sys-libs/safeclib: new package

USE=modules fail for now, help needed
at investigating what's happening there

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Alessandro Barbieri <lssndrbarbieri@gmail.com>
This commit is contained in:
Alessandro Barbieri
2021-04-14 00:10:48 +02:00
parent c7969aec3b
commit 35d7a9e2c5
3 changed files with 137 additions and 0 deletions

View File

@@ -0,0 +1 @@
DIST safeclib-3.6.0_p20210407.tar.gz 2281868 BLAKE2B 1690f4ac7504cdd37cd353cd0ddab8d9807a583113a5893fd0633c69b7434c3eecf361ae501570819bb8d75a057c0c861f6c594429162558c73330bcd2c04df5 SHA512 2e21a06b4a423ea7a7782b101ba9f0e8a60efaaec49314360014ebae02d0a02a4275ccecc618560b08dc357b9fbb4c5b220db70012728dbb3815635e8dad16c8

View File

@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<longdescription>
This library implements the secure C11 Annex K functions on top of most libc implementations, which are missing from them.
The ISO TR24731 Bounds Checking Interface documents indicate that the key motivation for the new specification is to help mitigate the ever increasing security attacks, specifically the buffer overrun.
The rationale document says "Buffer overrun attacks continue to be a security problem. Roughly 10% of vulnerability reports cataloged by CERT from 01/01/2005 to 07/01/2005 involved buffer overflows. Preventing buffer overruns is the primary, but not the only, motivation for this technical report."
The rationale document continues "that these only mitigate, that is lessen, security problems. When used properly, these functions decrease the danger buffer overrun attacks. Source code may remain vulnerable due to other bugs and security issues. The highest level of security is achieved by building in layers of security utilizing multiple strategies."
The rationale document lists the following key points for TR24731:
Guard against overflowing a buffer
Do not produce unterminated strings
Do not unexpectedly truncate strings
Provide a library useful to existing code
Preserve the null terminated string datatype
Only require local edits to programs
Library based solution
Support compile-time checking
Make failures obvious
Zero buffers, null strings
Runtime-constraint handler mechanism
Support re-entrant code
Consistent naming scheme
Have a uniform pattern for the function parameters and return type
Deference to existing technology
and the following can be added...
provide a library of functions with like behavior
provide a library of functions that promote and increase code safety and security
provide a library of functions that are efficient
The C11 Standard adopted many of these points, and added some secure _s variants in the Annex K. The Microsoft Windows/MINGW secure API did the same, but deviated in some functions from the standard. Besides Windows (with its msvcrt, ucrt, reactos msvcrt and wine msvcrt variants) only the unused stlport, Android's Bionic, Huawei securec and Embarcadero implemented this C11 secure Annex K API so far. They are still missing from glibc, musl, FreeBSD, darwin and DragonFly libc, OpenBSD libc, newlib, dietlibc, uClibc, minilibc.
</longdescription>
<maintainer type="person">
<email>lssndrbarbieri@gmail.com</email>
<name>Alessandro Barbieri</name>
</maintainer>
<upstream>
<bugs-to>https://github.com/rurban/safeclib/issues</bugs-to>
<remote-id type="github">rurban/safeclib</remote-id>
</upstream>
<use>
<flag name="constraint-handler">enable C11 invoke_safe_{str,mem}_constraint_handler for less performance, bigger size and more flexibility</flag>
<flag name="extensions">enable additional functions not defined in the C11 specification</flag>
<flag name="norm-compat">Enable NFKC and NFKD modes for wcsnorm</flag>
<flag name="nullslack">enable to null out the remaining part of a string if it is not completely used</flag>
<flag name="unsafe">Include unsafe std C11 functions: tmpnam_s</flag>
<flag name="valgrind">enable Valgrind on the unit tests</flag>
</use>
</pkgmetadata>

View File

@@ -0,0 +1,83 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools linux-mod
MY_REV="986f6d34e49637d68cb41221307231f0ea79ca4d"
DESCRIPTION="safec libc extension with all C11 Annex K functions"
HOMEPAGE="https://github.com/rurban/safeclib"
SRC_URI="https://github.com/rurban/safeclib/archive/${MY_REV}.tar.gz -> ${P}.tar.gz"
LICENSE="MIT"
SLOT="0"
KEYWORDS="~amd64"
IUSE="+constraint-handler +extensions modules norm-compat +nullslack test unsafe valgrind"
RESTRICT="!test? ( test )"
BDEPEND="
valgrind? ( dev-util/valgrind )
"
S="${WORKDIR}/${PN}-${MY_REV}"
MODULE_NAMES="slkm(misc:${S}-module:${S}-module/src)"
BUILD_TARGETS="all"
src_prepare() {
eautoreconf
default
if use modules ; then
#duplicate the working folder
#one for the library and one for the module
cd "${WORKDIR}" || die
cp -r "${S}" "${S}-module" || die
fi
}
src_configure() {
#forcing wchar because of https://github.com/rurban/safeclib/issues/95
local myconf=(
--disable-static
--disable-valgrind-sgcheck
--enable-shared
$(use_enable constraint-handler)
$(use_enable extensions)
$(use_enable norm-compat)
$(use_enable nullslack)
$(use_enable unsafe)
$(use_enable valgrind)
)
econf "${myconf[@]}" --enable-wchar
if use modules ; then
cd "${S}-module" || die
econf "${myconf[@]}" --disable-wchar
fi
}
src_compile() {
default
if use modules ; then
cd "${S}-module" || die
linux-mod_src_compile || die
fi
}
src_install() {
default
einstalldocs
rm -r doc/man || die
dodoc -r doc/.
if use modules ; then
cd "${S}-module" || die
linux-mod_src_install || die
fi
}
src_test() {
emake check
}