bc: upgrade to latest version
This brings in new sandbox features.
BUG=chromium:884778
TEST=precq passes
Change-Id: I69d63db0d42f227064e866efc3f3cb60fc9f824e
Reviewed-on: https://chromium-review.googlesource.com/1229236
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
diff --git a/sys-devel/bc/Manifest b/sys-devel/bc/Manifest
index 214236b..fed5895 100644
--- a/sys-devel/bc/Manifest
+++ b/sys-devel/bc/Manifest
@@ -1 +1 @@
-DIST bc-1.06.95.tar.bz2 290069 RMD160 d58c2d7a1f4b7bfa910f26e5809f3169a6e0da76 SHA1 18717e0543b1dda779a71e6a812f11b8261a705a SHA256 7ee4abbcfac03d8a6e1a8a3440558a3d239d6b858585063e745c760957725ecc
+DIST bc-1.07.1.tar.gz 419850 BLAKE2B dcedc193be5521aa0fa3a19746233ed65bc1fe8ef12e15155341706de6fbeecb6dd7ee4ab11e2d4b3aca2ae7097cce89e389b3573493bbc893e00b4ed3239594 SHA512 02126d0db6b6ed06d56cfc292d6f5475ff1e574779d7e69c7809bbb1e13f946f57ea07da2a7666baa092507a951a822044b0970075f75eefe65a5c1999b75d34
diff --git a/sys-devel/bc/bc-1.06.95.ebuild b/sys-devel/bc/bc-1.06.95.ebuild
deleted file mode 100644
index f8b000d..0000000
--- a/sys-devel/bc/bc-1.06.95.ebuild
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright 1999-2012 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/bc/bc-1.06.95.ebuild,v 1.14 2012/03/27 18:26:34 vapier Exp $
-
-inherit eutils flag-o-matic toolchain-funcs
-
-DESCRIPTION="Handy console-based calculator utility"
-HOMEPAGE="http://www.gnu.org/software/bc/bc.html"
-SRC_URI="mirror://gnu-alpha/bc/${P}.tar.bz2
- mirror://gnu/bc/${P}.tar.bz2"
-
-LICENSE="GPL-2 LGPL-2.1"
-SLOT="0"
-KEYWORDS="*"
-IUSE="libedit readline static"
-
-RDEPEND="readline? ( >=sys-libs/readline-4.1 >=sys-libs/ncurses-5.2 )
- libedit? ( dev-libs/libedit )"
-DEPEND="${RDEPEND}
- sys-devel/flex"
-
-src_compile() {
- local myconf
- if use readline ; then
- myconf="--with-readline --without-libedit"
- elif use libedit ; then
- myconf="--without-readline --with-libedit"
- else
- myconf="--without-readline --without-libedit"
- fi
- use static && append-ldflags -static
- econf ${myconf} || die
- emake || die
-}
-
-src_install() {
- emake install DESTDIR="${D}" || die
- dodoc AUTHORS FAQ NEWS README ChangeLog
-}
diff --git a/sys-devel/bc/bc-1.07.1-r2.ebuild b/sys-devel/bc/bc-1.07.1-r2.ebuild
new file mode 100644
index 0000000..602c27e
--- /dev/null
+++ b/sys-devel/bc/bc-1.07.1-r2.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit flag-o-matic toolchain-funcs eutils
+
+DESCRIPTION="Handy console-based calculator utility"
+HOMEPAGE="https://www.gnu.org/software/bc/bc.html"
+SRC_URI="mirror://gnu/bc/${P}.tar.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="*"
+IUSE="forced-sandbox libedit readline static"
+
+RDEPEND="
+ !readline? ( libedit? ( dev-libs/libedit:= ) )
+ readline? (
+ >=sys-libs/readline-4.1:0=
+ >=sys-libs/ncurses-5.2:=
+ )
+"
+DEPEND="
+ ${RDEPEND}
+ sys-devel/flex
+ virtual/yacc
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.07.1-sandbox.patch"
+ "${FILESDIR}/${PN}-1.07.1-no-ed-its-sed.patch"
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+
+ # Avoid bad build tool usage when cross-compiling. #627126
+ tc-is-cross-compiler && epatch "${FILESDIR}/${PN}-1.07.1-use-system-bc.patch"
+
+ # A patch to make this into a configure option has been sent upstream,
+ # but lets avoid regenerating all the autotools just for this.
+ if use forced-sandbox ; then
+ sed -i '/dc_sandbox_enabled = 0/s:0:1:' dc/dc.c || die
+ fi
+}
+
+src_configure() {
+ local myconf=(
+ $(use_with readline)
+ )
+ if use readline ; then
+ myconf+=( --without-libedit )
+ else
+ myconf+=( $(use_with libedit) )
+ fi
+ use static && append-ldflags -static
+
+ econf "${myconf[@]}"
+
+ # Do not regen docs -- configure produces a small fragment that includes
+ # the version info which causes all pages to regen (newer file). #554774
+ touch -r doc doc/*
+}
+
+src_compile() {
+ emake AR="$(tc-getAR)"
+}
diff --git a/sys-devel/bc/files/bc-1.06.95-void_uninitialized.patch b/sys-devel/bc/files/bc-1.06.95-void_uninitialized.patch
deleted file mode 100644
index 3304973..0000000
--- a/sys-devel/bc/files/bc-1.06.95-void_uninitialized.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-http://www.pixelbeat.org/programming/oss_bug_flow.html
-https://bugs.gentoo.org/349339
-
---- bc/storage.c
-+++ bc/storage.c
-@@ -99,6 +99,7 @@
- {
- f = &functions[indx];
- f->f_defined = FALSE;
-+ f->f_void = FALSE;
- f->f_body = (char *) bc_malloc (BC_START_SIZE);
- f->f_body_size = BC_START_SIZE;
- f->f_code_size = 0;
diff --git a/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch b/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch
new file mode 100644
index 0000000..ce8e456
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-no-ed-its-sed.patch
@@ -0,0 +1,23 @@
+in Gentoo, everyone has sed. no one really has ed. tweak this minor script
+to use sed instead of ed. the changes are straight forward:
+* change \$ to $
+* merge last two $,$ commands into one
+* delete w/q commands
+
+--- a/bc/fix-libmath_h
++++ b/bc/fix-libmath_h
+@@ -1,9 +1,6 @@
+-ed libmath.h <<EOS-EOS
++sed -i libmath.h -e '
+ 1,1s/^/{"/
+-1,\$s/\$/",/
+-2,\$s/^/"/
+-\$,\$d
+-\$,\$s/,\$/,0}/
+-w
+-q
+-EOS-EOS
++1,$s/$/",/
++2,$s/^/"/
++$s/.*/0}/
++'
diff --git a/sys-devel/bc/files/bc-1.07.1-sandbox.patch b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
new file mode 100644
index 0000000..ec5c406
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
@@ -0,0 +1,121 @@
+this has been sent upstream, but they don't have a mailing list or project site
+to link to. oh well.
+
+From e641584767c3c7cc1ff544805acc2562fc56cda9 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Mon, 17 Sep 2018 18:57:57 -0400
+Subject: [PATCH 1/2] dc: add a --sandbox option
+
+Other GNU projects (like sed & gawk) have a --sandbox flag whereby
+access to files and system() are disabled. This allows people to
+run arbitrary scripts without worrying about them "escaping" and
+executing arbitrary commands on the system.
+---
+ dc/dc.c | 9 ++++++++-
+ dc/dc.h | 3 +++
+ dc/misc.c | 6 ++++++
+ doc/dc.1 | 5 +++++
+ doc/dc.texi | 4 ++++
+ 5 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/dc/dc.c b/dc/dc.c
+index 6a2bb2639235..592a76be71da 100644
+--- a/dc/dc.c
++++ b/dc/dc.c
+@@ -54,6 +54,7 @@
+ #endif
+
+ const char *progname; /* basename of program invocation */
++int dc_sandbox_enabled; /* whether sandbox mode is enabled */
+
+ static void
+ bug_report_info DC_DECLVOID()
+@@ -80,6 +81,7 @@ usage DC_DECLARG((f))
+ Usage: %s [OPTION] [file ...]\n\
+ -e, --expression=EXPR evaluate expression\n\
+ -f, --file=FILE evaluate contents of file\n\
++ -S, --sandbox disable the ! (system) command\n\
+ -h, --help display this help and exit\n\
+ -V, --version output version information and exit\n\
+ \n\
+@@ -252,6 +254,7 @@ main DC_DECLARG((argc, argv))
+ static struct option const long_opts[] = {
+ {"expression", required_argument, NULL, 'e'},
+ {"file", required_argument, NULL, 'f'},
++ {"sandbox", no_argument, NULL, 'S'},
+ {"help", no_argument, NULL, 'h'},
+ {"version", no_argument, NULL, 'V'},
+ {NULL, 0, NULL, 0}
+@@ -260,12 +263,13 @@ main DC_DECLARG((argc, argv))
+ int c;
+
+ progname = r1bindex(*argv, '/');
++ dc_sandbox_enabled = 0;
+ dc_math_init();
+ dc_string_init();
+ dc_register_init();
+ dc_array_init();
+
+- while ((c = getopt_long(argc, argv, "hVe:f:", long_opts, (int *)0)) != EOF) {
++ while ((c = getopt_long(argc, argv, "hVe:f:S", long_opts, (int *)0)) != EOF) {
+ switch (c) {
+ case 'e':
+ { dc_data string = dc_makestring(optarg, strlen(optarg));
+@@ -279,6 +283,9 @@ main DC_DECLARG((argc, argv))
+ try_file(optarg);
+ did_eval = 1;
+ break;
++ case 'S':
++ dc_sandbox_enabled = 1;
++ break;
+ case 'h':
+ usage(stdout);
+ return flush_okay();
+diff --git a/dc/dc.h b/dc/dc.h
+index 6a871ad612a5..a148df467a92 100644
+--- a/dc/dc.h
++++ b/dc/dc.h
+@@ -76,4 +76,7 @@ typedef struct {
+ /* This is dc's only global variable: */
+ extern const char *progname; /* basename of program invocation */
+
++/* Whether to run in sandbox mode. */
++extern int dc_sandbox_enabled;
++
+ #endif /* not DC_DEFS_H */
+diff --git a/dc/misc.c b/dc/misc.c
+index cd23602fce32..115be90b03bf 100644
+--- a/dc/misc.c
++++ b/dc/misc.c
+@@ -131,6 +131,12 @@ dc_system DC_DECLARG((s))
+ char *tmpstr;
+ size_t len;
+
++ if (dc_sandbox_enabled) {
++ fprintf(stderr, "%s: ! command disabled in sandbox mode\n",
++ progname);
++ exit(EXIT_FAILURE);
++ }
++
+ p = strchr(s, '\n');
+ if (p != NULL) {
+ len = (size_t) (p - s);
+diff --git a/doc/dc.1 b/doc/dc.1
+index 1c666493e00a..7c4b6fffd616 100644
+--- a/doc/dc.1
++++ b/doc/dc.1
+@@ -84,6 +84,11 @@ to the set of commands to be run while processing the input.
+ Add the commands contained in the file
+ .I script-file
+ to the set of commands to be run while processing the input.
++.TP
++.B -S
++.TP
++.B --sandbox
++Run in sandbox mode where access to \fB!\fR for the system function.
+ .PP
+ If any command-line parameters remain after processing the above,
+ these parameters are interpreted as the names of input files to
+--
+2.17.1
+
diff --git a/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch b/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch
new file mode 100644
index 0000000..03ccb68
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-use-system-bc.patch
@@ -0,0 +1,16 @@
+when cross-compiling, the local fbc binary won't work. use the system
+bc instead as the demands of the .b script are simple enough.
+
+https://bugs.gentoo.org/627126
+
+--- a/bc/Makefile.in
++++ b/bc/Makefile.in
+@@ -628,7 +628,7 @@ libmath.h: libmath.b $(fbcOBJ) $(LIBBC)
+ echo '{0}' > libmath.h
+ $(MAKE) global.o
+ $(LINK) -o fbc $(fbcOBJ) global.o $(LIBBC) $(LIBL) $(READLINELIB) $(LIBS)
+- ./fbc -c $(srcdir)/libmath.b </dev/null >libmath.h
++ bc -c $(srcdir)/libmath.b </dev/null >libmath.h
+ $(srcdir)/fix-libmath_h
+ rm -f ./fbc ./global.o
+ sbc.o: sbc.c
diff --git a/sys-devel/bc/metadata.xml b/sys-devel/bc/metadata.xml
index 96a2d58..5bdfef6 100644
--- a/sys-devel/bc/metadata.xml
+++ b/sys-devel/bc/metadata.xml
@@ -1,5 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-<herd>base-system</herd>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="forced-sandbox">Always enable --sandbox mode for simpler/secure runtime (disables the ! command in dc)</flag>
+</use>
</pkgmetadata>
