Security bump. Apply upstream patch from https://bugzilla.redhat.com/attachment.cgi?id=405473 wrt bug 324017.

(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key 42618354)
author: Chris Reffett <creffett@gentoo.org> 2013-09-03 22:28:47 +0000
committer: Chris Reffett <creffett@gentoo.org> 2013-09-03 22:28:47 +0000
commit: 13dfb2ff77aecb4d119b761bea1500c2698a1bda (patch)
tree: ccd8d5ce400c66324484b3eb2b11a6b8cd2a6c2d /sys-libs
parent: Version bump + gdk-pixbuf handling via eclass. (diff)
download: gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.tar.gz
gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.tar.bz2
gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.zip
3 files changed, 382 insertions, 1 deletions
diff --git a/sys-libs/nss-db/ChangeLog b/sys-libs/nss-db/ChangeLog
index 468a31cde2fd..184115b1d87e 100644
--- a/sys-libs/nss-db/ChangeLog
+++ b/sys-libs/nss-db/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-libs/nss-db
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/nss-db/ChangeLog,v 1.24 2013/02/24 21:15:34 ottxor Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/nss-db/ChangeLog,v 1.25 2013/09/03 22:28:47 creffett Exp $
+
+*nss-db-2.2.3_pre1-r4 (03 Sep 2013)
+
+  03 Sep 2013; Chris Reffett <creffett@gentoo.org>
+  +files/nss-db-2.2.3_pre1-symlinkvuln.patch, +nss-db-2.2.3_pre1-r4.ebuild:
+  Security bump. Apply upstream patch from
+  https://bugzilla.redhat.com/attachment.cgi?id=405473 wrt bug 324017.
 
   24 Feb 2013; Christoph Junghans <ottxor@gentoo.org>
   nss-db-2.2.3_pre1-r2.ebuild, nss-db-2.2.3_pre1-r3.ebuild:
diff --git a/sys-libs/nss-db/files/nss-db-2.2.3_pre1-symlinkvuln.patch b/sys-libs/nss-db/files/nss-db-2.2.3_pre1-symlinkvuln.patch
new file mode 100644
index 000000000000..54a67b58499b
--- /dev/null
+++ b/sys-libs/nss-db/files/nss-db-2.2.3_pre1-symlinkvuln.patch
@@ -0,0 +1,262 @@
+diff -urNad libnss-db-2.2.3pre1~/src/db-XXX.c libnss-db-2.2.3pre1/src/db-XXX.c
+--- libnss-db-2.2.3pre1~/src/db-XXX.c	2010-03-30 10:41:48.026483855 -0700
++++ libnss-db-2.2.3pre1/src/db-XXX.c	2010-03-30 10:41:48.216484130 -0700
+@@ -56,6 +56,7 @@
+ 
+ /* Maintenance of the shared handle open on the database.  */
+ 
++static DB_ENV *dbenv;
+ static DB *db;
+ static int keep_db;
+ static int entidx;
+@@ -69,7 +70,7 @@
+ 
+   pthread_mutex_lock (&lock);
+ 
+-  status = internal_setent (DBFILE, &db);
++  status = internal_setent (DBFILE, &db, &dbenv);
+ 
+   /* Remember STAYOPEN flag.  */
+   if (db != NULL)
+@@ -89,7 +90,7 @@
+ {
+   pthread_mutex_lock (&lock);
+ 
+-  internal_endent (&db);
++  internal_endent (&db, &dbenv);
+ 
+   /* Reset STAYOPEN flag.  */
+   keep_db = 0;
+@@ -112,7 +113,7 @@
+   /* Open the database.  */
+   if (db == NULL)
+     {
+-      status = internal_setent (DBFILE, &db);
++      status = internal_setent (DBFILE, &db, &dbenv);
+       if (status != NSS_STATUS_SUCCESS)
+ 	{
+ 	  *errnop = errno;
+@@ -194,7 +195,7 @@
+     }
+ 
+   if (! keep_db)
+-    internal_endent (&db);
++    internal_endent (&db, &dbenv);
+ 
+   return status;
+ }
+diff -urNad libnss-db-2.2.3pre1~/src/db-alias.c libnss-db-2.2.3pre1/src/db-alias.c
+--- libnss-db-2.2.3pre1~/src/db-alias.c	2010-03-30 10:41:47.996483420 -0700
++++ libnss-db-2.2.3pre1/src/db-alias.c	2010-03-30 10:41:48.216484130 -0700
+@@ -34,6 +34,7 @@
+ 
+ /* Maintenance of the shared handle open on the database.  */
+ 
++static DB_ENV *dbenv;
+ static DB *db;
+ static int keep_db;
+ static unsigned int entidx;	/* Index for `getaliasent_r'. */
+@@ -47,7 +48,7 @@
+ 
+   pthread_mutex_lock (&lock);
+ 
+-  status = internal_setent (_PATH_VARDB "aliases.db", &db);
++  status = internal_setent (_PATH_VARDB "aliases.db", &db, &dbenv);
+ 
+   /* Remember STAYOPEN flag.  */
+   if (db != NULL)
+@@ -68,7 +69,7 @@
+ {
+   pthread_mutex_lock (&lock);
+ 
+-  internal_endent (&db);
++  internal_endent (&db, &dbenv);
+ 
+   /* Reset STAYOPEN flag.  */
+   keep_db = 0;
+@@ -92,7 +93,7 @@
+   /* Open the database.  */
+   if (db == NULL)
+     {
+-      status = internal_setent (_PATH_VARDB "aliases.db", &db);
++      status = internal_setent (_PATH_VARDB "aliases.db", &db, &dbenv);
+       if (status != NSS_STATUS_SUCCESS)
+ 	{
+ 	  *errnop = errno;
+@@ -165,7 +166,7 @@
+     status = NSS_STATUS_NOTFOUND;
+ 
+   if (! keep_db)
+-    internal_endent (&db);
++    internal_endent (&db, &dbenv);
+ 
+   return status;
+ }
+diff -urNad libnss-db-2.2.3pre1~/src/db-compat.c libnss-db-2.2.3pre1/src/db-compat.c
+--- libnss-db-2.2.3pre1~/src/db-compat.c	2010-03-30 10:41:47.956483550 -0700
++++ libnss-db-2.2.3pre1/src/db-compat.c	2010-03-30 10:41:48.216484130 -0700
+@@ -27,15 +27,14 @@
+ 
+ int
+ db_open (const char *file, DBTYPE type, u_int32_t flags, int mode,
+-	 void *dbenv, void *dbinfo, DB **dbp)
++	 DB_ENV *dbenv, void *dbinfo, DB **dbp)
+ {
+   DB *db;
+   int err;
+ 
+-  assert (dbenv == NULL);
+   assert (dbinfo == NULL);
+ 
+-  err = db_create (&db, NULL, 0);
++  err = db_create (&db, dbenv, 0);
+   if (err)
+     return err;
+ 
+diff -urNad libnss-db-2.2.3pre1~/src/db-compat.h libnss-db-2.2.3pre1/src/db-compat.h
+--- libnss-db-2.2.3pre1~/src/db-compat.h	2001-04-29 18:07:41.000000000 -0700
++++ libnss-db-2.2.3pre1/src/db-compat.h	2010-03-30 10:41:48.216484130 -0700
+@@ -2,5 +2,5 @@
+ 
+ #if DB_VERSION_MAJOR > 2
+ extern int db_open (const char *__file, DBTYPE __type, u_int32_t __flags,
+-		    int __mode, void *__dbenv, void *__dbinfo, DB **__dbp);
++		    int __mode, DB_ENV *dbenv, void *__dbinfo, DB **__dbp);
+ #endif
+diff -urNad libnss-db-2.2.3pre1~/src/db-netgrp.c libnss-db-2.2.3pre1/src/db-netgrp.c
+--- libnss-db-2.2.3pre1~/src/db-netgrp.c	2010-03-30 10:41:47.996483420 -0700
++++ libnss-db-2.2.3pre1/src/db-netgrp.c	2010-03-30 10:41:48.216484130 -0700
+@@ -35,6 +35,7 @@
+ static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
+ 
+ /* Maintenance of the shared handle open on the database.  */
++static DB_ENV *dbenv;
+ static DB *db;
+ static char *entry;
+ static char *cursor;
+@@ -46,7 +47,7 @@
+ 
+   pthread_mutex_lock (&lock);
+ 
+-  status = internal_setent (DBFILE, &db);
++  status = internal_setent (DBFILE, &db, &dbenv);
+ 
+   if (status == NSS_STATUS_SUCCESS)
+     {
+@@ -72,7 +73,7 @@
+ {
+   pthread_mutex_lock (&lock);
+ 
+-  internal_endent (&db);
++  internal_endent (&db, &dbenv);
+ 
+   pthread_mutex_unlock (&lock);
+ 
+diff -urNad libnss-db-2.2.3pre1~/src/db-open.c libnss-db-2.2.3pre1/src/db-open.c
+--- libnss-db-2.2.3pre1~/src/db-open.c	2010-03-30 10:41:47.996483420 -0700
++++ libnss-db-2.2.3pre1/src/db-open.c	2010-03-30 10:42:24.127733451 -0700
+@@ -21,6 +21,9 @@
+ #include <db.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <stdlib.h>
++#include <string.h>
++#include <libgen.h>
+ 
+ #include "db-compat.h"
+ 
+@@ -45,35 +48,46 @@
+    handle in *DBP and return NSS_STATUS_SUCCESS.  On failure, return
+    the appropriate lookup status.  */
+ enum nss_status
+-internal_setent (const char *file, DB **dbp)
++internal_setent (const char *file, DB **dbp, DB_ENV **dbenvp)
+ {
+-  DB *db;
++  char *filecopy = NULL, *home;
++  DB_ENV *dbenv = NULL;
++  DB *db = NULL;
+   int err;
+   int fd;
+ 
+   if (*dbp)
+     return NSS_STATUS_SUCCESS;
+ 
+-  err = db_open (file, DB_BTREE, DB_RDONLY, 0, NULL, NULL, &db);
++  err = db_env_create(&dbenv, 0);
+   if (err != 0)
+-    {
+-      if (err > 0)
+-	errno = err;
+-      return NSS_STATUS_UNAVAIL;
+-    }
++    goto fail;
++  filecopy = strdup(file);
++  home = dirname(filecopy);
++  err = dbenv->open(dbenv, home, DB_INIT_MPOOL | DB_CREATE | DB_PRIVATE, 0);
++  if (err != 0)
++    goto fail_env;
++  err = db_open (file, DB_BTREE, DB_RDONLY, 0, dbenv, NULL, &db);
++  if (err != 0)
++   goto fail_env;
+ 
+   /* We have to make sure the file is `closed on exec'.  */
+   err = db->fd (db, &fd);
+   if (err)
+-    goto fail;
++    goto fail_db;
+   if (set_cloexec_flag (fd) < 0)
+-    goto fail;
++    goto fail_db;
+ 
++  *dbenvp = dbenv;
+   *dbp = db;
+   return NSS_STATUS_SUCCESS;
+ 
+- fail:
++ fail_db:
+   db->close (db, 0);
++ fail_env:
++  dbenv->close (dbenv, 0);
++ fail:
++  if (filecopy) free(filecopy);
+   if (err > 0)
+     errno = err;
+   return NSS_STATUS_UNAVAIL;
+@@ -81,8 +95,9 @@
+ 
+ /* Close the database *DBP.  */
+ void
+-internal_endent (DB **dbp)
++internal_endent (DB **dbp, DB_ENV **dbenvp)
+ {
++  DB_ENV *dbenv = *dbenvp;
+   DB *db = *dbp;
+ 
+   if (db != NULL)
+@@ -90,4 +105,9 @@
+       db->close (db, 0);
+       *dbp = NULL;
+     }
++  if (dbenv != NULL)
++    {
++      dbenv->close (dbenv, 0);
++      *dbenvp = NULL;
++    }
+ }
+diff -urNad libnss-db-2.2.3pre1~/src/nss_db.h libnss-db-2.2.3pre1/src/nss_db.h
+--- libnss-db-2.2.3pre1~/src/nss_db.h	2001-04-29 18:07:41.000000000 -0700
++++ libnss-db-2.2.3pre1/src/nss_db.h	2010-03-30 10:41:48.216484130 -0700
+@@ -26,9 +26,9 @@
+ /* Open the database stored in FILE.  If succesful, store the database
+    handle in *DBP and return NSS_STATUS_SUCCESS.  On failure, return
+    the appropriate lookup status.  */
+-extern enum nss_status internal_setent (const char *file, DB **dbp);
++extern enum nss_status internal_setent (const char *file, DB **dbp, DB_ENV **dbenvp);
+ 
+ /* Close the database *DBP.  */
+-extern void internal_endent (DB **dbp);
++extern void internal_endent (DB **dbp, DB_ENV **dbenvp);
+ 
+ #endif	/* nss_db.h */
+
diff --git a/sys-libs/nss-db/nss-db-2.2.3_pre1-r4.ebuild b/sys-libs/nss-db/nss-db-2.2.3_pre1-r4.ebuild
new file mode 100644
index 000000000000..dc703694302f
--- /dev/null
+++ b/sys-libs/nss-db/nss-db-2.2.3_pre1-r4.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/nss-db/nss-db-2.2.3_pre1-r4.ebuild,v 1.1 2013/09/03 22:28:47 creffett Exp $
+
+inherit eutils versionator multilib autotools
+
+MY_PN="${PN/-/_}"
+MY_PV="${PV/_}"
+MY_P="${MY_PN}-${MY_PV}"
+
+DESCRIPTION="Allows important system files to be stored in a fast database file rather than plain text"
+HOMEPAGE="http://sources.redhat.com/glibc/"
+SRC_URI="ftp://sources.redhat.com/pub/glibc/old-releases/${MY_P}.tar.gz
+		 mirror://gentoo/${MY_P}-external.patch.bz2
+		 mirror://gentoo/${MY_P}-dbupgrade.patch.bz2
+		 mirror://gentoo/${MY_P}-dbopen.patch.bz2"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE="nls"
+
+# awk and make ARE needed at runtime!
+# and this didn't compile on BSD libc either
+RDEPEND=">=sys-libs/db-4
+		 sys-devel/make
+		 >=sys-libs/glibc-2.3
+		 !>=sys-libs/glibc-2.15"
+# We really do need gettext to compile always :-(
+DEPEND="${RDEPEND}
+	sys-devel/gettext"
+
+S="${WORKDIR}/${MY_P}"
+
+db_getver() {
+	local DBPKG
+	DBPKG="$(best_version '>=sys-libs/db-4')"
+	echo "${DBPKG//sys-libs\/db-}"
+}
+
+db_getversym() {
+	local DBVER DBSYMSUFFIX
+	[ -n "${1}" ] && DBVER="${1}" || DBVER="$(db_getver)"
+	DBVER=($(get_version_components "${DBVER}"))
+	if has_version '>=sys-libs/db-4.3'; then
+		DBSYMSUFFIX=""
+	else
+		let DBSYMSUFFIX=(${DBVER[0]}*1000)+${DBVER[1]}
+		DBSYMSUFFIX=_${DBSYMSUFFIX}
+	fi
+	echo "${DBSYMSUFFIX}"
+}
+
+src_unpack() {
+	unpack ${MY_P}.tar.gz
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${DISTDIR}/${MY_P}-external.patch.bz2
+	EPATCH_OPTS="-p0 -d ${S}" epatch ${DISTDIR}/${MY_P}-dbupgrade.patch.bz2
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${DISTDIR}/${MY_P}-dbopen.patch.bz2
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-root-upgrade-only.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-symlinkvuln.patch
+	# make sure we use the correct version of DB
+	cd "${S}"
+	DB_PV="$(db_getver)"
+	DB_SYM="$(db_getversym ${DB_PV})"
+	DB_PV_MAJORMINOR="$(get_version_component_range 1-2 ${DB_PV})"
+	sed -i configure.in \
+		-e "s!db.h!db${DB_PV_MAJORMINOR}/db.h!g" \
+		-e "s!db, db_version!db-${DB_PV_MAJORMINOR}, db_version${DB_SYM}!g"
+
+	# fix ancient broken-ness
+	for f in po/Makefile.in.in ./intl/Makefile.in; do
+		egrep -q '^mkinstalldirs = .*case.*esac' ${f} && \
+		sed -i ${f} \
+			-e '/^mkinstalldirs = /s,\(mkinstalldirs =\).*,\1 $(top_builddir)/./mkinstalldirs,'
+	done
+
+	# Fixes thanks to Flameeyes
+	# missing
+	cp /usr/share/gettext/config.rpath .
+	sed -i -e '/makedb_LDADD/i makedb_CFLAGS=$(AM_CFLAGS)' src/Makefile.am
+	sed -i -e '/AC_PROG_CC/a AC_PROG_CC_C_O' configure.in
+	eautoreconf
+
+	# This is an evil target and we don't like it
+	sed -i -e '/^install-data-am:.*install-data-local/s,install-data-local,,g' "${S}"/src/Makefile.in
+}
+
+src_compile() {
+	econf -C --libdir=/$(get_libdir) `use_enable nls` || die
+	emake || die
+}
+
+src_install() {
+	emake -j1 DESTDIR="${D}" slibdir="/$(get_libdir)" install || \
+		die "failed emake install"
+
+	into /usr
+	insinto /usr/share/${PN}
+	doins db-Makefile
+
+	exeinto /usr/sbin
+	doexe "${FILESDIR}"/remake-all-db
+
+	dodoc AUTHORS COPYING* ChangeLog INSTALL NEWS README THANKS
+
+	dodir /usr/$(get_libdir)/
+	mv "${D}"/$(get_libdir)/*.la "${D}"/usr/$(get_libdir)/ || \
+		die "failed to set up .la"
+
+	insinto /etc/sandbox.d/
+	newins "${FILESDIR}"/sandbox.d_50nss-db 50nss-db
+}
author	Chris Reffett <creffett@gentoo.org>	2013-09-03 22:28:47 +0000
committer	Chris Reffett <creffett@gentoo.org>	2013-09-03 22:28:47 +0000
commit	13dfb2ff77aecb4d119b761bea1500c2698a1bda (patch)
tree	ccd8d5ce400c66324484b3eb2b11a6b8cd2a6c2d /sys-libs
parent	Version bump + gdk-pixbuf handling via eclass. (diff)
download	gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.tar.gz gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.tar.bz2 gentoo-2-13dfb2ff77aecb4d119b761bea1500c2698a1bda.zip