gzip: upgraded package to upstream
Upgraded app-arch/gzip to version 1.12-r2
BUG=b/246639754
TEST=presubmit
RELEASE_NOTE=Upgraded app-arch/gzip to v1.12. This resolves CVE-2022-1271.
Change-Id: Idb43226bda6af60182d80731b6b810c8567b4f2a
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/36927
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Arnav Kansal <rnv@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/app-arch/gzip/Manifest b/app-arch/gzip/Manifest
index 25b7f1c..bf24f30 100644
--- a/app-arch/gzip/Manifest
+++ b/app-arch/gzip/Manifest
@@ -1,2 +1,2 @@
-DIST gzip-1.10.tar.xz 775144 BLAKE2B 431dc0fd11061eabd9db86594777b86510b124b124fd74799eacd67334631af60f638be2638413bee0153a9da35528d0aecc5b5083152c395223705400c9103b SHA512 e6ba9e3906cdb6a6235b213515093d02afa1722686f73eddacbacae628542b586b449829783b6a1701e9b9e0c4d4dfa6845904d3b6b010f5cf21aec4997c9299
-DIST gzip-1.11.tar.xz 804096 BLAKE2B c251066f0bded6a6557a5cbfe5d20090c6446051c31fad610af4f9f7b2537c28fed1cfab424a459452db73b7d1df1361e5aeba163a9e980fc611faf408cac128 SHA512 af297c173297d588722f4d0f140a2ae4d3ea3861464191772fb2e11e47be43644b5ae01ed63f0051d6eb4751666284de53e14c4dd9f0c1d25f61cf676fbf11f3
+DIST gzip-1.12.tar.xz 825548 BLAKE2B 7e2d482c08555f5fb0ff5408c0afe48c61034e9779eed6e3dd8046c847234c0a8a6bc34d49a934a54db0d73033e12c71a228d373551384a4cd663315071637e0 SHA512 116326fe991828227de150336a0c016f4fe932dfbb728a16b4a84965256d9929574a4f5cfaf3cf6bb4154972ef0d110f26ab472c93e62ec9a5fd7a5d65abea24
+DIST gzip-1.12.tar.xz.sig 833 BLAKE2B ab7b4a759ef163d67f20773607ba0408ea9f1f7c7c224f43635fc3752acc521b74dbea4ec9ebb58a2f4fa13ecae19e00779b4b56c2cb95976301445beff817aa SHA512 1f4702797f7c5f1873c2f9c2f6210ba23824455d17ee82f50f0bf24240ed5bdf0090cf85338ccf76ba82422f8b4ad3a329d8bbf1350cb094d7bd61aa45550397
diff --git a/app-arch/gzip/gzip-1.11.ebuild b/app-arch/gzip/gzip-1.11.ebuild
deleted file mode 100644
index 10cacf0..0000000
--- a/app-arch/gzip/gzip-1.11.ebuild
+++ /dev/null
@@ -1,48 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit flag-o-matic
-
-DESCRIPTION="Standard GNU compressor"
-HOMEPAGE="https://www.gnu.org/software/gzip/"
-SRC_URI="mirror://gnu/gzip/${P}.tar.xz
- https://alpha.gnu.org/gnu/gzip/${P}.tar.xz
- mirror://gentoo/${P}.tar.xz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="*"
-IUSE="pic static"
-
-PATCHES=(
- "${FILESDIR}/${PN}-1.3.8-install-symlinks.patch"
-)
-
-src_prepare() {
- default
- if [[ ${CHOST} == *darwin* && ${CHOST##*darwin} -le 17 ]] ; then
- # Fix older Darwin inline definition problem
- sed -i -e '/define _GL_EXTERN_INLINE_STDHEADER_BUG/s/_BUG/_DISABLE/' \
- lib/config.hin || die
- fi
-}
-
-src_configure() {
- use static && append-flags -static
- # avoid text relocation in gzip
- use pic && export DEFS="NO_ASM"
- econf --disable-gcc-warnings #663928
-}
-
-src_install() {
- default
- docinto txt
- dodoc algorithm.doc gzip.doc
-
- # keep most things in /usr, just the fun stuff in /
- dodir /bin
- mv "${ED}"/usr/bin/{gunzip,gzip,uncompress,zcat} "${ED}"/bin/ || die
- sed -e "s:${EPREFIX}/usr:${EPREFIX}:" -i "${ED}"/bin/gunzip || die
-}
diff --git a/app-arch/gzip/gzip-1.12-r2.ebuild b/app-arch/gzip/gzip-1.12-r2.ebuild
new file mode 100644
index 0000000..3caa752
--- /dev/null
+++ b/app-arch/gzip/gzip-1.12-r2.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/gzip.asc
+inherit flag-o-matic verify-sig
+
+DESCRIPTION="Standard GNU compressor"
+HOMEPAGE="https://www.gnu.org/software/gzip/"
+SRC_URI="mirror://gnu/gzip/${P}.tar.xz
+ https://alpha.gnu.org/gnu/gzip/${P}.tar.xz"
+SRC_URI+=" verify-sig? (
+ mirror://gnu/gzip/${P}.tar.xz.sig
+ https://alpha.gnu.org/gnu/gzip/${P}.tar.xz.sig
+ )"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="*"
+IUSE="pic static"
+
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-gzip )"
+RDEPEND="!app-arch/pigz[symlink(-)]"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.3.8-install-symlinks.patch"
+)
+
+src_configure() {
+ use static && append-flags -static
+
+ # Avoid text relocation in gzip
+ use pic && export DEFS="NO_ASM"
+
+ # bug #663928
+ econf --disable-gcc-warnings
+}
+
+src_install() {
+ default
+
+ docinto txt
+ dodoc algorithm.doc gzip.doc
+
+ # Avoid conflict with app-arch/ncompress
+ rm "${ED}"/usr/bin/uncompress || die
+
+ # keep most things in /usr, just the fun stuff in /
+ dodir /bin
+ mv "${ED}"/usr/bin/{gunzip,gzip,zcat} "${ED}"/bin/ || die
+ sed -e "s:${EPREFIX}/usr:${EPREFIX}:" -i "${ED}"/bin/gunzip || die
+}
+
+pkg_postinst() {
+ if [[ -n ${REPLACING_VERSIONS} ]]; then
+ local ver
+ for ver in ${REPLACING_VERSIONS}; do
+ if ver_test "${ver}" -lt "1.12-r2"; then
+ ewarn "This package no longer installs 'uncompress'."
+ ewarn "Please use 'gzip -d' to decompress .Z files."
+ fi
+ done
+ fi
+}
