diff options
author | Mike Frysinger <vapier@gentoo.org> | 2008-08-19 01:11:18 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2008-08-19 01:11:18 +0000 |
commit | 209dacd3334589c978d40638a5a88c88993d0e48 (patch) | |
tree | a4142545c01164d6ec491d5fc61bde1a801d6f80 /sys-apps | |
parent | Version bump (diff) | |
download | gentoo-2-209dacd3334589c978d40638a5a88c88993d0e48.tar.gz gentoo-2-209dacd3334589c978d40638a5a88c88993d0e48.tar.bz2 gentoo-2-209dacd3334589c978d40638a5a88c88993d0e48.zip |
Add patch from Debian for CVE 2007-0227. Run updatedb through ionice #231203 by Daniel Pielmeier. Add support by marty rosenberg for -0 (NUL delimited output) #216838.
(Portage version: 2.2_rc6/cvs/Linux 2.6.26.2 x86_64)
Diffstat (limited to 'sys-apps')
-rw-r--r-- | sys-apps/slocate/ChangeLog | 12 | ||||
-rw-r--r-- | sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch | 49 | ||||
-rw-r--r-- | sys-apps/slocate/files/slocate-3.1-NUL.patch | 78 | ||||
-rw-r--r-- | sys-apps/slocate/files/slocate-3.1-cron2.patch | 25 | ||||
-rw-r--r-- | sys-apps/slocate/files/updatedb.conf | 11 | ||||
-rw-r--r-- | sys-apps/slocate/slocate-3.1-r2.ebuild | 87 |
6 files changed, 260 insertions, 2 deletions
diff --git a/sys-apps/slocate/ChangeLog b/sys-apps/slocate/ChangeLog index bbcd8210d322..0c3a78e94c30 100644 --- a/sys-apps/slocate/ChangeLog +++ b/sys-apps/slocate/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for sys-apps/slocate # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/ChangeLog,v 1.82 2008/02/06 18:03:24 nixnut Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/ChangeLog,v 1.83 2008/08/19 01:11:18 vapier Exp $ + +*slocate-3.1-r2 (19 Aug 2008) + + 19 Aug 2008; Mike Frysinger <vapier@gentoo.org> + +files/slocate-3.1-CVE-2007-0227.patch, +files/slocate-3.1-NUL.patch, + +files/slocate-3.1-cron2.patch, files/updatedb.conf, + +slocate-3.1-r2.ebuild: + Add patch from Debian for CVE 2007-0227. Run updatedb through ionice + #231203 by Daniel Pielmeier. Add support by marty rosenberg for -0 (NUL + delimited output) #216838. 06 Feb 2008; nixnut <nixnut@gentoo.org> slocate-3.1-r1.ebuild: stable on ppc wrt bug #180360 diff --git a/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch new file mode 100644 index 000000000000..18b52ba4d824 --- /dev/null +++ b/sys-apps/slocate/files/slocate-3.1-CVE-2007-0227.patch @@ -0,0 +1,49 @@ +stolen from debian: + + * Include patch to prevent users obtaining names of private files + (apply patch directly, since no patch system is used so far) + (Closes: #411937) Fixes: CVE-2007-0227 + Thanks to Kees Cook + +--- slocate-3.1.orig/src/utils.c ++++ slocate-3.1/src/utils.c +@@ -524,6 +524,7 @@ + { + struct stat path_stat; + int ret = 0; ++ char *path_copy = NULL; + char *ptr = NULL; + + if (lstat(path, &path_stat) == -1) +@@ -532,15 +533,25 @@ + if (!S_ISLNK(path_stat.st_mode)) { + if (access(path, F_OK) != 0) + goto EXIT; +- } else if ((ptr = rindex(path, '/'))) { +- *ptr = 0; +- if (access(path, F_OK) == 0) +- ret = 1; +- *ptr = '/'; +- goto EXIT; + } + ++ /* "path" is const, so we shouldn't modify it. Also, for speed, ++ * I suspect strdup/free is less expensive than the deep access ++ * checks... */ ++ if (!(path_copy = strdup(path))) ++ goto EXIT; ++ + ret = 1; ++ ++ /* Each directory leading to the file (symlink or not) must be ++ * readable for us to allow it to be listed in search results. */ ++ while (ret && (ptr=rindex(path_copy,'/'))) { ++ *ptr=0; ++ if (*path_copy && access(path_copy, R_OK) != 0) ++ ret = 0; ++ } ++ free(path_copy); ++ + EXIT: + return ret; + } diff --git a/sys-apps/slocate/files/slocate-3.1-NUL.patch b/sys-apps/slocate/files/slocate-3.1-NUL.patch new file mode 100644 index 000000000000..cfd13392686e --- /dev/null +++ b/sys-apps/slocate/files/slocate-3.1-NUL.patch @@ -0,0 +1,78 @@ +add an -0 argument to output results with NUL bytes + +http://bugs.gentoo.org/216838 + +patch by marty rosenberg + +--- slocate-3.1/src/cmds.c ++++ slocate-3.1/src/cmds.c +@@ -129,6 +129,7 @@ + " --output=<file> - Specifies the database to create.\n" + " -d <path>\n" + " --database=<path> - Specfies the path of databases to search in.\n" ++ " -0 - Delimit results with \\0 rather than \\n\n" + " -h\n" + " --help - Display this help.\n" + " -v\n" +@@ -707,7 +708,7 @@ + if (strcmp(g_data->progname, "updatedb") == 0) + cmd_data->updatedb = TRUE; + +- while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i")) != EOF) { ++ while ((ch = getopt(argc,argv,"VvuhqU:r:o:e:l:d:-:n:f:c:i0")) != EOF) { + switch(ch) { + /* Help */ + case 'h': +@@ -823,6 +824,9 @@ + goto EXIT; + } + break; ++ case '0': ++ g_data->delim = '\0'; ++ break; + default: + break; + } +@@ -871,4 +875,3 @@ + + return NULL; + } +- +--- slocate-3.1/src/slocate.c ++++ slocate-3.1/src/slocate.c +@@ -164,6 +164,7 @@ + g_data->regexp_data = NULL; + g_data->queries = -1; + g_data->SLOCATE_GID = get_gid(g_data, DB_GROUP, &ret); ++ g_data->delim = '\n'; + if (!ret) + goto EXIT; + +@@ -191,7 +192,7 @@ + goto EXIT; + } + if (g_data->VERBOSE) +- fprintf(stdout, "%s\n", path); ++ fprintf(stdout, "%s%c", path, g_data->delim); + /* Match number string */ + ptr1 = path; + code_len = 0; +@@ -471,7 +472,7 @@ + if (match_ret == 1) { + if (g_data->queries > 0) + g_data->queries -= 1; +- fprintf(stdout, "%s\n", full_path); ++ fprintf(stdout, "%s%c", full_path, g_data->delim); + } + ret = 1; + EXIT: +--- slocate-3.1/src/slocate.h ++++ slocate-3.1/src/slocate.h +@@ -81,6 +81,7 @@ + char **input_db; + int queries; + struct regexp_data_s *regexp_data; ++ char delim; + }; + + /* Encoding data */ diff --git a/sys-apps/slocate/files/slocate-3.1-cron2.patch b/sys-apps/slocate/files/slocate-3.1-cron2.patch new file mode 100644 index 000000000000..8229a99a7303 --- /dev/null +++ b/sys-apps/slocate/files/slocate-3.1-cron2.patch @@ -0,0 +1,25 @@ +--- debian/cron.daily ++++ debian/cron.daily +@@ -1,12 +1,18 @@ + #! /bin/sh + +-if [ -x /usr/bin/slocate ] ++if [ -x /usr/bin/updatedb ] + then + if [ -f /etc/updatedb.conf ] + then +- /usr/bin/updatedb ++ . /etc/updatedb.conf ++ args="" + else +- /usr/bin/updatedb -f proc ++ args="-f proc" + fi +- chown root.slocate /var/lib/slocate/slocate.db ++ ++ # run on active process in case ionice isnt installed, or ++ # system is really old and ionice doesnt work ... ++ ionice -c ${IONICE_CLASS:-2} -n ${IONICE_PRIORITY:-7} -p $$ 2>/dev/null ++ ++ nice -n ${NICE:-10} /usr/bin/updatedb ${args} + fi diff --git a/sys-apps/slocate/files/updatedb.conf b/sys-apps/slocate/files/updatedb.conf index d7aecd68cede..6e5527dd7ba8 100644 --- a/sys-apps/slocate/files/updatedb.conf +++ b/sys-apps/slocate/files/updatedb.conf @@ -1,5 +1,5 @@ # /etc/updatedb.conf: config file for slocate -# $Id: updatedb.conf,v 1.23 2007/08/08 16:22:32 lu_zero Exp $ +# $Id: updatedb.conf,v 1.24 2008/08/19 01:11:18 vapier Exp $ # This file sets variables that are used by updatedb. # For more info, see the updatedb(1) manpage. @@ -9,3 +9,12 @@ PRUNEFS="afs auto autofs cifs devfs devpts eventpollfs futexfs gfs hugetlbfs iso # Paths which are pruned from updatedb database PRUNEPATHS="/tmp /var/tmp /root/.ccache" + +# nice value to run at: see -n in nice(1) +NICE="10" + +# ionice class to run at: see -c in ionice(1) +IONICE_CLASS="2" + +# ionice priority to run at: see -n in ionice(1) +IONICE_PRIORITY="7" diff --git a/sys-apps/slocate/slocate-3.1-r2.ebuild b/sys-apps/slocate/slocate-3.1-r2.ebuild new file mode 100644 index 000000000000..766944f9ba82 --- /dev/null +++ b/sys-apps/slocate/slocate-3.1-r2.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/slocate/slocate-3.1-r2.ebuild,v 1.1 2008/08/19 01:11:18 vapier Exp $ + +inherit flag-o-matic eutils + +DESCRIPTION="Secure way to index and quickly search for files on your system (drop-in replacement for 'locate')" +HOMEPAGE="http://slocate.trakker.ca/" +SRC_URI="http://slocate.trakker.ca/files/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="" + +DEPEND="sys-apps/shadow" +RDEPEND="${DEPEND} + !sys-apps/rlocate" + +pkg_setup() { + if [[ -n $(egetent group slocate) ]] && [[ -z $(egetent group locate) ]] ; then + eerror "The 'slocate' group has been renamed to 'locate'." + eerror "You seem to already have a 'slocate' group." + eerror "Please rename it:" + eerror "groupmod -n locate slocate" + die "Change 'slocate' to 'locate'" + fi + enewgroup locate 245 +} + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-build.patch + epatch "${FILESDIR}"/${P}-incompat-warning.patch + epatch "${FILESDIR}"/${P}-CVE-2007-0227.patch + epatch "${FILESDIR}"/${P}-cron2.patch + epatch "${FILESDIR}"/${P}-NUL.patch #216838 +} + +src_compile() { + filter-lfs-flags + emake -C src || die +} + +src_install() { + dobin src/slocate || die + dodir /usr/bin + dosym slocate /usr/bin/locate + dosym slocate /usr/bin/updatedb + + exeinto /etc/cron.daily + newexe debian/cron.daily slocate || die + + doman doc/*.1 + dosym slocate.1 /usr/share/man/man1/locate.1 + + keepdir /var/lib/slocate + + dodoc Changelog README WISHLIST notes + + insinto /etc + doins "${FILESDIR}"/updatedb.conf + + fowners root:locate /usr/bin/slocate + fperms go-r,g+s /usr/bin/slocate + + chown -R root:locate "${D}"/var/lib/slocate + fperms 0750 /var/lib/slocate +} + +pkg_preinst() { + if has_version '=sys-apps/slocate-2*' ; then + rm -f "${ROOT}"/var/lib/slocate/slocate.db + ewarn "The slocate database created by slocate-2.x is incompatible" + ewarn "with slocate-3.x. Make sure you run updatedb!" + fi +} + +pkg_postinst() { + if [[ -f ${ROOT}/etc/cron.daily/slocate.cron ]]; then + ewarn "If you merged slocate-2.7.ebuild, please remove" + ewarn "/etc/cron.daily/slocate.cron since .cron has been removed" + ewarn "from the filename" + echo + fi +} |