diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2013-12-11 03:19:54 +0000 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2013-12-11 03:19:54 +0000 |
| commit | 1b2f9d17383786da5a6a176b6c0d84b6611994fd (patch) | |
| tree | 563c97f6031aebd80ef72966c67466ad4f931393 /app-admin/augeas | |
| parent | fix for traceback doc'd in bug 493122 (diff) | |
| download | gentoo-2-1b2f9d17383786da5a6a176b6c0d84b6611994fd.tar.gz gentoo-2-1b2f9d17383786da5a6a176b6c0d84b6611994fd.tar.bz2 gentoo-2-1b2f9d17383786da5a6a176b6c0d84b6611994fd.zip | |
initial fix for bug 492528 CVE-2012-{0786,0787,6607}
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'app-admin/augeas')
| -rw-r--r-- | app-admin/augeas/ChangeLog | 8 | ||||
| -rw-r--r-- | app-admin/augeas/augeas-0.10.0-r2.ebuild | 50 | ||||
| -rw-r--r-- | app-admin/augeas/files/cve-bunch-of-them-symlink.patch | 76 |
3 files changed, 133 insertions, 1 deletions
diff --git a/app-admin/augeas/ChangeLog b/app-admin/augeas/ChangeLog index 4cabf28952e2..124929892a66 100644 --- a/app-admin/augeas/ChangeLog +++ b/app-admin/augeas/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-admin/augeas # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/augeas/ChangeLog,v 1.44 2013/09/18 14:12:17 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/augeas/ChangeLog,v 1.45 2013/12/11 03:19:54 prometheanfire Exp $ + +*augeas-0.10.0-r2 (11 Dec 2013) + + 11 Dec 2013; Matthew Thode <prometheanfire@gentoo.org> + +augeas-0.10.0-r2.ebuild, +files/cve-bunch-of-them-symlink.patch: + initial fix for bug 492528 CVE-2012-{0786,0787,6607} 18 Sep 2013; Jeroen Roovers <jer@gentoo.org> augeas-0.10.0-r1.ebuild: Stable for HPPA too. diff --git a/app-admin/augeas/augeas-0.10.0-r2.ebuild b/app-admin/augeas/augeas-0.10.0-r2.ebuild new file mode 100644 index 000000000000..915c353537db --- /dev/null +++ b/app-admin/augeas/augeas-0.10.0-r2.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/augeas/augeas-0.10.0-r2.ebuild,v 1.1 2013/12/11 03:19:54 prometheanfire Exp $ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="A library for changing configuration files" +HOMEPAGE="http://augeas.net/" +SRC_URI="http://augeas.net/download/${P}.tar.gz" + +SLOT="0" +LICENSE="LGPL-2.1" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~sparc ~x86" +IUSE="static-libs test" + +RDEPEND=" + dev-libs/libxml2 + sys-libs/readline" +DEPEND="${RDEPEND} + virtual/pkgconfig + >=app-doc/NaturalDocs-1.40 + test? ( dev-lang/ruby )" + +PATCHES=( + "${FILESDIR}"/${P}-gets.patch + "${FILESDIR}"/${P}-test.patch + "${FILESDIR}"/${P}-test2.patch + "${FILESDIR}"/${P}-libxml2-pkgconfig.patch + "${FILESDIR}/cve-bunch-of-them-symlink.patch" + ) + +src_prepare() { + if [ -f /usr/share/NaturalDocs/Config/Languages.txt ] ; then + addwrite /usr/share/NaturalDocs/Config/Languages.txt + fi + if [ -f /usr/share/NaturalDocs/Config/Topics.txt ] ; then + addwrite /usr/share/NaturalDocs/Config/Topics.txt + fi + autotools-utils_src_prepare +} + +src_configure() { + # Needs to implemented + local myeconfargs=( --without-selinux ) + autotools-utils_src_configure +} + +AUTOTOOLS_IN_SOURCE_BUILD=1 diff --git a/app-admin/augeas/files/cve-bunch-of-them-symlink.patch b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch new file mode 100644 index 000000000000..3bd1d95ae42d --- /dev/null +++ b/app-admin/augeas/files/cve-bunch-of-them-symlink.patch @@ -0,0 +1,76 @@ +From 051c73a9a7ffe9e525f6f0a1b8f5198ff8cc6752 Mon Sep 17 00:00:00 2001 +From: Dominic Cleal <dcleal@redhat.com> +Date: Sat, 11 Aug 2012 20:39:14 +0100 +Subject: [PATCH] Fix regression in permissions of created files + +Commit 16387744 changed temporary file creation to use mkstemp, resulting in +new files being created with 0600 permissions. For brand new files created +through Augeas, their permissions stayed at 0600 rather than being set by the +umask as before. + + * src/transform.c (transform_save): chmod after creating new files to + permissions implied by the umask +--- + src/transform.c | 10 ++++++++++ + tests/test-preserve.sh | 15 ++++++++++++++- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/src/transform.c b/src/transform.c +index a3acd10..1ca3d5f 100644 +--- a/src/transform.c ++++ b/src/transform.c +@@ -1096,6 +1096,16 @@ int transform_save(struct augeas *aug, struct tree *xfm, + err_status = "xfer_attrs"; + goto done; + } ++ } else { ++ /* Since mkstemp is used, the temp file will have secure permissions ++ * instead of those implied by umask, so change them for new files */ ++ mode_t curumsk = umask(022); ++ umask(curumsk); ++ ++ if (fchmod(fileno(fp), 0666 - curumsk) < 0) { ++ err_status = "create_chmod"; ++ return -1; ++ } + } + + if (tree != NULL) +diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh +index 042dab9..9719ac6 100755 +--- a/tests/test-preserve.sh ++++ b/tests/test-preserve.sh +@@ -59,9 +59,12 @@ if [ $selinux = yes -a xetc_t != "x$act_con" ] ; then + exit 1 + fi + +-# Check that we create new files without error ++# Check that we create new files without error and with permissions implied ++# from the umask + init_dirs + ++oldumask=$(umask) ++umask 0002 + $AUGTOOL > /dev/null <<EOF + set /files/etc/hosts/1/ipaddr 127.0.0.1 + set /files/etc/hosts/1/canonical host.example.com +@@ -71,6 +74,16 @@ if [ $? != 0 ] ; then + echo "augtool failed on new file" + exit 1 + fi ++if [ ! -e $hosts ]; then ++ echo "augtool didn't create new /etc/hosts file" ++ exit 1 ++fi ++act_mode=$(ls -l $hosts | cut -b 1-10) ++if [ x-rw-rw-r-- != "x$act_mode" ] ; then ++ echo "Expected mode 0664 due to $(umask) umask but got $act_mode" ++ exit 1 ++fi ++umask $oldumask + + # Check that we create new files without error when backups are requested + init_dirs +-- +1.8.5.1 + |