/python*,parameter/aux_/python,parameter/python*} || die + fi + + if ! use nls; then + rm -r "${ED}"/usr/include/boost/locale || die + fi + + if ! use context; then + rm -r "${ED}"/usr/include/boost/context || die + rm -r "${ED}"/usr/include/boost/coroutine{,2} || die + rm "${ED}"/usr/include/boost/asio/spawn.hpp || die + fi + + if use doc; then + # find extraneous files that shouldn't be installed + # as part of the documentation and remove them. + find libs/*/* \( -iname 'test' -o -iname 'src' \) -exec rm -rf '{}' + || die + find doc \( -name 'Jamfile.v2' -o -name 'build' -o -name '*.manifest' \) -exec rm -rf '{}' + || die + find tools \( -name 'Jamfile.v2' -o -name 'src' -o -name '*.cpp' -o -name '*.hpp' \) -exec rm -rf '{}' + || die + + docinto html + dodoc *.{htm,html,png,css} + dodoc -r doc libs more tools + + # To avoid broken links + dodoc LICENSE_1_0.txt + + dosym ../../../../include/boost /usr/share/doc/${PF}/html/boost + fi +} + +multilib_src_install() { + ejam \ + "${OPTIONS[@]}" \ + --includedir="${ED}/usr/include" \ + --libdir="${ED}/usr/$(get_libdir)" \ + install || die "Installation of Boost libraries failed" + + pushd "${ED}/usr/$(get_libdir)" >/dev/null || die + + local ext=$(get_libname) + if use threads; then + local f + for f in *${ext}; do + dosym ${f} /usr/$(get_libdir)/${f/${ext}/-mt${ext}} + done + fi + + popd >/dev/null || die + + if tools_needed; then + dobin dist/bin/* + + insinto /usr/share + doins -r dist/share/boostbook + fi + + # boost's build system truely sucks for not having a destdir. Because for + # this reason we are forced to build with a prefix that includes the + # DESTROOT, dynamic libraries on Darwin end messed up, referencing the + # DESTROOT instread of the actual EPREFIX. There is no way out of here + # but to do it the dirty way of manually setting the right install_names. + if [[ ${CHOST} == *-darwin* ]]; then + einfo "Working around completely broken build-system(tm)" + local d + for d in "${ED}"/usr/lib/*.dylib; do + if [[ -f ${d} ]]; then + # fix the "soname" + ebegin " correcting install_name of ${d#${ED}}" + install_name_tool -id "/${d#${D}}" "${d}" + eend $? + # fix references to other libs + refs=$(otool -XL "${d}" | \ + sed -e '1d' -e 's/^\t//' | \ + grep "^libboost_" | \ + cut -f1 -d' ') + local r + for r in ${refs}; do + ebegin " correcting reference to ${r}" + install_name_tool -change \ + "${r}" \ + "${EPREFIX}/usr/lib/${r}" \ + "${d}" + eend $? + done + fi + done + fi +} + +pkg_preinst() { + # Yai for having symlinks that are nigh-impossible to remove without + # resorting to dirty hacks like these. Removes lingering symlinks + # from the slotted versions. + local symlink + for symlink in "${EROOT}"/usr/include/boost "${EROOT}"/usr/share/boostbook; do + if [[ -L ${symlink} ]]; then + rm -f "${symlink}" || die + fi + done + + # some ancient installs still have boost cruft lying around + # for unknown reasons, causing havoc for reverse dependencies + # Bug: 607734 + rm -rf "${EROOT}"/usr/include/boost-1_[3-5]? || die +} + +pkg_postinst() { + elog "Boost.Regex is *extremely* ABI sensitive. If you get errors such as" + elog + elog " undefined reference to \`boost::re_detail_$(ver_cut 1)0$(ver_cut 2)00::cpp_regex_traits_implementation" + elog " <char>::transform_primary[abi:cxx11](char const*, char const*) const'" + elog + elog "Then you need to recompile Boost and all its reverse dependencies" + elog "using the same toolchain. In general, *every* change of the C++ toolchain" + elog "requires a complete rebuild of the boost-dependent ecosystem." + elog + elog "See for instance https://bugs.gentoo.org/638138" +} diff --git a/dev-libs/boost/files/boost-1.74-CVE-2012-2677.patch b/dev-libs/boost/files/boost-1.74-CVE-2012-2677.patch new file mode 100644 index 000000000000..ff947f74f1c4 --- /dev/null +++ b/dev-libs/boost/files/boost-1.74-CVE-2012-2677.patch @@ -0,0 +1,125 @@ +https://src.fedoraproject.org/rpms/boost/raw/master/f/boost-1.58.0-pool.patch +https://bugzilla.redhat.com/show_bug.cgi?id=828856 +https://bugs.gentoo.org/620468 +https://svn.boost.org/trac10/ticket/6701 + +Index: boost/pool/pool.hpp +=================================================================== +--- a/boost/pool/pool.hpp (revision 78317) ++++ b/boost/pool/pool.hpp (revision 78326) +@@ -27,4 +27,6 @@ + #include <boost/pool/poolfwd.hpp> + ++// std::numeric_limits ++#include <boost/limits.hpp> + // boost::integer::static_lcm + #include <boost/integer/common_factor_ct.hpp> +@@ -358,4 +360,11 @@ + } + ++ size_type max_chunks() const ++ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool. ++ size_type partition_size = alloc_size(); ++ size_type POD_size = integer::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type); ++ return (std::numeric_limits<size_type>::max() - POD_size) / alloc_size(); ++ } ++ + static void * & nextof(void * const ptr) + { //! \returns Pointer dereferenced. +@@ -377,5 +388,7 @@ + //! the first time that object needs to allocate system memory. + //! The default is 32. This parameter may not be 0. +- //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ set_next_size(nnext_size); ++ set_max_size(nmax_size); + } + +@@ -400,7 +413,7 @@ + } + void set_next_size(const size_type nnext_size) +- { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. +- //! \returns nnext_size. +- next_size = start_size = nnext_size; ++ { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. ++ BOOST_USING_STD_MIN(); ++ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks()); + } + size_type get_max_size() const +@@ -410,5 +423,6 @@ + void set_max_size(const size_type nmax_size) + { //! Set max_size. +- max_size = nmax_size; ++ BOOST_USING_STD_MIN(); ++ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks()); + } + size_type get_requested_size() const +@@ -713,7 +727,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, +@@ -753,7 +767,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, +@@ -797,4 +811,6 @@ + //! \returns Address of chunk n if allocated ok. + //! \returns 0 if not enough memory for n chunks. ++ if (n > max_chunks()) ++ return 0; + + const size_type partition_size = alloc_size(); +@@ -845,7 +861,7 @@ + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // insert it into the list, +Index: libs/pool/test/test_bug_6701.cpp +=================================================================== +--- a/libs/pool/test/test_bug_6701.cpp (revision 78326) ++++ b/libs/pool/test/test_bug_6701.cpp (revision 78326) +@@ -0,0 +1,27 @@ ++/* Copyright (C) 2012 Étienne Dupuis ++* ++* Use, modification and distribution is subject to the ++* Boost Software License, Version 1.0. (See accompanying ++* file LICENSE_1_0.txt or http://www.boost.org/LICENSE_1_0.txt) ++*/ ++ ++// Test of bug #6701 (https://svn.boost.org/trac/boost/ticket/6701) ++ ++#include <boost/pool/object_pool.hpp> ++#include <boost/limits.hpp> ++ ++int main() ++{ ++ boost::pool<> p(1024, std::numeric_limits<size_t>::max() / 768); ++ ++ void *x = p.malloc(); ++ BOOST_ASSERT(!x); ++ ++ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_next_size()); ++ BOOST_ASSERT(std::numeric_limits<size_t>::max() / 1024 >= p.get_max_size()); ++ ++ void *y = p.ordered_malloc(std::numeric_limits<size_t>::max() / 768); ++ BOOST_ASSERT(!y); ++ ++ return 0; ++} |