diff options
author | Michał Górny <mgorny@gentoo.org> | 2012-04-05 11:15:27 +0000 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2012-04-05 11:15:27 +0000 |
commit | d39afbd5b276adad8b99bc49dfbe81e2a32cd64b (patch) | |
tree | f91aa77e021c0b4dbef4614a2af54fc920f38da9 /sys-apps/systemd | |
parent | Version bump KDE Telepathy 0.3.1. (diff) | |
download | gentoo-2-d39afbd5b276adad8b99bc49dfbe81e2a32cd64b.tar.gz gentoo-2-d39afbd5b276adad8b99bc49dfbe81e2a32cd64b.tar.bz2 gentoo-2-d39afbd5b276adad8b99bc49dfbe81e2a32cd64b.zip |
Version bump wrt bug #376047.
(Portage version: 2.2.0_alpha99_p2/cvs/Linux x86_64)
Diffstat (limited to 'sys-apps/systemd')
-rw-r--r-- | sys-apps/systemd/ChangeLog | 9 | ||||
-rw-r--r-- | sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch | 32 | ||||
-rw-r--r-- | sys-apps/systemd/systemd-44.ebuild (renamed from sys-apps/systemd/systemd-43.ebuild) | 41 |
3 files changed, 52 insertions, 30 deletions
diff --git a/sys-apps/systemd/ChangeLog b/sys-apps/systemd/ChangeLog index d98a8144f698..060c5fdca2a3 100644 --- a/sys-apps/systemd/ChangeLog +++ b/sys-apps/systemd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/systemd # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/ChangeLog,v 1.26 2012/04/04 04:09:02 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/ChangeLog,v 1.27 2012/04/05 11:15:27 mgorny Exp $ + +*systemd-44 (05 Apr 2012) + + 05 Apr 2012; Michał Górny <mgorny@gentoo.org> -systemd-43.ebuild, + +systemd-44.ebuild, + +files/0001-util-never-follow-symlinks-in-rm_rf_children.patch: + Version bump wrt bug #376047. 04 Apr 2012; Michał Górny <mgorny@gentoo.org> systemd-29-r3.ebuild, systemd-29-r6.ebuild, systemd-39.ebuild, systemd-43.ebuild: diff --git a/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch new file mode 100644 index 000000000000..7ac9251b35e8 --- /dev/null +++ b/sys-apps/systemd/files/0001-util-never-follow-symlinks-in-rm_rf_children.patch @@ -0,0 +1,32 @@ +From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Fri, 2 Mar 2012 10:39:10 +0100 +Subject: [PATCH] util: never follow symlinks in rm_rf_children() + +The function checks if the entry is a directory before recursing, but +there is a window between the check and the open, during which the +directory could be replaced with a symlink. + +CVE-2012-1174 +https://bugzilla.redhat.com/show_bug.cgi?id=803358 +--- + src/util.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/util.c b/src/util.c +index 20cbc2b..dfc1dc6 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) { + if (is_dir) { + int subdir_fd; + +- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) { ++ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW); ++ if (subdir_fd < 0) { + if (ret == 0 && errno != ENOENT) + ret = -errno; + continue; +-- +1.7.9.4 + diff --git a/sys-apps/systemd/systemd-43.ebuild b/sys-apps/systemd/systemd-44.ebuild index 68171d0cc3e2..4216d8f6795e 100644 --- a/sys-apps/systemd/systemd-43.ebuild +++ b/sys-apps/systemd/systemd-44.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-43.ebuild,v 1.3 2012/04/04 04:09:02 mgorny Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/systemd/systemd-44.ebuild,v 1.1 2012/04/05 11:15:27 mgorny Exp $ EAPI=4 @@ -13,10 +13,11 @@ SRC_URI="http://www.freedesktop.org/software/systemd/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="acl audit cryptsetup gtk lzma pam plymouth selinux tcpd" +IUSE="acl audit cryptsetup lzma pam plymouth selinux tcpd" + +# We need to depend on sysvinit for sulogin which is used in the rescue +# mode. Bug #399615. -# Vala-0.10 doesn't work with libnotify 0.7.1 -VALASLOT="0.14" # A little higher than upstream requires # but I had real trouble with 2.6.37 and systemd. MINKV="2.6.38" @@ -32,13 +33,6 @@ RDEPEND=">=sys-apps/dbus-1.4.10 acl? ( sys-apps/acl ) audit? ( >=sys-process/audit-2 ) cryptsetup? ( sys-fs/cryptsetup ) - gtk? ( - dev-libs/dbus-glib - >=dev-libs/glib-2.26 - dev-libs/libgee:0 - x11-libs/gtk+:2 - >=x11-libs/libnotify-0.7 - !sys-apps/systemd-ui ) lzma? ( app-arch/xz-utils ) pam? ( virtual/pam ) plymouth? ( sys-boot/plymouth ) @@ -51,27 +45,18 @@ DEPEND="${RDEPEND} dev-libs/libxslt dev-util/gperf dev-util/intltool - gtk? ( dev-lang/vala:${VALASLOT} ) >=sys-kernel/linux-headers-${MINKV}" -# Due to vala being broken. -AUTOTOOLS_IN_SOURCE_BUILD=1 +PATCHES=( + # bug #408879: Session Logout File Deletion Weakness (CVE-2012-1174) + "${FILESDIR}"/0001-util-never-follow-symlinks-in-rm_rf_children.patch +) pkg_setup() { enewgroup lock # used by var-lock.mount enewgroup tty 5 # used by mount-setup for /dev/pts } -src_prepare() { - # Force the rebuild of .vala sources - touch src/*.vala || die - - # Fix hardcoded path in .vala. - sed -i -e 's:/lib/systemd:/usr/lib/systemd:g' src/*.vala || die - - autotools-utils_src_prepare -} - src_configure() { local myeconfargs=( --with-distro=gentoo @@ -86,18 +71,15 @@ src_configure() { $(use_enable acl) $(use_enable audit) $(use_enable cryptsetup libcryptsetup) - $(use_enable gtk) $(use_enable lzma xz) $(use_enable pam) $(use_enable plymouth) $(use_enable selinux) $(use_enable tcpd tcpwrap) + # now in sys-apps/systemd-ui + --disable-gtk ) - if use gtk; then - export VALAC="$(type -p valac-${VALASLOT})" - fi - autotools-utils_src_configure } @@ -161,6 +143,7 @@ pkg_postinst() { elog "be installed:" optfeature 'dev-python/dbus-python' 'for systemd-analyze' optfeature 'dev-python/pycairo[svg]' 'for systemd-analyze plotting ability' + optfeature 'sys-apps/systemd-ui' 'for GTK+ systemadm UI and gnome-ask-password-agent' elog ewarn "Please note this is a work-in-progress and many packages in Gentoo" |